“UbuntuHelp:InternetAndNetworking/DualHomedGatewayDHCP”的版本间的差异

2007年11月30日 (五) 18:05的版本

文章出处:

https://help.ubuntu.com/community/InternetAndNetworking/DualHomedGatewayDHCP

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

This page describes how you can setup more than one Internet connection on the same machine with dynamic IP address connections.

Introduction

In many situations, is desirable to have more than one connection to the Internet:

for backup purposes
to redirect bulk traffic through a less expensive link
to split traffic between many links

If all your Internet connections have fixed IP address, perhaps your questions are already answered by the "Linux Advanced Routing HowTo". This guide aims to help you setup your network to use more than one Internet connection when one or more links use dynamic IP address.

Prerequisites

For this to work you should install:

iproute2
iptables
ipcalc
dhcp3-client

Secret Sauce

The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders dhclient-enter-hooks.d and dhclient-exit-hooks.d at /etc/dhcp3/ (man dhclient-script). There are a debug script which is very useful to show the information that is available to your scripts. Just edit the scripts at these folders changing RUN="no" to RUN="yes" and you will have useful debug information logged to /tmp/dhclient-script.debug. Debug output will look like:

Tue Oct 16 15:35:27 BRT 2007: entering dhclient-enter-hooks.d, dumping variables.
reason='BOUND'
interface='eth2'
medium=''
alias_ip_address=''
new_ip_address='201.52.236.6'
new_subnet_mask='255.255.240.0'
new_domain_name=''
new_domain_name_servers=''
new_routers='201.52.224.1'
new_static_routes=''
old_ip_address='201.52.236.6'
old_subnet_mask='255.255.240.0'
old_domain_name=''
old_domain_name_servers=''
old_routers='201.52.224.1'
old_static_routes=''
--------------------------
Tue Oct 16 15:35:27 BRT 2007: entering dhclient-exit-hooks.d, dumping variables.
reason='BOUND'
interface='eth2'
medium=''
alias_ip_address=''
new_ip_address='201.52.236.6'
new_subnet_mask='255.255.240.0'
new_domain_name=''
new_domain_name_servers=''
new_routers=''
new_static_routes=''
old_ip_address='201.52.236.6'
old_subnet_mask='255.255.240.0'
old_domain_name=''
old_domain_name_servers=''
old_routers='201.52.224.1'
old_static_routes=''
--------------------------

Case #1: fixed-address premium link + cheap broadband connection

I have an expensive premium Internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (a detailed explanation on why this will not work is away beyond this document goals). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, sometimes not. Linux with iproute2 has up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables. Supposing we have three NICs:

eth0: fixed IP addres connected to main Internet link with 200.123.123.106/255.255.255.240 address
eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
eth2: connected to the broadband backup link with dynamic address

1. Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it anything, I prefer the ISP name. We will end up with something like:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
2     ISP2

2. We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out domain-name, domain-name-servers, host-name, netbios-name-servers and netbios-scope. 3. Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed:

if [ x$reason == 'xBOUND' ]; then
# Lets flush our new routing table
/sbin/ip route flush table ISP2
# Stop marking packets
/sbin/iptables -F PREROUTING -t mangle
# Flush routing rules
/usr/local/sbin/flush_rules.pl
# Cable modem will give us a private IP
# when link is down.
prefixo=`echo $teste | cut -d . -f 1-2`
if [ x$prefixo == 'x192.168' ]; then
exit
fi
# Copy NIC routes at main routing table:
/sbin/ip route add 200.123.123.104/29 dev eth0 table ISP2
/sbin/ip route add 10.1.0.0/24 dev eth1 table ISP2
# Advanced rules
/sbin/ip rule add from $new_ip_address table ISP2
/sbin/ip rule add fwmark 0x2 table ISP2
# Mark HTTP packets we want to send through ISP2
/sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 443 -j MARK --set-mark 2
/sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 80  -j MARK --set-mark 2
fi
# We dont want a default route to this gateway at the main table,
# so we undefine $new_routers.
isp2_gateway=$new_routers
new_routers=""

4. Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed:

if [ x$reason == 'xBOUND' ]; then
# Cant be done at dhclient-enter-hooks time
my_new_network=`ipcalc -n $new_ip_address/$new_subnet_mask | grep Network | cut -b 12-32`
/sbin/ip route add $my_new_network dev $interface table ISP2
/sbin/ip route add default via $isp2_gateway table ISP2
# Should we restar squid to bind to the new interface?
/etc/init.d/squid restart
fi

5. At shell prompt, issue "ifdown eth2" command 6. Edit /etc/network/interfaces to make eth2 address dynamic:

auto eth2
iface eth2 inet dhcp

7. At shell prompt, issue "ifup eth2" command That is it. If you did everything right, ip routing rules will look like:

admin@firewall:~$ sudo ip rule show
0:      from all lookup 255
32764:  from all fwmark 0x2 lookup ISP2
32765:  from 201.252.136.6 lookup ISP2
32766:  from all lookup main
32767:  from all lookup default

ISP2 routing table will look like:

admin@firewall:~$ sudo ip route show table ISP2
200.123.123.104/29 dev eth0  scope link
10.1.0.0/24 dev eth1  scope link
201.252.224.0/20 dev eth2  scope link
default via 201.252.224.1 dev eth2

Conclusion

Linux advanced routing features allow you to use more than one ISP, so you can route bulk or less important traffic through a cheaper link, sometimes meaning big cost savings and more reliable networking.

