Print

Print


Hi Victor,

Indeed I also think this is an interesting and useful ideal, and it is likely easy to do. Something for Lukasz to think of 

In your case, you probably can use the following example in /etc/sysconfig/iptables on batch nodes

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Traffic going to LFC @ BNL (192.12.15.102:5010) will be redirected to 134.79.198.159:5010
-A PREROUTING  -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT --to-destination 134.79.198.159:5010
-A OUTPUT      -p tcp -d 192.12.15.102 --destination-port 5010 -j DNAT --to-destination 134.79.198.159:5010
-A POSTROUTING -p tcp -s 134.79.198.159 --source-port 5010 -j SNAT --to-source 192.12.15.102:5010


Wei Yang  |  [log in to unmask]  |  650-926-3338(O)



On Jun 26, 2013, at 10:10 PM, Victor Kotlyar <[log in to unmask]> wrote:

> Hi Wei
> 
> on 26.06.2013 23:18, Yang, Wei wrote:
>> Hi Victor,
>> 
>> Try to understand your question: is this about something like root_proxy variable? Since you have done a proxy setup so I suppose your question is not about if and how for setting up a proxy. I don't think we currently have this. But I think you can request such a feature to be implemented. In the mean time, I am doing similar things at SLAC by manipulating the NAT table in iptables (modify TCP head so that traffic to host A is sent to host B, etc.)
> 
> Yes it is like a root_proxy variable.
> I do not know if it will be widely used but maybe idea is interesting.
> When everybody and everywhere in HEP switched to  root it might be useful.
> 
> 
> In our case:
> we have WN's after GW (NAT) in our network and a server outside our 
> network. We would like to reroute all xroot\root traffic to our WNs GW 
> through that particular server.
> 
> If you have similar setup could you please describe it a little bit.
> 
> Best regards,
> Victor Kotlyar
> 
>> 
>> regards,
>> Wei Yang  |  [log in to unmask]  |  1-650-926-3338
>> 
>> 
>> 
>> 
>> On Jun 26, 2013, at 11:43 AM, Victor Kotlyar<[log in to unmask]>  wrote:
>> 
>>> Dear xrootd experts.
>>> 
>>> Since 6th of June we have problems with connection to outside Russia for
>>> our institute.
>>> We investigate any possibility to use another Institutes for rerouting
>>> our Grid traffic.
>>> 
>>> So I have a very simple question: is it possible to create a proxy
>>> server for xroot?
>>> 
>>> For example we use http_proxy environment variable to redirect all http
>>> traffic through http proxy server on WorkingNodes.
>>> 
>>> On our Grid site Alice experiment  initiates many connections on 1095tcp
>>> port to outside storage servers and it would be very usefull just to set
>>> xroot_proxy environment variable and install xrootd in proxy mode on
>>> other site.
>>> 
>>> I guess that it is not so simple. Could you please make any
>>> recomendations what is possible to try in our case?
>>> 
>>> Many thanks
>>> Best regards,
>>> Victor Kotlyar
>>> 
>>> ########################################################################
>>> Use REPLY-ALL to reply to list
>>> 
>>> To unsubscribe from the XROOTD-L list, click the following link:
>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>> 

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1