die "Invalid configuration: CTDB_NATGW_PUBLIC_IFACE not set"
[ -n "$CTDB_NATGW_PRIVATE_NETWORK" ] || \
die "Invalid configuration: CTDB_NATGW_PRIVATE_NETWORK not set"
+
+ # The default is to create a single default route
+ [ -n "$CTDB_NATGW_STATIC_ROUTES" ] || CTDB_NATGW_STATIC_ROUTES="0.0.0.0/0"
}
natgw_set_capability ()
delete_ip_from_iface \
$CTDB_NATGW_PUBLIC_IFACE $_ip $_maskbits >/dev/null 2>&1
- ip route del 0.0.0.0/0 metric 10 >/dev/null 2>/dev/null
+ for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+ ip route del "$_net" metric 10 >/dev/null 2>/dev/null
+ done
# Delete the masquerading setup from a previous iteration where we
# were the NAT-GW
ip addr add $CTDB_NATGW_PUBLIC_IP dev $CTDB_NATGW_PUBLIC_IFACE
if [ -n "$CTDB_NATGW_DEFAULT_GATEWAY" ] ; then
- ip route add 0.0.0.0/0 metric 10 via $CTDB_NATGW_DEFAULT_GATEWAY
+ for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+ ip route add "$_net" metric 10 via $CTDB_NATGW_DEFAULT_GATEWAY
+ done
fi
}
{
_natgwip="$1"
- ip route add 0.0.0.0/0 via "$_natgwip" metric 10
+ for _net in $CTDB_NATGW_STATIC_ROUTES ; do
+ ip route add "$_net" via "$_natgwip" metric 10
+ done
# Make sure winbindd does not stay bound to this address if we are
# no longer NATGW master
is hosting public addresses.
</para>
+ <para>
+ <varname>CTDB_NATGW_STATIC_ROUTES</varname> can be used to
+ have NATGW create more specific routes instead of just default
+ routes.
+ </para>
+
<para>
This is implemented in the <filename>11.natgw</filename>
- eventscript. Please see the eventscript file for the finer
- details.
+ eventscript. Please see the eventscript file and the
+ <citetitle>NAT GATEWAY</citetitle> section in
+ <citerefentry><refentrytitle>ctdbd.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> for more details.
</para>
</refsect2>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>CTDB_NATGW_STATIC_ROUTES=<parameter>IPADDR/MASK</parameter> ...</term>
+ <listitem>
+ <para>
+ Each IPADDR/MASK identifies a network or host to which
+ NATGW should create a fallback route, instead of
+ creating a single default route. This can be used when
+ there is already a default route, via an interface that
+ can not reach required infrastructure, that overrides
+ the NAT gateway default route.
+ </para>
+ <para>
+ This should be used with care to avoid causing traffic
+ to unnecessarily double-hop through the NAT gateway
+ master, even when a node is hosting public IP addresses.
+ Each specified network or host should probably have a
+ corresponding automatically created link route or static
+ route to avoid this.
+ </para>
+ <para>
+ No default.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
<refsect3>
CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
</screen>
+
+ <para>
+ A variation that ensures that infrastructure (ADS, DNS, ...)
+ directly attached to the public network (10.0.0.0/24) is
+ always reachable would look like this:
+ </para>
+ <screen>
+CTDB_NATGW_NODES=/etc/ctdb/natgw_nodes
+CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
+CTDB_NATGW_PUBLIC_IP=10.0.0.227/24
+CTDB_NATGW_PUBLIC_IFACE=eth0
+CTDB_NATGW_STATIC_ROUTES=10.0.0.0/24
+ </screen>
+ <para>
+ Note that <varname>CTDB_NATGW_DEFAULT_GATEWAY</varname> is
+ not specified.
+ </para>
</refsect3>
</refsect2>
git.samba.org / kai / samba-autobuild / .git / commitdiff