저는 헤드 노드 1개(ilmn-qm.ilmn)와 컴퓨팅 노드 2개(compute-00-00 및 Compute-00-01이라고도 함) 등 3개의 시스템이 있는 그리드에서 RED HAT 5.9 OS를 사용하고 있습니다.
문제는 두 컴퓨팅 노드 장치 모두에서 SSH를 사용할 수 없다는 것입니다.
나는 시도했다:
1) SSH FROM 및 TO 헤드 노드가 정상적으로 작동합니다.
2) 헤드 노드에서 컴퓨팅 노드까지의 SSH가 유효합니다.
3) 반대로, 컴퓨팅 노드에서 헤드 노드로의 SSH도 작동합니다.
4) 헤드 노드는 게이트웨이로 정의됩니다.
[root@compute-00-01 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.20.22.0 * 255.255.255.0 U 0 0 0 eth1
172.20.20.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default ilmn-qm.ilmn 0.0.0.0 UG 0 0 0 eth0
5) 헤드 노드에서 ipv4 전달이 활성화되어 있는지 확인했습니다.
cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
그러나 모든 ssh 시도는 다음과 같이 끝납니다.
ssh: connect to host 132.68.107.69 port 22: Connection timed out
헤드 노드:
root@ilmn-qm ~ # ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:b9 brd ff:ff:ff:ff:ff:ff
inet 132.68.106.1/28 brd 132.68.106.15 scope global eth0
inet6 fe80::f24d:a2ff:fe0b:2db9/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:bb brd ff:ff:ff:ff:ff:ff
inet 172.20.20.5/24 brd 172.20.20.255 scope global eth1
inet6 fe80::f24d:a2ff:fe0b:2dbb/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:bd brd ff:ff:ff:ff:ff:ff
inet 172.20.21.2/24 brd 172.20.21.255 scope global eth2
inet6 fe80::f24d:a2ff:fe0b:2dbd/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether f0:4d:a2:0b:2d:bf brd ff:ff:ff:ff:ff:ff
6: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
root@ilmn-qm ~ # ip route show
132.68.106.0/28 dev eth0 proto kernel scope link src 132.68.106.1
172.20.21.0/24 dev eth2 proto kernel scope link src 172.20.21.2
172.20.20.0/24 dev eth1 proto kernel scope link src 172.20.20.5
169.254.0.0/16 dev eth2 scope link
default via 132.68.106.14 dev eth0
계산-00-00에서:
[root@compute-00-00 ~]# ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:c2 brd ff:ff:ff:ff:ff:ff
inet 172.20.20.6/24 brd 172.20.20.255 scope global eth0
inet6 fe80::f24d:a2ff:fe0b:2dc2/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:c4 brd ff:ff:ff:ff:ff:ff
inet 172.20.22.6/24 brd 172.20.22.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:c6 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether f0:4d:a2:0b:2d:c8 brd ff:ff:ff:ff:ff:ff
6: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[root@compute-00-00 ~]# ip route show
172.20.22.0/24 dev eth1 proto kernel scope link src 172.20.22.6
172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.6
169.254.0.0/16 dev eth1 scope link
default via 172.20.20.5 dev eth0
계산-00-01에서:
[root@compute-00-01 ~]# ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 84:2b:2b:f9:9e:11 brd ff:ff:ff:ff:ff:ff
inet 172.20.20.7/24 brd 172.20.20.255 scope global eth0
inet6 fe80::862b:2bff:fef9:9e11/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 84:2b:2b:f9:9e:13 brd ff:ff:ff:ff:ff:ff
inet 172.20.22.7/24 brd 172.20.22.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 84:2b:2b:f9:9e:15 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 84:2b:2b:f9:9e:17 brd ff:ff:ff:ff:ff:ff
6: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[root@compute-00-01 ~]# ip route show
172.20.22.0/24 dev eth1 proto kernel scope link src 172.20.22.7
172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.7
169.254.0.0/16 dev eth0 scope link
default via 172.20.20.5 dev eth0
답변1
인터넷의 특정 서버에 도달하려고 할 때 컴퓨팅 노드의 트래픽이 올바른 소스 IP 주소를 갖도록 헤드 노드에 SNAT 규칙을 추가해야 할 수도 있습니다. 172.20.20.0/24 범위의 소스 IP 주소를 사용하여 패킷을 보내는 것은 작동하지 않습니다.
다음과 같이 헤드 노드에서 SNAT를 구성할 수 있습니다.
iptables -t nat -A POSTROUTING -o eth0 -s 172.20.20.0/24 -j SNAT --to 32.68.106.1