[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] NETWORK_INTERFACE - IP address subnet notation not working



FYI

 

For possible future reference, in case this is useful for anyone else.

 

I was able to do what I needed with a somewhat kludgy/complex configuration for

the 3 subnet ranges we are using for our GlobalProtect VPN setup.

 

I have replaced all the real IP subnets with characters.

 

And kudos to the developers that the code doesnât barf up at the long string that is generated. 😉

 

WA = Western Australia

VIC = Victoria

NSW = New South Wales

TAS = Tasmania

SA/NT = South Australia / Northern Territory

ACT = Australian Capital Territory

QLD = Queensland

VC = Virtual Cloud

 

Cheers

 

Greg

 

 

 

# This was the original setup that allowed all CSIRO internal subnets

#NETWORK_INTERFACE = ggg.hhh.*, jjj.kkk.*, eee.fff.*, mmm.nnn.*, ccc.ddd.*, ppp.qqq.*, aaa.bbb.*

 

# VPN_WA_GP =     aaa.bbb.192.0/19

# aaa.bbb.192.1 - aaa.bbb.223.254

# This is within the normal WA subnet of aaa.bbb.*

 

# IPs to exclude

#aaa.bbb.192.*

#aaa.bbb.193.*

#aaa.bbb.194.*

#aaa.bbb.195.*

#aaa.bbb.196.*

#aaa.bbb.197.*

#aaa.bbb.198.*

#aaa.bbb.199.*

#aaa.bbb.200.*

#aaa.bbb.201.*

#aaa.bbb.202.*

#aaa.bbb.203.*

#aaa.bbb.204.*

#aaa.bbb.205.*

#aaa.bbb.206.*

#aaa.bbb.207.*

#aaa.bbb.208.*

#aaa.bbb.209.*

#aaa.bbb.210.*

#aaa.bbb.211.*

#aaa.bbb.212.*

#aaa.bbb.213.*

#aaa.bbb.214.*

#aaa.bbb.215.*

#aaa.bbb.216.*

#aaa.bbb.217.*

#aaa.bbb.218.*

#aaa.bbb.219.*

#aaa.bbb.220.*

#aaa.bbb.221.*

#aaa.bbb.222.*

#aaa.bbb.223.*

 

WA_NO_VPN1 = aaa.bbb.0*, aaa.bbb.3*, aaa.bbb.4*, aaa.bbb.5*, aaa.bbb.6*, aaa.bbb.7*, aaa.bbb.8*, aaa.bbb.9*

WA_NO_VPN2 = aaa.bbb.10*, aaa.bbb.11*, aaa.bbb.12*, aaa.bbb.13*, aaa.bbb.14*, aaa.bbb.15*, aaa.bbb.16*, aaa.bbb.17*, aaa.bbb.18*

WA_NO_VPN3 = aaa.bbb.23*, aaa.bbb.24*, aaa.bbb.25*, aaa.bbb.26*, aaa.bbb.27*, aaa.bbb.28*, aaa.bbb.29*

WA_NO_VPN4 = aaa.bbb.19.*, aaa.bbb.20.*, aaa.bbb.21.*

WA_NO_VPN5 = aaa.bbb.190.*, aaa.bbb.191.*, aaa.bbb.224.*, aaa.bbb.225.*, aaa.bbb.226.*, aaa.bbb.227.*, aaa.bbb.228.*, aaa.bbb.229.*

WA_NO_VPN = $(WA_NO_VPN1), $(WA_NO_VPN2), $(WA_NO_VPN3), $(WA_NO_VPN4), $(WA_NO_VPN5)

 

# VPN_VIC_GP =    ccc.ddd.64.0/20

# ccc.ddd.64.1 - ccc.ddd.79.254

# This is within the normal TAS subnet of ccc.ddd.*

 

#IPs to exclude

#ccc.ddd.64.*

#ccc.ddd.65.*

#ccc.ddd.66.*

#ccc.ddd.67.*

#ccc.ddd.68.*

#ccc.ddd.69.*

#ccc.ddd.70.*

#ccc.ddd.71.*

#ccc.ddd.72.*

#ccc.ddd.73.*

#ccc.ddd.74.*

#ccc.ddd.75.*

#ccc.ddd.76.*

#ccc.ddd.77.*

#ccc.ddd.78.*

#ccc.ddd.79.*

 

VIC_NO_VPN1 = ccc.ddd.0*, ccc.ddd.1*, ccc.ddd.2*, ccc.ddd.3*, ccc.ddd.4*, ccc.ddd.5*, ccc.ddd.8*, ccc.ddd.9*

VIC_NO_VPN2 = ccc.ddd.60*, ccc.ddd.61*, ccc.ddd.62*, ccc.ddd.63*

VIC_NO_VPN = $(VIC_NO_VPN1), $(VIC_NO_VPN2)

 

# VPN_ACT_GP =    eee.fff.224.0/20

# eee.fff.224.1 - eee.fff.239.254

# This is within the normal QLD subnet of eee.fff.*

 

#IPs to exclude

#eee.fff.224.*

#eee.fff.225.*

#eee.fff.226.*

#eee.fff.227.*

#eee.fff.228.*

#eee.fff.229.*

#eee.fff.230.*

#eee.fff.231.*

#eee.fff.232.*

#eee.fff.233.*

#eee.fff.234.*

#eee.fff.235.*

#eee.fff.236.*

#eee.fff.237.*

#eee.fff.238.*

#eee.fff.239.*

 

ACT_NO_VPN1 = eee.fff.0*, eee.fff.1*, eee.fff.3*, eee.fff.4*, eee.fff.5*, eee.fff.6*, eee.fff.7*, eee.fff.8*, eee.fff.9*

ACT_NO_VPN2 = eee.fff.20*, eee.fff.21*, eee.fff.24*, eee.fff.25*, eee.fff.26*, eee.fff.27*, eee.fff.28*, eee.fff.29*

ACT_NO_VPN3 = eee.fff.220.*, eee.fff.221*, eee.fff.222*, eee.fff.223*

ACT_NO_VPN = $(ACT_NO_VPN1), $(ACT_NO_VPN2), $(ACT_NO_VPN3)

 

ACT = ggg.hhh.*

NSW = jjj.kkk.*

QLD = eee.fff.*

SA_NT = mmm.nnn.*

VIC = ppp.qqq.*

WA = aaa.bbb.*

TAS = ccc.ddd.*

 

# New config to include all CSIRO internal subnets, BUT excluding VPN subnet ranges

NETWORK_INTERFACE = $(ACT), $(NSW), $(SA_NT), $(VIC), $(WA_NO_VPN), $(VIC_NO_VPN), $(ACT_NO_VPN)

 

 

From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
Sent: Saturday, 13 November 2021 6:38 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>; Hitchen, Greg (IM&T, Kensington WA) <Greg.Hitchen@xxxxxxxx>; Tim Theisen <tim@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] NETWORK_INTERFACE - IP address subnet notation not working

 

On 11/11/2021 6:48 PM, Hitchen, Greg (IM&T, Kensington WA) wrote:

Hi everyone
 
Is someone able to confirm that an IP address of the form:
 
128.104.0.0/16
 
does NOT work for:
 
NETWORK_INTERFACE = 128.104.0.0/16


Hi Greg,

The documentation for NETWORK_INTERFACE is here:

https://htcondor.readthedocs.io/en/latest/admin-manual/configuration-macros.html#NETWORK_INTERFACE

Looks like using subnet notation is not allowed, butusing a wildcard is, so maybe you could achieve what you want via:

NETWORK_INTERFACE = 128.104.*

regards,
Todd