Oh, sorry for
HTML!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!
Hello!
I had found a script to multipath DSL connections:
http://linux.com.lb/beta/index.pl?node=Load%20Balancing%20Across%20Multiple%
20Links
I have made some modifications, but in second part of this mail are some
errors:
__________________________________________________________________
First the script:
__________________________________________________________________
#!/bin/bash
# iptables userspace executable
iptables="/usr/local/sbin/iptables"
# Internal Interface
NET_INT_INT=eth0
# Internal IP
NET_INT_IP=192.168.20.1
# Internal Subnet
NET_INT_SUB=24
# Internal Network
NET_INT_NET=192.168.20.0
# First external interface
NET_EXT_INT1=eth1
# First external IP
NET_EXT_IP1=192.168.21.1
# First external interface''s gateway
NET_EXT_GW1=192.168.21.2
# Second external interface
NET_EXT_INT1=eth2
# Second external IP
NET_EXT_IP1=192.168.22.1
# Second external interface''s gateway
NET_EXT_GW1=192.168.22.2
echo "Flushing All Tables"
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X -t nat
iptables -X -t mangle
iptables -X
echo "Mangle eth1"
iptables -t mangle -N eth1
iptables -t mangle -F eth1
iptables -t mangle -A eth1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1
"
iptables -t mangle -A eth1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1
"
iptables -t mangle -A eth1 -j MARK --set-mark 1
echo "Mangle eth2"
iptables -t mangle -N eth2
iptables -t mangle -F eth2
iptables -t mangle -A eth2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2
"
iptables -t mangle -A eth2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2
"
iptables -t mangle -A eth2 -j MARK --set-mark 2
echo "NAT"
iptables -t nat -N SPOOF_ETH1
iptables -t nat -F SPOOF_ETH1
iptables -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
iptables -t nat -A SPOOF_ETH1 -j SNAT --to-source $NET_EXT_IP1
iptables -t nat -N SPOOF_ETH2
iptables -t nat -F SPOOF_ETH2
iptables -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
iptables -t nat -A SPOOF_ETH2 -j SNAT --to-source $NET_EXT_IP2
echo "Setting some local network rules..."
iptables -A INPUT -p icmp -s $NET_INT_NET/$NET_INT_SUB -d $NET_INT_IP -j
ACCEPT
echo "Setting Mangle rules for eth1..."
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j
eth1
iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 -j
eth1
ip ro add default via $NET_EXT_GW1 dev $NET_EXT_INT1 table 10
ip ru add fwmark 1 table 10
ip ro fl ca
echo "Setting Mangle rules for eth2..."
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j
eth2
iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 -j
eth2
ip ro add default via $NET_EXT_GW2 dev $NET_EXT_INT2 table 20
ip ru add fwmark 2 table 20
ip ro fl ca
echo "Setting up spoofing rules..."
iptables -t nat -A POSTROUTING -o $NET_EXT_INT1 -j SPOOF_ETH1
iptables -t nat -A POSTROUTING -o $NET_EXT_INT2 -j SPOOF_ETH2
echo "Adding default route..."
ip ro add default nexthop via $NET_EXT_GW1 dev $NET_EXT_INT1 weight 1
nexthop via $NET_EXT_GW2 dev $NET_EXT_INT2 weight 1
echo "Disabling Reverse Path Filtering..."
echo 0> /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter
echo "Enabling IPv4 Packet forwarding..."
echo "1"> /proc/sys/net/ipv4/ip_forward
__________________________________________________________________
Second the errors:
__________________________________________________________________
debian:~/script# sh natfilter
Flushing All Tables
Mangle eth1
Mangle eth2
NAT
iptables v1.2.6a: Unknown arg `--to-source''
Try `iptables -h'' or ''iptables --help'' for more
information.
Setting some local network rules...
Setting Mangle rules for eth1...
Setting Mangle rules for eth2...
Error: an inet address is expected rather than "dev".
Setting up spoofing rules...
Warning: weird character in interface `-j'' (No aliases, :, ! or *).
Bad argument `SPOOF_ETH2''
Try `iptables -h'' or ''iptables --help'' for more
information.
Adding default route...
Error: an IP address is expected rather than "dev"
Disabling Reverse Path Filtering...
Enabling IPv4 Packet forwarding...
__________________________________________________________________
Thank you very much!
Direct contact: fte112 (at) gmx.de
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/