Learn how to a build a cloud-first strategyRegister Now


Cannot Access UEC Cloud Server from Outside Network

Posted on 2009-12-28
Medium Priority
Last Modified: 2013-11-15
We are in the early stages of doing a test deployment of the new Ubuntu Enterprise Cloud software, based on the Eucalpytus software, for possible use in our server environment.

I have successfully installed a cluster controller machine and one node. From inside our internal network using our private IP addresses (e.g. 192.168.x.x), I can access the web administration interface on the controller just fine, and I can also use SSH to access the console/command line on the controller. However, when I attempt to access either of these services from outside our local network, the connections simply time out.

I have verified that our firewall (a Cisco PIX 515E) is properly configured to allow access on the necessary ports and the proper external IP, to properly forward to the correct machine, etc. Also, a traceroute conducted using our firewall management software verifies that packets are allowed through and reach the destination properly.

Can anyone think of a reason these connections would not be working? Does UEC by default have some sort of firewall or access restrictions that would prevent access from an outside network? Are there any additional settings I need to tweak?

Any help would be most appreciated.


- Tom
Question by:TomEA
  • 2
  • 2

Expert Comment

ID: 26137208
        It seems that you need X.509 certificates to access the cloud controller.

Please have a look at this link and jump to  "STEP 5: Obtain Credentials" section.


Author Comment

ID: 26138102
Thank you for the reply!

I understand that X.509 credentials are needed to access the cloud itself. However, if you look at those instructions, you'll see that it points you to the web server on the cloud controller as the place to access and download your credentials. That's also where you do the initial management of setting up the administrative user.

Accessing that web server does not require X.509 credentials. I have successfully accessed it from another machine on our local network just fine. Also, I am able to use SSH to access a console session on the server without having X.509 credentials. However, when I attempt to do so from outside our local network is when I have problems. That's what I'm trying to figure out.

Thanks again!

- Tom

Expert Comment

ID: 26151658

In this case, try to access the machine using SSH from remote network and capture the SSH logs. It should report your connection attempt and status. Try to increase the verbose level of the log to get detailed log information.

Accepted Solution

TomEA earned 0 total points
ID: 26182965
Well, I found the solution to this one. I appreciate all the help here, but it turns out that I was just an idiot. :)

During installation of UEC, if your server has more than one network interface, the software allows (and recommends) the designation of one interface/IP address as internal and one as external. I did this during installation and then promptly forgot about it, since a normal Ubuntu install does not do that.

In that setup, the server will not accept any traffic from external IP addresses on the internal interface. That is why I could connect on our local network, but not across the Internet. Once I pointed our firewall at the designated external interface, all started working normally.

Thanks again, everyone. Sorry for taking up your time with such a boneheaded mistake!

- Tom

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question