Comment 9 for bug 527648

the iptables policy is set to DROP by the CC, as a way to enforce correct AWS security group semantics (inter-sec. group traffic is blocked by default until rules are added to allow traffic). However, once a public->private mapping is added (DNAT/SNAT rules show up in iptables nat table), traffic should flow freely, assuming that you've authorized ssh/ping access to the security group in which your VM is running (euca-authorize ....). Those authorizations show up iptables once the authorize rules have been applied. If you can get it into this state, it would help to see the output of:

iptables -t nat -L -n
iptables -L -n

Regards
-Dan