From 599d2d85b6f40ef1d3fc3b1b6d622305878cfb78 Mon Sep 17 00:00:00 2001 From: Andy Bavier Date: Tue, 17 Mar 2009 15:06:37 +0000 Subject: [PATCH] Change NAT address block --- NodeManager-topo.spec | 2 +- setup-nat | 19 ++++++++----------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/NodeManager-topo.spec b/NodeManager-topo.spec index 6090c43..78371bf 100644 --- a/NodeManager-topo.spec +++ b/NodeManager-topo.spec @@ -2,7 +2,7 @@ Name: NodeManager-topo Version: 0.3 -Release: 1 +Release: 2 Summary: Plugin supporting creating a default virtual topology. Group: System Environment/Daemons diff --git a/setup-nat b/setup-nat index c835670..7eb87c6 100644 --- a/setup-nat +++ b/setup-nat @@ -9,22 +9,19 @@ KEY=$3 modprobe etun -### -### Avoid IP address collisions between NAT and virtual links. -### Virtual links have addresses 10.A.B.[23], where A < B always. -### So make sure that A > B for NAT. -### -if [ $KEY > $NODEID ]; then - BASE="10.$KEY.$NODEID" -else - BASE="10.$NODEID.$KEY" -fi +# +# OpenVPN uses addresses in 10./16 block. Avoid collisions with +# this block. NAT interface is not advertised and so does not require +# unique address throughout the topology. But the address of each slice's +# NAT interface must be unique on a single node. +# +BASE="10.0.$KEY" ### Setup etun ETUN0=nat$KEY ETUN1=natx$KEY echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif -ifconfig $ETUN1 $BASE.1 up +ifconfig $ETUN1 $BASE.1/24 up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT -- 2.43.0