flaviog
(usa CentOS)
Enviado em 10/04/2014 - 22:17h
Ola pessoal!
Estou tentando implemantar loadbalance com iptables+iproute2. Ja vi muitos artigos aqui mesmo. E video aula na internet.
Parece que segui certinho as orientações mas nao quer funcionar. Vou postar os passos que segui para ver se alguem pode me ajudar.
============================================================================================
Dados
===================================
eth0 = 172.16.2.117 - rede interna
eth1 = 192.168.25.50 - gateway 192.168.25.1 - rede 192.168.25.0/24 - operadora 1
eht2 = 192.168.1.5 - gateway 192.168.1.1 - rede 192.168.1.1/24 - operadora 2
Passo a passo
===================================
vi /etc/iproute2/rt_tables
no final do arquivo
200 rotaop1
201 rotaop2
ip route add 192.168.25.0/24 dev eth1 src 192.168.25.50 table rotaop1
ip route add default via 192.168.25.1 table rotaop1
-----------------------------------------------------
ip route list table rotaop1
192.168.25.0/24 dev eth1 scope link src 192.168.25.50
default via 192.168.25.1 dev eth1
ip route add 192.168.1.0/24 dev eth2 src 192.168.1.5 table rotaop2
ip route add default via 192.168.1.1 table rotaop2
-----------------------------------------------------
ip route list table rotaop2
192.168.1.0/24 dev eth2 scope link src 192.168.1.5
default via 192.168.1.1 dev eth2
ip route list
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.5 metric 1
192.168.25.0/24 dev eth1 proto kernel scope link src 192.168.25.50 metric 1
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.2.117 metric 1
ip rule add fwmark 3 table rotaop1
ip rule add fwmark 4 table rotaop2
ip rule show
0: from all lookup local
32764: from all fwmark 0x4 lookup rotaop2
32765: from all fwmark 0x3 lookup rotaop1
32766: from all lookup main
32767: from all lookup default
-----------------------------------------------------
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
______________________________________________________
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
_______________________________________________________
iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
_______________________________________________________
#!/bin/sh
####### Limpando as tabelas
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
####### Habilitando os modulos
/sbin/modprobe iptable_nat
/sbin/modprobe iptable_mangle
####### Habilitar o roteamento de pacotes no sevidor
echo 1 > /proc/sys/net/ipv4/ip_forward
####### Definir mascaramento da saida dos pacotes
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
/sbin/iptables -t mangle -A PREROUTING -p icmp -i eth0 -j MARK --set-mark 0x3
/sbin/iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x3
ping
www.google.com.br
ping: unknown host
www.google.com.br
O teste de ping foi feito no proprio servidor.