sat12
-
Постов
3 -
Зарегистрирован
-
Посещение
Никогда
Сообщения, опубликованные sat12
-
-
необходима платная помощь по настройке и установке динамического шейпера + IP-балансировка. Готов принять также помощь удаленно ( icq, skype). Система 64 битная, три сетевые (две pci, одня на матери), два канала интернет (оба с динамическими ip) сейчас стоит mint12 (но к дистрибутиву не привязуюсь).
необходимо сбалансировать два канала и установить шейпер, так что бы маленький офис (15 чел) более-менее чувствовал себя комфортно на 10Мб
-
есть сервер на mint 12 который имеет два канала интернета, и который должен дальше раздавать на свич
Нашел один, как мне показалось, просто способ балансировки двух каналов (Настройка iproute2 : Создать в /etc/iproute2/rt_tables две таблицы для каждого из провайдеров)
С созданием папок, файлов в etc и запуск скрипта с горем пополам одолел, то с тем, что мне выдает скрипт, не могу((((
Может кто подскажет где ошибка
Мой конфиг
#!/bin/sh
################### CONFIG ############
KadyrovLocal#1="/etc/routing/KadyrovLocal#1.list"
### Home Network
l_eth=eth1
l_ip=192.168.1.23
l_net=255.255.255.0
########### Local ISP Network #########
li_net=192.168.1.4
########### ISP1 ######################
i1_eth=eth2
i1_ip=192.168.1.2
i1_net=255.255.255.0
i1_gw=192.168.1.1
########### ISP2 ######################
i2_eth=eth0
i2_ip=192.168.1.4
i2_net=255.255.255.255
i2_gw=192.168.1.1
#########ip route2 tables##############
t1=101
t2=102
#######################################
########### Flushing ##################
iptables -t mangle -F NEW_OUT_CONN
iptables -t mangle -F PREROUTING
iptables -t mangle -F OUTPUT
iptables -t mangle -X NEW_OUT_CONN
ip route flush table $t2
ip rule del table $t2
ip route flush table $t1
ip rule del table $t1
ip route flush cache
#######################################
iptables -t mangle -N NEW_OUT_CONN
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 1
iptables -t mangle -A NEW_OUT_CONN -m statistic --mode random
--probability 0.50 -j RETURN
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 2
for file in $KadyrovLocal#1; do
if [ -f "$file" ]; then
{ cat "$file" ; echo ; } | while read ip_addr; do
if [ "$ip_addr" != "" ]; then
echo "Статическая маршрутизация для $ip_addr"
iptables -t mangle -A NEW_OUT_CONN -d $ip_addr -j CONNMARK --set-mark 1
fi
done
fi
done
iptables -t mangle -A PREROUTING -d $l_net -j RETURN
iptables -t mangle -A PREROUTING -d $li_net -j RETURN
iptables -t mangle -A PREROUTING -s $l_net -m state --state
new,related -j NEW_OUT_CONN
iptables -t mangle -A PREROUTING -s $l_net -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -d $l_net -j RETURN
iptables -t mangle -A OUTPUT -d $li_net -j RETURN
iptables -t mangle -A OUTPUT -s $l_net -m state --state new,related -j
NEW_OUT_CONN
iptables -t mangle -A OUTPUT -s $li_net -j CONNMARK --restore-mark
ip route add $l_net dev $l_eth scope link table $t1
ip route add $i2_net dev $i2_eth scope link table $t1
ip route add $i1_net dev $i1_eth scope link src $i1_ip table $t1
ip route add 127.0.0.0/8 dev lo scope link table $t1
ip route add default via $i1_gw table $t1
ip rule add prio 51 fwmark 1 table $t1
ip rule add from $i1_ip table $t1
ip route add $l_net dev $l_eth scope link table $t2
ip route add $i1_net dev $i1_eth scope link table $t2
ip route add $i2_net dev $i2_eth scope link src $i2_ip table $t2
ip route add 127.0.0.0/8 dev lo scope link table $t2
ip route add default via $i2_gw table $t2
ip rule add prio 52 fwmark 2 table $t2
ip rule add from $i2_ip table $t2
ip route flush cache
И то что мне выдает скрипт
mit@mit-S2V ~ $ sh sclocal
sclocal: 4: KadyrovLocal#1=/etc/routing/KadyrovLocal#1.list: not found
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
Cannot open "/proc/sys/net/ipv4/route/flush"
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Could not determine whether revision 1 is supported, assuming it is.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Could not determine whether revision 1 is supported, assuming it is.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Could not determine whether revision 1 is supported, assuming it is.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Could not determine whether revision 1 is supported, assuming it is.
FATAL: Error inserting ip_tables
(/lib/modules/3.0.0-12-generic/kernel/net/ipv4/netfilter/ip_ tables.ko):
Operation not permitted
iptables v1.4.10: can't initialize iptables table `mangle': Permission
denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
Cannot open "/proc/sys/net/ipv4/route/flush"
mit@mit-S2V ~ $
IP-Балансировка
в Вопросы по серверам и сетям
Опубликовано
с правильным запуском скрипта (root) уже разобрался, но он все рамно продолжает ругаться
что я напутал в переменных скрипта, если у меня
провайдер№1(динамический ip)(eth1) ip 192.168.1.23, маска подсети 255.255.255.0, маршрут по умолчанию 192.168.1.4, DNS 192.168.1.4
провайдер№2 (динамический ip) (eth2) ip 192.168.1.2, маска подсети 255.255.255.0, маршрут по умолчанию 192.168.1.1. DNS 192.168.1.1.
локальная сеть (eth0)