Cannot access running instance from client - Eucalyptus

Question

I have set up a private cloud under ubuntu 10.04 server through eucalyptus packages (v 1.6.1) Here are my configurations CLC,CC,WS3, SC (Frontend) - 10.X.X.29 NC - 10.X.X.30

NTP Configured

Hwinfo - Intel quadcore (Q8300), 500GB, 4GB RAM, VT-x enabled in both the systems

I bundled,uploaded & registered the images which were given under eucalyptus website. (ubuntu 9.04 x86-64bit)

My query is .. I can access (ping & ssh) my running instance only in my frontend. I cannot ping or ssh my instances from my client, but i can see the console output from client nd see the status of my running state vm thro' elastic fox.

euca-describe-images >
IMAGE   eri-16D9191E    ubuntu-ramdisk-bucket/initrd.img-2.6.28-11-generic.manifest.xml admin   available   public      x86_64  ramdisk         instance-store

IMAGE   emi-39711602    ubuntu-image-bucket/ubuntu.9-04.x86-64.img.manifest.xmladmin    available   public  x86_64  machine eki-AE6117D9    eri-16D9191E    instance-store

IMAGE   eki-AE6117D9    ubuntu-kernel-bucket/vmlinuz-2.6.28-11-generic.manifest.xml admin   available   public      x86_64  kernel          instance-store


euca-describe-instances >

RESERVATION    r-45CA0852    admin    default
INSTANCE    i-463407D1    emi-39711602    192.168.0.100    172.19.1.2    running    key1    0        m1.large    2011-12-09T14:33:44.348Z    cluster1    eki-AE6117D9    eri-16D9191E

I can access my instance from the cloud controller. I could not access (ping or ssh) the instances anywhere from the network. The VM is not getting exposed in the network. There is some networking problem associated with the instances, frontend and my client which i couldn't figure out.

Here are my configuration files ..!

Eucalyptus.conf

/eucalyptus/eucalyptus.conf

EUCALYPTUS="/"
EUCA_USER="eucalyptus"

DISABLE_DNS="Y"
DISABLE_ISCSI="Y"
JVM_MEM="512m"

ENABLE_WS_SECURITY="Y"
LOGLEVEL="DEBUG"
VNET_PUBINTERFACE="eth0"
VNET_PRIVINTERFACE="eth0"
VNET_MODE="MANAGED-NOVLAN"

CC_PORT="8774"
SCHEDPOLICY="ROUNDROBIN"
POWER_IDLETHRESH="300"
POWER_WAKETHRESH="300"
NC_SERVICE="axis2/services/EucalyptusNC"
VNET_DHCPDAEMON="/usr/sbin/dhcpd3"
VNET_DHCPUSER="dhcpd"
NODES="10.X.X.30"
VNET_ADDRSPERNET="32"


NC_PORT="8775"
HYPERVISOR="kvm"
MANUAL_INSTANCES_CLEANUP=0
VNET_BRIDGE="br0"
INSTANCE_PATH="/var/lib/eucalyptus/instances/"

eucalyptus.local.conf

VNET_MODE="MANAGED-NOVLAN"
VNET_SUBNET="172.19.0.0"
VNET_NETMASK="255.255.0.0"
VNET_DNS="10.X.X.1"
VNET_ADDRSPERNET="32"
VNET_PUBLICIPS="192.168.0.100-192.168.0.150"

Even after giving authorizations through euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default from my client (end user) ..! I could not access (even ping or ssh) my instance from client ! but i can access the VM in the front end (SSH is working)

euca-describe-groups >

GROUP   logskish    default default group

GROUP   admin   eucagroup   sample group

GROUP   admin   default default group

PERMISSION  admin   default ALLOWS  tcp 22  22  FROM    CIDR    0.0.0.0/0

PERMISSION  admin   default ALLOWS  icmp    -1  -1  FROM    CIDR    0.0.0.0/0

How to over come this problem.

Thanks

Logs

Answer 1

I would make sure I run the following:

euca-authorize -P icmp -t -1:-1 default euca-authorize -P tcp -p 22 default

Answer 2

Answer : Dear one yes you have done everything ok: now just check your cloud machine's iptable

#iptables -L

and you can get DROP Policy in Forward chain just remove drop policy and activate forwarding in /etc/sysctl.conf

you can ping and access your vm machines from client side

# iptables -t filter -P FORWARD ACCEPT

now you can ping and ssh your vm from client side