Enabling IP routing: Difference between revisions
Jump to navigation
Jump to search
(added alternative NAT/postrouting method) |
No edit summary |
||
Line 8: | Line 8: | ||
-A POSTROUTING -o bond0.100 -j MASQUERADE | -A POSTROUTING -o bond0.100 -j MASQUERADE | ||
COMMIT | COMMIT | ||
* 4. Add the following to the end of `/etc/sysconfig/iptables` (before `-A FORWARD -j REJECT --reject-with icmp-host-prohibited`) | * 4. Add the following to the end of `/etc/sysconfig/iptables` (before `-A FORWARD -j REJECT --reject-with icmp-host-prohibited`) | ||
Line 16: | Line 15: | ||
5. Restart iptables: `service iptables restart` | 5. Restart iptables: `service iptables restart` | ||
Alternative method: | ==Alternative method:== | ||
Same as steps 1 & 2 above. However, in step 3 & 4: | Same as steps 1 & 2 above. However, in step 3 & 4: | ||
3. # enable post route | 3. # enable post route | ||
-A POSTROUTING -o <name of interface to route traffic out of> -j MASQUERADE | -A POSTROUTING -o <name of interface to route traffic out of> -j MASQUERADE | ||
4. # NAT forwarding | 4. # NAT forwarding | ||
-A FORWARD -i <input interface> -o <output interface> -j ACCEPT | -A FORWARD -i <input interface> -o <output interface> -j ACCEPT | ||
-A FORWARD -i <output interface> -o <input interface> -m state --state RELATED,ESTABLISHED -j ACCEPT | -A FORWARD -i <output interface> -o <input interface> -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
5. Restart iptables with 'service iptables restart' | |||
= on the nodes = | = on the nodes = |
Revision as of 17:28, 20 April 2018
Say a cluster exports a disk to one machine, and you want to make that disk available to all machines in your cluster. Basically, you want to use that one machine as a router. Here is how to do it:
- 1. Change `net.ipv4.ip_forward = 0` to `net.ipv4.ip_forward = 1` in `/etc/sysctl.conf
- 2. Also run `sysctl -w net.ipv4.ip_forward=1` to avoid restarting.
- 3. Add the following at the top of `/etc/sysconfig/iptables` (before `*filter`)
*nat -A POSTROUTING -o bond0.100 -j MASQUERADE COMMIT
- 4. Add the following to the end of `/etc/sysconfig/iptables` (before `-A FORWARD -j REJECT --reject-with icmp-host-prohibited`)
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -m state --state NEW -i bond0.101 -d 169.230.79.14 -j ACCEPT
5. Restart iptables: `service iptables restart`
Alternative method:
Same as steps 1 & 2 above. However, in step 3 & 4:
3. # enable post route
-A POSTROUTING -o <name of interface to route traffic out of> -j MASQUERADE
4. # NAT forwarding
-A FORWARD -i <input interface> -o <output interface> -j ACCEPT -A FORWARD -i <output interface> -o <input interface> -m state --state RELATED,ESTABLISHED -j ACCEPT
5. Restart iptables with 'service iptables restart'
on the nodes
echo "169.230.79.14:/diva2 /mnt/sali/diva2 nfs ro,noatime,tcp,intr 0 0" >> /etc/fstab mkdir -pv /mnt/sali/diva2 route add 169.230.79.14 gw 10.0.1.157