|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I saw on the list today mixed in with the thread on putty a request for
a nat rule to get a node to see to the outside.
iptables on the server that can both see the local net and the world
can be set up like this:
# Allow all machines that have a source ipaddress 192.168.1.0/16 to use
# port 80 on the Internet
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 \
--dport 80 -j SNAT --to $RealIP
I would not set up PREROUTING which would allow Internet access to any
node on the cluster. I would be very selective on which ports that the
nodes see on the Internet.
With this setup, you could ssh in to a specific node from the local
network and use port 80 to upgrade the system. I do not think that it
would be a good idea to allow ssh directly from the Internet. You Could
allow ssh from specific box on the local net that you could ssh in to
from the Internet.
- --
Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
~ http://lrcressy.com ( o.o )
~ Phone: 215-535-4037 > ^ <
~ FAX: 215-535-4285
gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
For info on enigmail: http://lrcressy.com/linux/mozilla.pdf
For info on gpg: http://www.gnupg.org/
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBE2V6P+/m2oUBr+oRAtbSAJ998MH66zUSBOWmC8wgS00MH8ipNACgiLyZ
YMq99lzlLF/2jCdv6a6tKrI=
=4ZMO
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|