How to configure NAT for a 2 node EUC?

Asked by nutznboltz

When installing EUC on two computers via the server ISO so that the first computer has the CC/CLC/Walrus/SC and the second computer has the NC on it and you are using the CC/CLC/Walrus/SC as a network gateway for the NC how should the NAT be set up?

That configuration is shown as figure 2 on the wiki page
http://open.eucalyptus.com/wiki/EucalyptusNetworkConfiguration_v2.0

See the caption to figure 2 which reads ``Figure 2 shows node machines on a private subnet using the front-end machine as a gateway to the public network. Note that the front-end machine has two Ethernet devices (eth0 is on the public network; eth1 is on the private network) and uses NAT to allow the nodes access to the public network.''

Near the top of that wiki page is a note that reads ``Note that the administrator must ensure that the virtual subnet IP address space does not contain, is not contained by, and does not conflict with any part of the physical network IP address space.''

But it is unclear if the NC eth0 is using the ``virtual subnet IP address space'' network or an additional network.

By default the server ISO has a NAT for 172.19/16 like this

$ grep 172.19 eucalyptus.local.conf
VNET_SUBNET="172.19.0.0"

and

$ sudo iptables -n -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 172.19.0.0/16 169.254.169.254 tcp dpt:80 to:169.254.169.254:8773

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.19.0.0/16 !172.19.0.0/16

Should the NC eth0 be on 172.19.0.0/16 or should an additional NAT be configured into netfilter via iptables?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu eucalyptus Edit question
Assignee:
No assignee Edit question
Solved by:
nutznboltz
Solved:
Last query:
Last reply:
Revision history for this message
nutznboltz (nutznboltz-deactivatedaccount) said :
#1

The answer is that you can't use 172.19.0.0/16 for the eth0 on the NC.

Revision history for this message
nutznboltz (nutznboltz-deactivatedaccount) said :
#2

Actually the documentation for STATIC insinuates otherwise. They do such a rotten job of expressing the CC <-> NC network but this statement looks like a clue to what their intent is:

``It is also necessary to instruct Eucalyptus about the subnet being used by the CC and NC. To do this, you must configure VNET_SUBNET, etc., as described earlier in Section 3.3: About VNET_ options. ''