Scripts for creating and deleting NAT interface inside a sliver

diff --git a/setup-nat b/setup-nat
new file mode 100644 (file)
index 0000000..c835670
--- /dev/null
+++ b/setup-nat
@@ -0,0 +1,43 @@
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+NODEID=$2
+KEY=$3
+
+modprobe etun
+
+###
+### Avoid IP address collisions between NAT and virtual links.
+### Virtual links have addresses 10.A.B.[23], where A < B always.
+### So make sure that A > B for NAT.
+###
+if [ $KEY > $NODEID ]; then
+    BASE="10.$KEY.$NODEID"
+else
+    BASE="10.$NODEID.$KEY"
+fi
+
+### Setup etun
+ETUN0=nat$KEY
+ETUN1=natx$KEY
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN1 $BASE.1 up
+
+/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+### Put a process in the vserver so we can move the interface there
+su $SLICE -c "sleep 30" &
+sleep 1
+PID=`su $SLICE -c "pgrep sleep"`
+chcontext --ctx 1 -- echo $PID > /sys/class/net/$ETUN0/new_ns_pid 
+sleep 1
+
+su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $BASE.2/24 up; \
+ sudo /sbin/route add -net $BASE.0/24 $ETUN0; \
+ sudo /sbin/route add default gw $BASE.1"
+