Linux電信網通雙線策略

←手機掃碼閱讀火星人 @ 2014-03-29 , reply:0

　　現方式是這樣，三塊網卡，eth0 為LAN口，eth1 為第一個WAN口，接電信線路，eth2為第二個WAN口，接網通線路。我這裡都是按照固定IP方式配置的，如果是要PPPOE則自己配置PPPOE部分，我這裡主要是給大家提供策略部分。

　　將從兩個WAN口出去的數據包MASQUERADE

　　/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
　　/sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

　　然後，給系統增加一個標示為100的路由表，增加一個默認網關，這個默認網關是網通提供的網關。呵呵，為什麼我的帖子里的多路由表總用100呢，呵呵。

　　ip route add 0/0 via 218.59.*.* table 100

　　然後給系統主路由表配置網關，這個網關是電信的網關

　　ip route add 0/0 via 219.146.*.*

　　然後添加路由規則，讓所有通向網通的數據查詢標示為100的路由表：

　　ip rule add to 60.0.0.0/13 table 100
ip rule add to 60.8.0.0/15 table 100
ip rule add to 60.10.0.0/16 table 100
..........

　　規則比較多，大概有100多條，應該是完整的包括了網通的所有IP子網，我會給出完整規則。

　　這樣，通向網通的數據會查詢路由表100，而通向其他的地方的數據，這裡指定電信，則會通向電信。當然，如果有更複雜的應用，譬如還有教育網的線路，我相信大家也知道怎麼做了，再增加路由表，再增加策略就可以了。

　　這個配置方式給北方的朋友使用了，覺得效果很好，我希望對大家也有幫助。要注意的是，在配置網卡的時候，先不要配置網關，不要使用老的ifconfig命令來配置網關，而要使用iproute2來配置網關，否則會造成衝突，或者使用 ip route replace 命令來替換 ip route add 命令。

　　整個配置文件如下：（並沒有包括埠過濾的配置，大家根據需要自己配置）居然附件只能上傳jpg和 gif 呵呵，我把腳本後綴加了個.jpg ，通過右鍵屬性，把文件下下來，自己改回來吧。

#For ChinaUnix By Fushuyong,Wuhan
#!/bin/sh
echo "1" >; /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

#NAT the two red inte***ce
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

#Add a route table name 100 for CNC addresses
ip route add 0/0 via 219.146.*.*
ip route add 0/0 via 218.59.*.* table 100

#Add the route rules for the CNC addresses
ip rule add to 60.0.0.0/13 table 100
ip rule add to 60.8.0.0/15 table 100
ip rule add to 60.10.0.0/16 table 100
ip rule add to 60.12.0.0/16 table 100
ip rule add to 60.13.0.0/18 table 100
ip rule add to 60.13.128.0/17 table 100
ip rule add to 60.16.0.0/12 table 100
ip rule add to 60.208.0.0/13 table 100
ip rule add to 60.216.0.0/15 table 100
ip rule add to 60.220.0.0/14 table 100
ip rule add to 61.48.0.0/13 table 100
ip rule add to 61.133.0.0/17 table 100
ip rule add to 61.135.0.0/16 table 100
ip rule add to 61.136.64.0/18 table 100
ip rule add to 61.137.128.0/17 table 100
ip rule add to 61.138.0.0/17 table 100
ip rule add to 61.138.128.0/18 table 100
ip rule add to 61.139.128.0/18 table 100
ip rule add to 61.148.0.0/15 table 100
ip rule add to 61.156.0.0/16 table 100
ip rule add to 61.158.128.0/17 table 100
ip rule add to 61.159.0.0/18 table 100
ip rule add to 61.161.0.0/18 table 100
ip rule add to 61.161.128.0/17 table 100
ip rule add to 61.167.0.0/16 table 100
ip rule add to 61.168.0.0/16 table 100
ip rule add to 61.176.0.0/16 table 100
ip rule add to 61.179.0.0/16 table 100
ip rule add to 61.180.128.0/17 table 100
ip rule add to 61.181.0.0/16 table 100
ip rule add to 61.182.0.0/16 table 100
ip rule add to 61.189.0.0/17 table 100
ip rule add to 202.96.0.0/18 table 100
ip rule add to 202.96.64.0/19 table 100
ip rule add to 202.97.128.0/17 table 100
ip rule add to 202.98.0.0/19 table 100
ip rule add to 202.99.0.0/16 table 100
ip rule add to 202.102.128.0/18 table 100
ip rule add to 202.102.224.0/19 table 100
ip rule add to 202.106.0.0/16 table 100
ip rule add to 202.107.0.0/17 table 100
ip rule add to 202.108.0.0/16 table 100
ip rule add to 202.110.0.0/17 table 100
ip rule add to 202.110.192.0/18 table 100
ip rule add to 202.111.128.0/18 table 100
ip rule add to 218.7.0.0/16 table 100
ip rule add to 218.8.0.0/14 table 100
ip rule add to 218.12.0.0/16 table 100
ip rule add to 218.24.0.0/14 table 100
ip rule add to 218.28.0.0/15 table 100
ip rule add to 218.56.0.0/14 table 100
ip rule add to 218.60.0.0/15 table 100
ip rule add to 218.67.128.0/17 table 100
ip rule add to 218.68.0.0/15 table 100
ip rule add to 221.0.0.0/14 table 100
ip rule add to 221.4.0.0/15 table 100
ip rule add to 221.6.0.0/16 table 100
ip rule add to 221.7.0.0/18 table 100
ip rule add to 221.7.64.0/19 table 100
ip rule add to 221.7.128.0/17 table 100
ip rule add to 221.8.0.0/15 table 100
ip rule add to 221.10.0.0/16 table 100
ip rule add to 221.11.128.0/18 table 100
ip rule add to 221.11.0.0/17 table 100
ip rule add to 221.11.192.0/19 table 100
ip rule add to 221.12.0.0/17 table 100
ip rule add to 221.12.128.0/18 table 100
ip rule add to 221.13.0.0/18 table 100
ip rule add to 221.13.64.0/19 table 100
ip rule add to 221.13.128.0/17 table 100
ip rule add to 221.14.0.0/15 table 100
ip rule add to 221.192.0.0/14 table 100
ip rule add to 221.196.0.0/15 table 100
ip rule add to 221.198.0.0/16 table 100
ip rule add to 221.199.0.0/19 table 100
ip rule add to 221.199.32.0/20 table 100
ip rule add to 221.199.128.0/18 table 100
ip rule add to 221.199.192.0/20 table 100
ip rule add to 221.200.0.0/14 table 100
ip rule add to 221.204.0.0/15 table 100
ip rule add to 221.207.0.0/18 table 100
ip rule add to 221.208.0.0/14 table 100
ip rule add to 221.212.0.0/15 table 100
ip rule add to 221.216.0.0/13 table 100
ip rule add to 222.128.0.0/12 table 100
ip rule add to 222.160.0.0/15 table 100
ip rule add to 222.162.0.0/16 table 100
ip rule add to 222.163.0.0/19 table 100

Tags: linux system 系統

[火星人 ] Linux電信網通雙線策略已經有680次圍觀

本文地址：http://coctec.com/docs/linux/show-post-202726.html

Linux電信網通雙線策略

熱門文章

最新文章