Compute Nodes in an HPC environment are usually physically isolated from the public network and has to route through the gateway which are often found in Head Node in small or small-medium size cluster to access the internet or to access company LAN to access LDAP, you can use the iptables to route the traffic through the interconnect facing the internet
Traffic will be routed through the Head Node eth1 (internet facing) from the eth0 (private network) of the same Head Node. The interconnect eth0 is attached to a switch where the compute nodes are similarly attached. Some
- 192.168.1.0/24 is the private network subnet
- 220.127.116.11 is the DNS forwarders for public-facing DNS
- 18.104.22.168 is the IP Address of the external-facing ethernet ie eth1
Ensure the machine allow ip forwarding
# cat /proc/sys/net/ipv4/ip_forward
If the output is 0, then IP forwarding is not enabled. If the output is 1, then IP forwarding is enabled.
If your output is 0, you can enabled it by running the command
# echo 1 > /proc/sys/net/ipv4/ip_forward
Or if you wish to make it permanent,
echo 1 > /proc/sys/net/ipv4/ip_forward
Network Configuration of the Compute Node (Assuming that eth0 is connected to the private switch). It is very important that you input the gateway.
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet # Compute Node DEVICE=eth0 BOOTPROTO=static ONBOOT=yes HWADDR=00:00:00:00:00:00 IPADDR=192.168.1.2 NETMASK=255.255.255.0 GATEWAY=192.168.1.1
DNS Settings of the Compute Nodes should not only have DNS of the internal private switch but also the DNS forwarders of the external network
search mydomain # Private DNS nameserver 192.168.1.1 # DNS forwarders nameserver 22.214.171.124
Configure iptables in the Cluster Headnode if you are using the Headnode as a gateway.
# Using the Headnode as a gateway iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 126.96.36.199 # Accept all Traffic from a Private subnet iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -i eth0 -j ACCEPT
Restart iptables services
# service iptables save # service iptables restart
Quick check that the Compute Nodes can have access to outside
# nslookup www.centos.org
Server: 188.8.131.52 Address: 184.108.40.206#53 Non-authoritative answer: Name: www.centos.org Address: 220.127.116.11