Comment 6 for bug 527648

Thierry Carrez (ttx) wrote :

OK, further testing reveals there are two issues:
* The FORWARD chain is blocking connections from CLC to instance
* The CC doesn't know the way to the metadata service (missing VNET_CLOUDIP)

Defaulting to accept on the FORWARD chain works around the first issue:
sudo iptables -P FORWARD ACCEPT

I can ping karmic instances OK from the CLC.

Adding VNET_CLOUDIP=ip.address.of.clc to the CC's eucalyptus.conf solves the second one.

I can boot a karmic or lucid instance and SSH into it.

More investigation is needed to see why the FORWARD chain isn't set up to accept the packets as it should...