ГУРУ ЕСТЬ?) ДУАЛ ВАН ROUTE@# $@#)

Post new topic   Reply to topic    DD-WRT Forum Index -> Использование и установка DD-WRT
View previous topic :: View next topic  
Author Message
yozz
DD-WRT User


Joined: 23 Nov 2009
Posts: 81
Location: russia
PostPosted: Mon Dec 14, 2009 20:53    Post subject: ГУРУ ЕСТЬ?) ДУАЛ ВАН ROUTE@# $@#) Reply with quote
Quote:
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.100 --dport 80 -j DNAT --to-destination 192.168.0.1:80
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/24 --dport 80 -j DNAT --to-destination 192.168.0.1:8081
iptables -I INPUT 1 -p tcp --dport 25000 -j logaccept
#--------------------------------------------
#WRT54 Script Generator v1.02
#(C) 2006-2007 Robert "Robson" Mytkowski
#--------------------------------------------
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
TQA="tc qdisc add dev br0"
SFQ="sfq perturb 10"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 8000kbit
$TCA parent 1:1 classid 1:10 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:11 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:12 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:13 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:14 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:15 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:16 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:17 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:18 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:19 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:20 htb rate 120kbit ceil 120kbit prio 2
$TCA parent 1:1 classid 1:21 htb rate 3000kbit ceil 8000kbit prio 2
$TCA parent 1:1 classid 1:22 htb rate 3680kbit ceil 8000kbit prio 2
$TQA parent 1:10 handle 10: $SFQ
$TQA parent 1:11 handle 11: $SFQ
$TQA parent 1:12 handle 12: $SFQ
$TQA parent 1:13 handle 13: $SFQ
$TQA parent 1:14 handle 14: $SFQ
$TQA parent 1:15 handle 15: $SFQ
$TQA parent 1:16 handle 16: $SFQ
$TQA parent 1:17 handle 17: $SFQ
$TQA parent 1:18 handle 18: $SFQ
$TQA parent 1:19 handle 19: $SFQ
$TQA parent 1:20 handle 20: $SFQ
$TQA parent 1:21 handle 21: $SFQ
$TQA parent 1:22 handle 22: $SFQ
$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
$TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
$TFA parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
$TFA parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
$TFA parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
$TFA parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
$TFA parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
$TFA parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
$TFA parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
$TFA parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
$TFA parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
$TFA parent 1:0 prio 2 protocol ip handle 21 fw flowid 1:21
$TFA parent 1:0 prio 2 protocol ip handle 22 fw flowid 1:22
iptables -t mangle -A POSTROUTING -d 192.168.0.10 -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -d 192.168.0.11 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.0.12 -j MARK --set-mark 12
iptables -t mangle -A POSTROUTING -d 192.168.0.13 -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -d 192.168.0.14 -j MARK --set-mark 14
iptables -t mangle -A POSTROUTING -d 192.168.0.15 -j MARK --set-mark 15
iptables -t mangle -A POSTROUTING -d 192.168.0.16 -j MARK --set-mark 16
iptables -t mangle -A POSTROUTING -d 192.168.0.17 -j MARK --set-mark 17
iptables -t mangle -A POSTROUTING -d 192.168.0.18 -j MARK --set-mark 18
iptables -t mangle -A POSTROUTING -d 192.168.0.19 -j MARK --set-mark 19
iptables -t mangle -A POSTROUTING -d 192.168.0.20 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -d 192.168.0.102 -j MARK --set-mark 21
iptables -t mangle -A POSTROUTING -d 192.168.0.100 -j MARK --set-mark 22
TCAU="tc class add dev imq0"
TFAU="tc filter add dev imq0"
TQAU="tc qdisc add dev imq0"
modprobe imq
modprobe ipt_IMQ
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 8000kbit
$TCAU parent 1:1 classid 1:10 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:11 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:12 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:13 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:14 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:15 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:16 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:17 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:18 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:19 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:20 htb rate 120kbit ceil 120kbit prio 2
$TCAU parent 1:1 classid 1:21 htb rate 3000kbit ceil 8000kbit prio 2
$TCAU parent 1:1 classid 1:22 htb rate 3680kbit ceil 8000kbit prio 2
$TQAU parent 1:10 handle 10: $SFQ
$TQAU parent 1:11 handle 11: $SFQ
$TQAU parent 1:12 handle 12: $SFQ
$TQAU parent 1:13 handle 13: $SFQ
$TQAU parent 1:14 handle 14: $SFQ
$TQAU parent 1:15 handle 15: $SFQ
$TQAU parent 1:16 handle 16: $SFQ
$TQAU parent 1:17 handle 17: $SFQ
$TQAU parent 1:18 handle 18: $SFQ
$TQAU parent 1:19 handle 19: $SFQ
$TQAU parent 1:20 handle 20: $SFQ
$TQAU parent 1:21 handle 21: $SFQ
$TQAU parent 1:22 handle 22: $SFQ
$TFAU parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
$TFAU parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
$TFAU parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
$TFAU parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
$TFAU parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
$TFAU parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
$TFAU parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
$TFAU parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
$TFAU parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
$TFAU parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
$TFAU parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
$TFAU parent 1:0 prio 2 protocol ip handle 21 fw flowid 1:21
$TFAU parent 1:0 prio 2 protocol ip handle 22 fw flowid 1:22
iptables -t mangle -A PREROUTING -s 192.168.0.10 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -s 192.168.0.11 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.0.12 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -s 192.168.0.13 -j MARK --set-mark 13
iptables -t mangle -A PREROUTING -s 192.168.0.14 -j MARK --set-mark 14
iptables -t mangle -A PREROUTING -s 192.168.0.15 -j MARK --set-mark 15
iptables -t mangle -A PREROUTING -s 192.168.0.16 -j MARK --set-mark 16
iptables -t mangle -A PREROUTING -s 192.168.0.17 -j MARK --set-mark 17
iptables -t mangle -A PREROUTING -s 192.168.0.18 -j MARK --set-mark 18
iptables -t mangle -A PREROUTING -s 192.168.0.19 -j MARK --set-mark 19
iptables -t mangle -A PREROUTING -s 192.168.0.20 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -s 192.168.0.102 -j MARK --set-mark 21
iptables -t mangle -A PREROUTING -s 192.168.0.100 -j MARK --set-mark 22
iptables -t mangle -A PREROUTING -j IMQ --todev 0
iptables -I FORWARD -s 192.168.0.10 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.11 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.12 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.13 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.14 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.15 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.16 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.17 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.18 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.19 -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -s 192.168.0.20 -p tcp -m connlimit --connlimit-above 200 -j DROP
#!/bin/sh
WAN2_IFNAME=vlan2
WAN2_IPADDR=10.0.0.2
WAN2_GATEWAY=10.0.0.1
WAN2_NETMASK=255.0.0.0
if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then
nvram set wan2_ifname=$WAN2_IFNAME
nvram set wan2_ipaddr=$WAN2_IPADDR
nvram set wan2_gateway=$WAN2_GATEWAY
nvram set wan2_netmask=$WAN2_NETMASK
nvram commit
fi
ifconfig $(nvram get wan2_ifname) up $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask)
#!/bin/sh
ip rule flush
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
#!/bin/sh
#DD-WRT firewall rules
#BEGIN
#apply simple forward rules
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
DEST=`echo $TO | cut -d ':' -f 1`
DPORT=`echo $TO | cut -d ':' -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
EPORT=`echo $FROM | cut -d ':' -f 5`

