3
# hp-proliant-setup-nat - Setup NAT for external network access by nodes
4
# Copyright (C) 2014 Canonical Ltd.
6
# Authors: Ronald McCollam <ronald.mccollam@canonical.com>
7
# Dustin Kirkland <kirkland@canonical.com>
8
# Kent Baxley <kent.baxley@canonical.com>
9
# This program is free software: you can redistribute it and/or modify
10
# it under the terms of the GNU General Public License as published by
11
# the Free Software Foundation, version 3 of the License.
13
# This program is distributed in the hope that it will be useful,
14
# but WITHOUT ANY WARRANTY; without even the implied warranty of
15
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
# GNU General Public License for more details.
18
# You should have received a copy of the GNU General Public License
19
# along with this program. If not, see <http://www.gnu.org/licenses/>.
23
if [ "$(id -u)" != "0" ]; then
24
echo "Must be run with sudo or by root"
28
# Don't bother to restart sshd when lo is configured.
29
if [ "$IFACE" = lo ]; then
36
#internal=$(route -n | grep "^10\.14\." | sed -e "s/.* //")
37
#external=$(ip route ls | grep ^default | awk '{print $5}')
40
if [ -z "$internal" ] || [ -z "$external" ]; then
41
echo "usage: $0 [INTERNAL_INTERFACE] [EXTERNAL_INTERFACE]" 1>&2
47
# Update MAAS upstream DNS
48
dns=$(nmcli d list iface $external | grep -m 1 "^IP4.DNS" | awk '{ print $2 }')
49
maas admin maas set-config name=upstream_dns value=$dns
51
# Intel Centrino Advanced-N 6235 and Ubuntu don't work well with Wireless-N
52
if lspci -v 2>/dev/null | grep -qs "Centrino Advanced-N 6235" 2>/dev/null; then
53
sed -i -e "/options iwlwifi 11n_disable=1/d" /etc/modprobe.d/iwlwifi.conf
54
echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/iwlwifi.conf
57
# Configure NAT and IP forwarding, giving slave NUCs external network access
60
# Enable IP forwarding and save for next boot
61
echo 1 > /proc/sys/net/ipv4/ip_forward
62
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/10-maas-ip-forward.conf
65
# Note that this script assumes no existing iptables rules. If you do have
66
# any, they will be deleted.
68
iptables --table nat --flush
69
iptables --delete-chain
70
iptables --table nat --delete-chain
72
# Some things use the MAAS proxy - some things don't. So turn on NAT.
73
echo "Setting up ip forwarding"
74
iptables -t nat -A POSTROUTING -o $external -j MASQUERADE
75
iptables -A FORWARD -i $external -o $internal -m state --state RELATED,ESTABLISHED -j ACCEPT
76
iptables -A FORWARD -i $internal -o $external -j ACCEPT
77
# The following lines would setup a transparent proxy, but it's not currently working properly
78
#iptables -A PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80 -j REDIRECT --to-port 3128
79
#iptables -A PREROUTING -t nat -i br0 -p tcp -m multiport --dports 443 -j REDIRECT --to-port 3128
81
iptables-save > /etc/iptables/rules.v4
83
service iptables-persistent restart
85
# It seems we need to restart squid-deb-proxy after making these network changes
86
service squid3 stop || true
88
service squid-deb-proxy stop || true
89
service squid-deb-proxy start