piątek, 27 czerwiec 2008

multiple uplinks

Dobry den,
uz se s tim peru skoro cely den a bohuzel se mi to porad nedari
zprovoznit aby fungovalo vse

situace je nasledujici


internet
-----------------------------
|| Bezdrat || ADSL
|| 212.24.137.41 || 10.0.0.254
---------------------------------
| eth2 eth3 |
| 212.24.137.42/30 10.0.0.1/24 |
| |
| 10.8.8.1/24 VPN tun0 |
| |
| eth0 eth1 |
| 192.168.99.1/24 82.113.44.1/27|
| 192.168.1.0/24|
---------------------------------
|| ||
lokalni sit DMZ + lokalni sit jednoho zakaznika

takhle vypadala smerovaci tabulka pred zmenami

10.8.8.2 dev tun0 proto kernel scope link src 10.8.8.1
212.24.137.40/30 dev eth2 proto kernel scope link src 212.24.137.42
82.113.44.0/27 dev eth1 proto kernel scope link src 82.113.44.1
10.0.0.0/24 dev eth3 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
192.168.99.0/24 dev eth0 proto kernel scope link src 192.168.99.1
10.8.8.0/24 via 10.8.8.2 dev tun0
default via 212.24.137.41 dev eth2


snazim se zprovoznit zalozni spoj (failover) a load balancing
postupoval jsem podle

http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://linux-ip.net/html/adv-multi-internet.html
http://www.debian-administration.org/articles/377

nasledovne

vytvoril jsem zaznam pro 2 nove tabulky v /etc/iproute2/rt_tables

201 uplink1
202 uplink2

nasledne

P1_NET=212.24.137.40/30
IF1=eth2
IP1=212.24.137.42
P1=212.24.137.41

P2_NET=10.0.0.0/24
IF2=eth3
IP2=10.0.0.1
P2=10.0.0.254

ip route del default via 212.24.137.41 dev eth2

ip route flush table uplink1
ip route flush table uplink2

ip route show table main | grep -Ev ^default | while read ROUTE ; do ip
route add table uplink1 $ROUTE; done
ip route add default via $P1 table uplink1
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip
route add table uplink2 $ROUTE; done
ip route add default via $P2 table uplink2

ip rule del from $IP1 table uplink1
ip rule del from $IP2 table uplink2
ip rule add from $IP1 table uplink1
ip rule add from $IP2 table uplink2

ip route del proto static default scope global nexthop via $P1 dev $IF1
weight 1 nexthop via $P2 dev $IF2 weight 1
ip route add proto static default scope global nexthop via $P1 dev $IF1
weight 1 nexthop via $P2 dev $IF2 weight 1

potom tam mam stavovy firewall s iptables

kde delam mimo jine SNAT pro ty dve lokalni site

iptables -t nat -A POSTROUTING -s 192.168.99.0/255.255.255.0 -o \
eth2 -j SNAT --to-source 212.24.137.42
iptables -t nat -A POSTROUTING -s 192.168.99.0/255.255.255.0 -o \
eth3 -j SNAT --to-source 10.0.0.1
...

snad jsou to dostacujici informace

problemy :

neustale se rozpojuji a spojuje openvpn s klienty (asi spatne routovani?)
nektere ze severu v DMZ nejsou obcas z internetu viditelne (zcela
zvlastne napr. jeden ze dve nebo pouze pokud bezi vpn...)

takze pokud tam vidite nejakou chyby nebo mate nejakou radu jak to
roztlacit spravnym smerem, budu moc rad

dekuji

Petr Bartel

--
**************************************************
* ICQ 74097173 tel. 312 244 018 *
* Irix a.s. Petr Bartel servis *
* Fingerprint klíče *
8DB8 3AB2 6865 45F4 3E84 4980 CCED 20B1 CC6B B649
**************************************************

_______________________________________________
Linux mailing list
Linux@linux.cz
http://www.linux.cz/mailman/listinfo/linux

Autor: mosche o 06:38

0 komentarze:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)
 

m f s g