2024-12-23 17:34:34 +03:00 · 2009-03-19 10:17:44 +11:00 · 2009-03-19 10:17:44 +11:00 · 293a3f1158
commit 293a3f1158
parent 9bf792d704
4 changed files with 61 additions and 70 deletions
--- a/ctdb/config/events.d/11.natgw
+++ b/ctdb/config/events.d/11.natgw
@ -51,7 +51,12 @@ case $cmd in
 		# We do this so that the ip address will exist on a
 		# non-loopback interface so that samba may send it along in the
 		# KDC requests.
-		ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE
+
+		# Set the scope up as host and make sure we dont respond to ARP
+		# for this ip
+		echo 3 > /proc/sys/net/ipv4/conf/all/arp_ignore
+		ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE scope host
+		
 		ip route add 0.0.0.0/0 via $FIRSTIP metric 10
 	fi
 	;;
--- a/ctdb/doc/ctdbd.1
+++ b/ctdb/doc/ctdbd.1
@ -1,11 +1,11 @@
 .\"     Title: ctdbd
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-.\"      Date: 03/18/2009
+.\"      Date: 03/19/2009
 .\"    Manual: 
 .\"    Source: 
 .\"
-.TH "CTDBD" "1" "03/18/2009" "" ""
+.TH "CTDBD" "1" "03/19/2009" "" ""
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@ -427,7 +427,7 @@ If then the service status of CTDB depends on such services being able to always
 There are two ways to solve this problem\. The first is by assigning a static ip address for one public interface on every node which will allow every node to be able to route traffic to the public network even if there are no public addresses assigned to the node\. This is the simplest way but it uses up a lot of ip addresses since you have to assign both static and also public addresses to each node\.
 .SS "NAT\-GW"
 .PP
-A second way is to use the built in NAT\-GW feature in CTDB\. With NAT\-GW only one extra address is required for the entire cluster instead of one address per node\.
+A second way is to use the built in NAT\-GW feature in CTDB\. With NAT\-GW only one extra address is required for the entire cluster instead of one address per node\. This extra address is dedicated to traffic that originates from the cluster and is destined for the external network\.
 .PP
 In NAT\-GW one of the nodes in the cluster is designated the NAT Gateway through which all traffic that is originated in the cluster will be routed through if the public addresses are not available\.
 .SS "Configuration"
@ -455,22 +455,18 @@ NAT\-GW is configured in /etc/sysconfig/ctdb by setting the following variables:
 # to use NAT MASQUERADING for all traffic from the internal private network
 # to the external network\. This node is the NAT\-GW node\.
 #
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT\-GW node\.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat\-gw node\.
 # 
 # The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT\-GW\.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT\-GW
-# routing will not be used\.
-#NATGW_PUBLIC_IP=10\.0\.0\.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10\.0\.0\.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10\.1\.1\.0/24
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat\-gw node\.
+#
+# NATGW_PUBLIC_IP=10\.0\.0\.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10\.0\.0\.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10\.1\.1\.0/24
    
 .fi
 .RE
@ -505,7 +501,7 @@ When the NAT\-GW fiunctionality is used, one of the nodes is elected to act as a
 .PP
 The NAT\-GW node is assigned the NATGW_PUBLIC_IP to the designated interface and the provided default route\. The NAT\-GW is configured to act as a router and to masquerade all traffic it receives from the internal private network and which is destined to the external network(s)\.
 .PP
-All other nodes are configured with policy routing so that all outgoing packets that have a source ip address belonging to the private network (which means they are not routable from the public network) are instead sent on to the designated NAT\-GW host instead of using the normal routing table\.
+All other nodes are configured with a default route of metric 10 pointing to the designated NAT GW node\.
 .PP
 This is implemented in the 11\.natgw eventscript\. Please see the eventscript for further information\.
 .SH "SEE ALSO"
--- a/ctdb/doc/ctdbd.1.html
+++ b/ctdb/doc/ctdbd.1.html
@ -441,12 +441,14 @@ CTDB_CAPABILITY_RECMASTER=no
    </p><div class="refsect2" lang="en"><a name="id2529493"></a><h3>NAT-GW</h3><p>
      A second way is to use the built in NAT-GW feature in CTDB.
