git://git.onelab.eu
/
nodemanager-topo.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Changes for 2.6.32 kernel
[nodemanager-topo.git]
/
setup-nat
diff --git
a/setup-nat
b/setup-nat
index
e76a359
..
2ba9781
100644
(file)
--- a/
setup-nat
+++ b/
setup-nat
@@
-1,14
+1,10
@@
#!/bin/sh +x
#!/bin/sh +x
-IP=/sbin/ip
-
SLICE=$1
SLICEID=`id -u $SLICE`
NODEID=$2
KEY=$3
SLICE=$1
SLICEID=`id -u $SLICE`
NODEID=$2
KEY=$3
-modprobe etun
-
#
# OpenVPN uses addresses in 10.<nodeid>/16 block. Avoid collisions with
# this block. NAT interface is not advertised and so does not require
#
# OpenVPN uses addresses in 10.<nodeid>/16 block. Avoid collisions with
# this block. NAT interface is not advertised and so does not require
@@
-28,19
+24,17
@@
ETUN1=natx$KEY
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 $EXTNET up
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 $EXTNET up
-/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
-
### Put a process in the vserver so we can move the interface there
su $SLICE -c "sleep 30 &"
PID=`su $SLICE -c "pgrep -n sleep"`
### Put a process in the vserver so we can move the interface there
su $SLICE -c "sleep 30 &"
PID=`su $SLICE -c "pgrep -n sleep"`
-
$IP
link set $ETUN0 netns $PID
+
ip
link set $ETUN0 netns $PID
naddress --add --nid $SLICEID --ip $INTNET
sleep 1
su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
naddress --add --nid $SLICEID --ip $INTNET
sleep 1
su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
- sudo /sbin/route add -net $BASENET $ETUN0; \
sudo /sbin/route add default gw $EXTIP; \
sudo /sbin/ifconfig lo 127.0.0.1/8 up"
sudo /sbin/route add default gw $EXTIP; \
sudo /sbin/ifconfig lo 127.0.0.1/8 up"
+ip rule add dev eth0 fwmark $KEY table $KEY
+ip route add table $KEY default via $INTIP
+iptables -t mangle -A PREROUTING -i $ETUN1 -j CONNMARK --set-mark $KEY