Hi Victor,
Indeed I also think this is an interesting and useful ideal, and it is likely easy to do. Something for Lukasz to think of …
In your case, you probably can use the following example in /etc/sysconfig/iptables on batch nodes
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected to 134.79.198.159:5010
-A PREROUTING -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT --to-destination 134.79.198.159:5010
-A OUTPUT -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT --to-destination 134.79.198.159:5010
-A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT --to-source 192.12.15.102:5010
Wei Yang | [log in to unmask] | 650-926-3338(O)
On Jun 26, 2013, at 10:10 PM, Victor Kotlyar <[log in to unmask]> wrote:
> Hi Wei
>
> on 26.06.2013 23:18, Yang, Wei wrote:
>> Hi Victor,
>>
>> Try to understand your question: is this about something like root_proxy variable? Since you have done a proxy setup so I suppose your question is not about if and how for setting up a proxy. I don't think we currently have this. But I think you can request such a feature to be implemented. In the mean time, I am doing similar things at SLAC by manipulating the NAT table in iptables (modify TCP head so that traffic to host A is sent to host B, etc.)
>
> Yes it is like a root_proxy variable.
> I do not know if it will be widely used but maybe idea is interesting.
> When everybody and everywhere in HEP switched to root it might be useful.
>
>
> In our case:
> we have WN's after GW (NAT) in our network and a server outside our
> network. We would like to reroute all xroot\root traffic to our WNs GW
> through that particular server.
>
> If you have similar setup could you please describe it a little bit.
>
> Best regards,
> Victor Kotlyar
>
>>
>> regards,
>> Wei Yang | [log in to unmask] | 1-650-926-3338
>>
>>
>>
>>
>> On Jun 26, 2013, at 11:43 AM, Victor Kotlyar<[log in to unmask]> wrote:
>>
>>> Dear xrootd experts.
>>>
>>> Since 6th of June we have problems with connection to outside Russia for
>>> our institute.
>>> We investigate any possibility to use another Institutes for rerouting
>>> our Grid traffic.
>>>
>>> So I have a very simple question: is it possible to create a proxy
>>> server for xroot?
>>>
>>> For example we use http_proxy environment variable to redirect all http
>>> traffic through http proxy server on WorkingNodes.
>>>
>>> On our Grid site Alice experiment initiates many connections on 1095tcp
>>> port to outside storage servers and it would be very usefull just to set
>>> xroot_proxy environment variable and install xrootd in proxy mode on
>>> other site.
>>>
>>> I guess that it is not so simple. Could you please make any
>>> recomendations what is possible to try in our case?
>>>
>>> Many thanks
>>> Best regards,
>>> Victor Kotlyar
>>>
>>> ########################################################################
>>> Use REPLY-ALL to reply to list
>>>
>>> To unsubscribe from the XROOTD-L list, click the following link:
>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
|