Re: "NFS Slave"??
Greetings and thank you for your reply,
Jorge L. deLyra wrote:
Cool. Could I ask for some help then? I think that I've "tried
everything" now, including purging and reinstalling NIS on head2,
rebooting head1 and head2, reading all of the NIS documentation very
carefully, etc., but it doesn't quite work.
I have two Beowulf clusters on two subnets hanging off different
machines. (Actually, one has six different subnets to make it a flat
network topology on more machines than will fit on a single switch, but
that's not important.) One head node (call it "head1") is my NIS/NFS
server, so that cluster's config was easy. The other head node
("head2") is an NIS/NFS client.
I've set up an NIS slave on head2, which doesn't quite work (but I think
I know why and haven't exhausted all of the possible things to do).
It does work, we used this here in the past.
I can use head2 as an NIS server just fine on the main network (e.g.
machine3 on the same network as head1 and head2 can use head2 as NIS
server), but not on the subnet hanging off head2. The subnet off head2
(10.0.0.*) is different from that off head1 (10.1.1.* and 10.2.2.*), but
I have both in /etc/ypserv.securenets on head1, and all of the machines
in /etc/hosts of head1 and head2. I also have entries for all of the
machines in head1's ypserv.conf with lines like:
But 10.0.0.2 and the others can't use head2 as a server, /etc/init.d/nis
start just prints "Starting NIS services: ypbind " then sits there and
But is there such a thing as an NFS slave? I try to export /home from
head2, which mounts it from head1, but when clients mount it from head2,
The solution to your problem is: put the 2.4 kernel on head2 and configure
it for masquerading (netfilter, NAT, etc). The 2.4 kernels are able to do
NFS masquerading. You export whatever from head1 to head2 and on the nodes
of head2 you just mount from head1, ignoring the fact that it is on the
external network, using of course head1's address on the Internet. Instead
of the ipchains of 2.2, you must install and use iptables.
I see. This kind of seems like cheating, but if it works, that's cool. :-)
I can see why old kernels might not have supported it: getting multiple
mount requests from the same physical machine would be kind of wierd.
Ohmygod, it works! Look at that! The clients hang for a little while
(~1-2 minutes) while mounting, but it's all there. Most excellent.
This works very well, we use it here. In order do enable ftp to outside
you must install special modules by hand. Besides the support in the
kernel, you need a script to set it all up during the boot of the server.
Below is a copy of the "/etc/rc.boot/setipforward-masq" script we use to
do this. It is set up for both 2.2 and 2.4 kernels, but note that NFS
masquerading only works on 2.4. Note that 18.104.22.168 is the IP of our
server, the one which plays the role of your head2.
# Set up masquerading for the pmcnet.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 22.214.171.124
iptables -A FORWARD -i ! eth0 -o eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P FORWARD DROP
# Print out a message.
echo "masquerading the private network on eth1"
# Turn on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
One question: what does "ftp" have to do with NFS? I don't need the
machines to be able to use ftp, NFS is the only service we need from
outside the subnet. Or does ftp mean nfs in some way?
Thank you very much! Now if I can just get NIS to work... How about
via masquerading? Nope, that doesn't work. Oh well.
GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
Welcome to the best software in the world today cafe!
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com