Enabling IP routing: Difference between revisions

From DISI
Jump to navigation Jump to search
No edit summary
(added alternative NAT/postrouting method)
Line 15: Line 15:
5. Restart iptables: `service iptables restart`
5. Restart iptables: `service iptables restart`
Alternative method:
Same as steps 1 & 2 above.  However, in step 3 & 4:
3. # enable post route
-A POSTROUTING -o <name of interface to route traffic out of> -j MASQUERADE
4. # NAT forwarding
-A FORWARD -i <input interface> -o <output interface> -j ACCEPT
-A FORWARD -i <output interface> -o <input interface> -m state --state RELATED,ESTABLISHED -j ACCEPT


= on the nodes =  
= on the nodes =  

Revision as of 17:27, 20 April 2018

Say a cluster exports a disk to one machine, and you want to make that disk available to all machines in your cluster. Basically, you want to use that one machine as a router. Here is how to do it:


  • 1. Change `net.ipv4.ip_forward = 0` to `net.ipv4.ip_forward = 1` in `/etc/sysctl.conf
  • 2. Also run `sysctl -w net.ipv4.ip_forward=1` to avoid restarting.
  • 3. Add the following at the top of `/etc/sysconfig/iptables` (before `*filter`)
    *nat
    -A POSTROUTING -o bond0.100 -j MASQUERADE
    COMMIT
  
  • 4. Add the following to the end of `/etc/sysconfig/iptables` (before `-A FORWARD -j REJECT --reject-with icmp-host-prohibited`)
   -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
   -A FORWARD -m state --state NEW -i bond0.101 -d 169.230.79.14 -j ACCEPT

5. Restart iptables: `service iptables restart`

Alternative method: Same as steps 1 & 2 above. However, in step 3 & 4:

3. # enable post route -A POSTROUTING -o <name of interface to route traffic out of> -j MASQUERADE

4. # NAT forwarding -A FORWARD -i <input interface> -o <output interface> -j ACCEPT -A FORWARD -i <output interface> -o <input interface> -m state --state RELATED,ESTABLISHED -j ACCEPT

on the nodes

echo "169.230.79.14:/diva2    /mnt/sali/diva2       nfs     ro,noatime,tcp,intr     0 0" >> /etc/fstab
mkdir -pv /mnt/sali/diva2
route add 169.230.79.14 gw 10.0.1.157