2 # Script to set up one of the nodes as a NAT gateway for all other nodes.
3 # This is used to ensure that all nodes in the cluster can still originate
4 # traffic to the external network even if there are no public addresses
8 [ -n "$CTDB_BASE" ] || \
9 export CTDB_BASE
=$
(cd -P $
(dirname "$0") ; dirname "$PWD")
11 .
$CTDB_BASE/functions
14 [ -n "$CTDB_NATGW_NODES" ] ||
exit 0
15 export CTDB_NATGW_NODES
17 set_natgw_capability
()
19 # Set NATGW capability depending on configuration
20 if [ "$CTDB_NATGW_SLAVE_ONLY" = "yes" ] ; then
21 ctdb setnatgwstate off
28 _ip
="${CTDB_NATGW_PUBLIC_IP%/*}"
29 _maskbits
="${CTDB_NATGW_PUBLIC_IP#*/}"
31 [ -z "$CTDB_NATGW_PUBLIC_IFACE" ] ||
{
32 delete_ip_from_iface
$CTDB_NATGW_PUBLIC_IFACE $_ip $_maskbits >/dev
/null
2>&1
34 ip route del
0.0.0.0/0 metric
10 >/dev
/null
2>/dev
/null
36 # Delete the masquerading setup from a previous iteration where we
38 iptables
-D POSTROUTING
-t nat
-s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE
>/dev
/null
2>/dev
/null
40 # remove any iptables rule we may have on this address
41 iptables
-D INPUT
-p tcp
--syn -d $_ip/32 -j REJECT
2>/dev
/null
48 set -- $
(ctdb natgwlist
)
49 natgwmaster
="${1:--1}" # Default is -1 if natgwlist fails
52 if [ "$natgwmaster" = "-1" ]; then
54 die
"There is no NATGW master node"
64 # Error if CTDB_NATGW_PUBLIC_IP is listed in public addresses
65 grep -q "^$CTDB_NATGW_PUBLIC_IP[[:space:]]" "${CTDB_PUBLIC_ADDRESSES:-/etc/ctdb/public_addresses}" && \
66 die
"ERROR: NATGW configured to use a public address. NATGW must not use a public address."
68 # do not send out arp requests from loopback addresses
69 set_proc sys
/net
/ipv
4/conf
/all
/arp_announce
2
72 updatenatgw|ipreallocated
)
73 mypnn
=$
(ctdb pnn | cut
-d: -f2)
76 ensure_natgwmaster
"$1"
80 if [ "$mypnn" = "$natgwmaster" ]; then
82 set_proc sys
/net
/ipv
4/ip_forward
1
83 iptables
-A POSTROUTING
-t nat
-s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE
85 # block all incoming connections to the natgw address
86 ctdb_natgw_public_ip_host
="${CTDB_NATGW_PUBLIC_IP%/*}/32"
87 iptables
-D INPUT
-p tcp
--syn -d $ctdb_natgw_public_ip_host -j REJECT
2>/dev
/null
88 iptables
-I INPUT
-p tcp
--syn -d $ctdb_natgw_public_ip_host -j REJECT
2>/dev
/null
90 ip addr add
$CTDB_NATGW_PUBLIC_IP dev
$CTDB_NATGW_PUBLIC_IFACE
91 ip route add
0.0.0.0/0 metric
10 via
$CTDB_NATGW_DEFAULT_GATEWAY >/dev
/null
2>/dev
/null
93 # This is NOT the NAT GW
94 ip route add
0.0.0.0/0 via
$natgwip metric
10
95 # Make sure winbindd does not stay bound to this address
96 # if we are no longer natgwmaster
97 smbcontrol winbindd ip-dropped
$CTDB_NATGW_PUBLIC_IP >/dev
/null
2>/dev
/null
100 # flush our route cache
101 set_proc sys
/net
/ipv
4/route
/flush
1
104 shutdown|removenatgw
)
110 ensure_natgwmaster
"$1"
114 ctdb_standard_event_handler
"@"