I finally managed to get it working :

I used the "dhcp_option=3,ip_of_router" (setup with dnsmasq_config_file) so the instances would have a default gateway pointing to the router instead of the compute node's nic. Second, I opened up the firewall with:

nova secgroup-add-rule default icmp -1 -1
nova secgroup-add-rule default tcp 22 22

Now I have connectivity from hosts outside of the vlan range.