Re: Set packet src address to a cluster-managed IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Elliott,

I had a similar problem with my license-server cluster (for IBM 
Rational ClearCase). As we found out that IBM's license daemon
for ClearCase behaves very badly (sends response packets with the
IP address of the NIC instead of the cluster-ip) and IBM was not
able to provide a fix for that, we decided to use iptables to 
rewrite the addresses.

For that I've added iptables servcie to my cluster configuration (only 
starts on that node that has the license daemon active) and configured 
SNAT and DNAT:

iptables -A PREROUTING -d <cluster-ip>/32 -j DNAT --to-destination <NIC-ip>
iptables -a POSTROUTING -s <NIC-ip>/32 -j SNAT --to-source <cluster-ip>

This configuration of iptables on both nodes and (as said) iptables active
only where license daemon is active and everything works fine for us :)

cheers,
christian
 

> -----Ursprüngliche Nachricht-----
> Von: linux-cluster-bounces@xxxxxxxxxx 
> [mailto:linux-cluster-bounces@xxxxxxxxxx] Im Auftrag von 
> Elliott Barrere
> Gesendet: Montag, 26. November 2012 20:19
> An: <linux-cluster@xxxxxxxxxx>
> Betreff:  Set packet src address to a 
> cluster-managed IP
> 
> Hi everyone,
> 
> I have a RHEL 5.8 cluster that manages several IP addresses 
> (among other services).  While this works fine for "serving" 
> content (i.e. when a client hits one of the managed IP 
> addresses the content is delivered), I also need the server 
> to _send_ new packets from the managed address (this is an 
> Asterisk cluster so it sends SIP invites to clients, which 
> are rejected unless they come from the correct IP).
> 
> I can successfully set the source address for packets by 
> running something like this:
> 
> ip route change 10.X.X.0/24 dev eth0 src 10.X.X.10
> 
> and this solves my problem.
> 
> However, this solution is not "cluster aware", nor is it 
> permanent across reboots.  I could write a script to update 
> the src address after the cluster IPs are applied, but that 
> seems like a bit of a hack.
> 
> Has anyone else had this problem?  Any advice for how to deal 
> with it?  I can't imagine I'm the only one wanting to do this.
> 
> Cheers,
> -elliott-
> 
> -- 
> Linux-cluster mailing list
> Linux-cluster@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/linux-cluster
> 

-- 
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster



[Index of Archives]     [Corosync Cluster Engine]     [GFS]     [Linux Virtualization]     [Centos Virtualization]     [Centos]     [Linux RAID]     [Fedora Users]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Camping]

  Powered by Linux