Re: Bad argument `snat` - Iptables

[Adiel de Lima Ribeiro <adiel.netadmin@gmail.com>]

Marcio, boa tarde.
Se você está tentando balancear a carga de 2 links no Iptables eu surigo que faça assim:

Example for --gw option
If you want to quickly and easily balance the load between two gateways 10.0.0.1 and 10.0.0.2, then you can do as follows :

> # iptables -A PREROUTING -t mangle -m random --average 50 -j ROUTE --gw 10.0.0.1
> # iptables -A PREROUTING -t mangle -j ROUTE --gw 10.0.0.2
>
> # iptables -L PREROUTING -t mangle
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination         
> ROUTE      all  --  anywhere             anywhere           random 50% ROUTE gw 10.0.0.1
> ROUTE      all  --  anywhere             anywhere           ROUTE gw 10.0.0.2
>
> Retirado da página do Netfilter.
>
> Veja se é isso que você deseja.

On Thu, 2012-10-18 at 11:30 -0300, Márcio Erli wrote:
> Aida estou com problemas.
> Minha configuração está assim.
> eth0: link de entrada 1
> eth1: link de entrada 2
> eth2: link da minha rede interna
>
> Eu quero balancear o minha entrada 1 e 2 com minha eth2
>
> Se eu der um ping esta tudo ok nas duas interfaces de entrada.
> ping www.uol.com.br -I eth0
> ping www.uol.com.br -I eth1
>
> Quando eu tento navegar ou pingar na rede 192.168.0, nada....
>
> # bash -x router.sh
> + ipt=iptables
> + LINK1_WAN_INTERFACE=200.235.0.1
> + LINK2_WAN_INTERFACE=200.195.0.1
> + LINK1_WAN_IP=192.168.0.1
> + LINK2_WAN_IP=192.168.0.1
> + iptables -P INPUT ACCEPT
> + iptables -P FORWARD ACCEPT
> + iptables -P OUTPUT ACCEPT
> + iptables -F
> + iptables -X
> + iptables -t nat -F
> + iptables -t nat -X
> + iptables -t mangle -F
> + iptables -t mangle -X
> + ip route add default via 192.168.6.1 table link1
> + ip route add default via 200.195.95.97 table link2
> + ip rule add fwmark 1 table link1
> + ip rule add fwmark 2 table link2
> + iptables -t mangle -A PREROUTING -m state --state new -j MARK --set-mark 2
> + iptables -t mangle -A PREROUTING -m state --state new -m statistic --mode
> random --probability 0.5 -j MARK --set-mark 1
> + iptables -t nat -A POSTROUTING -o 200.235.0.1 -j SNAT --to 192.168.0.1
> + iptables -t nat -A POSTROUTING -o 200.195.0.1 -j SNAT --to 192.168.0.1
>
>
> #!/bin/bash
> #--------------------------------------------------------------
> ipt=iptables
> LINK1_WAN_INTERFACE=200.235.0.1
> LINK2_WAN_INTERFACE=200.195.0.1
> LINK1_WAN_IP=192.168.0.1
> LINK2_WAN_IP=192.168.0.1
> #--------------------------------------------------------------
> $ipt -P INPUT ACCEPT
> $ipt -P FORWARD ACCEPT
> $ipt -P OUTPUT ACCEPT
> #--------------------------------------------------------------
> $ipt -F
> $ipt -X
> $ipt -t nat -F
> $ipt -t nat -X
> $ipt -t mangle -F
> $ipt -t mangle -X
> #--------------------------------------------------------------
> ip route add default via 200.235.0.1 table link1
> ip route add default via 200.195.0.1 table link2
> #--------------------------------------------------------------
> ip rule add fwmark 1 table link1
> ip rule add fwmark 2 table link2
> #--------------------------------------------------------------
