Gateway problems in beowulf cluster

Angelos Molfetas amolfetas at yahoo.com
Mon Feb 10 00:52:10 EST 2003


Thanks for the tips. I actually found what was wrong.  The
solution was really trivial, but it was a misleading
problem because my iptables script was working perfectly
when it was forwarding traffic between single NICs, but as
soon as I turned channel bonding on, it appeared not to be
work. Since I previously tested ch.bonding on both the
master node and the gateway, I thought that the problem was
with some OS inability to route traffic between the single
NIC and the ch.bond interface on the gateway. In reality
the gateway was working fine, but the master node could not
communicate with it. The problem was that the cluster nodes
were using eth0 as the gateway interface and not bond0.
After changing it to bond0, everything worked perfectly.

Regards,

Angelos

 --- Mark Andrew Smith <Mark at markandrewsmith.co.uk> wrote:
> From the beowulf, surely you should get the 'gateway'
> machine to use a
> masquerade option.  For example:-
> 
> 	#!/bin/sh
> 	insmod
>
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o
> 
> 	# Turn on anti-spoofing for all interfaces
> 	for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1
> > $f; done
> 
> 	# Set IP forwarding on
> 	echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> then any incoming requests like ssl, telnet, SMTP etc.,
> just do:-
> 
> 	# Rules for external interface to rediect
> 	iptables -A PREROUTING -t nat -s 212.53.64.39/32 -p tcp
> --dport 25 -j
> DNAT --to 10.0.0.2:25
> 	iptables -A PREROUTING -t nat -s 212.53.64.39/32 -p udp
> --dport 25 -j
> DNAT --to 10.0.0.2:25
> 
> Any aliases to bonded interface names need to be
> correctly defined when
> using iptables, remember not to reference the unbonded
> interface, i.e. eth0,
> eth1 etc., always reference them as bond0 or whatever you
> have called it.
> 
> I hope that helps,
> 
> Kind regards,
> 	Mark.
> 
> -----Original Message-----
> From: beowulf-admin at beowulf.org
> [mailto:beowulf-admin at beowulf.org]On
> Behalf Of Mike Davis
> Sent: 04 February 2003 15:17
> To: Angelos Molfetas
> Cc: beowulf at beowulf.org
> Subject: Re: Gateway problems in beowulf cluster
> 
> 
> It should work if you have ipforwarding setup. There
> shouldn't be a
> difficulty since the channel bonded interfaces have to
> route through a
> single interface to the larger network.  Why do you want
> to reach the
> outside from the beowulf? Do you want a one way, or two
> way connection?
> 
> For security purposes, I never forward ip from the
> beowulf to the
> outside and tightly limit outside traffic to the gateway
> node.
> 
> Mike
> 
> 
> Angelos Molfetas wrote:
> 
> >Hello Everyone,
> >
> >I was wondering if anyone has had any problems with
> >getting Channel bonding working with iptables?
> >
> >I am currently trying to configure a linux box which
> >acts as a gateway between our Beowulf cluster (channel
> >bonded) and the university network (single fast
> >ethernet). I trying to join (using SNAT/DNAT) the
> >gateway's public IP address with the master private IP
> >address. This way users can just ssh to the gateway
> >and it will automatically connect them to master node.
> >
> >
> >I don't think the problem is with my iptables scripts
> >as they run properly when the beowulf cluster is
> >running in single NIC mode. As soon, as we switch
> >channel bonding on, it refuses to work.
> >
> >I suspect that the linux kernel has problems routing
> >packets between a channel bonded interfaces (bond0
> >[eth1 + eth2] for example) and a single NIC interfaces
> >(eth0 for example).
> >
> >I was wondering if anyone else has had a similar
> >problem in their beowulf building experience.
> >
> >Thanks,
> >
> >Angelos
> >
> >http://movies.yahoo.com.au - Yahoo! Movies
> >- What's on at your local cinema?
> >_______________________________________________
> >Beowulf mailing list, Beowulf at beowulf.org
> >To change your subscription (digest mode or unsubscribe)
> visit
> http://www.beowulf.org/mailman/listinfo/beowulf
> >
> >
> >
> 
> 
> --
> Mike Davis                             Web and Research
> Computing Services
> Unix Systems Manager            Virginia Commonwealth
> University
> jmdavis at mail2.vcu.edu           804-828-3885 (fax:
> 804-828-9807)
> 
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe)
> visit
> http://www.beowulf.org/mailman/listinfo/beowulf
> 
> 
> This email has been scanned for viruses by NetBenefit
> using Sophos
> anti-virus technology
> 
> 
> 
> 
> 
> This email has been scanned for viruses by NetBenefit
> using Sophos anti-virus technology
> 
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe)
> visit http://www.beowulf.org/mailman/listinfo/beowulf 

http://greetings.yahoo.com.au - Yahoo! Greetings
- Send some online love this Valentine's Day.
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list