特殊:Badtitle/NS100:InternetAndNetworking/DualHomedGatewayDHCP:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Wikibot留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
第1行: 第1行:
{{From|https://help.ubuntu.com/community/InternetAndNetworking/DualHomedGatewayDHCP}}
{{From|https://help.ubuntu.com/community/InternetAndNetworking/DualHomedGatewayDHCP}}
{{Languages|UbuntuHelp:InternetAndNetworking/DualHomedGatewayDHCP}}
{{Languages|UbuntuHelp:InternetAndNetworking/DualHomedGatewayDHCP}}
This page describes how you can setup more than one Internet connection on the same machine with dynamic IP address connections.
#title Configuring several Internet connections on the same Computer
== Introduction ==
This page describes how you can set up more than one Internet connection on the same machine with dynamic IP address connections.
In many situations, is desirable to have more than one connection to the Internet:
In many situations, is desirable to have more than one connection to the Internet:
* for backup purposes
* for backup purposes.
* to redirect bulk traffic through a less expensive link
* to redirect bulk traffic through a less expensive link.
* to split traffic between many links
* to split traffic between many links.
If all your Internet connections have fixed IP address, perhaps your questions are already answered by the [http://lartc.org/howto/ "Linux Advanced Routing HowTo"].
If all your Internet connections have fixed IP address, perhaps your questions are already answered by the [http://lartc.org/howto/ "Linux Advanced Routing HowTo"].
This guide aims to help you setup your network to use more than one Internet connection when one or more links use dynamic IP address.
This guide aims to help you setup your network to use more than one Internet connection when one or more links use dynamic IP address.
== Prerequisites ==
== Prerequisites ==
For this to work you should install:
For this to work you should install:
* iproute2
* iproute2, a collection of utilities for controlling TCP / IP networking and traffic control.
* iptables
* iptables, a command line program used to configure the IPv4 packet filtering ruleset.
* ipcalc
* ipcalc, a parameter calculator for IPV4 addresses.
* dhcp3-client
* dhcp3-client, the client from version 3 of the Internet Software Consortium's implementation of DHCP.
== Secret Sauce ==
== Advanced routing ==
The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders dhclient-enter-hooks.d and dhclient-exit-hooks.d at /etc/dhcp3/ (man dhclient-script).
Linux advanced routing features allow you to use more than one ISP, so you can route bulk or less important traffic through a cheaper link, sometimes meaning big cost savings and more reliable networking.
There are a debug script which is very useful to show the information that is available to your scripts. Just edit the scripts at these folders changing RUN="no" to RUN="yes" and you will have useful debug information logged to /tmp/dhclient-script.debug. Debug output will look like:
The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders /etc/dhcp3/dhclient-enter-hooks.d and /etc/dhcp3/dhclient-exit-hooks.d (''man dhclient-script'').
There are a debug script which is very useful to show the information that is available to your scripts. Just edit the script ''debug'' at these folders and change the option RUN="no" to RUN="yes". You will have useful debug information logged at /tmp/dhclient-script.debug. Debug output will look like:
<pre><nowiki>
<pre><nowiki>
Tue Oct 16 15:35:27 BRT 2007: entering dhclient-enter-hooks.d, dumping variables.
Tue Oct 16 15:35:27 BRT 2007: entering dhclient-enter-hooks.d, dumping variables.
第56行: 第57行:
--------------------------
--------------------------
</nowiki></pre>
</nowiki></pre>
== Case #1: fixed-address premium link + cheap broadband connection ==
== Example: fixed-address connection + DHCP connection ==
I have an expensive premium Internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (a detailed explanation on why this will not work is away beyond this document goals). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, sometimes not.  
I have an expensive premium Internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (a detailed explanation on why this will not work is away beyond this document goals). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, sometimes not.  
Linux with iproute2 has up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables.
Linux with iproute2 has up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables.
第63行: 第64行:
* eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
* eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
* eth2: connected to the broadband backup link with dynamic address
* eth2: connected to the broadband backup link with dynamic address
1. Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it anything, I prefer the ISP name. We will end up with something like:
<ol><li>Edit ''/etc/iproute2/rt_tables'' to add a line naming your routing table. You can call it anything, I prefer the ISP name. We will end up with something like:</li></ol>


<pre><nowiki>#
<pre><nowiki>#
第77行: 第78行:
#1      inr.ruhep
#1      inr.ruhep
2    ISP2</nowiki></pre>
2    ISP2</nowiki></pre>
2. We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out ''domain-name'', ''domain-name-servers'', ''host-name'', ''netbios-name-servers'' and ''netbios-scope''.
2.#2 We don't want dhclient messing with our nameserver setup at ''/etc/resolv.conf''. To prevent this, edit ''/etc/dhcp3/dhclient.conf'' and change the request setting removing or commenting out ''domain-name'', ''domain-name-servers'', ''host-name'', ''netbios-name-servers'' and ''netbios-scope''.
3. Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed:
<ol><li>Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it ''dualhomed'':</li></ol>


<pre><nowiki>if [ x$reason == 'xBOUND' ]; then
<pre><nowiki>if [ x$reason == 'xBOUND' ]; then
第113行: 第114行:
new_routers=""
new_routers=""
</nowiki></pre>
</nowiki></pre>
4. Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed:
4.#4 Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it ''dualhomed'':
 
<pre><nowiki>
<pre><nowiki>
if [ x$reason == 'xBOUND' ]; then
if [ x$reason == 'xBOUND' ]; then
第122行: 第122行:
         /sbin/ip route add default via $isp2_gateway table ISP2
         /sbin/ip route add default via $isp2_gateway table ISP2


         # Should we restar squid to bind to the new interface?
         # Should we restart squid to bind to the new interface?
         /etc/init.d/squid restart
         /etc/init.d/squid restart
fi
fi
</nowiki></pre>
</nowiki></pre>
5. At shell prompt, issue "ifdown eth2" command
5.#5 At shell prompt, issue ''ifdown eth2'' command
6. Edit /etc/network/interfaces to make eth2 address dynamic:
<ol><li>Edit ''/etc/network/interfaces'' to make eth2 address dynamic:</li></ol>


<pre><nowiki>
<pre><nowiki>
第133行: 第133行:
iface eth2 inet dhcp
iface eth2 inet dhcp
</nowiki></pre>
</nowiki></pre>
7. At shell prompt, issue "ifup eth2" command
7.#7 At shell prompt, issue ''ifup eth2'' command
 
That is it. If you did everything right, ip routing rules will look like:
That is it. If you did everything right, ip routing rules will look like:
<pre><nowiki>
<pre><nowiki>
第152行: 第151行:
default via 201.252.224.1 dev eth2
default via 201.252.224.1 dev eth2
</nowiki></pre>
</nowiki></pre>
== Conclusion ==
Linux advanced routing features allow you to use more than one ISP, so you can route bulk or less important traffic through a cheaper link, sometimes meaning big cost savings and more reliable networking.
----
[[category:CategoryDocumentation]] [[category:CategoryNetworking]]


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2008年4月23日 (三) 11:30的版本

{{#ifexist: :InternetAndNetworking/DualHomedGatewayDHCP/zh | | {{#ifexist: InternetAndNetworking/DualHomedGatewayDHCP/zh | | {{#ifeq: {{#titleparts:InternetAndNetworking/DualHomedGatewayDHCP|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:InternetAndNetworking/DualHomedGatewayDHCP|1|-1|}} | zh | | }}

  1. title Configuring several Internet connections on the same Computer

This page describes how you can set up more than one Internet connection on the same machine with dynamic IP address connections. In many situations, is desirable to have more than one connection to the Internet:

  • for backup purposes.
  • to redirect bulk traffic through a less expensive link.
  • to split traffic between many links.

If all your Internet connections have fixed IP address, perhaps your questions are already answered by the "Linux Advanced Routing HowTo". This guide aims to help you setup your network to use more than one Internet connection when one or more links use dynamic IP address.

Prerequisites

For this to work you should install:

  • iproute2, a collection of utilities for controlling TCP / IP networking and traffic control.
  • iptables, a command line program used to configure the IPv4 packet filtering ruleset.
  • ipcalc, a parameter calculator for IPV4 addresses.
  • dhcp3-client, the client from version 3 of the Internet Software Consortium's implementation of DHCP.

Advanced routing

Linux advanced routing features allow you to use more than one ISP, so you can route bulk or less important traffic through a cheaper link, sometimes meaning big cost savings and more reliable networking. The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders /etc/dhcp3/dhclient-enter-hooks.d and /etc/dhcp3/dhclient-exit-hooks.d (man dhclient-script). There are a debug script which is very useful to show the information that is available to your scripts. Just edit the script debug at these folders and change the option RUN="no" to RUN="yes". You will have useful debug information logged at /tmp/dhclient-script.debug. Debug output will look like:

Tue Oct 16 15:35:27 BRT 2007: entering dhclient-enter-hooks.d, dumping variables.
reason='BOUND'
interface='eth2'
medium=''
alias_ip_address=''
new_ip_address='201.52.236.6'
new_subnet_mask='255.255.240.0'
new_domain_name=''
new_domain_name_servers=''
new_routers='201.52.224.1'
new_static_routes=''
old_ip_address='201.52.236.6'
old_subnet_mask='255.255.240.0'
old_domain_name=''
old_domain_name_servers=''
old_routers='201.52.224.1'
old_static_routes=''
--------------------------
Tue Oct 16 15:35:27 BRT 2007: entering dhclient-exit-hooks.d, dumping variables.
reason='BOUND'
interface='eth2'
medium=''
alias_ip_address=''
new_ip_address='201.52.236.6'
new_subnet_mask='255.255.240.0'
new_domain_name=''
new_domain_name_servers=''
new_routers=''
new_static_routes=''
old_ip_address='201.52.236.6'
old_subnet_mask='255.255.240.0'
old_domain_name=''
old_domain_name_servers=''
old_routers='201.52.224.1'
old_static_routes=''
--------------------------

Example: fixed-address connection + DHCP connection

I have an expensive premium Internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (a detailed explanation on why this will not work is away beyond this document goals). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, sometimes not. Linux with iproute2 has up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables. Supposing we have three NICs:

  • eth0: fixed IP addres connected to main Internet link with 200.123.123.106/255.255.255.240 address
  • eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
  • eth2: connected to the broadband backup link with dynamic address
  1. Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it anything, I prefer the ISP name. We will end up with something like:
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
2     ISP2

2.#2 We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out domain-name, domain-name-servers, host-name, netbios-name-servers and netbios-scope.

  1. Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed:
if [ x$reason == 'xBOUND' ]; then
        # Lets flush our new routing table
        /sbin/ip route flush table ISP2
        # Stop marking packets
        /sbin/iptables -F PREROUTING -t mangle
        # Flush routing rules
        /usr/local/sbin/flush_rules.pl

        # Cable modem will give us a private IP
        # when link is down.
        prefixo=`echo $teste | cut -d . -f 1-2`
        if [ x$prefixo == 'x192.168' ]; then
                exit
        fi

        # Copy NIC routes at main routing table:
        /sbin/ip route add 200.123.123.104/29 dev eth0 table ISP2
        /sbin/ip route add 10.1.0.0/24 dev eth1 table ISP2

        # Advanced rules
        /sbin/ip rule add from $new_ip_address table ISP2
        /sbin/ip rule add fwmark 0x2 table ISP2

        # Mark HTTP packets we want to send through ISP2
        /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 443 -j MARK --set-mark 2
        /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 80  -j MARK --set-mark 2
fi

# We dont want a default route to this gateway at the main table,
# so we undefine $new_routers.
isp2_gateway=$new_routers
new_routers=""

4.#4 Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed:

if [ x$reason == 'xBOUND' ]; then
        # Cant be done at dhclient-enter-hooks time
        my_new_network=`ipcalc -n $new_ip_address/$new_subnet_mask | grep Network | cut -b 12-32`
        /sbin/ip route add $my_new_network dev $interface table ISP2
        /sbin/ip route add default via $isp2_gateway table ISP2

        # Should we restart squid to bind to the new interface?
        /etc/init.d/squid restart
fi

5.#5 At shell prompt, issue ifdown eth2 command

  1. Edit /etc/network/interfaces to make eth2 address dynamic:
auto eth2
iface eth2 inet dhcp

7.#7 At shell prompt, issue ifup eth2 command That is it. If you did everything right, ip routing rules will look like:

admin@firewall:~$ sudo ip rule show
0:      from all lookup 255
32764:  from all fwmark 0x2 lookup ISP2
32765:  from 201.252.136.6 lookup ISP2
32766:  from all lookup main
32767:  from all lookup default

ISP2 routing table will look like:

admin@firewall:~$ sudo ip route show table ISP2
200.123.123.104/29 dev eth0  scope link
10.1.0.0/24 dev eth1  scope link
201.252.224.0/20 dev eth2  scope link
default via 201.252.224.1 dev eth2