Gateway problems in beowulf cluster

Angelos Molfetas amolfetas at yahoo.com
Thu Feb 6 22:57:51 EST 2003


 --- Mike Davis <jmdavis at mail2.vcu.edu> wrote: 
> It should work if you have ipforwarding setup. There
> shouldn't be a difficulty since the channel bonded
> interfaces have to route through a single interface
> to the larger network.  Why do you want to reach the

> outside from the beowulf? 

Our cluster is locked in a LAN room which has one KVM
enabled terminal and a dedicated A/C. The cluster will
be used by students who are doing parallel
programming, postgraduate students who are doing
cluster projects and various of our p.h.d's will
probably use it for their research. This means that
our beowulf cluster will have to have some limited
connectivity with the university network.

>Do you want a one way, or two way connection?

I was thinking of allowing ssh access to the cluster
from outside (ie. port forward ssh connections to the
master node). I will probably allow outgoing masq
connections since users may way want to access network
drives (for example, students may want to save work on
their network drives on our department's student
machine).

> For security purposes, I never forward ip from the
> beowulf to the 
> outside and tightly limit outside traffic to the
> gateway node.
> 

I agree that one has to be very security conscious,
thats why I am thinking of allowing only ssh traffic
in the beginning. We are thinking of limiting access
to our university's IP address. These restrictions can
be relaxed if there are genuine reasons for doing so,
but at the moment there are not any. 


Regards,

Angelos


> Angelos Molfetas wrote:
> 
> >Hello Everyone,
> >
> >I was wondering if anyone has had any problems with
> >getting Channel bonding working with iptables?
> >
> >I am currently trying to configure a linux box
> which
> >acts as a gateway between our Beowulf cluster
> (channel
> >bonded) and the university network (single fast
> >ethernet). I trying to join (using SNAT/DNAT) the
> >gateway's public IP address with the master private
> IP
> >address. This way users can just ssh to the gateway
> >and it will automatically connect them to master
> node.
> >
> >
> >I don't think the problem is with my iptables
> scripts
> >as they run properly when the beowulf cluster is
> >running in single NIC mode. As soon, as we switch
> >channel bonding on, it refuses to work.
> >
> >I suspect that the linux kernel has problems
> routing
> >packets between a channel bonded interfaces (bond0
> >[eth1 + eth2] for example) and a single NIC
> interfaces
> >(eth0 for example).
> >
> >I was wondering if anyone else has had a similar
> >problem in their beowulf building experience.
> >
> >Thanks,
> >
> >Angelos 
> >
> >http://movies.yahoo.com.au - Yahoo! Movies
> >- What's on at your local cinema?
> >_______________________________________________
> >Beowulf mailing list, Beowulf at beowulf.org
> >To change your subscription (digest mode or
> unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
> >
> >  
> >
> 
> 
> -- 
> Mike Davis                             Web and
> Research Computing Services
> Unix Systems Manager            Virginia
> Commonwealth University
> jmdavis at mail2.vcu.edu           804-828-3885 (fax:
> 804-828-9807)
> 
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or
> unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf 

http://greetings.yahoo.com.au - Yahoo! Greetings
- Send some online love this Valentine's Day.
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list