In Managed and Managed (No VLAN) modes, Eucalyptus flushes the CC's iptables rules
for both
filter and nat, then it sets the default policy for the
FORWARD chain in filter to DROP. At run
time, the CC adds and removes rules from FORWARD as users add and remove
ingress rules from their active security groups. In addition, the nat table
is configured to allow VMs access to the external network using IP masquerading,
and
dynamically adds/removes rules in the nat table as users assign and unassign
public IPs to VMs at instance boot or run-time.
If you have rules you want to apply on the CC, make the following edit on the CC before
you
start Eucalyptus or while Eucalyptus is stopped:
iptables-save > /var/run/eucalyptus/net/iptables-preload
 |
CAUTION
Performing this operation to define special iptables rules that are loaded
when Eucalyptus starts could cause Eucalyptus VM networking to fail. We recommend
that
you only do this if you are completely sure that it will not interfere with the
operation of
Eucalyptus.
|
