Commit 5ab5f8d5 authored by Leigh Stoller's avatar Leigh Stoller

On a non-segmented control network (like an IG rack), boss/ops have

aliases on the virtual node network. Allows these though too.
parent dabaadc5
......@@ -174,6 +174,21 @@ if ($VIRTNODE_NETWORK =~ /^(\d+\.\d+\.\d+)\.0$/) {
if ($doit);
}
#
# Sorry these are hardwired.
#
my $EMULAB_VCNET_BOSS = "172.17.254.254";
my $EMULAB_VCNET_OPS = "172.17.253.254";
$str = "replace into default_firewall_vars values ".
"('EMULAB_VCNET_BOSS', '$EMULAB_VCNET_BOSS'), ".
"('EMULAB_VCNET_OPS', '$EMULAB_VCNET_OPS')";
print "$str\n"
if (!$doit);
DBQueryFatal($str)
if ($doit);
#
# Create EMULAB_MCADDR and EMULAB_MCPORT variables
#
......
......@@ -81,6 +81,10 @@
# Allow everything from the gateway, since the gateway may be part of the node control net
iptables -A OUTSIDE -s EMULAB_GWIP,EMULAB_VGWIP -j ACCEPT # BASIC,CLOSED,ELABINELAB
# On a non-segmented control network (like an IG rack), boss/ops
# have aliases on the virtual node network. Allows these though.
iptables -A OUTSIDE -s EMULAB_VCNET_BOSS,EMULAB_VCNET_OPS -j ACCEPT # BASIC,CLOSED,ELABINELAB
#
# No one on the inside can talk to other experiments' nodes and visa-versa.
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment