[Oscar-users] Allowing access to head node from internet

[henkwitte]

Hello,

I have a small oscar cluster (oscar 3.0 running on redhat linux 8). The 
head node has two NIC's, one connecting to the nodes and
one connected to the hardware firewall/router. The firewall is connected to 
the internet, and to the rest of our network as well.
In a schematic, the setup is:
Oscar node 1  Oscar node 2 ... Oscar node n
        |                    |                        |
============<hub>==============
                                       |
                       Oscar Head Node
                         | 
Workstation 1              Workstation 2 ....Workstation n
                         | 
|                            |                             |
                         
----------------------------------------------------------------======================<hub>=============
                                     |
                                 firewalll
                                      |
                                Internet


The firewall routes certain ports (smtp, ssh, ftp, http, https) to a 
certain server on the network.

However, since I installed oscar, the server cannot be accessed from the 
outside (internet) anymore. I want that to be able to log
in from home, and make certain services available.

I want to use the oscar head node as server for http and https, and also 
use VNC and ssh, from the outside (internet) connection.
However, I am unable to connect to the server. It all works fine from the 
internal network (so the network translation is ok).

I guess the problem is in the fact that the second NIC of the oscar node is 
configured with an "internal type" address (192.168.x.x)
and therefore all packets coming in from the bad outside world are dropped. 
I configured pfilter with appropriate "open" rules
(eg ), defined the EXTINF in the pfilter.conf file and manually changed the 
/proc/sys/net/ipv4/eht0/log_martians and rp_filter rules,
but without success.

Is there a source anywhere explaining how to set up a head node in such a 
way that the external interface is open to the internet?
The problem is also that I cannot just assign an outside address?

Thanks,

Henk Witte

Groenholland b.v.
Valschermkade 26
1059 CD Amsterdam
The Netherlands

Tel.: +31 (0)20 - 6159050
Fax:+31 (0)20 - 6177082

mobiel: 0628176535

http://www.groenholland.nl



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Oscar-users mailing list
Oscar-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oscar-users