Difference between revisions of "Agile testbed"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 69: | Line 69: | ||
| separate management network for IPMI and Serial-Over-Lan | | separate management network for IPMI and Serial-Over-Lan | ||
|} | |} | ||
| + | |||
| + | === NAT === | ||
| + | |||
| + | The gateway host for the 10.198.0.0/16 range is bleek.testbed (10.198.3.1). It takes care of network address translation (NAT) to outside networks. | ||
| + | |||
| + | # iptables -t nat -L -n | ||
| + | Chain PREROUTING (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | DNAT tcp -- 0.0.0.0/0 194.171.96.17 tcp dpt:8443 to:10.198.8.7:443 | ||
| + | DNAT tcp -- 0.0.0.0/0 194.171.96.17 tcp dpt:8022 to:10.198.11.6:22 | ||
| + | DNAT tcp -- 0.0.0.0/0 194.171.96.17 tcp dpt:9022 to:10.198.11.7:22 | ||
| + | |||
| + | Chain POSTROUTING (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | ACCEPT all -- 10.198.0.0/16 10.198.0.0/16 | ||
| + | SNAT all -- 10.198.0.0/16 0.0.0.0/0 to:194.171.96.17 | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | |||
| + | The DNAT rules allow some very specific inbound access to a few selected machines. | ||
== Storage == | == Storage == | ||
