Thanks for your help. I uninstalled Shorewall (apt-get purge shorewall), but all of the iptable stuff that Shorewall setup is still there, thus I still cannot SSH to my other nodes from the master node. I still get the error: "ssh: connect to host node2 port 22: No route to host"
If I do 'iptables --flush", it'll completely clear out all iptable rules, then nothing works. After searching, I cannot find the iptables command that will enable a) ssh into the master node from a remote computer and b) ssh to other nodes from the master node. Does anyone know how to do this? I know, it's not specifically shorewall related, but I don't know of anywhere else to specifically ask about iptable configuration. Thanks in advance. --------------------------------------------- Christopher Tanner Space Systems Design Laboratory Georgia Institute of Technology [email protected] ---------------------------------------------- On Dec 23, 2008, at 7:33 PM, Shorewall Geek wrote: > Christopher Tanner wrote: > >> -I have a cluster (1 master, 15 slave nodes) which is already >> behind a >> university firewall. >> -The master node is the only node connected to the university/outside >> network (on eth1) with a static IP. The other nodes are all >> connected to >> the master (on eth0) through a switch. The master node is a DHCP >> server >> and assigns each node a static internal IP in the range of 10.0.0.1 >> to >> 10.0.0.16. Each node is connected to the master on eth0. >> -I would like Shorewall to make it such that the slave nodes can >> see the >> outside internet -- i.e. make them use the master node's IP address >> and >> send data to/receive data from sources outside the cluster's internal >> network (IP masquerading and SNAT, I think). I also need to be able >> to >> SSH into the master node from a remote terminal and SSH from the >> master >> node to any other node in the cluster. >> -I do not need it to be a firewall because the whole system is >> already >> behind one. I'm hoping this should make the policy and rules setup >> much >> easier and the firewall shouldn't prevent anything from happening. > > Then you certainly don't need one of the most complex Linux firewalls > available installed on the box. > > a) Uninstall Shorewall. > b) Arrange for this command to be executed at boot time: > > iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE > > Hint: you can add it to /etc/network/interfaces as a post-up command > > c) Set the default gateway on the other nodes to 10.0.0.1 (you > needed to > do that for Shorewall anyway). > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
