Commit a3ae428d authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Set up NAT for packets heading off the control network.

parent bea88a10
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# Copyright (c) 2000-2012 University of Utah and the Flux Group. # Copyright (c) 2000-2013 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -26,6 +26,7 @@ use Getopt::Std; ...@@ -26,6 +26,7 @@ use Getopt::Std;
use English; use English;
use Data::Dumper; use Data::Dumper;
use POSIX qw(setsid); use POSIX qw(setsid);
use Socket;
# #
# Invoked by xmcreate script to configure the control network for a vnode. # Invoked by xmcreate script to configure the control network for a vnode.
...@@ -91,6 +92,17 @@ my $fs_ip = `host fs | grep 'has address'`; ...@@ -91,6 +92,17 @@ my $fs_ip = `host fs | grep 'has address'`;
if ($fs_ip =~ /has address ([0-9\.]*)$/) { if ($fs_ip =~ /has address ([0-9\.]*)$/) {
$fs_ip = $1; $fs_ip = $1;
} }
my $PCNET_IP_FILE = "$BOOTDIR/myip";
my $PCNET_MASK_FILE = "$BOOTDIR/mynetmask";
my $PCNET_GW_FILE = "$BOOTDIR/routerip";
my $cnet_ip = `cat $PCNET_IP_FILE`;
my $cnet_mask = `cat $PCNET_MASK_FILE`;
my $cnet_gw = `cat $PCNET_GW_FILE`;
chomp($cnet_ip);
chomp($cnet_mask);
chomp($cnet_gw);
my $network = inet_ntoa(inet_aton($cnet_ip) & inet_aton($cnet_mask));
# Each container gets a tmcc proxy running on another port. # Each container gets a tmcc proxy running on another port.
my $local_tmcd_port = $TMCD_PORT + $vmid; my $local_tmcd_port = $TMCD_PORT + $vmid;
...@@ -185,6 +197,25 @@ sub Online() ...@@ -185,6 +197,25 @@ sub Online()
return -1 return -1
if ($?); if ($?);
} }
#
# If the source is from the vnode, headed to the local control
# net, no need for any NAT; just let it through.
#
mysystem2("$IPTABLES -t nat -A POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $network/$cnet_mask");
return -1
if ($?);
#
# Otherwise, setup NAT so that traffic leaving the vnode on its
# control net IP, that has been routed out the phys host's
# control net iface, is NAT'd to the phys host's control
# net IP, using SNAT.
#
mysystem2("$IPTABLES -t nat -A POSTROUTING ".
" -s $vnode_ip -o $bridge -j SNAT --to-source $host_ip");
return 0; return 0;
} }
...@@ -223,6 +254,12 @@ sub Offline() ...@@ -223,6 +254,12 @@ sub Offline()
" -o $bridge"); " -o $bridge");
} }
mysystem2("$IPTABLES -t nat -D POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $network/$cnet_mask");
mysystem2("$IPTABLES -t nat -D POSTROUTING ".
" -s $vnode_ip -o $bridge -j SNAT --to-source $host_ip");
# evproxy # evproxy
mysystem2("$IPTABLES -t nat -D PREROUTING -j DNAT -p tcp ". mysystem2("$IPTABLES -t nat -D PREROUTING -j DNAT -p tcp ".
" --dport $EVPROXY_PORT -d $ops_ip -s $vnode_ip ". " --dport $EVPROXY_PORT -d $ops_ip -s $vnode_ip ".
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment