 |
 |
 |
 |
 |
 |
 |
 |
| |||||||||
|
|
|
Basic clustering of console server serial ports using IP Tables As outlined in faq295 Opengear console servers can now be securely clustered locally and remotely. The Cascaded Ports feature released with V2.4.1 enables you to configure and access distributed console server serial port devices through the one IP address and to manage them all through the one Management Console. One console server, the Master, controls other console servers as Slave units and all the serial ports on the Slave units appear as if they are part of the Master. This clustering connects each Slave to the Master with an SSH connection and uses public key authentication enabling the Slave console server units to be distributed locally on a LAN or remotely around the world. However as a simpler alternative you can still implement very basic "local clustering" using iptables. This enables multiple console servers to be accessed via a single IP address/hostname. One console server is configured as the master and the others become slaves and the physical serial ports on the slave console servers appear as virtual serial ports on the master. Remote user workstations can connect securely through to the master and be forwarded to any port on any of the slave console servers, and the remote user need only know the IP address of the master console server. The master console server will be used as an access point for all slave ports as well as its own. However the connection between master and the slaves is not encrypted or authenticated so this should only be used for local connections. 
This serial port clustering can also be set up from the command line as shown in the example below. For a configuration with an IM4248-2 as the master, and two slave CM4248s set up the network addressing as follows:
#!/bin/sh
PRENAT=pre_nat_cluster
PSTNAT=post_nat_cluster
MASTERIP=192.168.1.1
PORTBASE=3000
NUMPORTS=48
SLAVESUBNET=192.168.1
SLAVEOCTETBASE=2
NUMSLAVES=1
echo "Let everything through for now"
iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT
echo "Setup clustering chains"
iptables -D PREROUTING -t nat -p tcp -j ${PRENAT} iptables -D POSTROUTING -t
nat -p tcp -j ${PSTNAT} echo "Delete old chains"
iptables -t nat -F ${PRENAT}
iptables -t nat -F ${PSTNAT}
iptables -t nat -X ${PRENAT}
iptables -t nat -X ${PSTNAT}
echo "Create new chains"
iptables -t nat -N ${PRENAT}
iptables -t nat -N ${PSTNAT}
echo "Insert new chains"
iptables -A PREROUTING -t nat -p tcp -j ${PRENAT} iptables -A POSTROUTING -t
nat -p tcp -j ${PSTNAT}
echo "Enter a redirect rule for each slave port"
let MASTERPORT=${PORTBASE}+${NUMPORTS}
SLAVE=0
while [ ${SLAVE} -lt ${NUMSLAVES} ]; do
let SLAVEOCTET=${SLAVEOCTETBASE}+${SLAVE}
SLAVEIP=${SLAVESUBNET}.${SLAVEOCTET}
PORT=0
while [ ${PORT} -lt ${NUMPORTS} ]; do
let PORT=${PORT}+1
let MASTERPORT+=1
let SLAVEPORT=${PORTBASE}+${PORT}
iptables -A ${PRENAT} -t nat -p tcp -d ${MASTERIP} --dport
${MASTERPORT} -j DNAT --to ${SLAVEIP}:${SLAVEPORT}
iptables -A ${PSTNAT} -t nat -p tcp -d ${SLAVEIP} --dport
${SLAVEPORT} -j SNAT --to ${MASTERIP}
done
let SLAVE=${SLAVE}+1
done
2) Allow SSH access on all the ports you wish to access:
|
| © Opengear 2008| Privacy Policy |