Coda File System

Re: Multiple interfaces

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Tue, 20 Mar 2001 22:47:57 -0500
On Wed, Mar 21, 2001 at 12:41:17PM +1000, Vaughan Clarkson wrote:
> involves running pppd inside pppd over ssh.  However, this sets up a
> second interface (ppp0) on the Coda server, as well as the usual eth0,
> which have different IP addresses.  So although I can `access' my Coda
> server (i.e., I can ping, ssh, etc., over the new interface), I can't
> actually mount a Coda filesystem from home since Coda seems to be
> sensitive about which interface it's responding to.  However, I don't
...
> Is there any solution to this problem?  My current thought is that I'll
> have to bridge the two interfaces, but it all seems so messy.  Am
> I missing something obvious?

My guess is that some evil routing/NAT trickery on the client is needed
here. The Coda server reports it's eth0 ip-address as the 'contact'
address, however the client will not be able to reach the server when
sending packets to that address because of the firewall.

First of all, the newer Coda clients and servers make life somewhat
simpler when the 'masquerade=1' option is set in /etc/coda/venus.conf.
In this case the only traffic between clients and servers should be
to ports 370/udp and 2433/udp on the server.

I would use a firewall to mark outgoing packets to udp ports 370 and
2433 and reroute these over the ppp interface. The fact that there is
only one server makes it a lot easier, because we can simply rewrite the
destination ip-address in the outgoing packets without bothering about
really correct routing once we're through the firewall.

The following might work with netfilter (linux 2.4 kernel fw),

    modprobe iptables_nat
    iptables -t nat -A OUTPUT --protocol udp --destination-port 370 -j DNAT \
	--to-destination <ip-address-of-server-ppp0>
    iptables -t nat -A OUTPUT -protocol udp --destination-port 2433 -j DNAT \
	--to-destination <ip-address-of-server-ppp0>

Linux 2.2 solution would be similar to,

    ipmasqadm portfw -a -P udp -L <ip-address-of-server-eth0> 370 \
	-R <ip-address-of-server-ppp0 370
    ipmasqadm portfw -a -P udp -L <ip-address-of-server-eth0> 2433 \
	-R <ip-address-of-server-ppp0 2433

Ofcourse, I never tried this so there might still be some surprises,

    Jan
Received on 2001-03-20 22:49:37