SarusKant
(usa CentOS)
Enviado em 19/02/2016 - 13:47h
Pronto, testado e aprovado.
-----------------------------------------------------------------------------
$link1 = linkbridge
$link2 = linkmaquina
$src_link1 = 192.168.1.253
$src_link2 = 192.168.137.254
$subnet_link1 = 192.168.1.0/24
$subnet_link1 = 192.168.137.0/24
$dev_link1 = eth0
$dev_link2 = eth1
$w_link1 = 2
$w_link2 = 1
$network_or_address_dst = 8.8.8.8/32
----------------------------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
----------------------------------------------------------------------------
ip route flush cache
ip route flush table
$link1 cache
ip route flush table
$link2 cache
ip rule add from
$src_link1 table
$link1
ip rule add from
$src_link2 table
$link2
ip rule add fwmark 1 table
$link1
ip rule add fwmark 2 table
$link2
ip route add
$subnet_link1 table
$link1
ip route add
$subnet_link2 table
$link2
ip route add default via
$gw_link1 dev
$dev_link1 table
$link1 src
$src_link1
ip route add default via
$gw_link2 dev
$dev_link2 table
$link2 src
$src_link2
ip route add default scope global nexthop via
$gw_link1 dev
$dev_link1 weight
$w_link1 nexthop via
$gw_link2 dev
$dev_link2 weight
$w_link2
-------------------------------------------------------------------------------
iptables -t mangle -A PREROUTING -d
$network_or_address_dst -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -j MARK --set-mark 1 // lembre que essa regra deve ser sempre a ultima.
iptables -t mangle -A OUTPUT -d
$network_or_address_dst -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -j MARK --set-mark 1 // lembre que essa regra deve ser sempre a ultima.
iptables -t nat -A POSTROUTING -j MASQUERADE
--------------------------------------------------------------------------------
--
Bruno Thomaz
