Thread: RE: [SSI-users] NAT problem ?
Brought to you by:
brucewalker,
rogertsang
From: Walker, B. J <bru...@hp...> - 2005-02-24 18:48:18
|
Someone correct me if I am wrong but I think if you set up OpenSSI ha-lvs NAT, you just get NAT from the interior nodes for free. The gateway (for the interior nodes to use) is the LVS director node's interconnect interface. Bruce Note that if there are issues with the READMEs, please let me know. > -----Original Message----- > From: ssi...@li...=20 > [mailto:ssi...@li...] On=20 > Behalf Of Ron Croonenberg > Sent: Thursday, February 24, 2005 9:33 AM > To: ssi...@li... > Subject: [SSI-users] NAT problem ? >=20 >=20 > hello, >=20 > node 1 has 2 ethernet cards, eth0 and eth1, eth0 is the=20 > clusterinterconnect and > eth1 is hooked up to the lan/internet. >=20 > So if I want to setup IP FORWARDing and Masquerading I do : >=20 > iptables --table nat --append POSTROUTING --out-interface=20 > eth1 -j MASQUERADE > iptables --append FORWARD --in-interface eth0 -j ACCEPT >=20 > correct ? >=20 > Now when I set forwarding with : > iptables --table nat --append POSTROUTING --out-interface=20 > eth1 -j MASQUERADE >=20 > I get: > iptables: No chain/target/match by that name >=20 > So ...I am lost again... >=20 > Does anyone have any tips or hints ? >=20 > thanks, > Ron >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > 1879: > Thomas Edison gets an idea, and his brother Timmy says, > "Hey, what's that thing over your head? > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > Ron Croonenberg | Phone: 1 765 658 4761 > Technology Coordinator | Fax: 1 765 658 4732 > | > Department of ComputerScience | e-mail : ronc@DePauw.edu > DePauw University | > Julian Science & Math Center | > 602 South College Ave. | > Greencastle, IN 46135 | > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > http://www.depauw.edu/acad/computer/RonCroonenberg.asp > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from=20 > real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > Ssic-linux-users mailing list > Ssi...@li... > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >=20 |
From: Ron C. <ro...@de...> - 2005-02-24 19:30:35
|
Cool !! how do I set that up ? (Is there a simple example ?) Ron >Someone correct me if I am wrong but I think if you set up OpenSSI >ha-lvs NAT, you just get NAT from the interior nodes for free. The >gateway (for the interior nodes to use) is the LVS director node's >interconnect interface. > >Bruce > >>>Note that if there are issues with the READMEs, please let me know. >>> >>> >>> >>>>-----Original Message----- >>>>From: ssi...@li... >>>>[mailto:ssi...@li...] On >>>>Behalf Of Ron Croonenberg >>>>Sent: Thursday, February 24, 2005 9:33 AM >>>>To: ssi...@li... >>>>Subject: [SSI-users] NAT problem ? >>>> >>>> >>>>hello, >>>> >>>>node 1 has 2 ethernet cards, eth0 and eth1, eth0 is the >>>>clusterinterconnect and >>>>eth1 is hooked up to the lan/internet. >>>> >>>>So if I want to setup IP FORWARDing and Masquerading I do : >>>> >>>>iptables --table nat --append POSTROUTING --out-interface >>>>eth1 -j MASQUERADE >>>>iptables --append FORWARD --in-interface eth0 -j ACCEPT >>>> >>>>correct ? >>>> >>>>Now when I set forwarding with : >>>>iptables --table nat --append POSTROUTING --out-interface >>>>eth1 -j MASQUERADE >>>> >>>>I get: >>>>iptables: No chain/target/match by that name >>>> >>>>So ...I am lost again... >>>> >>>>Does anyone have any tips or hints ? >>>> >>>>thanks, >>>>Ron >>>> >>>> >>> >>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D />> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >>>>1879: >>>> Thomas Edison gets an idea, and his brother Timmy says, >>>> "Hey, what's that thing over your head? >>>> >>> >>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D />> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >>>> Ron Croonenberg | Phone: 1 765 658 4761 >>>> Technology Coordinator | Fax: 1 765 658 4732 >>>> | >>>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>>> DePauw University | >>>> Julian Science & Math Center | >>>> 602 South College Ave. | >>>> Greencastle, IN 46135 | >>>> >>> >>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D />> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >>>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>>> >>> >>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D />> o>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >>>> >>>>------------------------------------------------------- >>>>SF email is sponsored by - The IT Product Guide >>>>Read honest & candid reviews on hundreds of IT Products from >>>>real users. >>>>Discover which products truly live up to the hype. Start reading now. >>>>http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick >>>>_______________________________________________ >>>>Ssic-linux-users mailing list >>>>Ssi...@li... >>>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>> >>> >>> >>>------------------------------------------------------- >>>SF email is sponsored by - The IT Product Guide >>>Read honest & candid reviews on hundreds of IT Products from real users. >>>Discover which products truly live up to the hype. Start reading now. >>>http://ads.osdn.com/?ad_ide95&alloc_id396&op >>>_______________________________________________ >>>Ssic-linux-users mailing list >>>Ssi...@li... >>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> >> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> 1879: >> Thomas Edison gets an idea, and his brother Timmy says, >> "Hey, what's that thing over your head? >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> Ron Croonenberg | Phone: 1 765 658 4761 >> Technology Coordinator | Fax: 1 765 658 4732 >> | >> Department of ComputerScience | e-mail : ronc@DePauw.edu >> DePauw University | >> Julian Science & Math Center | >> 602 South College Ave. | >> Greencastle, IN 46135 | >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.depauw.edu/acad/computer/RonCroonenberg.asp =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |
From: Aneesh K. <ane...@gm...> - 2005-02-25 08:25:34
|
On Thu, 24 Feb 2005 14:30:55 EST, Ron Croonenberg <ro...@de...> wrote: > Cool !! > > how do I set that up ? > (Is there a simple example ?) > The docs on the website are all updated to indicate NAT configuration too. http://www.openssi.org/cgi-bin/view?page=docs Two important things a) use routing as NAT b) use gateway which is an address different from already exiting cluster interconnect address. This address should also be in the same subnet as cluster interconnect. -aneesh |
From: Ron C. <ro...@de...> - 2005-02-25 13:58:42
|
Ok, I assume that I need to use HA-LVS to do that. Only thing I need to do for that is create a cvip.conf and restart ha-lvs, right ? The node numbers I use in the cluster are 192.168.0.x where x is node 1,2,3,.... node 1 has 2 interfaces, eth0 and eth1. eth1 is connected to the internet with , let's say, ip 1.2.3.123. then my cvip.conf should look like (?) : <?xml version="1.0"?> <cvips> <routing>NAT</routing> <cvip> <ip_addr>192.168.0.254</ip_addr> <gateway>192.168.0.253</gateway> <director_node> <node_num>1</node_num> <garp_interface>eth0</garp_interface> <sync_interface>eth0</sync_interface> </director_node> <director_node> <node_num>2</node_num> <garp_interface>eth0</garp_interface> <sync_interface>eth0</sync_interface> </director_node> <real_server_node> <node_num>1</node_num> </real_server_node> <real_server_node> <node_num>2</node_num> </real_server_node> </cvip> </cvips> I have to use NAT instead of DR correct ? thanks, Ron >On Thu, 24 Feb 2005 14:30:55 EST, Ron Croonenberg <ro...@de...> wrote: >> Cool !! >> >> how do I set that up ? >> (Is there a simple example ?) >> > >The docs on the website are all updated to indicate NAT configuration too. > >http://www.openssi.org/cgi-bin/view?page=docs > >Two important things > >a) use routing as NAT >b) use gateway which is an address different from already exiting >cluster interconnect address. This address should also be in the same >subnet as cluster interconnect. > >-aneesh ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Aneesh K. <ane...@gm...> - 2005-02-25 14:23:57
|
Hi Ron On Fri, 25 Feb 2005 08:59:23 EST, Ron Croonenberg <ro...@de...> wrote: > Ok, > > I assume that I need to use HA-LVS to do that. > > Only thing I need to do for that is create a cvip.conf and restart ha-lvs, > right ? > > The node numbers I use in the cluster are 192.168.0.x where x is node > 1,2,3,.... > node 1 has 2 interfaces, eth0 and eth1. eth1 is connected to the internet with > , let's say, ip 1.2.3.123. > I guess you have only one node with external interface right ? In that case there is no meaning in LVS failover. Also one thing you need to note that With LVS NAT we haven't done failover yet. > then my cvip.conf should look like (?) : > <?xml version="1.0"?> > <cvips> > <routing>NAT</routing> > <cvip> > <ip_addr>192.168.0.254</ip_addr> This should be your CVIP. That means it should be something simillar to 1.2.3.123. > <gateway>192.168.0.253</gateway> > <director_node> > <node_num>1</node_num> > <garp_interface>eth0</garp_interface> > <sync_interface>eth0</sync_interface> > </director_node> > <director_node> > <node_num>2</node_num> I guess your director node cannot failover . Or node 2 doesn't have an external interface. Also LVS NAT in OpenSSI doesn't support failover yet. So in both ways you need not add node 2 director node list. > <garp_interface>eth0</garp_interface> > <sync_interface>eth0</sync_interface> > </director_node> > <real_server_node> > <node_num>1</node_num> > </real_server_node> > <real_server_node> > <node_num>2</node_num> > </real_server_node> > > </cvip> > </cvips> > > I have to use NAT instead of DR correct ? > I guess rest of the configuration looks good. Once done I would ask you to reboot the machine. That should flush all the previous configuration. -aneesh |
From: Ron C. <ro...@de...> - 2005-02-25 15:17:37
|
Oh btw, >> <routing>NAT</routing> >> <cvip> >> <ip_addr>192.168.0.254</ip_addr> > >This should be your CVIP. That means it should be something simillar >to 1.2.3.123. > > >> <gateway>192.168.0.253</gateway> what address should I use for the gateway ? the real gateway address ? 1.2.3.1 ? thanks, Ron ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Ron C. <ro...@de...> - 2005-02-25 15:14:35
|
Hi Aneesh, >I guess you have only one node with external interface right ? In that >case there is no meaning in LVS failover. Also one thing you need to >note that With LVS NAT we haven't done failover yet. That is correct, however I am getting a machine that I can add that will have an extra ethernetcard that I can use for that. >> <ip_addr>192.168.0.254</ip_addr> > >This should be your CVIP. That means it should be something simillar >to 1.2.3.123. So I could use 1.2.3.124 ? >I guess your director node cannot failover . Or node 2 doesn't have an >external interface. Also LVS NAT in OpenSSI doesn't support failover >yet. So in both ways you need not add node 2 director node list. Ok. >Once done I would ask you to reboot the machine. That should flush all >the previous configuration. ok I can do that. I am getting some funding to build a "real" OpenSSi cluster (6 nodes, Dell dual cpu's, dual ethernet cards). I want to build a machine that is going to be used for teaching graphics classes. So what I would want is to build it in such a way that I have loadlevelling, but also "connection levelling" and if one node breaks or goes offline for another reason the other 5 "take over I have the feeling that I might need some hints etc by the time I start working on that one. thanks, Ron ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Ron C. <ro...@de...> - 2005-02-25 16:33:21
|
Hi Roger, thanks, this is what I get when I try that : [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 iptables: No chain/target/match by that name thanks, Ron >> Hi Ron, >> >> I looked your Mandelbrot code for openSSI. It can be an interesting demo >> for openSSI. >> >> What you need to do is: >> - On all nodes that only have eth0 add default gateway 192.168.0.1 >> - On node 1 setup ip forwarding for incoming eth0 and all established or >> related connections. >> - On node 1 masquerade incoming eth0. > >My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 > > >-Roger > ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Roger T. <op...@bl...> - 2005-02-25 19:07:09
|
Hi, I'm curious what output do you get when you do iptables -t nat -vnL ? Do you see POSTROUTING? A typo could be one of the reasons too. -Roger > Hi Roger, > > thanks, this is what I get when I try that : > > [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 > iptables: No chain/target/match by that name > > thanks, > > Ron > > >>> Hi Ron, >>> >>> I looked your Mandelbrot code for openSSI. It can be an interesting >>> demo >>> for openSSI. >>> >>> What you need to do is: >>> - On all nodes that only have eth0 add default gateway 192.168.0.1 >>> - On node 1 setup ip forwarding for incoming eth0 and all established >>> or >>> related connections. >>> - On node 1 masquerade incoming eth0. >> >>My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 >> >> >>-Roger >> > > ================================================================= > 1879: > Thomas Edison gets an idea, and his brother Timmy says, > "Hey, what's that thing over your head? > ================================================================= > Ron Croonenberg | Phone: 1 765 658 4761 > Technology Coordinator | Fax: 1 765 658 4732 > | > Department of ComputerScience | e-mail : ronc@DePauw.edu > DePauw University | > Julian Science & Math Center | > 602 South College Ave. | > Greencastle, IN 46135 | > ================================================================= > http://www.depauw.edu/acad/computer/RonCroonenberg.asp > ================================================================= > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Ssic-linux-users mailing list > Ssi...@li... > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > |
From: Ron C. <ro...@de...> - 2005-02-25 19:18:02
|
Hi Roger, this is what I get : [root@wolf359 root]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 173 packets, 22769 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 7 packets, 1899 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7 packets, 1899 bytes) pkts bytes target prot opt in out source destination thanks, Ron >Hi, > >I'm curious what output do you get when you do iptables -t nat -vnL ? Do >you see POSTROUTING? A typo could be one of the reasons too. > >-Roger > > >> Hi Roger, >> >> thanks, this is what I get when I try that : >> >> [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o et >h1 >> iptables: No chain/target/match by that name >> >> thanks, >> >> Ron >> >> >>>> Hi Ron, >>>> >>>> I looked your Mandelbrot code for openSSI. It can be an interesting >>>> demo >>>> for openSSI. >>>> >>>> What you need to do is: >>>> - On all nodes that only have eth0 add default gateway 192.168.0.1 >>>> - On node 1 setup ip forwarding for incoming eth0 and all established >>>> or >>>> related connections. >>>> - On node 1 masquerade incoming eth0. >>> >>>My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 >>> >>> >>>-Roger >>> >> >> ======================== >========================= >================ >> 1879: >> Thomas Edison gets an idea, and his brother Timmy says, >> "Hey, what's that thing over your head? >> ======================== >========================= >================ >> Ron Croonenberg | Phone: 1 765 658 4761 >> Technology Coordinator | Fax: 1 765 658 4732 >> | >> Department of ComputerScience | e-mail : ronc@DePauw.edu >> DePauw University | >> Julian Science & Math Center | >> 602 South College Ave. | >> Greencastle, IN 46135 | >> ======================== >========================= >================ >> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >> ======================== >========================= >================ >> >> >> ------------------------------------------------------- >> SF email is sponsored by - The IT Product Guide >> Read honest & candid reviews on hundreds of IT Products from real users >. >> Discover which products truly live up to the hype. Start reading now. >> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >> _______________________________________________ >> Ssic-linux-users mailing list >> Ssi...@li... >> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> > > > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >_______________________________________________ >Ssic-linux-users mailing list >Ssi...@li... >https://lists.sourceforge.net/lists/listinfo/ssic-linux-users ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Roger T. <op...@bl...> - 2005-02-25 19:43:04
|
Okay you are missing the MASQUERADE kernel module. Check that you have this in your system /lib/iptables/libipt_MASQUERADE.so and /lib/modules/2.4.22-1.2199.nptl_ssi_6smp/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o Also does your iptables service run without errors? -Roger > Hi Roger, > > this is what I get : > [root@wolf359 root]# iptables -t nat -vnL > Chain PREROUTING (policy ACCEPT 173 packets, 22769 bytes) > pkts bytes target prot opt in out source > destination > > > Chain POSTROUTING (policy ACCEPT 7 packets, 1899 bytes) > pkts bytes target prot opt in out source > destination > > > Chain OUTPUT (policy ACCEPT 7 packets, 1899 bytes) > pkts bytes target prot opt in out source > destination > > > thanks, > > Ron > >>Hi, >> >>I'm curious what output do you get when you do iptables -t nat -vnL ? Do >>you see POSTROUTING? A typo could be one of the reasons too. >> >>-Roger >> >> >>> Hi Roger, >>> >>> thanks, this is what I get when I try that : >>> >>> [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o et >>h1 >>> iptables: No chain/target/match by that name >>> >>> thanks, >>> >>> Ron >>> >>> >>>>> Hi Ron, >>>>> >>>>> I looked your Mandelbrot code for openSSI. It can be an interesting >>>>> demo >>>>> for openSSI. >>>>> >>>>> What you need to do is: >>>>> - On all nodes that only have eth0 add default gateway 192.168.0.1 >>>>> - On node 1 setup ip forwarding for incoming eth0 and all established >>>>> or >>>>> related connections. >>>>> - On node 1 masquerade incoming eth0. >>>> >>>>My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 >>>> >>>> >>>>-Roger >>>> >>> >>> ======================== >>========================= >>================ >>> 1879: >>> Thomas Edison gets an idea, and his brother Timmy says, >>> "Hey, what's that thing over your head? >>> ======================== >>========================= >>================ >>> Ron Croonenberg | Phone: 1 765 658 4761 >>> Technology Coordinator | Fax: 1 765 658 4732 >>> | >>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>> DePauw University | >>> Julian Science & Math Center | >>> 602 South College Ave. | >>> Greencastle, IN 46135 | >>> ======================== >>========================= >>================ >>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>> ======================== >>========================= >>================ >>> >>> >>> ------------------------------------------------------- >>> SF email is sponsored by - The IT Product Guide >>> Read honest & candid reviews on hundreds of IT Products from real users >>. >>> Discover which products truly live up to the hype. Start reading now. >>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>> _______________________________________________ >>> Ssic-linux-users mailing list >>> Ssi...@li... >>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>> >> >> >> >> >>------------------------------------------------------- >>SF email is sponsored by - The IT Product Guide >>Read honest & candid reviews on hundreds of IT Products from real users. >>Discover which products truly live up to the hype. Start reading now. >>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>_______________________________________________ >>Ssic-linux-users mailing list >>Ssi...@li... >>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > > ================================================================= > 1879: > Thomas Edison gets an idea, and his brother Timmy says, > "Hey, what's that thing over your head? > ================================================================= > Ron Croonenberg | Phone: 1 765 658 4761 > Technology Coordinator | Fax: 1 765 658 4732 > | > Department of ComputerScience | e-mail : ronc@DePauw.edu > DePauw University | > Julian Science & Math Center | > 602 South College Ave. | > Greencastle, IN 46135 | > ================================================================= > http://www.depauw.edu/acad/computer/RonCroonenberg.asp > ================================================================= > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Ssic-linux-users mailing list > Ssi...@li... > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > |
From: Ron C. <ro...@de...> - 2005-02-25 20:28:32
|
Hi Roger, I appreciate you helping me very much. >Okay you are missing the MASQUERADE kernel module. Check that you have >this in your system /lib/iptables/libipt_MASQUERADE.so and >/lib/modules/2.4.22-1.2199.nptl_ssi_6smp/kernel/net/ipv4/netfilter/ipt_MA >SQUERADE.o I have both the files, althought the latter one is in /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter iptables seems to be running: [root@wolf359 netfilter]# chkconfig --list | grep iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off I checked the logs in /var/log I don't see any log entries that complain about iptables (boot.log:Feb 25 13:48:10 wolf359 iptables: succeeded messages:Feb 25 13:48:10 wolf359 iptables: succeeded messages:Feb 25 15:23:21 wolf359 iptables: succeeded) So since everything seems to be in place (doesn't it ?), how do I get the MASQUERADE module loaded ? thanks, Ron >Also does your iptables service run without errors? > >-Roger > > >> Hi Roger, >> >> this is what I get : >> [root@wolf359 root]# iptables -t nat -vnL >> Chain PREROUTING (policy ACCEPT 173 packets, 22769 bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> Chain POSTROUTING (policy ACCEPT 7 packets, 1899 bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> Chain OUTPUT (policy ACCEPT 7 packets, 1899 bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> thanks, >> >> Ron >> >>>Hi, >>> >>>I'm curious what output do you get when you do iptables -t nat -vnL ? >Do >>>you see POSTROUTING? A typo could be one of the reasons too. >>> >>>-Roger >>> >>> >>>> Hi Roger, >>>> >>>> thanks, this is what I get when I try that : >>>> >>>> [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o >et >>>h1 >>>> iptables: No chain/target/match by that name >>>> >>>> thanks, >>>> >>>> Ron >>>> >>>> >>>>>> Hi Ron, >>>>>> >>>>>> I looked your Mandelbrot code for openSSI. It can be an interestin >g >>>>>> demo >>>>>> for openSSI. >>>>>> >>>>>> What you need to do is: >>>>>> - On all nodes that only have eth0 add default gateway 192.168.0.1 >>>>>> - On node 1 setup ip forwarding for incoming eth0 and all establish >ed >>>>>> or >>>>>> related connections. >>>>>> - On node 1 masquerade incoming eth0. >>>>> >>>>>My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 >>>>> >>>>> >>>>>-Roger >>>>> >>>> >>>> ======================= >= >>>======================== >= >>>================ >>>> 1879: >>>> Thomas Edison gets an idea, and his brother Timmy says, >>>> "Hey, what's that thing over your head? >>>> ======================= >= >>>======================== >= >>>================ >>>> Ron Croonenberg | Phone: 1 765 658 4761 >>>> Technology Coordinator | Fax: 1 765 658 4732 >>>> | >>>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>>> DePauw University | >>>> Julian Science & Math Center | >>>> 602 South College Ave. | >>>> Greencastle, IN 46135 | >>>> ======================= >= >>>======================== >= >>>================ >>>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>>> ======================= >= >>>======================== >= >>>================ >>>> >>>> >>>> ------------------------------------------------------- >>>> SF email is sponsored by - The IT Product Guide >>>> Read honest & candid reviews on hundreds of IT Products from real use >rs >>>. >>>> Discover which products truly live up to the hype. Start reading now. >>>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>> _______________________________________________ >>>> Ssic-linux-users mailing list >>>> Ssi...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>> >>> >>> >>> >>> >>>------------------------------------------------------- >>>SF email is sponsored by - The IT Product Guide >>>Read honest & candid reviews on hundreds of IT Products from real users >. >>>Discover which products truly live up to the hype. Start reading now. >>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>_______________________________________________ >>>Ssic-linux-users mailing list >>>Ssi...@li... >>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> >> ======================== >========================= >================ >> 1879: >> Thomas Edison gets an idea, and his brother Timmy says, >> "Hey, what's that thing over your head? >> ======================== >========================= >================ >> Ron Croonenberg | Phone: 1 765 658 4761 >> Technology Coordinator | Fax: 1 765 658 4732 >> | >> Department of ComputerScience | e-mail : ronc@DePauw.edu >> DePauw University | >> Julian Science & Math Center | >> 602 South College Ave. | >> Greencastle, IN 46135 | >> ======================== >========================= >================ >> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >> ======================== >========================= >================ >> >> >> ------------------------------------------------------- >> SF email is sponsored by - The IT Product Guide >> Read honest & candid reviews on hundreds of IT Products from real users >. >> Discover which products truly live up to the hype. Start reading now. >> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >> _______________________________________________ >> Ssic-linux-users mailing list >> Ssi...@li... >> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> > > > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >_______________________________________________ >Ssic-linux-users mailing list >Ssi...@li... >https://lists.sourceforge.net/lists/listinfo/ssic-linux-users ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Roger T. <op...@bl...> - 2005-02-26 02:51:52
|
That's fine. Are you sure you haven't made a typo when you did -t nat -A POSTROUTING -j MASQUERADE. Try iptables -t nat -A POSTROUTING and then iptables -t nat -vnL. If that doesn't add anything to the POSTROUTING chain, then I would try reinstalling iptables with rpm -Uvh --force. If that still doesn't improve the situation I recommend recompile iptables sources from www.netfilter.org against your SSI kernel sources and with PREFIX:= in the iptables Makefile. Then make sure you've not loaded or using the old RH iptables package. I don't recall encountering the same problem myself before, but I hope this helps. -Roger > Hi Roger, > > I appreciate you helping me very much. > >>Okay you are missing the MASQUERADE kernel module. Check that you have >>this in your system /lib/iptables/libipt_MASQUERADE.so and >>/lib/modules/2.4.22-1.2199.nptl_ssi_6smp/kernel/net/ipv4/netfilter/ipt_MA >>SQUERADE.o > > I have both the files, althought the latter one is in > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter > > iptables seems to be running: > [root@wolf359 netfilter]# chkconfig --list | grep iptables > iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off > > I checked the logs in /var/log I don't see any log entries that complain > about iptables > (boot.log:Feb 25 13:48:10 wolf359 iptables: succeeded > messages:Feb 25 13:48:10 wolf359 iptables: succeeded > messages:Feb 25 15:23:21 wolf359 iptables: succeeded) > > So since everything seems to be in place (doesn't it ?), how do I get the > MASQUERADE module loaded ? > > thanks, > > Ron > > > > >>Also does your iptables service run without errors? >> >>-Roger >> >> >>> Hi Roger, >>> >>> this is what I get : >>> [root@wolf359 root]# iptables -t nat -vnL >>> Chain PREROUTING (policy ACCEPT 173 packets, 22769 bytes) >>> pkts bytes target prot opt in out source >>> destination >>> >>> >>> Chain POSTROUTING (policy ACCEPT 7 packets, 1899 bytes) >>> pkts bytes target prot opt in out source >>> destination >>> >>> >>> Chain OUTPUT (policy ACCEPT 7 packets, 1899 bytes) >>> pkts bytes target prot opt in out source >>> destination >>> >>> >>> thanks, >>> >>> Ron >>> >>>>Hi, >>>> >>>>I'm curious what output do you get when you do iptables -t nat -vnL ? >>Do >>>>you see POSTROUTING? A typo could be one of the reasons too. >>>> >>>>-Roger >>>> >>>> >>>>> Hi Roger, >>>>> >>>>> thanks, this is what I get when I try that : >>>>> >>>>> [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o >>et >>>>h1 >>>>> iptables: No chain/target/match by that name >>>>> >>>>> thanks, >>>>> >>>>> Ron >>>>> >>>>> >>>>>>> Hi Ron, >>>>>>> >>>>>>> I looked your Mandelbrot code for openSSI. It can be an interestin >>g >>>>>>> demo >>>>>>> for openSSI. >>>>>>> >>>>>>> What you need to do is: >>>>>>> - On all nodes that only have eth0 add default gateway 192.168.0.1 >>>>>>> - On node 1 setup ip forwarding for incoming eth0 and all establish >>ed >>>>>>> or >>>>>>> related connections. >>>>>>> - On node 1 masquerade incoming eth0. >>>>>> >>>>>>My mistake, try -t nat -A POSTROUTING -j MASQUERADE -o eth1 >>>>>> >>>>>> >>>>>>-Roger >>>>>> >>>>> >>>>> ======================= >>= >>>>======================== >>= >>>>================ >>>>> 1879: >>>>> Thomas Edison gets an idea, and his brother Timmy says, >>>>> "Hey, what's that thing over your head? >>>>> ======================= >>= >>>>======================== >>= >>>>================ >>>>> Ron Croonenberg | Phone: 1 765 658 4761 >>>>> Technology Coordinator | Fax: 1 765 658 4732 >>>>> | >>>>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>>>> DePauw University | >>>>> Julian Science & Math Center | >>>>> 602 South College Ave. | >>>>> Greencastle, IN 46135 | >>>>> ======================= >>= >>>>======================== >>= >>>>================ >>>>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>>>> ======================= >>= >>>>======================== >>= >>>>================ >>>>> >>>>> >>>>> ------------------------------------------------------- >>>>> SF email is sponsored by - The IT Product Guide >>>>> Read honest & candid reviews on hundreds of IT Products from real use >>rs >>>>. >>>>> Discover which products truly live up to the hype. Start reading now. >>>>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>>> _______________________________________________ >>>>> Ssic-linux-users mailing list >>>>> Ssi...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>>> >>>> >>>> >>>> >>>> >>>>------------------------------------------------------- >>>>SF email is sponsored by - The IT Product Guide >>>>Read honest & candid reviews on hundreds of IT Products from real users >>. >>>>Discover which products truly live up to the hype. Start reading now. >>>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>>_______________________________________________ >>>>Ssic-linux-users mailing list >>>>Ssi...@li... >>>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>> >>> ======================== >>========================= >>================ >>> 1879: >>> Thomas Edison gets an idea, and his brother Timmy says, >>> "Hey, what's that thing over your head? >>> ======================== >>========================= >>================ >>> Ron Croonenberg | Phone: 1 765 658 4761 >>> Technology Coordinator | Fax: 1 765 658 4732 >>> | >>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>> DePauw University | >>> Julian Science & Math Center | >>> 602 South College Ave. | >>> Greencastle, IN 46135 | >>> ======================== >>========================= >>================ >>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>> ======================== >>========================= >>================ >>> >>> >>> ------------------------------------------------------- >>> SF email is sponsored by - The IT Product Guide >>> Read honest & candid reviews on hundreds of IT Products from real users >>. >>> Discover which products truly live up to the hype. Start reading now. >>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>> _______________________________________________ >>> Ssic-linux-users mailing list >>> Ssi...@li... >>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>> >> >> >> >> >>------------------------------------------------------- >>SF email is sponsored by - The IT Product Guide >>Read honest & candid reviews on hundreds of IT Products from real users. >>Discover which products truly live up to the hype. Start reading now. >>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>_______________________________________________ >>Ssic-linux-users mailing list >>Ssi...@li... >>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > > ================================================================= > 1879: > Thomas Edison gets an idea, and his brother Timmy says, > "Hey, what's that thing over your head? > ================================================================= > Ron Croonenberg | Phone: 1 765 658 4761 > Technology Coordinator | Fax: 1 765 658 4732 > | > Department of ComputerScience | e-mail : ronc@DePauw.edu > DePauw University | > Julian Science & Math Center | > 602 South College Ave. | > Greencastle, IN 46135 | > ================================================================= > http://www.depauw.edu/acad/computer/RonCroonenberg.asp > ================================================================= > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Ssic-linux-users mailing list > Ssi...@li... > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > |
From: Ivan K. <kr...@fa...> - 2005-02-27 20:27:26
|
Ron Croonenberg wrote: > So since everything seems to be in place (doesn't it ?), how do I get > the MASQUERADE module loaded ? 'modprobe ipt_MASQUERADE'. You'll also need ip_conntrack and iptable_nat modules present for it to work. -IK |
From: Ron C. <ro...@de...> - 2005-02-26 04:24:48
|
Hi Roger, this what iptables -t nat -vnL reports: [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 [root@wolf359 root]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 425 packets, 51872 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2 packets, 146 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 2 packets, 146 bytes) pkts bytes target prot opt in out source destination this is the cvip.conf: <?xml version="1.0"?> <cvips> <routing>NAT</routing> <cvip> <ip_addr>163.120.18.124</ip_addr> <gateway>163.120.18.1</gateway> <director_node> <node_num>1</node_num> <garp_interface>eth0</garp_interface> <sync_interface>eth0</sync_interface> </director_node> <real_server_node> <node_num>1</node_num> </real_server_node> <real_server_node> <node_num>2</node_num> </real_server_node> </cvip> </cvips> this is the routing info on node 1 : [root@wolf359 root]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 163.120.18.124 * 255.255.255.255 UH 0 0 0 eth0 163.120.18.0 * 255.255.255.0 U 0 0 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 163.120.18.1 0.0.0.0 UG 0 0 0 eth1 this the routing info on node 2 : [root@wolf359 root]# onnode 2 netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 163.120.18.124 * 255.255.255.255 UH 0 0 0 lo 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 lo 127.0.0.0 * 255.0.0.0 U 0 0 0 lo again, thanks for your help, Ron >That's fine. > >Are you sure you haven't made a typo when you did -t nat -A POSTROUTING - >j >MASQUERADE. Try iptables -t nat -A POSTROUTING and then iptables -t nat >-vnL. > >If that doesn't add anything to the POSTROUTING chain, then I would try >reinstalling iptables with rpm -Uvh --force. If that still doesn't >improve the situation I recommend recompile iptables sources from >www.netfilter.org against your SSI kernel sources and with PREFIX:= in >the >iptables Makefile. Then make sure you've not loaded or using the old RH >iptables package. > >I don't recall encountering the same problem myself before, but I hope >this helps. > > >-Roger > > >> Hi Roger, >> >> I appreciate you helping me very much. >> >>>Okay you are missing the MASQUERADE kernel module. Check that you have >>>this in your system /lib/iptables/libipt_MASQUERADE.so and >>>/lib/modules/2.4.22-1.2199.nptl_ssi_6smp/kernel/net/ipv4/netfilter/ipt_ >MA >>>SQUERADE.o >> >> I have both the files, althought the latter one is in >> /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter >> >> iptables seems to be running: >> [root@wolf359 netfilter]# chkconfig --list | grep iptables >> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off >> >> I checked the logs in /var/log I don't see any log entries that complai >n >> about iptables >> (boot.log:Feb 25 13:48:10 wolf359 iptables: succeeded >> messages:Feb 25 13:48:10 wolf359 iptables: succeeded >> messages:Feb 25 15:23:21 wolf359 iptables: succeeded) >> >> So since everything seems to be in place (doesn't it ?), how do I get t >he >> MASQUERADE module loaded ? >> >> thanks, >> >> Ron >> >> >> >> >>>Also does your iptables service run without errors? >>> >>>-Roger >>> >>> >>>> Hi Roger, >>>> >>>> this is what I get : >>>> [root@wolf359 root]# iptables -t nat -vnL >>>> Chain PREROUTING (policy ACCEPT 173 packets, 22769 bytes) >>>> pkts bytes target prot opt in out source >>>> destination >>>> >>>> >>>> Chain POSTROUTING (policy ACCEPT 7 packets, 1899 bytes) >>>> pkts bytes target prot opt in out source >>>> destination >>>> >>>> >>>> Chain OUTPUT (policy ACCEPT 7 packets, 1899 bytes) >>>> pkts bytes target prot opt in out source >>>> destination >>>> >>>> >>>> thanks, >>>> >>>> Ron >>>> >>>>>Hi, >>>>> >>>>>I'm curious what output do you get when you do iptables -t nat -vnL ? >>>Do >>>>>you see POSTROUTING? A typo could be one of the reasons too. >>>>> >>>>>-Roger >>>>> >>>>> >>>>>> Hi Roger, >>>>>> >>>>>> thanks, this is what I get when I try that : >>>>>> >>>>>> [root@wolf359 root]# iptables -t nat -A POSTROUTING -j MASQUERADE - >o >>>et >>>>>h1 >>>>>> iptables: No chain/target/match by that name >>>>>> >>>>>> thanks, >>>>>> >>>>>> Ron >>>>>> >>>>>> >in >>>g >1 >sh >>>ed >>>>>> >>>>>> ======================= >>>= >>>>>======================= >= >>>= >>>>>================ >>>>>> 1879: >>>>>> Thomas Edison gets an idea, and his brother Timmy says, >>>>>> "Hey, what's that thing over your head? >>>>>> ======================= >>>= >>>>>======================= >= >>>= >>>>>================ >>>>>> Ron Croonenberg | Phone: 1 765 658 4761 >>>>>> Technology Coordinator | Fax: 1 765 658 4732 >>>>>> | >>>>>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>>>>> DePauw University | >>>>>> Julian Science & Math Center | >>>>>> 602 South College Ave. | >>>>>> Greencastle, IN 46135 | >>>>>> ======================= >>>= >>>>>======================= >= >>>= >>>>>================ >>>>>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>>>>> ======================= >>>= >>>>>======================= >= >>>= >>>>>================ >>>>>> >>>>>> >>>>>> ------------------------------------------------------- >>>>>> SF email is sponsored by - The IT Product Guide >>>>>> Read honest & candid reviews on hundreds of IT Products from real u >se >>>rs >>>>>. >>>>>> Discover which products truly live up to the hype. Start reading no >w. >>>>>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>>>> _______________________________________________ >>>>>> Ssic-linux-users mailing list >>>>>> Ssi...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>>------------------------------------------------------- >>>>>SF email is sponsored by - The IT Product Guide >>>>>Read honest & candid reviews on hundreds of IT Products from real use >rs >>>. >>>>>Discover which products truly live up to the hype. Start reading now. >>>>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>>>_______________________________________________ >>>>>Ssic-linux-users mailing list >>>>>Ssi...@li... >>>>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>> >>>> ======================= >= >>>======================== >= >>>================ >>>> 1879: >>>> Thomas Edison gets an idea, and his brother Timmy says, >>>> "Hey, what's that thing over your head? >>>> ======================= >= >>>======================== >= >>>================ >>>> Ron Croonenberg | Phone: 1 765 658 4761 >>>> Technology Coordinator | Fax: 1 765 658 4732 >>>> | >>>> Department of ComputerScience | e-mail : ronc@DePauw.edu >>>> DePauw University | >>>> Julian Science & Math Center | >>>> 602 South College Ave. | >>>> Greencastle, IN 46135 | >>>> ======================= >= >>>======================== >= >>>================ >>>> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >>>> ======================= >= >>>======================== >= >>>================ >>>> >>>> >>>> ------------------------------------------------------- >>>> SF email is sponsored by - The IT Product Guide >>>> Read honest & candid reviews on hundreds of IT Products from real use >rs >>>. >>>> Discover which products truly live up to the hype. Start reading now. >>>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>> _______________________________________________ >>>> Ssic-linux-users mailing list >>>> Ssi...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >>>> >>> >>> >>> >>> >>>------------------------------------------------------- >>>SF email is sponsored by - The IT Product Guide >>>Read honest & candid reviews on hundreds of IT Products from real users >. >>>Discover which products truly live up to the hype. Start reading now. >>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >>>_______________________________________________ >>>Ssic-linux-users mailing list >>>Ssi...@li... >>>https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> >> ======================== >========================= >================ >> 1879: >> Thomas Edison gets an idea, and his brother Timmy says, >> "Hey, what's that thing over your head? >> ======================== >========================= >================ >> Ron Croonenberg | Phone: 1 765 658 4761 >> Technology Coordinator | Fax: 1 765 658 4732 >> | >> Department of ComputerScience | e-mail : ronc@DePauw.edu >> DePauw University | >> Julian Science & Math Center | >> 602 South College Ave. | >> Greencastle, IN 46135 | >> ======================== >========================= >================ >> http://www.depauw.edu/acad/computer/RonCroonenberg.asp >> ======================== >========================= >================ >> >> >> ------------------------------------------------------- >> SF email is sponsored by - The IT Product Guide >> Read honest & candid reviews on hundreds of IT Products from real users >. >> Discover which products truly live up to the hype. Start reading now. >> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >> _______________________________________________ >> Ssic-linux-users mailing list >> Ssi...@li... >> https://lists.sourceforge.net/lists/listinfo/ssic-linux-users >> > > > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >_______________________________________________ >Ssic-linux-users mailing list >Ssi...@li... >https://lists.sourceforge.net/lists/listinfo/ssic-linux-users ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Ron C. <ro...@de...> - 2005-02-28 13:59:02
|
Hello Ivan, I checked that, those seem to be in place. [root@wolf359 etc]# lsmod | grep ipt ipt_MASQUERADE 2264 1 ipt_REJECT 3960 6 (autoclean) iptable_filter 2444 1 (autoclean) iptable_nat 22488 1 (autoclean) [ipt_MASQUERADE] ip_conntrack 29992 1 (autoclean) [ipt_MASQUERADE iptable_nat] ip_tables 15992 6 [ipt_MASQUERADE ipt_REJECT iptable_filter iptable_nat] thanks, Ron >Ron Croonenberg wrote: >> So since everything seems to be in place (doesn't it ?), how do I get >> the MASQUERADE module loaded ? > >'modprobe ipt_MASQUERADE'. You'll also need ip_conntrack and iptable_nat >modules present for it to work. > >-IK > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >_______________________________________________ >Ssic-linux-users mailing list >Ssi...@li... >https://lists.sourceforge.net/lists/listinfo/ssic-linux-users ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Ivan K. <kr...@fa...> - 2005-02-28 14:07:18
|
Ron Croonenberg wrote: > I checked that, those seem to be in place. So I take it appending rules to the POSTROUTING chain now succeeds - are you still having issues? -IK |
From: Ron C. <ro...@de...> - 2005-02-28 14:36:29
|
Hi Ivan, I rebooted the cluster and ipt_MASQUERADE doesn't seem to get loaded. So I "insmod ipt_MASQUERADE" and that didn't work too well: [root@wolf359 root]# insmod ipt_MASQUERADE Using /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o: unresolved symbol ip_ct_selective_cleanup_Rsmp_37fa06eb /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o: unresolved symbol ip_conntrack_get_Rsmp_48458337 /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o: unresolved symbol ip_nat_setup_info_Rsmp_b4eda4ed thanks, Ron >Ron Croonenberg wrote: >> I checked that, those seem to be in place. > >So I take it appending rules to the POSTROUTING chain now succeeds - are >you still having issues? > >-IK > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click >_______________________________________________ >Ssic-linux-users mailing list >Ssi...@li... >https://lists.sourceforge.net/lists/listinfo/ssic-linux-users ================================================================= 1879: Thomas Edison gets an idea, and his brother Timmy says, "Hey, what's that thing over your head? ================================================================= Ron Croonenberg | Phone: 1 765 658 4761 Technology Coordinator | Fax: 1 765 658 4732 | Department of ComputerScience | e-mail : ronc@DePauw.edu DePauw University | Julian Science & Math Center | 602 South College Ave. | Greencastle, IN 46135 | ================================================================= http://www.depauw.edu/acad/computer/RonCroonenberg.asp ================================================================= |
From: Ivan K. <kr...@fa...> - 2005-02-28 14:58:22
|
Ron Croonenberg wrote: > I rebooted the cluster and ipt_MASQUERADE doesn't seem to get loaded. Making the module load on start is less of a problem - once loaded, did you have problems with it, or did it work fine? > So I "insmod ipt_MASQUERADE" and that didn't work too well: You can't insmod it directly, unless you have the other requisite modules already inserted. Either use modprobe instead of insmod, or be sure ip_conntrack and iptable_nat are loaded up front. -IK |