[LARTC] Dual Multipath DSL Script Problem!
Holger
fte112@gmx.de
Sun, 9 May 2004 00:02:45 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_001C_01C43558.F51980E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello!
I had found a script to multipath DSL connections:
http://linux.com.lb/beta/index.pl?node=3DLoad%20Balancing%20Across%20Mult=
iple%20Links
I have made some modifications, but in second part of this mail are some =
errors:
__________________________________________________________________
First the script:
__________________________________________________________________
#!/bin/bash
# iptables userspace executable=20
iptables=3D"/usr/local/sbin/iptables"=20
# Internal Interface=20
NET_INT_INT=3Deth0=20
# Internal IP=20
NET_INT_IP=3D192.168.20.1
# Internal Subnet=20
NET_INT_SUB=3D24=20
# Internal Network=20
NET_INT_NET=3D192.168.20.0=20
# First external interface=20
NET_EXT_INT1=3Deth1=20
# First external IP=20
NET_EXT_IP1=3D192.168.21.1=20
# First external interface's gateway=20
NET_EXT_GW1=3D192.168.21.2
# Second external interface=20
NET_EXT_INT1=3Deth2=20
# Second external IP=20
NET_EXT_IP1=3D192.168.22.1=20
# Second external interface's gateway=20
NET_EXT_GW1=3D192.168.22.2=20
echo "Flushing All Tables"=20
iptables -F=20
iptables -F -t nat=20
iptables -F -t mangle=20
iptables -X -t nat=20
iptables -X -t mangle=20
iptables -X=20
echo "Mangle eth1"=20
iptables -t mangle -N eth1=20
iptables -t mangle -F eth1=20
iptables -t mangle -A eth1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 =
"=20
iptables -t mangle -A eth1 -p icmp -j LOG --log-prefix " =
MANGLE_ICMP_ETH1 "=20
iptables -t mangle -A eth1 -j MARK --set-mark 1=20
echo "Mangle eth2"=20
iptables -t mangle -N eth2=20
iptables -t mangle -F eth2=20
iptables -t mangle -A eth2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 =
"=20
iptables -t mangle -A eth2 -p icmp -j LOG --log-prefix " =
MANGLE_ICMP_ETH2 "=20
iptables -t mangle -A eth2 -j MARK --set-mark 2=20
echo "NAT"=20
iptables -t nat -N SPOOF_ETH1=20
iptables -t nat -F SPOOF_ETH1=20
iptables -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "=20
iptables -t nat -A SPOOF_ETH1 -j SNAT --to-source $NET_EXT_IP1=20
iptables -t nat -N SPOOF_ETH2=20
iptables -t nat -F SPOOF_ETH2=20
iptables -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "=20
iptables -t nat -A SPOOF_ETH2 -j SNAT --to-source $NET_EXT_IP2
echo "Setting some local network rules..."=20
iptables -A INPUT -p icmp -s $NET_INT_NET/$NET_INT_SUB -d $NET_INT_IP -j =
ACCEPT=20
echo "Setting Mangle rules for eth1..."=20
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j =
eth1=20
iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 =
-j eth1=20
ip ro add default via $NET_EXT_GW1 dev $NET_EXT_INT1 table 10
ip ru add fwmark 1 table 10=20
ip ro fl ca=20
echo "Setting Mangle rules for eth2..."=20
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j =
eth2=20
iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 =
-j eth2=20
ip ro add default via $NET_EXT_GW2 dev $NET_EXT_INT2 table 20
ip ru add fwmark 2 table 20=20
ip ro fl ca=20
echo "Setting up spoofing rules..."=20
iptables -t nat -A POSTROUTING -o $NET_EXT_INT1 -j SPOOF_ETH1=20
iptables -t nat -A POSTROUTING -o $NET_EXT_INT2 -j SPOOF_ETH2=20
echo "Adding default route..."=20
ip ro add default nexthop via $NET_EXT_GW1 dev $NET_EXT_INT1 weight 1 =
nexthop via $NET_EXT_GW2 dev $NET_EXT_INT2 weight 1=20
echo "Disabling Reverse Path Filtering..."=20
echo 0> /proc/sys/net/ipv4/conf/eth1/rp_filter=20
echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter=20
echo "Enabling IPv4 Packet forwarding..."=20
echo "1"> /proc/sys/net/ipv4/ip_forward=20
__________________________________________________________________
Second the errors:
__________________________________________________________________
debian:~/script# sh natfilter=20
Flushing All Tables=20
Mangle eth1=20
Mangle eth2=20
NAT=20
iptables v1.2.6a: Unknown arg `--to-source'=20
Try `iptables -h' or 'iptables --help' for more information.=20
Setting some local network rules...=20
Setting Mangle rules for eth1...=20
Setting Mangle rules for eth2...=20
Error: an inet address is expected rather than "dev".=20
Setting up spoofing rules...=20
Warning: weird character in interface `-j' (No aliases, :, ! or *).=20
Bad argument `SPOOF_ETH2'=20
Try `iptables -h' or 'iptables --help' for more information.=20
Adding default route...=20
Error: an IP address is expected rather than "dev"=20
Disabling Reverse Path Filtering...=20
Enabling IPv4 Packet forwarding...
__________________________________________________________________
Thank you very much!
Direct contact: fte112 (at) gmx.de
------=_NextPart_000_001C_01C43558.F51980E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I had found a script to multipath DSL=20
connections:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://linux.com.lb/beta/index.pl?node=3DLoad%20Balancing%20Acros=
s%20Multiple%20Links">http://linux.com.lb/beta/index.pl?node=3DLoad%20Bal=
ancing%20Across%20Multiple%20Links</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have made some modifications, but in =
second part=20
of this mail are some errors:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>__________________________________________________________________</=
DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>First the script:</FONT></DIV>
<DIV>__________________________________________________________________</=
DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>#!/bin/bash</FONT></DIV>
<DIV> </DIV><FONT face=3DArial size=3D2>
<DIV><BR># iptables userspace executable =
<BR>iptables=3D"/usr/local/sbin/iptables"=20
</DIV>
<DIV> </DIV>
<DIV># Internal Interface <BR>NET_INT_INT=3Deth0 </DIV>
<DIV> </DIV>
<DIV># Internal IP <BR>NET_INT_IP=3D192.168.20.1</DIV>
<DIV> </DIV>
<DIV># Internal Subnet <BR>NET_INT_SUB=3D24 </DIV>
<DIV> </DIV>
<DIV># Internal Network <BR>NET_INT_NET=3D192.168.20.0 </DIV>
<DIV> </DIV>
<DIV># First external interface <BR>NET_EXT_INT1=3Deth1 </DIV>
<DIV> </DIV>
<DIV># First external IP <BR>NET_EXT_IP1=3D192.168.21.1 </DIV>
<DIV> </DIV>
<DIV># First external interface's gateway =
<BR>NET_EXT_GW1=3D192.168.21.2</DIV>
<DIV> </DIV>
<DIV># Second external interface <BR>NET_EXT_INT1=3Deth2 </DIV>
<DIV> </DIV>
<DIV># Second external IP <BR>NET_EXT_IP1=3D192.168.22.1 </DIV>
<DIV> </DIV>
<DIV># Second external interface's gateway =
<BR>NET_EXT_GW1=3D192.168.22.2 </DIV>
<DIV> </DIV>
<DIV>echo "Flushing All Tables" <BR>iptables -F <BR>iptables -F -t nat=20
<BR>iptables -F -t mangle <BR>iptables -X -t nat <BR>iptables -X -t =
mangle=20
<BR>iptables -X </DIV>
<DIV> </DIV>
<DIV>echo "Mangle eth1" <BR>iptables -t mangle -N eth1 <BR>iptables -t =
mangle -F=20
eth1 <BR>iptables -t mangle -A eth1 -p tcp -j LOG --log-prefix " =
MANGLE_TCP_ETH1=20
" <BR>iptables -t mangle -A eth1 -p icmp -j LOG --log-prefix " =
MANGLE_ICMP_ETH1=20
" <BR>iptables -t mangle -A eth1 -j MARK --set-mark 1 </DIV>
<DIV> </DIV>
<DIV>echo "Mangle eth2" <BR>iptables -t mangle -N eth2 <BR>iptables -t =
mangle -F=20
eth2 <BR>iptables -t mangle -A eth2 -p tcp -j LOG --log-prefix " =
MANGLE_TCP_ETH2=20
" <BR>iptables -t mangle -A eth2 -p icmp -j LOG --log-prefix " =
MANGLE_ICMP_ETH2=20
" <BR>iptables -t mangle -A eth2 -j MARK --set-mark 2 </DIV>
<DIV> </DIV>
<DIV>echo "NAT" <BR>iptables -t nat -N SPOOF_ETH1 <BR>iptables -t nat -F =
SPOOF_ETH1 <BR>iptables -t nat -A SPOOF_ETH1 -j LOG --log-prefix " =
SPOOF_ETH1 "=20
<BR>iptables -t nat -A SPOOF_ETH1 -j SNAT --to-source $NET_EXT_IP1 =
</DIV>
<DIV> </DIV>
<DIV>iptables -t nat -N SPOOF_ETH2 <BR>iptables -t nat -F SPOOF_ETH2=20
<BR>iptables -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "=20
<BR>iptables -t nat -A SPOOF_ETH2 -j SNAT --to-source $NET_EXT_IP2</DIV>
<DIV> </DIV>
<DIV>echo "Setting some local network rules..." <BR>iptables -A INPUT -p =
icmp -s=20
$NET_INT_NET/$NET_INT_SUB -d $NET_INT_IP -j ACCEPT </DIV>
<DIV> </DIV>
<DIV>echo "Setting Mangle rules for eth1..." <BR>iptables -t mangle -A =
OUTPUT -o=20
! $NET_INT_INT -m random --average 50 -j eth1 <BR>iptables -t mangle -A=20
PREROUTING -i $NET_INT_INT -m random --average 50 -j eth1 <BR>ip ro add =
default=20
via $NET_EXT_GW1 dev $NET_EXT_INT1 table 10<BR>ip ru add fwmark 1 table =
10=20
<BR>ip ro fl ca </DIV>
<DIV> </DIV>
<DIV>echo "Setting Mangle rules for eth2..." <BR>iptables -t mangle -A =
OUTPUT -o=20
! $NET_INT_INT -m random --average 50 -j eth2 <BR>iptables -t mangle -A=20
PREROUTING -i $NET_INT_INT -m random --average 50 -j eth2 <BR>ip ro add =
default=20
via $NET_EXT_GW2 dev $NET_EXT_INT2 table 20<BR>ip ru add fwmark 2 table =
20=20
<BR>ip ro fl ca </DIV>
<DIV> </DIV>
<DIV>echo "Setting up spoofing rules..." <BR>iptables -t nat -A =
POSTROUTING -o=20
$NET_EXT_INT1 -j SPOOF_ETH1 <BR>iptables -t nat -A POSTROUTING -o =
$NET_EXT_INT2=20
-j SPOOF_ETH2 </DIV>
<DIV> </DIV>
<DIV>echo "Adding default route..." <BR>ip ro add default nexthop via=20
$NET_EXT_GW1 dev $NET_EXT_INT1 weight 1 nexthop via $NET_EXT_GW2 dev=20
$NET_EXT_INT2 weight 1 </DIV>
<DIV> </DIV>
<DIV>echo "Disabling Reverse Path Filtering..." <BR>echo 0>=20
/proc/sys/net/ipv4/conf/eth1/rp_filter <BR>echo 0>=20
/proc/sys/net/ipv4/conf/eth2/rp_filter </DIV>
<DIV> </DIV>
<DIV>echo "Enabling IPv4 Packet forwarding..." <BR>echo "1">=20
/proc/sys/net/ipv4/ip_forward </DIV>
<DIV> </DIV>
<DIV>__________________________________________________________________</=
DIV>
<DIV> </DIV>
<DIV>Second the errors:</DIV>
<DIV>__________________________________________________________________</=
DIV>
<DIV> </DIV>
<DIV>debian:~/script# sh natfilter <BR><BR>Flushing All Tables =
<BR><BR>Mangle=20
eth1 <BR><BR>Mangle eth2 <BR><BR>NAT <BR>iptables v1.2.6a: Unknown arg=20
`--to-source' <BR>Try `iptables -h' or 'iptables --help' for more =
information.=20
<BR><BR>Setting some local network rules... <BR><BR>Setting Mangle rules =
for=20
eth1... <BR><BR>Setting Mangle rules for eth2... <BR>Error: an inet =
address is=20
expected rather than "dev". <BR><BR>Setting up spoofing rules... =
<BR>Warning:=20
weird character in interface `-j' (No aliases, :, ! or *). <BR>Bad =
argument=20
`SPOOF_ETH2' <BR>Try `iptables -h' or 'iptables --help' for more =
information.=20
<BR><BR>Adding default route... <BR>Error: an IP address is expected =
rather than=20
"dev" <BR><BR>Disabling Reverse Path Filtering... <BR><BR><BR>Enabling =
IPv4=20
Packet forwarding...</DIV>
<DIV> </DIV>
<DIV>__________________________________________________________________</=
DIV>
<DIV> </DIV>
<DIV>Thank you very much!</DIV>
<DIV> </DIV>
<DIV>Direct contact: <A href=3D"mailto:fte112@gmx.de">fte112 (at)=20
gmx.de</A></FONT></DIV></BODY></HTML>
------=_NextPart_000_001C_01C43558.F51980E0--