2 # Script to set up one of the nodes as a NAT gateway for all other nodes.
3 # This is used to ensure that all nodes in the cluster can still originate
4 # traffic to the external network even if there are no public addresses
11 [ -z "$NATGW_PUBLIC_IFACE" ] && exit 0
15 PATH=/usr/bin:/bin:/usr/sbin:/sbin:$PATH
18 ip addr add $NATGW_PUBLIC_IP dev $NATGW_PUBLIC_IFACE >/dev/null 2>/dev/null
19 ip addr del $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE >/dev/null 2>/dev/null
20 ip route del 0.0.0.0/0 metric 10 >/dev/null 2>/dev/null
22 # Delete the masquerading setup from a previous iteration where we
24 iptables -D POSTROUTING -t nat -s $NATGW_PRIVATE_NETWORK -d ! $NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
26 ip addr del $NATGW_PUBLIC_IP dev $NATGW_PUBLIC_IFACE >/dev/null 2>/dev/null
31 MYPNN=`ctdb pnn | cut -d: -f2`
33 # Find the first connected node
34 FIRST=`ctdb status -Y | grep ":0:$" | head -1`
35 FIRSTNODE=`echo $FIRST | cut -d: -f2`
36 FIRSTIP=`echo $FIRST | cut -d: -f3`
37 NATGW_PUBLIC_IP_HOST=`echo $NATGW_PUBLIC_IP | sed -e "s/\/.*/\/32/"`
41 if [ "$FIRSTNODE" == "$MYPNN" ]; then
42 # This is the first node, set it up as the NAT GW
43 echo 1 >/proc/sys/net/ipv4/ip_forward
44 iptables -A POSTROUTING -t nat -s $NATGW_PRIVATE_NETWORK -d ! $NATGW_PRIVATE_NETWORK -j MASQUERADE
45 ip addr add $NATGW_PUBLIC_IP dev $NATGW_PUBLIC_IFACE
46 ip route add 0.0.0.0/0 via $NATGW_DEFAULT_GATEWAY >/dev/null 2>/dev/null
48 # This is not the NAT-GW
49 # Assign the public ip to the private interface and make
50 # sure we dont respond to ARPs.
51 # We do this so that the ip address will exist on a
52 # non-loopback interface so that samba may send it along in the
54 ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE
55 ip route add 0.0.0.0/0 via $FIRSTIP metric 10