      With NAT-GW only one extra address is required for the entire cluster
-      instead of one address per node.
+      instead of one address per node. This extra address is dedicated 
+      to traffic that originates from the cluster and is destined for the
+      external network.
    </p><p>
      In NAT-GW one of the nodes in the cluster is designated the NAT Gateway
      through which all traffic that is originated in the cluster will be
-      routed through if the public addresses are not available.
-    </p></div><div class="refsect2" lang="en"><a name="id2529512"></a><h3>Configuration</h3><p>
+      routed through if the public addresses are not available. 
+    </p></div><div class="refsect2" lang="en"><a name="id2529514"></a><h3>Configuration</h3><p>
      NAT-GW is configured in /etc/sysconfig/ctdb by setting the following
      variables:
    </p><pre class="screen">
@ -469,48 +471,44 @@ CTDB_CAPABILITY_RECMASTER=no
 # to use NAT MASQUERADING for all traffic from the internal private network
 # to the external network. This node is the NAT-GW node.
 #
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT-GW node.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat-gw node.
 # 
 # The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT-GW.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT-GW
-# routing will not be used.
-#NATGW_PUBLIC_IP=10.0.0.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10.0.0.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10.1.1.0/24
-    </pre></div><div class="refsect2" lang="en"><a name="id2529559"></a><h3>NATGW_PUBLIC_IP</h3><p>
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat-gw node.
+#
+# NATGW_PUBLIC_IP=10.0.0.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10.0.0.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10.1.1.0/24
+    </pre></div><div class="refsect2" lang="en"><a name="id2529555"></a><h3>NATGW_PUBLIC_IP</h3><p>
      This is an ip address in the public network that is used for all outgoing
      traffic when the public addresses are not assigned.
      This address will be assigned to one of the nodes in the cluster which
      will masquerade all traffic for the other nodes.
    </p><p>
      Format of this parameter is IPADDRESS/NETMASK
-    </p></div><div class="refsect2" lang="en"><a name="id2476134"></a><h3>NATGW_PUBLIC_IFACE</h3><p>
+    </p></div><div class="refsect2" lang="en"><a name="id2476128"></a><h3>NATGW_PUBLIC_IFACE</h3><p>
      This is the physical interface where the NATGW_PUBLIC_IP will be
      assigned to. This should be an interface connected to the public network.
    </p><p>
      Format of this parameter is INTERFACE
-    </p></div><div class="refsect2" lang="en"><a name="id2476150"></a><h3>NATGW_DEFAULT_GATEWAY</h3><p>
+    </p></div><div class="refsect2" lang="en"><a name="id2476144"></a><h3>NATGW_DEFAULT_GATEWAY</h3><p>
      This is the default gateway to use on the node that is elected to host
      the NATGW_PUBLIC_IP. This is the default gateway on the public network.
    </p><p>
      Format of this parameter is IPADDRESS
-    </p></div><div class="refsect2" lang="en"><a name="id2476166"></a><h3>NATGW_PRIVATE_IFACE</h3><p>
+    </p></div><div class="refsect2" lang="en"><a name="id2476160"></a><h3>NATGW_PRIVATE_IFACE</h3><p>
      This is the interface used for the interal private network.
    </p><p>
      Format of this parameter is INTERFACE
-    </p></div><div class="refsect2" lang="en"><a name="id2476180"></a><h3>NATGW_PRIVATE_NETWORK</h3><p>
+    </p></div><div class="refsect2" lang="en"><a name="id2476174"></a><h3>NATGW_PRIVATE_NETWORK</h3><p>
      This is the network/netmask used for the interal private network.
    </p><p>
      Format of this parameter is IPADDRESS/NETMASK
-    </p></div><div class="refsect2" lang="en"><a name="id2476194"></a><h3>Operation</h3><p>
+    </p></div><div class="refsect2" lang="en"><a name="id2476188"></a><h3>Operation</h3><p>
      When the NAT-GW fiunctionality is used, one of the nodes is elected
      to act as a NAT router for all the other nodes in the cluster when
      they need to originate traffic to the external public network.
@ -520,18 +518,15 @@ CTDB_CAPABILITY_RECMASTER=no
      to act as a router and to masquerade all traffic it receives from the
      internal private network and which is destined to the external network(s).