@@ 第1行： / 第1行： @@
 {{From|https://help.ubuntu.com/community/InternetAndNetworking/DualHomedGatewayDHCP}}
 {{Languages|UbuntuHelp:InternetAndNetworking/DualHomedGatewayDHCP}}
 This page describes how you can setup more than one Internet connection on the same machine with dynamic IP address connections.
 == Introduction ==
 In many situations, is desirable to have more than one connection to the Internet:
 * for backup purposes
 * to redirect bulk traffic through a less expensive link
 * to split traffic between many links
 If all your Internet connections have fixed IP address, perhaps your questions are already answered by the [http://lartc.org/howto/ "Linux Advanced Routing HowTo"].
 This guide aims to help you setup your network to use more than one Internet connection when one or more links use dynamic IP address.
 == Prerequisites ==
 For this to work you should install:
 * iproute2
 * iptables
 * ipcalc
 * dhcp3-client
 == Secret Sauce ==
 The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders dhclient-enter-hooks.d and dhclient-exit-hooks.d at /etc/dhcp3/ (man dhclient-script).
 There are a debug script which is very useful to show the information that is available to your scripts. Just edit the scripts at these folders changing RUN="no" to RUN="yes" and you will have useful debug information logged to /tmp/dhclient-script.debug. Debug output will look like:
 <pre><nowiki>
@@ 第69行： / 第56行： @@
 --------------------------
 </nowiki></pre>
 == Case #1: fixed-address premium link + cheap broadband connection ==
 I have an expensive premium Internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (a detailed explanation on why this will not work is away beyond this document goals). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, sometimes not.
 Linux with iproute2 has up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables.
 Supposing we have three NICs:
 * eth0: fixed IP addres connected to main Internet link with 200.123.123.106/255.255.255.240 address
 * eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
 * eth2: connected to the broadband backup link with dynamic address
 . Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it anything, I prefer the ISP name. We will end up with something like:
 <pre><nowiki>#
 # reserved values
@@ 第96行： / 第76行： @@
 #1      inr.ruhep
     ISP2</nowiki></pre>
 . We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out ''domain-name'', ''domain-name-servers'', ''host-name'', ''netbios-name-servers'' and ''netbios-scope''.
 . Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed:
 <pre><nowiki>if [ x$reason == 'xBOUND' ]; then
 # Lets flush our new routing table
@@ 第108行： / 第85行： @@
 # Flush routing rules
 /usr/local/sbin/flush_rules.pl
 # Cable modem will give us a private IP
 # when link is down.
@@ 第115行： / 第91行： @@
 exit
 fi
 # Copy NIC routes at main routing table:
 /sbin/ip route add 200.123.123.104/29 dev eth0 table ISP2
 /sbin/ip route add 10.1.0.0/24 dev eth1 table ISP2
 # Advanced rules
 /sbin/ip rule add from $new_ip_address table ISP2
 /sbin/ip rule add fwmark 0x2 table ISP2
 # Mark HTTP packets we want to send through ISP2
 /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 443 -j MARK --set-mark 2
 /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 80  -j MARK --set-mark 2
 fi
 # We dont want a default route to this gateway at the main table,
 # so we undefine $new_routers.
@@ 第134行： / 第106行： @@
 new_routers=""
 </nowiki></pre>
 . Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed:
 <pre><nowiki>
 if [ x$reason == 'xBOUND' ]; then
@@ 第143行： / 第113行： @@
 /sbin/ip route add $my_new_network dev $interface table ISP2
 /sbin/ip route add default via $isp2_gateway table ISP2
 # Should we restar squid to bind to the new interface?
 /etc/init.d/squid restart
 fi
 </nowiki></pre>
 . At shell prompt, issue "ifdown eth2" command
 . Edit /etc/network/interfaces to make eth2 address dynamic:
 <pre><nowiki>
 auto eth2
 iface eth2 inet dhcp
 </nowiki></pre>
 . At shell prompt, issue "ifup eth2" command
 That is it. If you did everything right, ip routing rules will look like:
 <pre><nowiki>
@@ 第169行： / 第133行： @@
 :  from all lookup default
 </nowiki></pre>
 ISP2 routing table will look like:
 <pre><nowiki>
@@ 第178行： / 第141行： @@
 default via 201.252.224.1 dev eth2
 </nowiki></pre>
 == Conclusion ==
 Linux advanced routing features allow you to use more than one ISP, so you can route bulk or less important traffic through a cheaper link, sometimes meaning big cost savings and more reliable networking.
 ----
 [[category:CategoryDocumentation]] [[category:CategoryNetworking]]
 [[category:UbuntuHelp]]

个人工具

“UbuntuHelp:InternetAndNetworking/DualHomedGatewayDHCP”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具