This is an old revision of the document!
This is my second NAT story, for the first one look at The Story Of NAT, part 1
Writing this up so I will remember what I did, and why. Basic problem is this: How do you make a filesystem in a public VLAN available on a private network? One solution is to work with Network Address Translation, or NAT in short. More information at http://en.wikipedia.org/wiki/Network_address_translation
We have a storage device which we refer to as flexstorage.wesleyan.edu which serves up a file system on login node petaltail.
[root@petaltail ~]# host flexstorage flexstorage.wesleyan.edu has address 129.133.24.81 [root@petaltail ~]# df -h /home/dlbgroup Filesystem Size Used Avail Use% Mounted on flexstorage.wesleyan.edu:/share/dlbgroup 1000G 588G 413G 59% /home/dlbgroup
Host petaltail has the following interfaces. The file system in question is mounted on host petaltail as VLAN 1 can reach VLAN 24.
eth0 Link encap:Ethernet HWaddr 00:18:8B:51:FA:42 inet addr:192.168.1.217 Bcast:192.168.255.255 Mask:255.255.0.0 eth1 Link encap:Ethernet HWaddr 00:18:8B:51:FA:44 inet addr:10.10.100.217 Bcast:10.10.255.255 Mask:255.255.0.0 eth2 Link encap:Ethernet HWaddr 00:15:17:80:8D:F2 inet addr:129.133.1.225 Bcast:129.133.1.255 Mask:255.255.255.0 eth3 Link encap:Ethernet HWaddr 00:15:17:80:8D:F3 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
But a compute node on our cluster, for example node b1, has the following interfaces, all private
eth0 Link encap:Ethernet HWaddr 00:13:D3:F2:C8:EC inet addr:192.168.1.7 Bcast:192.168.255.255 Mask:255.255.0.0 eth1 Link encap:Ethernet HWaddr 00:13:D3:F2:C8:ED inet addr:10.10.100.7 Bcast:10.10.255.255 Mask:255.255.0.0
So in order to for the compute node b1 to reach the flexstorage server we need to use NAT rules and define a path/route. First we start on petaltail and edit the iptables files and add a “nat filter” and in the “filter filter” set up rules for forwarding and post routing.
*nat # fss public to 10.10 -A POSTROUTING -o eth2 -j MASQUERADE COMMIT *filter # fss public via 10.10 -A FORWARD -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT ... COMMIT
Next