Load Balance

1. Load Balance

Ady Feitosa
adyfeitosa

(usa Outra)

Enviado em 30/04/2014 - 21:08h

Caros,

Boa noite!

Gostaria de uma ajuda para efetuar esse loadbalance.

Trabalho com Ubuntu 12.04.

O compartilhamento da internet no rc.local e uso o squid, este é o meu cenario.

**************************************************************
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.


# eth0 -> Sem
# eth1 -> Velox (192.168.2.100/24)
# eth2 -> GVT (192.168.254.100/24)
# eth3 -> Rede Interna (192.168.1.100/24)



# Limpando o Cache
service squid3 stop
rm -rf /var/cache/squid3/*
cd /var/cache/
chown proxy /var/cache/squid3
chgrp proxy /var/cache/squid3
squid3 -z
service squid3 start

cd /etc/


# Carregando os modulos basicos:

echo -n "Carregando os modulos..."
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_state
modprobe ipt_MASQUERADE

echo " [OK]"

# Resetando o Firewall:

echo -n "Resetando o firewall..."
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

echo " [OK]"

# Habilitando o roteamento de pacotes:

echo -n "Habilitando o roteamento..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo " [OK]"

## Estabelece relação de confiança entre maquinas da rede local eth1(rede local)

iptables -A INPUT -i eth3 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -i eth3 -m state --state NEW -j ACCEPT

echo " [OK]"

# Liberando resposta dos servidores DNS:

echo -n "Liberando servidores DNS..."
iptables -A INPUT -p udp -s 192.168.1.0/24 --sport 53 -d 200.222.145.84 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.0/24 --sport 53 -d 200.175.5.139 -j ACCEPT
# iptables -A INPUT -p udp -s 192.168.0.0/24 --sport 53 -d $DNS2 -j ACCEPT

echo " [OK]"

######################## "liberando o INPUT externo" ##########################
iptables -A INPUT -i eth1 -p tcp -m multiport --dport 80,443 -j ACCEPT
iptables -A INPUT -i eth2 -p tcp -m multiport --dport 80,443 -j ACCEPT

############################ Redirecionamentos #################################
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.2:3389

iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.2:3389

############################ Compartilhamento Internet #########################
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth2 -j MASQUERADE


iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 443 -j ACCEPT

iptables -A FORWARD -i eth2 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth2 -p tcp --dport 443 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 3128

echo -n "Liberando DNS para rede interna..."
iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.222.145.84 --dport 53 -j ACCEPT
# iptables -A FORWARD -p udp -s 192.168.254.0/24 -d $DNS2 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.222.145.84 --sport 53 -d 192.168.1.0/24 -j ACCEPT

iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.175.5.139 --dport 53 -j ACCEPT
# iptables -A FORWARD -p udp -s 192.168.254.0/24 -d $DNS2 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.175.5.139 --sport 53 -d 192.168.1.0/24 -j ACCEPT


echo " [OK]"

# Manter Conexões Estabelecidas
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Liberando o Tráfego na Interface loopback
iptables -A INPUT -i lo -j ACCEPT

################################## LOG ###################################

iptables -A INPUT -p tcp -m multiport ! --dports 0:1056 -j DROP
iptables -A INPUT -p udp -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -m limit --limit 3/m --limit-burst 3 -j LOG --log-prefix "LOG-FW: "

############################ Drop Input #################################
## Fechando portas não abertas acima ##"

iptables -A INPUT -i eth1 -j REJECT
iptables -A INPUT -i eth2 -j REJECT

###################"Firewall Ativo" ######################################
#echo nameserver 192.168.254.200 > /etc/resolv.conf
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf
echo nameserver 200.222.145.84 >> /etc/resolv.conf
echo nameserver 200.175.5.139 >> /etc/resolv.conf


exit 0


**************************************************************
Configuração do SQUID
************************************

######################### Autor: Ady Feitosa ###############
http_port 192.168.1.100:3128 transparent

visible_hostname assempnet

##############Configuração do Cache###############

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
hosts_file /etc/hosts

##############Configuração do Cache###############

cache_mgr adyfeitosa@yahoo.com.br
cache_effective_user proxy
cache_effective_group proxy

mail_program mail
httpd_suppress_version_string off

cache_mem 1024 MB
maximum_object_size_in_memory 128 kb
maximum_object_size 1024 MB
minimum_object_size 0 kb
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/cache/squid3/squid1 4000 16 256
cache_dir ufs /var/cache/squid3/squid2 4000 16 256
cache_dir ufs /var/cache/squid3/squid3 4000 16 256
cache_dir ufs /var/cache/squid3/squid4 4000 16 256
cache_dir ufs /var/cache/squid3/squid5 4000 16 256
cache_dir diskd /var/cache/squid3 20480 64 256 Q1=64 Q2=72

# O cache dividido ganha um pouco de desempenho, pois tem menos subdiretórios para gravar/ler


###############Logs do SQUID##################

error_directory /usr/share/squid3/errors/Portuguese
cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log

#############Atualização do cache#################

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 10080

################## DNS ###########################
dns_nameservers 8.8.8.8 8.8.4.4 200.175.5.139
##################################################
# rede interna = 5rcc
acl minharede src 192.168.1.0/255.255.255.0

