X-Git-Url: http://git.onelab.eu/?p=nodemanager-topo.git;a=blobdiff_plain;f=setup-nat;h=2ba9781172b1150c6fe0e4bcfbb2683926e2aeae;hp=c835670007fb1fba82245a4871400cf8312f70a7;hb=HEAD;hpb=23aba513795b0fe75632eccb808bfb891e9603a8 diff --git a/setup-nat b/setup-nat index c835670..2ba9781 100644 --- a/setup-nat +++ b/setup-nat @@ -1,43 +1,40 @@ #!/bin/sh +x -IP=/sbin/ip - SLICE=$1 SLICEID=`id -u $SLICE` NODEID=$2 KEY=$3 -modprobe etun - -### -### Avoid IP address collisions between NAT and virtual links. -### Virtual links have addresses 10.A.B.[23], where A < B always. -### So make sure that A > B for NAT. -### -if [ $KEY > $NODEID ]; then - BASE="10.$KEY.$NODEID" -else - BASE="10.$NODEID.$KEY" -fi +# +# OpenVPN uses addresses in 10./16 block. Avoid collisions with +# this block. NAT interface is not advertised and so does not require +# unique address throughout the topology. But the address of each slice's +# NAT interface must be unique on a single node. +# +BASE="10.0.$KEY" +EXTIP=$BASE.1 +EXTNET=$EXTIP/24 +INTIP=$BASE.2 +INTNET=$INTIP/24 +BASENET=$BASE.0/24 ### Setup etun ETUN0=nat$KEY ETUN1=natx$KEY -echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif -ifconfig $ETUN1 $BASE.1 up - -/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT -/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT +ip link add name $ETUN0 type veth peer name $ETUN1 +ifconfig $ETUN1 $EXTNET up ### Put a process in the vserver so we can move the interface there -su $SLICE -c "sleep 30" & -sleep 1 -PID=`su $SLICE -c "pgrep sleep"` -chcontext --ctx 1 -- echo $PID > /sys/class/net/$ETUN0/new_ns_pid +su $SLICE -c "sleep 30 &" +PID=`su $SLICE -c "pgrep -n sleep"` +ip link set $ETUN0 netns $PID +naddress --add --nid $SLICEID --ip $INTNET sleep 1 -su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $BASE.2/24 up; \ - sudo /sbin/route add -net $BASE.0/24 $ETUN0; \ - sudo /sbin/route add default gw $BASE.1" +su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \ + sudo /sbin/route add default gw $EXTIP; \ + sudo /sbin/ifconfig lo 127.0.0.1/8 up" +ip rule add dev eth0 fwmark $KEY table $KEY +ip route add table $KEY default via $INTIP +iptables -t mangle -A PREROUTING -i $ETUN1 -j CONNMARK --set-mark $KEY