> $ipt -t mangle -A PREROUTING -m state --state new -j MARK --set-mark 2
> $ipt -t mangle -A PREROUTING -m state --state new -m statistic --mode
> random --probability 0.5 -j MARK --set-mark 1
> #--------------------------------------------------------------
> $ipt -t nat -A POSTROUTING -o $LINK1_WAN_INTERFACE -j SNAT --to
> $LINK1_WAN_IP
> $ipt -t nat -A POSTROUTING -o $LINK2_WAN_INTERFACE -j SNAT --to
> $LINK2_WAN_IP
>
>
> Em 17 de outubro de 2012 14:31, Gabriel Ricardo <gricardo87@gmail.com>escreveu:
>
> > no começo do script tem que declarar elas, não são do sistema essa...
> >
> > LINK1_WAN_IP="seu_ip";
> >
> > e assim com o resto...
> >
> > Atenciosamente,
> > *Gabriel Ricardo.*
> > www.tinotapa.com.br
> >
> >
> >
> > Em 17 de outubro de 2012 11:05, Márcio Erli <marcioerli@gmail.com>escreveu:
> >
> > As variáveis: *200 link1 *e* 201 link2* estão declaradas em
> >> /etc/iproute2/rt_tables.
> >> Já as variáveis *$LINK1_WAN_INTERFACE *e* $LINK1_WAN_IP* Não estão
> >> declaradas em lugar algum. Como proceder com estas duas?
> >>
> >>
> >>
> >> Em 16 de outubro de 2012 17:29, Gabriel Ricardo <gricardo87@gmail.com>escreveu:
> >>
> >> ele não está passando as variaveis corretamente.
> >>>
> >>> onde você seta essas variaveis?
> >>>
> >>> Atenciosamente,
> >>> *Gabriel Ricardo.*
> >>> www.tinotapa.com.br
> >>>
> >>>
> >>>
> >>> Em 16 de outubro de 2012 17:23, Márcio Erli <marcioerli@gmail.com>escreveu:
> >>>
> >>>  # bash -x ./router.sh
> >>>> + ip route add default via 192.168.6.1 table link1
> >>>> RTNETLINK answers: File exists
> >>>> + ip route add default via 192.168.5.1 table link2
> >>>> RTNETLINK answers: No such process
> >>>> + ip rule add fwmark 1 table link1
> >>>> + ip rule add fwmark 2 table link2
> >>>> + iptables -t mangle -A PREROUTING -j MARK --set-mark 1
> >>>> + iptables -t mangle -A PREROUTING -m state --state new -j MARK
> >>>> --set-mark 2
> >>>> + iptables -t mangle -A PREROUTING -m state --state new -m statistic
> >>>> --mode random --probability 0,5 -j MARK --set-mark 1
> >>>> + iptables -t nat -A POSTROUTING -o -j SNAT --to
> >>>> Bad argument `SNAT'
> >>>> Try `iptables -h' or 'iptables --help' for more information.
> >>>> + iptables -t nat -A POSTROUTING -o -j SNAT --to
> >>>> Bad argument `SNAT'
> >>>> Try `iptables -h' or 'iptables --help' for more information.
> >>>> + echo 'Script carregado com sucesso...'
> >>>> Script carregado com sucesso...
> >>>>
> >>>>
> >>>> Em 16 de outubro de 2012 17:03, Gabriel Ricardo <gricardo87@gmail.com>escreveu:
> >>>>
> >>>> execute o script com bash -x para saber onde extamente está ocorrendo o
> >>>>> erro.
> >>>>>
> >>>>> Atenciosamente,
> >>>>> *Gabriel Ricardo.*
> >>>>> www.tinotapa.com.br
> >>>>>
> >>>>>
> >>>>>
> >>>>> Em 16 de outubro de 2012 16:56, Márcio Erli <marcioerli@gmail.com>escreveu:
> >>>>>
> >>>>>  Sempre que executo o script a baixo, me retorna o seguinte erro.
> >>>>>> *Bad argument `SNAT'*
> >>>>>> *Try `iptables -h' or `iptables --help' for more information*
> >>>>>>
> >>>>>> #!/bin/bash
> >>>>>> ip route add default via 200.235.xx.xx table link1
> >>>>>> ip route add default via 200.195.xx.xx table link2
> >>>>>> ip rule add fwmark 1 table link1
> >>>>>> ip rule add fwmark 2 table link2
> >>>>>> iptables -t mangle -A PREROUTING -j MARK --set-mark 1
> >>>>>> iptables -t mangle -A PREROUTING -m state --state new -j MARK
> >>>>>> --set-mark 2
> >>>>>> iptables -t mangle -A PREROUTING -m state --state new -m statistic
> >>>>>> --mode random --probability 0,5 -j MARK --set-mark 1
> >>>>>> iptables -t nat -A POSTROUTING -o $LINK1_WAN_INTERFACE -j SNAT --to
> >>>>>> $LINK1_WAN_IP
> >>>>>> iptables -t nat -A POSTROUTING -o $LINK2_WAN_INTERFACE -j SNAT --to
> >>>>>> $LINK2_WAN_IP
> >>>>>>
> >>>>>> Em 16 de outubro de 2012 10:10, paulo bruck <paulobruck1@gmail.com>escreveu:
> >>>>>>
> >>>>>> Bom dia
> >>>>>>>
> >>>>>>> Em 16 de outubro de 2012 09:45, Márcio Erli <marcioerli@gmail.com>escreveu:
> >>>>>>>
> >>>>>>> Quando executo o comando a baixo da o seguinte erro: bad argument
> >>>>>>>> `snat`. Alguém sabe como resolver isso?
> >>>>>>>>
> >>>>>>>> # iptables -t nat -A POSTROUTING -o $LINK1_WAN_INTERFACE -j SNAT
> >>>>>>>> –to $LINK1_WAN_IP
> >>>>>>>>
> >>>>>>>>
> >>>>>>> humm não seria
> >>>>>>>  iptables -t nat -A POSTROUTING -o $LINK1_WAN_INTERFACE -j SNAT --to
> >>>>>>> $LINK1_WAN_IP
> >>>>>>>
> >>>>>>> ( - - to : com dois sinais de "-" ???)
> >>>>>>>
> >>>>>>> verifique tambem se existem as variaveis LINK1_WAN_INTERFACE e
> >>>>>>>
> >>>>>>> Basta fazer um echo antes assim:
> >>>>>>>
> >>>>>>> echo $LINK1_WAN_INTERFACE
> >>>>>>> echo $LINK1_WAN_IP
> >>>>>>>
> >>>>>>> ats
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Estou tentando implementar a solução de balanceamento de carga
> >>>>>>>> deste link
> >>>>>>>> http://www.diegolima.org/wordpress/?p=38
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Atenciosamente,
> >>>>>>>> Márcio Erli
> >>>>>>>> Programador de Sist. de Computadores
> >>>>>>>> Analista de Redes
> >>>>>>>> E-Mail: marcioerli@gamil.com
> >>>>>>>> Site: www.marcioerli.com.br
> >>>>>>>> MSN: merlipaula@hotmail.com
> >>>>>>>> Skype: merlipaula
> >>>>>>>> Telefone: (31) 8864-4917
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Atenciosamente,
> >>>>>> Márcio Erli
> >>>>>> Programador de Sist. de Computadores
> >>>>>> Analista de Redes
> >>>>>> E-Mail: marcioerli@gamil.com
> >>>>>> Site: www.marcioerli.com.br
> >>>>>> MSN: merlipaula@hotmail.com
> >>>>>> Skype: merlipaula
> >>>>>> Telefone: (31) 8864-4917
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> Atenciosamente,
> >>>> Márcio Erli
> >>>> Programador de Sist. de Computadores
> >>>> Analista de Redes
> >>>> E-Mail: marcioerli@gamil.com
> >>>> Site: www.marcioerli.com.br
> >>>> MSN: merlipaula@hotmail.com
> >>>> Skype: merlipaula
> >>>> Telefone: (31) 8864-4917
> >>>>
> >>>
> >>>
> >>
> >>
> >> --
> >> Atenciosamente,
> >> Márcio Erli
> >> Programador de Sist. de Computadores
> >> Analista de Redes
> >> E-Mail: marcioerli@gamil.com
> >> Site: www.marcioerli.com.br
> >> MSN: merlipaula@hotmail.com
> >> Skype: merlipaula
> >> Telefone: (31) 8864-4917
> >>
> >
> >

-- 
Adiel de Lima Ribeiro
facebook.com/sembr.dyndns.info