multiple uplinks
Petr Bartel
bartel na irix.cz
Pátek Červen 27 15:38:01 CEST 2008
Dobry den,
uz se s tim peru skoro cely den a bohuzel se mi to porad nedari
zprovoznit aby fungovalo vse
situace je nasledujici
internet
-----------------------------
|| Bezdrat || ADSL
|| 212.24.137.41 || 10.0.0.254
---------------------------------
| eth2 eth3 |
| 212.24.137.42/30 10.0.0.1/24 |
| |
| 10.8.8.1/24 VPN tun0 |
| |
| eth0 eth1 |
| 192.168.99.1/24 82.113.44.1/27|
| 192.168.1.0/24|
---------------------------------
|| ||
lokalni sit DMZ + lokalni sit jednoho zakaznika
takhle vypadala smerovaci tabulka pred zmenami
10.8.8.2 dev tun0 proto kernel scope link src 10.8.8.1
212.24.137.40/30 dev eth2 proto kernel scope link src 212.24.137.42
82.113.44.0/27 dev eth1 proto kernel scope link src 82.113.44.1
10.0.0.0/24 dev eth3 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
192.168.99.0/24 dev eth0 proto kernel scope link src 192.168.99.1
10.8.8.0/24 via 10.8.8.2 dev tun0
default via 212.24.137.41 dev eth2
snazim se zprovoznit zalozni spoj (failover) a load balancing
postupoval jsem podle
http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://linux-ip.net/html/adv-multi-internet.html
http://www.debian-administration.org/articles/377
nasledovne
vytvoril jsem zaznam pro 2 nove tabulky v /etc/iproute2/rt_tables
201 uplink1
202 uplink2
nasledne
P1_NET=212.24.137.40/30
IF1=eth2
IP1=212.24.137.42
P1=212.24.137.41
P2_NET=10.0.0.0/24
IF2=eth3
IP2=10.0.0.1
P2=10.0.0.254
ip route del default via 212.24.137.41 dev eth2
ip route flush table uplink1
ip route flush table uplink2
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip
route add table uplink1 $ROUTE; done
ip route add default via $P1 table uplink1
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip
route add table uplink2 $ROUTE; done
ip route add default via $P2 table uplink2
ip rule del from $IP1 table uplink1
ip rule del from $IP2 table uplink2
ip rule add from $IP1 table uplink1
ip rule add from $IP2 table uplink2
ip route del proto static default scope global nexthop via $P1 dev $IF1
weight 1 nexthop via $P2 dev $IF2 weight 1
ip route add proto static default scope global nexthop via $P1 dev $IF1
weight 1 nexthop via $P2 dev $IF2 weight 1
potom tam mam stavovy firewall s iptables
kde delam mimo jine SNAT pro ty dve lokalni site
iptables -t nat -A POSTROUTING -s 192.168.99.0/255.255.255.0 -o \
eth2 -j SNAT --to-source 212.24.137.42
iptables -t nat -A POSTROUTING -s 192.168.99.0/255.255.255.0 -o \
eth3 -j SNAT --to-source 10.0.0.1
...
snad jsou to dostacujici informace
problemy :
neustale se rozpojuji a spojuje openvpn s klienty (asi spatne routovani?)
nektere ze severu v DMZ nejsou obcas z internetu viditelne (zcela
zvlastne napr. jeden ze dve nebo pouze pokud bezi vpn...)
takze pokud tam vidite nejakou chyby nebo mate nejakou radu jak to
roztlacit spravnym smerem, budu moc rad
dekuji
Petr Bartel
--
**************************************************
* ICQ 74097173 tel. 312 244 018 *
* Irix a.s. Petr Bartel servis *
* Fingerprint klíče *
8DB8 3AB2 6865 45F4 3E84 4980 CCED 20B1 CC6B B649
**************************************************
Další informace o konferenci Linux