# rede sem fio = 5rcc
acl redesemfio src 192.168.254.0/255.255.255.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8999 # serpro
acl Safe_ports port 23000 # serpro
acl Safe_ports port 8443 # serpro
acl Safe_ports port 443 # telnet serpro
acl Safe_ports port 23 # telnet serpro
acl Safe_ports port 8880 # hpopenview embratel
acl Safe_ports port 5222 # msn do expresso (jabber)
acl Safe_ports port 13000 13005 # sites do dgp
acl Safe_ports port 500 # vpn
acl Safe_ports port 1194 # vpn
acl Safe_ports port 4500 # vpn
acl Safe_ports port 8080 # localhost
acl Safe_ports port 8081 # baixaki
acl Safe_ports port 1863 7001 # MSN
acl Safe_ports port 12005 # Agenda
acl Safe_ports port 10122 # SITE RGT
acl Safe_ports port 3142 # serv rep
acl Safe_ports port 49245
acl Safe_ports port 2631 # Caixa
acl Safe_ports port 81 # Dominio Sistemas
acl Safe_ports port 25 # pop/smtp
acl Safe_ports port 110 # pop/smtp
acl Safe_ports port 587 # pop/smtp
acl Safe_ports port 465 # pop/smtp
acl Safe_ports port 587 # pop/smtp
acl Safe_ports port 20080 #
acl Safe_ports port 3456 #
acl Safe_ports port 8181 #MetropolisWEB
acl Safe_ports port 8183 #
acl Safe_ports port 8185 #
acl Safe_ports port 8187 #
acl Safe_ports port 8189 #
acl Safe_ports port 8000 8999 #
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost


#http_access deny !minharede


# horarios
#acl manha time MTWHF 08:00-12:00
#acl tarde time MTWH 13:00-18:00

# Para final de semana Usar AS (S = Domingo e A = Sabado)


# ACL de liberacao e Negacao de acesso aos usuario
#acl dominiosliberados dstdomain "/etc/squid3/arquivos/dominios_liberados.txt"
acl dominiosbloqueados dstdomain "/etc/squid3/arquivos/dominios_bloqueados.txt"
acl palavrasbloqueadas dstdom_regex "/etc/squid3/arquivos/palavras_bloqueadas.txt"
acl extensaobloqueadas url_regex -i "/etc/squid3/arquivos/extensao_bloqueadas.txt"
acl radioOnlinebloqueados rep_mime_type -i "/etc/squid3/arquivos/radioOnline_bloqueados.txt"

# Privilegios e Permissoes
#sites pribidos sempre PARA TODOS
acl proibidao url_regex "/etc/squid3/arquivos/proibidao.txt"

#sites pribidos sempre PARA ALGUNS
acl msn_bloq url_regex "/etc/squid3/arquivos/msn_bloqueado.txt"

# Libera IPs para Acesso MSN
acl msn_liberaip src "/etc/squid3/arquivos/libera_msn_ip.txt"

#libera site exceções
acl exceto dstdomain .caixa.gov.br/* www.caixa.gov.br/* .internetbanking.caixa.gov.br/* .domicioimveis.com.br/* .goldencross.com.br/*

# proibe acesso simultaneo do usuario com a mesma conta em mais de uma maquina e desativa navegacao por um minuto
authenticate_ip_ttl 1 minutes
#acl usuariodup max_user_ip -s 1

# libera site por meio de IP destino ex: 200.193.140.78
acl ips_dst_liberados dst "/etc/squid3/arquivos/ips_dst_liberados.txt"

acl chat_liberado url_regex "/etc/squid3/arquivos/chat_liberado.txt"


# bloqueia acesso de sites por meio de IP ex: http://200.193.140.98
#acl todos_ips url_regex -i ^(http|https|ftp)+://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

http_access allow exceto
http_access allow chat_liberado
http_access deny proibidao
http_access deny extensaobloqueadas
http_access deny palavrasbloqueadas
http_access deny radioOnlinebloqueados
http_access deny dominiosbloqueados
http_access deny msn_bloq !msn_liberaip !exceto !chat_liberado !ips_dst_liberados

http_access allow minharede
#http_access deny minharede redesemfio

http_reply_access allow all
http_access deny all


**************************************************************


  


2. Re: Load Balance

Carlos APC
Carlos_Cunha

(usa Linux Mint)

Enviado em 02/05/2014 - 02:42h

Beleza amigo, isso e Proxy e Firewall , o que vc ja tem para para fazer o balanceamento e no que vc quer balancear ???


3. Re: Load Balance

Cleber Mattos
mattos_gru

(usa Debian)

Enviado em 02/05/2014 - 04:07h

PretooOO escreveu:

Beleza amigo, isso e Proxy e Firewall , o que vc ja tem para para fazer o balanceamento e no que vc quer balancear ???


Olá Carlos!

Já esta lá no começo do script dele:

# eth1 -> Velox (192.168.2.100/24)
# eth2 -> GVT (192.168.254.100/24)

Ele quer balancear esses dois links.

Ps.: só tentando ajudar, eu nunca fiz balanceamento, não entendo disso.

Abraço!



4. Re: Load Balance

Carlos APC
Carlos_Cunha

(usa Linux Mint)

Enviado em 04/05/2014 - 15:36h

mattos_gru escreveu:

PretooOO escreveu:

Beleza amigo, isso e Proxy e Firewall , o que vc ja tem para para fazer o balanceamento e no que vc quer balancear ???


Olá Carlos!

Já esta lá no começo do script dele:

# eth1 -> Velox (192.168.2.100/24)
# eth2 -> GVT (192.168.254.100/24)

Ele quer balancear esses dois links.

Ps.: só tentando ajudar, eu nunca fiz balanceamento, não entendo disso.

Abraço!


Não, ele pode quere balancemaneto interno e não de links .....

Se for de link, procure sobre Roteamento avançado com "iproute2", isso ira fazer isso....






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts