Hi Henrique,
Those viznodes are going to have to talk to your submit node, which will
not be possible with their private IP addresses because I'm betting that
the head node is not performing IP masquerading on their behalf, right?
Another alternative is to run a GCB instance on the head node, though I
haven't actually done this myself. See the following link for details:
http://www.cs.wisc.edu/~sschang/firewall/gcb/index.htm
The way we do it is to give all nodes in our Condor "world" certain
"private" addresses that are routable within our domain (hence local
routers need to be suitably configured). Then the head node has IP
forwarding activated as well as being an ARP proxy. This then acts as the
gateway for the cluster nodes, and it all works well.
Cheers,
Mark