Commit 5ab5f8d5 authored by Leigh Stoller's avatar Leigh Stoller

On a non-segmented control network (like an IG rack), boss/ops have

aliases on the virtual node network. Allows these though too.
parent dabaadc5
...@@ -174,6 +174,21 @@ if ($VIRTNODE_NETWORK =~ /^(\d+\.\d+\.\d+)\.0$/) { ...@@ -174,6 +174,21 @@ if ($VIRTNODE_NETWORK =~ /^(\d+\.\d+\.\d+)\.0$/) {
if ($doit); if ($doit);
} }
#
# Sorry these are hardwired.
#
my $EMULAB_VCNET_BOSS = "172.17.254.254";
my $EMULAB_VCNET_OPS = "172.17.253.254";
$str = "replace into default_firewall_vars values ".
"('EMULAB_VCNET_BOSS', '$EMULAB_VCNET_BOSS'), ".
"('EMULAB_VCNET_OPS', '$EMULAB_VCNET_OPS')";
print "$str\n"
if (!$doit);
DBQueryFatal($str)
if ($doit);
# #
# Create EMULAB_MCADDR and EMULAB_MCPORT variables # Create EMULAB_MCADDR and EMULAB_MCPORT variables
# #
......
...@@ -81,6 +81,10 @@ ...@@ -81,6 +81,10 @@
# Allow everything from the gateway, since the gateway may be part of the node control net # Allow everything from the gateway, since the gateway may be part of the node control net
iptables -A OUTSIDE -s EMULAB_GWIP,EMULAB_VGWIP -j ACCEPT # BASIC,CLOSED,ELABINELAB iptables -A OUTSIDE -s EMULAB_GWIP,EMULAB_VGWIP -j ACCEPT # BASIC,CLOSED,ELABINELAB
# On a non-segmented control network (like an IG rack), boss/ops
# have aliases on the virtual node network. Allows these though.
iptables -A OUTSIDE -s EMULAB_VCNET_BOSS,EMULAB_VCNET_OPS -j ACCEPT # BASIC,CLOSED,ELABINELAB
# #
# No one on the inside can talk to other experiments' nodes and visa-versa. # No one on the inside can talk to other experiments' nodes and visa-versa.
# #
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment