On 25 jun, 21:10, "Júnior Bohn" <
movidoali...@gmail.com> wrote:
> Boa noite, se não me engano você tem que adicionar uma regra para manter as
> conexões ativas, ou seja se sai por um link, tem que sair somente por aquele
> até que seja encerrada, senão dá esse problema, segue abaixo o script que eu
> usei para fazer isto:
> Segue o script:
> **************************************************************
> #!/bin/bash
>
> #IPT=/usr/local/sbin/iptables
> INT=eth2
> IF_ADSL1=eth0
> IF_ADSL2=eth1
>
> # Limpando Regras antigas
> iptables -t nat -F
> iptables -t filter -F
> iptables -t mangle -F
> iptables -t nat -X
> iptables -t filter -X
> iptables -t mangle -X
>
> #remove defaults routers
> route del default gw
192.168.3.1
> route del default gw
192.168.4.1
>
> # Definicao de regras padrã$IPT
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
>
> #marcando pacotes do msn
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6891 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6892 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6893 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6894 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6895 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6896 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6897 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6898 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6899 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6900 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 1863 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 1863 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 5190 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 6901 -j MARK
> --set-mark 4
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 6901 -j MARK
> --set-mark 4
>
> #setando https
> #iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 443 -j MARK
> --set-mark 4
>
> #marcando o resto dos pacotes
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 80 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 80 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 110 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 110 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 25 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 22 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 21 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 53 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 53 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p tcp --dport 23 -j MARK
> --set-mark 3
> iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 69 -j MARK
> --set-mark 3
>
> #mascarando as conexoes
> iptables -t nat -A POSTROUTING -o $IF_ADSL2 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o $IF_ADSL1 -j MASQUERADE
>
> # Mantendo conexoes ativas:
>
> echo -n "Manutencao de conexoes ativas..."
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> echo " [OK]"
>
> echo -n "Otimizando o roteamento..."
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> echo " [OK]"
>
> # Desabilitando o filtro de pacotes do martian source
> echo -n "Desligando rp_filter..."
> for eee in /proc/sys/net/ipv4/conf/*/rp_filter; do
> echo 0 > $eee
> done
> cat /proc/sys/net/ipv4/conf/*/rp_filter
> echo " [OK]"
>
> #Citç:
> #!/bin/bash
>
> # Interface ADSL 1
> IF1=eth0
> # Interface ADSL 2
> IF2=eth1
>
> # IP 1
> IP1=
192.168.3.5
> # IP 2
> IP2=
192.168.4.5
>
> # Gateway 1
> P1=
192.168.3.1
> # Gateway 2
> P2=
192.168.4.1
>
> # Rede 1
> P1_NET=
192.168.3.0
> # Rede 2
> P2_NET=
192.168.4.0
>
> ip route add $P1_NET dev $IF1 src $IP1 table ADSL1
> ip route add default via $P1 table ADSL1
> ip route add $P2_NET dev $IF2 src $IP2 table ADSL2
> ip route add default via $P2 table ADSL2
>
> ip route add $P1_NET dev $IF1 src $IP1
> ip route add $P2_NET dev $IF2 src $IP2
>
> #ip route add default via $P1
>
> ip rule add from $IP1 table ADSL1
> ip rule add from $IP2 table ADSL2
>
> #roteando o msn por um link (adsl Fixo)
> #ip rule add fwmark 4 table ADSL2 prio 2
>
> #balanceamento dos links
> ip rule add fwmark 3 lookup ADSL0 prio 3
> ip route add default table ADSL0 nexthop via $P1 dev $IF1 weight 2 nexthop
> via $P2 dev $IF2 weight 1
>
> #carregando nat e ip forward
> modprobe iptable_nat
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> #aplicando as regras
> ip route flush cache
>
> #para acesso local a internet
> route add default gw
192.168.4.1
>
> #redirecionando portas
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-dest
>
192.168.1.10:80
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-dest
>
192.168.1.10:25
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 110 -j DNAT --to-dest
>
192.168.1.10:110
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 10000 -j DNAT --to-dest
>
>
192.168.1.10:10000
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 -j DNAT --to-dest
>
192.168.1.10:22
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 53 -j DNAT --to-dest
>
192.168.1.10:53
> #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-dest
>
192.168.1.10:8
> ***********************************************************************
>
> Junior Bohn
> 100% movido a linux
>