[Condor-users] condor_shared_port and NAT environment

["U.H" <zvalim@xxxxxxxxx>]

Dear condor admins,

I’ve been looking around for a solution that will allow running condor
submit/execute machines behind a NAT dictated by a virtual
environment. Would appreciate any advice regarding the following
scenario: We have idle windows machines (hosts), and they are running
virtualbox with linux/condor installations on them (guests). The
headnode is located on a machine with a proper IP address and domain
name. Currently, in this configuration, the pool works fine.

The only issue is that the linux guests currently need their own IP
addresses, which drinks up IP addresses from our dhcp pool. I’d like
the guests to be able to work in (Virtualboxe's) NAT mode, where they
utilize the host’s IP address publicly. That is, each condor submit
machine works behind a different NAT.

Is it possible to run condor in this situation using the new
condor_shared_port directive so that all communication goes out
through that port? Would the central manager machine know to return
all communication through that port so that this port could be the
only one open in the NAT (i.e., guest machine?). Or is it the case
that while all outgoing communication will go through "shared_port",
returning communication will still expect to have  a large number of
ephemeral ports open?

Any info/hints/experiences, much appreciated.

Oori