Christopher Tanner wrote: > -I have a cluster (1 master, 15 slave nodes) which is already behind a > university firewall. > -The master node is the only node connected to the university/outside > network (on eth1) with a static IP. The other nodes are all connected to > the master (on eth0) through a switch. The master node is a DHCP server > and assigns each node a static internal IP in the range of 10.0.0.1 to > 10.0.0.16. Each node is connected to the master on eth0. > -I would like Shorewall to make it such that the slave nodes can see the > outside internet -- i.e. make them use the master node's IP address and > send data to/receive data from sources outside the cluster's internal > network (IP masquerading and SNAT, I think). I also need to be able to > SSH into the master node from a remote terminal and SSH from the master > node to any other node in the cluster. > -I do not need it to be a firewall because the whole system is already > behind one. I'm hoping this should make the policy and rules setup much > easier and the firewall shouldn't prevent anything from happening.
Then you certainly don't need one of the most complex Linux firewalls available installed on the box. a) Uninstall Shorewall. b) Arrange for this command to be executed at boot time: iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE Hint: you can add it to /etc/network/interfaces as a post-up command c) Set the default gateway on the other nodes to 10.0.0.1 (you needed to do that for Shorewall anyway). ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
