From: Andy Bavier <acb@cs.princeton.edu>
Date: Fri, 13 Jun 2008 21:26:36 +0000 (+0000)
Subject: Connect to outside world from inside a Trellis slice
X-Git-Tag: vsys-0.7-8~2
X-Git-Url: http://git.onelab.eu/?p=vsys.git;a=commitdiff_plain;h=d3ee8357efd54e74b4f6456c0a3a9d58ed39d58d

Connect to outside world from inside a Trellis slice
---

diff --git a/factory/setup-nat b/factory/setup-nat
new file mode 100755
index 0000000..61344a4
--- /dev/null
+++ b/factory/setup-nat
@@ -0,0 +1,57 @@
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+read KEY
+
+modprobe etun
+
+### Setup etun
+ETUN0=vnat0k$KEY
+ETUN1=vnat1k$KEY
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN1 10.0.$KEY.1 up
+
+/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+### Create "grab link" script
+GRAB=/vsys/grab-$ETUN0
+echo $SLICE > $GRAB.acl 
+rm -f $GRAB
+cat > $GRAB <<EOF
+#!/bin/sh
+
+read PID
+
+chcontext --ctx 1 -- echo \$PID > /sys/class/net/$ETUN0/new_ns_pid 
+EOF
+chmod +x $GRAB
+
+### Create "delete link" script
+DELETE=/vsys/delete-$ETUN0
+echo $SLICE > $DELETE.acl 
+rm -f $DELETE
+cat > $DELETE <<EOF
+#!/bin/sh
+
+read NULL
+
+# Remove iptables rules
+/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -D FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -D FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+# Get rid of etun devices, only need name of one of them
+echo $ETUN1 > /sys/module/etun/parameters/delif
+
+# Clean up files
+rm -f $GRAB $GRAB.acl
+rm -f $DELETE $DELETE.acl
+
+EOF
+chmod +x $DELETE
+