    </p><p>
-      All other nodes are configured with policy routing so that all outgoing
-      packets that have a source ip address belonging to the private network
-      (which means they are not routable from the public network) are instead
-      sent on to the designated NAT-GW host instead of using the normal
-      routing table.
+      All other nodes are configured with a default route of metric 10 pointing
+      to the designated NAT GW node.
    </p><p>
      This is implemented in the 11.natgw eventscript. Please see the
      eventscript for further information.
-    </p></div></div><div class="refsect1" lang="en"><a name="id2476230"></a><h2>SEE ALSO</h2><p>
+    </p></div></div><div class="refsect1" lang="en"><a name="id2476221"></a><h2>SEE ALSO</h2><p>
      ctdb(1), onnode(1)
      <a class="ulink" href="http://ctdb.samba.org/" target="_top">http://ctdb.samba.org/</a>
-    </p></div><div class="refsect1" lang="en"><a name="id2476243"></a><h2>COPYRIGHT/LICENSE</h2><div class="literallayout"><p><br>
+    </p></div><div class="refsect1" lang="en"><a name="id2476234"></a><h2>COPYRIGHT/LICENSE</h2><div class="literallayout"><p><br>
 Copyright (C) Andrew Tridgell 2007<br>
 Copyright (C) Ronnie sahlberg 2007<br>
 <br>
--- a/ctdb/doc/ctdbd.1.xml
+++ b/ctdb/doc/ctdbd.1.xml
@ -812,12 +812,14 @@ CTDB_CAPABILITY_RECMASTER=no
    <para>
      A second way is to use the built in NAT-GW feature in CTDB.
      With NAT-GW only one extra address is required for the entire cluster
-      instead of one address per node.
+      instead of one address per node. This extra address is dedicated 
+      to traffic that originates from the cluster and is destined for the
+      external network.
    </para>
    <para>
      In NAT-GW one of the nodes in the cluster is designated the NAT Gateway
      through which all traffic that is originated in the cluster will be
-      routed through if the public addresses are not available.
+      routed through if the public addresses are not available. 
    </para>
    </refsect2>

@ -846,22 +848,18 @@ CTDB_CAPABILITY_RECMASTER=no
 # to use NAT MASQUERADING for all traffic from the internal private network
 # to the external network. This node is the NAT-GW node.
 #
-# All other nodes are set up with policy routing so that all traffic with
-# a source address of the private network and a destination outside of
-# the private network are instead routed through the NAT-GW node.
+# All other nodes are set up with a default rote with a metric of 10 to point
+# to the nat-gw node.
 # 
 # The effect of this is that only when a node does not have a public address
-# or a route to the external network will the node use the private address
-# as the source address and only then will it use the policy routing
-# through the NAT-GW.
-# As long as a node has a public address and can route to the external network
-# the node will always pick the public address as the source address and NAT-GW
-# routing will not be used.
-#NATGW_PUBLIC_IP=10.0.0.227/24
-#NATGW_PUBLIC_IFACE=eth0
-#NATGW_DEFAULT_GATEWAY=10.0.0.1
-#NATGW_PRIVATE_IFACE=eth1
-#NATGW_PRIVATE_NETWORK=10.1.1.0/24
+# and thus no proper routes to the external world it will instead
+# route all packets through the nat-gw node.
+#
+# NATGW_PUBLIC_IP=10.0.0.227/24
+# NATGW_PUBLIC_IFACE=eth0
+# NATGW_DEFAULT_GATEWAY=10.0.0.1
+# NATGW_PRIVATE_IFACE=eth1
+# NATGW_PRIVATE_NETWORK=10.1.1.0/24
    </screen>
    </refsect2>

@ -928,11 +926,8 @@ CTDB_CAPABILITY_RECMASTER=no
      internal private network and which is destined to the external network(s).
    </para>
    <para>
-      All other nodes are configured with policy routing so that all outgoing
-      packets that have a source ip address belonging to the private network
-      (which means they are not routable from the public network) are instead
-      sent on to the designated NAT-GW host instead of using the normal
-      routing table.
+      All other nodes are configured with a default route of metric 10 pointing
+      to the designated NAT GW node.
    </para>
    <para>
      This is implemented in the 11.natgw eventscript. Please see the