search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:lib/socket: simplify iface_list_wildcard() and its callers
[Samba.git] / ctdb / config / events.d / 11.natgw
blob855500500bbb429cfb5b7496f212297a63f4454c
1 #!/bin/sh
2 # Script to set up one of the nodes as a NAT gateway for all other nodes.
3 # This is used to ensure that all nodes in the cluster can still originate
4 # traffic to the external network even if there are no public addresses
5 # available.
6 #
7
8 [ -n "$CTDB_BASE" ] || \
9 export CTDB_BASE=$(cd -P $(dirname "$0") ; dirname "$PWD")
10
11 . $CTDB_BASE/functions
12 loadconfig
13
14 [ -n "$CTDB_NATGW_NODES" ] || exit 0
15 export CTDB_NATGW_NODES
16
17 set_natgw_capability ()
18 {
19 # Set NATGW capability depending on configuration
20 if [ "$CTDB_NATGW_SLAVE_ONLY" = "yes" ] ; then
21 ctdb setnatgwstate off
22 else
23 ctdb setnatgwstate on
24 fi
25 }
26
27 delete_all() {
28 _ip="${CTDB_NATGW_PUBLIC_IP%/*}"
29 _maskbits="${CTDB_NATGW_PUBLIC_IP#*/}"
30
31 [ -z "$CTDB_NATGW_PUBLIC_IFACE" ] || {
32 delete_ip_from_iface $CTDB_NATGW_PUBLIC_IFACE $_ip $_maskbits >/dev/null 2>&1
33 }
34 ip route del 0.0.0.0/0 metric 10 >/dev/null 2>/dev/null
35
36 # Delete the masquerading setup from a previous iteration where we
37 # were the NAT-GW
38 iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
39
40 # remove any iptables rule we may have on this address
41 iptables -D INPUT -p tcp --syn -d $_ip/32 -j REJECT 2>/dev/null
42 }
43
44 ensure_natgwmaster ()
45 {
46 _event="$1"
47
48 set -- $(ctdb natgwlist)
49 natgwmaster="${1:--1}" # Default is -1 if natgwlist fails
50 natgwip="$2"
51
52 if [ "$natgwmaster" = "-1" ]; then
53 # Fail...
54 die "There is no NATGW master node"
55 fi
56 }
57
58 case "$1" in
59 setup)
60 set_natgw_capability
61 ;;
62
63 startup)
64 # Error if CTDB_NATGW_PUBLIC_IP is listed in public addresses
65 grep -q "^$CTDB_NATGW_PUBLIC_IP[[:space:]]" "${CTDB_PUBLIC_ADDRESSES:-/etc/ctdb/public_addresses}" && \
66 die "ERROR: NATGW configured to use a public address. NATGW must not use a public address."
67
68 # do not send out arp requests from loopback addresses
69 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
70 ;;
71
72 updatenatgw|ipreallocated)
73 mypnn=$(ctdb pnn | cut -d: -f2)
74
75 set_natgw_capability
76 ensure_natgwmaster "$1"
77
78 delete_all
79
80 if [ "$mypnn" = "$natgwmaster" ]; then
81 # This is the NAT GW
82 echo 1 >/proc/sys/net/ipv4/ip_forward
83 iptables -A POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE
84
85 # block all incoming connections to the natgw address
86 ctdb_natgw_public_ip_host="${CTDB_NATGW_PUBLIC_IP%/*}/32"
87 iptables -D INPUT -p tcp --syn -d $ctdb_natgw_public_ip_host -j REJECT 2>/dev/null
88 iptables -I INPUT -p tcp --syn -d $ctdb_natgw_public_ip_host -j REJECT 2>/dev/null
89
90 ip addr add $CTDB_NATGW_PUBLIC_IP dev $CTDB_NATGW_PUBLIC_IFACE
91 ip route add 0.0.0.0/0 metric 10 via $CTDB_NATGW_DEFAULT_GATEWAY >/dev/null 2>/dev/null
92 else
93 # This is NOT the NAT GW
94 ip route add 0.0.0.0/0 via $natgwip metric 10
95 # Make sure winbindd does not stay bound to this address
96 # if we are no longer natgwmaster
97 smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>/dev/null
98 fi
99
100 # flush our route cache
101 echo 1 > /proc/sys/net/ipv4/route/flush
102 ;;
103
104 shutdown|removenatgw)
105 delete_all
106 ;;
107
108 monitor)
109 set_natgw_capability
110 ensure_natgwmaster "$1"
111 ;;
112
113 *)
114 ctdb_standard_event_handler "@"
115 ;;
116 esac
117
118 exit 0
Samba GIT mirror