User Tools

Site Tools


cluster:102

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
cluster:102 [2011/06/29 11:59]
hmeij
cluster:102 [2020/08/24 07:19] (current)
hmeij07
Line 2: Line 2:
 **[[cluster:​0|Back]]** **[[cluster:​0|Back]]**
  
-This is my second NAT story, for the first one look at [[cluster:51|The Story Of NAT, part 1]]+Note #1 
 + 
 +CentOS 8.1 with the standard firewalld.\\ 
 +If this is of interest to you this was how I managed to get it work: 
 +<​code>​ 
 +EXTIFACE=MASTER_NODE_EXT_INTERFACE_DEVICE (e.g. eno1) 
 +INTIFACE=MASTER_NODE_INTERNAL_INTERFACE_DEVICE (e.g. eno2) 
 +INTIPADDR=MASTER_IP_OF_INTERNAL_IFAC 
 +PREFIX=PREFIX_OF_INTERNAL_NETWORK 
 +firewall-cmd --change-interface=${EXTIFACE} --zone=public 
 +firewall-cmd --change-interface=${INTIFACE} --zone=trusted --permanent 
 +firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o ${EXTIFACE} -j MASQUERADE -s ${INTIPADDR}/​${PREFIX} 
 +firewall-cmd --set-default-zone=trusted 
 +firewall-cmd --reload 
 +</​code>​ 
 +  
 +And make sure the default route is set on all compute nodes.  
 + 
 +Note #2 
 + 
 +configured Shorewall on a cluster ​to do NAT through the head node. 
 + 
 +Edit the file /​etc/​shorewall/​snat ​  and add this line: 
 +<​code>​ 
 +MASQUERADE 192.168.0.0/​24 ​     eno1 
 +</​code>​ 
 +where 192.168.0 is the address range of your node interfaces - clearly you need to change this to fit 
 +en01 is the external interface on the head node 
 + 
 +My /​etc/​shorewall/​interfaces contains this (forwarding ib0) 
 +<​code>​ 
 +nat     ​eno1 ​   detect ​ dhcp 
 +nat     ​ib0 ​    ​detect ​ dhcp 
 +</​code>​ 
 +so substitute ib0 for your internal ethernet interface 
 + 
 + 
 + 
  
 ==== NAT Story, part 2 ==== ==== NAT Story, part 2 ====
 +
 +This is my second NAT story, for the first one look at [[cluster:​51|The Story Of NAT, part 1]]
 +
 +
  
 Writing this up so I will remember what I did, and why.  Basic problem is this: How do you make a filesystem in a public VLAN available on a private network? ​ One solution is to work with Network Address Translation,​ or NAT in short. ​ More information at [[http://​en.wikipedia.org/​wiki/​Network_address_translation|http://​en.wikipedia.org/​wiki/​Network_address_translation]] Writing this up so I will remember what I did, and why.  Basic problem is this: How do you make a filesystem in a public VLAN available on a private network? ​ One solution is to work with Network Address Translation,​ or NAT in short. ​ More information at [[http://​en.wikipedia.org/​wiki/​Network_address_translation|http://​en.wikipedia.org/​wiki/​Network_address_translation]]
cluster/102.1309363157.txt.gz · Last modified: 2011/06/29 11:59 by hmeij