Cannot Access UEC Cloud Server from Outside Network

Posted on 2009-12-28
Last Modified: 2013-11-15
We are in the early stages of doing a test deployment of the new Ubuntu Enterprise Cloud software, based on the Eucalpytus software, for possible use in our server environment.

I have successfully installed a cluster controller machine and one node. From inside our internal network using our private IP addresses (e.g. 192.168.x.x), I can access the web administration interface on the controller just fine, and I can also use SSH to access the console/command line on the controller. However, when I attempt to access either of these services from outside our local network, the connections simply time out.

I have verified that our firewall (a Cisco PIX 515E) is properly configured to allow access on the necessary ports and the proper external IP, to properly forward to the correct machine, etc. Also, a traceroute conducted using our firewall management software verifies that packets are allowed through and reach the destination properly.

Can anyone think of a reason these connections would not be working? Does UEC by default have some sort of firewall or access restrictions that would prevent access from an outside network? Are there any additional settings I need to tweak?

Any help would be most appreciated.


- Tom
Question by:TomEA
    LVL 6

    Expert Comment

            It seems that you need X.509 certificates to access the cloud controller.

    Please have a look at this link and jump to  "STEP 5: Obtain Credentials" section.
    LVL 1

    Author Comment

    Thank you for the reply!

    I understand that X.509 credentials are needed to access the cloud itself. However, if you look at those instructions, you'll see that it points you to the web server on the cloud controller as the place to access and download your credentials. That's also where you do the initial management of setting up the administrative user.

    Accessing that web server does not require X.509 credentials. I have successfully accessed it from another machine on our local network just fine. Also, I am able to use SSH to access a console session on the server without having X.509 credentials. However, when I attempt to do so from outside our local network is when I have problems. That's what I'm trying to figure out.

    Thanks again!

    - Tom
    LVL 6

    Expert Comment


    In this case, try to access the machine using SSH from remote network and capture the SSH logs. It should report your connection attempt and status. Try to increase the verbose level of the log to get detailed log information.
    LVL 1

    Accepted Solution

    Well, I found the solution to this one. I appreciate all the help here, but it turns out that I was just an idiot. :)

    During installation of UEC, if your server has more than one network interface, the software allows (and recommends) the designation of one interface/IP address as internal and one as external. I did this during installation and then promptly forgot about it, since a normal Ubuntu install does not do that.

    In that setup, the server will not accept any traffic from external IP addresses on the internal interface. That is why I could connect on our local network, but not across the Internet. Once I pointed our firewall at the designated external interface, all started working normally.

    Thanks again, everyone. Sorry for taking up your time with such a boneheaded mistake!

    - Tom

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
    This video is a brief demonstration on how to use security groups and Network Access Control Lists (ACLs) in Amazon Web Services.  Security groups and Network ACLs are mechanisms you can use in AWS to control network traffic.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now