if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
#tcp
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
#iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT:$EPORT -j ACCEPT
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) \
--dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi
if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi
iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in
iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j IMQ --todev 0
iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j SVQOS_IN
iptables -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j SVQOS_OUT
#DD-WRT END
#Save the gateway in the connection mark for new incoming connections
iptables -t mangle -A PREROUTING -i $(nvram get wan_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x100
iptables -t mangle -A PREROUTING -i $(nvram get wan2_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
# Save the gateway in the connection mark for new outgoing connections
iptables -t mangle -A POSTROUTING -o $(nvram get wan_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x100
iptables -t mangle -A POSTROUTING -o $(nvram get wan2_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
# Use the correct gateway for reply packets from the LAN
iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
# Use the correct gateway for reply packets from local connections
iptables -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
#mask known packets to its source address
iptables -A POSTROUTING -t nat -m mark --mark 0x100 -j SNAT --to-source $(nvram get wan_ipaddr)
iptables -A POSTROUTING -t nat -m mark --mark 0x200 -j SNAT --to-source $(nvram get wan2_ipaddr)
#permit access to wan2
iptables -A POSTROUTING -t nat -j MASQUERADE -o $(nvram get wan2_ifname)
#restore-mark is done in PREROUTING. If restored again, will loose the outgoing marks
iptables -t mangle -D SVQOS_OUT -j CONNMARK --restore-mark 2> /dev/null
#iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m multiport -p tcp --dport 22,25,80,110,119,143,443,993,3389 -j MARK --set-mark 0x100
#use WAN1 for common navigation, WAN2 for P2P traffic and others
#iptables -t mangle -I PREROUTING -i $(nvram get lan_ifname) -s 192.168.1.100 -j MARK --set-mark 0x200
#iptables -t mangle -I PREROUTING -i $(nvram get lan_ifname) -s 192.168.1.100 -j LOG --log-prefix 'P2P: '
RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done


вот такой вот скрипт в правила фаерволла...
вот такая таблица маршрутов
Quote:
193.111.254.232 255.255.255.248 0.0.0.0 WAN
192.168.0.0 255.255.255.0 0.0.0.0 LAN & WLAN
169.254.0.0 255.255.0.0 0.0.0.0 LAN & WLAN
0.0.0.0 0.0.0.0 193.111.254.233 WAN



вопросы:
1 правильно ли все сдлелано?
2 - как правильно добавить маршруты что бы похало???
3 в случае обрубания 1 интерфеса нагрузка плавнинько перейдет на 2й?
Back to top View user's profile Send private message
Sponsor
yozz
DD-WRT User


Joined: 23 Nov 2009
Posts: 81
Location: russia
PostPosted: Tue Dec 15, 2009 21:04    Post subject: Re: ГУРУ ЕСТЬ?) ДУАЛ ВАН ROUTE@# $@#) Reply with quote
РЕБЯТА ЧТО ВЫ МОЛЧИТЕ !(№*;?( 3 неделя пошла уже как спрашиваю!!! ТКНИТЕ НОСОМ ЕСЛИ РЯДОМ!!!!!!!!!!!! ИЛИ ПОМОГИТЕ!!!!!!!!!!!!!!!
Back to top View user's profile Send private message
yozz
DD-WRT User


Joined: 23 Nov 2009
Posts: 81
Location: russia
PostPosted: Thu Dec 17, 2009 23:17    Post subject: Re: ГУРУ ЕСТЬ?) ДУАЛ ВАН ROUTE@# $@#) Reply with quote
UP

)) как прописать маршруты?
Back to top View user's profile Send private message
yozz
DD-WRT User


Joined: 23 Nov 2009
Posts: 81
Location: russia
PostPosted: Sat Dec 19, 2009 21:22    Post subject: Re: ГУРУ ЕСТЬ?) ДУАЛ ВАН ROUTE@# $@#) Reply with quote
up
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Использование и установка DD-WRT All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum