DokuWiki

User Tools

Site Tools

Trace: 102
cluster:102

This is an old revision of the document!


Back

This is my second NAT story, for the first one look at The Story Of NAT, part 1

NAT Story, part 2

Writing this up so I will remember what I did, and why. Basic problem is this: How do you make a filesystem in a public VLAN available on a private network? One solution is to work with Network Address Translation, or NAT in short. More information at http://en.wikipedia.org/wiki/Network_address_translation

We have a storage device which we refer to as flexstorage.wesleyan.edu which serves up a file system on login node petaltail. 

[root@petaltail ~]# host flexstorage
flexstorage.wesleyan.edu has address 129.133.24.81

[root@petaltail ~]# df -h /home/dlbgroup
Filesystem            Size  Used Avail Use% Mounted on
flexstorage.wesleyan.edu:/share/dlbgroup
                     1000G  588G  413G  59% /home/dlbgroup

Host petaltail has the following interfaces. The file system in question is mounted on host petaltail as VLAN 1 can reach VLAN 24. 

eth0      Link encap:Ethernet  HWaddr 00:18:8B:51:FA:42
          inet addr:192.168.1.217  Bcast:192.168.255.255  Mask:255.255.0.0
eth1      Link encap:Ethernet  HWaddr 00:18:8B:51:FA:44
          inet addr:10.10.100.217  Bcast:10.10.255.255  Mask:255.255.0.0
eth2      Link encap:Ethernet  HWaddr 00:15:17:80:8D:F2
          inet addr:129.133.1.225  Bcast:129.133.1.255  Mask:255.255.255.0
eth3      Link encap:Ethernet  HWaddr 00:15:17:80:8D:F3
          inet addr:192.168.2.2  Bcast:192.168.2.255  Mask:255.255.255.0

But a compute node on our cluster, for example node b1, has the following interfaces, all private 

eth0      Link encap:Ethernet  HWaddr 00:13:D3:F2:C8:EC  
          inet addr:192.168.1.7  Bcast:192.168.255.255  Mask:255.255.0.0
eth1      Link encap:Ethernet  HWaddr 00:13:D3:F2:C8:ED  
          inet addr:10.10.100.7  Bcast:10.10.255.255  Mask:255.255.0.0

So in order to for the compute node b1 to reach the flexstorage server we need to use NAT rules and define a path/route. First we start on petaltail and edit the iptables files and add a “nat filter” and in the “filter filter” set up rules for forwarding and post routing. 

*nat
# fss public to 10.10
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT

*filter
# fss public via 10.10
-A FORWARD -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
...
COMMIT

Next


Back

cluster/102.1309360867.txt.gz · Last modified: 2011/06/29 11:21 by hmeij

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki