I'm trying to get NFS working over NAT with iptables on a cluster that
I'm currently working on. Security isn't really a huge concern. The
main focus is functionality.... getting nodes on a private network to
access NFS resources on a public network.
The setup looks something like the following:
+----------------+
| Sun NFS Server |
+----------------+
| 10.0.0.1
|
| eth1 10.0.0.2
+---------------------+
| HeadNode / Firewall | (Linux 2.4)
+---------------------+
| eth0 192.168.1.254
|
-------------------------------------
| |
| 192.168.1.1 | 192.168.1.64
+---------+ +--------+
| node1 | (Linux) ... | node64 | (Linux)
+---------+ +--------+
The idea is that compute nodes (node1 - node64) will NFS mount exports
that exist outside of the private cluster network (on 10.0.0.0 in my
example).
When compute nodes have a default route of 192.168.1.254 and the
headnode/firewall has a simple iptables ruleset consisting of...
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
or
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.254
NAT (node1-64 accessing machines in the 10.0.0.2 network) works fine for
stuff like ssh, telnet, http, etc., but attempts to do NFS give a RPC
timeout error... "mount: RPC: Timed out"
Has anyone here ever done this? I've heard reports of this working, but
haven't been able to locate any good details. Its pretty clear that the
RPC/portmap stuff associated with NFS is where my problems are coming
from.
Thanks for any pointers.
-Matt
--
Matt Bohnsack <[EMAIL PROTECTED]>
http://bohnsack.com/ http://x-cat.org/
