In Managed and Managed (No VLAN) modes, Eucalyptus flushes the CC's
iptables rules for both filter and
nat, then it sets the default policy for the
FORWARD chain in filter to
DROP. At run time, the CC adds and removes
rules from FORWARD as users add and remove ingress
rules from their active security groups. In addition, the
nat table is configured to allow VMs access to
the external network using IP masquerading, and dynamically
adds/removes rules in the nat table as users assign
and unassign public IPs to VMs at instance boot or run-time.
If you have rules you want to apply on the CC, make the following
edit on the CC before you start Eucalyptus or while Eucalyptus is
stopped:
iptables-save > /var/run/eucalyptus/net/iptables-preload
 |
CAUTION
Performing this operation to define special
iptables rules that are loaded when Eucalyptus starts could cause
Eucalyptus VM networking to fail. We recommend that you only do this
if you are completely sure that it will not interfere with the
operation of Eucalyptus.
|
