Changes for 2.6.32 kernel

[nodemanager-topo.git] / setup-nat

diff --git a/setup-nat b/setup-nat
index bb9053a..2ba9781 100644 (file)
--- a/setup-nat
+++ b/setup-nat
@@ -1,14 +1,10 @@
 #!/bin/sh +x
 
-IP=/sbin/ip
-
 SLICE=$1
 SLICEID=`id -u $SLICE`
 NODEID=$2
 KEY=$3
 
-modprobe etun
-
 #
 # OpenVPN uses addresses in 10.<nodeid>/16 block.  Avoid collisions with
 # this block.  NAT interface is not advertised and so does not require
@@ -28,14 +24,10 @@ ETUN1=natx$KEY
 ip link add name $ETUN0 type veth peer name $ETUN1
 ifconfig $ETUN1 $EXTNET up
 
-/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
-
 ### Put a process in the vserver so we can move the interface there
 su $SLICE -c "sleep 30 &"
 PID=`su $SLICE -c "pgrep -n sleep"`
-$IP link set $ETUN0 netns $PID
+ip link set $ETUN0 netns $PID
 naddress --add --nid $SLICEID --ip $INTNET
 sleep 1
 
@@ -43,3 +35,6 @@ su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
  sudo /sbin/route add default gw $EXTIP; \
  sudo /sbin/ifconfig lo 127.0.0.1/8 up"
 
+ip rule add dev eth0 fwmark $KEY table $KEY
+ip route add table $KEY default via $INTIP
+iptables -t mangle -A PREROUTING -i $ETUN1 -j CONNMARK --set-mark $KEY