近公司有个需求,需要使用多条 adsl 接入到一台linux 服务器上并做NAT使用,而且要实现带宽负载均衡。在网上搜索一些资料后。把过程中重要点记录一下,留以备用。
1.需要安装rp-pppoe,拨号所需
2.创建拨号配置文件,以/etc/sysconfig/network-scripts/ifcfg-ppp309 为例,根据实际情况不必照抄
shell命令范例
[root@***** ~]# cat /etc/sysconfig/network-scripts/ifcfg-ppp309
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp309
DEVICE=ppp309
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl309.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth4 #这里我使用物理网卡ETH4,记得把猫的网线插在这个网卡上,这样才能拨号
PROVIDER=DSLppp309
USER=XXXXX #ADSL帐号
PEERDNS=no
DEMAND=no
3.创建拨号的密码文件
[root@**** ~]
# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
"ADSL帐号"
*
"密码"
4.把所有的猫都插在不同的物理网卡上。按照2,3步骤一次添加配置文件和密码。
5.现在测试拨号(然后一次测试不同配置文件,等同于测试不同的帐号是否都可以拨号成功,注意猫是否都加载电源,网线是否插好)
?
shell命令范例
1
/sbin/adsl-start /etc/sysconfig/network-scripts/ifcfg-ppp309
若拨号成功,ifconfig后显示ppp0的相关信息(注意这里没有给出其他物理网卡的信息,你懂的,但实战中并不影响效果)
shell命令范例
1
2
3
4
5
6
7
8
[root@**** ~]#ifconfig
ppp0 Link encap:Point-to-Point Protocol
inet addr:121.34.103.105 P-t-P:121.34.100.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:54809 errors:0 dropped:0 overruns:0 frame:0
TX packets:57439 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47257780 (45.0 MiB) TX bytes:4184643 (3.9 MiB)
断开拨号连接
?
shell命令范例
1
/sbin/adsl-stop /etc/sysconfig/network-scripts/ifcfg-ppp309
6.所有拨号成功后,现在创建iptables规则,让服务器提供NAT功能(这里有4条ADSL,ppp0~ppp3)
?
shell命令范例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -F
iptables -X
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT
####
modprobe ip_conntrack hashsize=30000
iptables -t nat -A POSTROUTING -s 10.13.0.0/255.255.0.0 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0/255.255.0.0 -o ppp1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0/255.255.0.0 -o ppp2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0/255.255.0.0 -o ppp3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0/255.255.0.0 -o eth0 -j MASQUERADE #(若ADSL都失效的话,让起走默认的ETH0,备用策略)
iptables -A FORWARD -s 10.13.0.0/16 -j ACCEPT
iptables -A FORWARD -d 10.13.0.0/16 -j ACCEPT
###
iptables -A INPUT -s 10.13.0.0/16 -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -d 127.0.0.1 -j ACCEPT
ip route
7.到目前位置,还有一个问题没有解决,如何带宽的负载均衡?
其实主要一个命令即可搞定,需要添加多个网关嘛……嘿嘿
?
shell命令范例
1
ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
但还是有问题啊,万一那条ADSL DOWN掉了肿么办呢?
这个问题,让下面这个脚本来解决吧。
脚本工作原理:每隔5秒检测当前ADSL连线的状态,若有掉线的,将此线路踢出网关集合中(这里4条线路,你有几条就自己重新修改脚本啊,千万不要照抄……)
?
shell命令范例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
#check ppp status
#date:2013-03-29
#by minyoni
#
#
##########################################################################################################
ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
ACTIVE_PPP_STATUS="15"
while (true)
do
PPP_STATUS="0"
if [ "`ifconfig | awk -F"[ :]" '/ppp0/{print $1}'`" = "ppp0" ]; then
PPP_STATUS=`expr $PPP_STATUS + 1`
fi
#
if [ "`ifconfig | awk -F"[ :]" '/ppp1/{print $1}'`" = "ppp1" ]; then
PPP_STATUS=`expr $PPP_STATUS + 2`
fi
#
if [ "`ifconfig | awk -F"[ :]" '/ppp2/{print $1}'`" = "ppp2" ]; then
PPP_STATUS=`expr $PPP_STATUS + 4`
fi
#
if [ "`ifconfig | awk -F"[ :]" '/ppp3/{print $1}'`" = "ppp3" ]; then
PPP_STATUS=`expr $PPP_STATUS + 8`
fi
###
if [ $ACTIVE_PPP_STATUS -ne $PPP_STATUS ]; then
case "$PPP_STATUS" in
0) /root/check-ppp-status.sh
;;
1) ip route replace default via 120.197.94.1
;;
2) ip route replace default via 120.197.94.1
;;
3) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1
;;
4) ip route replace default via 120.197.94.1
;;
5) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1
;;
6) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
7) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
8)ip route replace default via 120.197.94.1
;;
9) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp3 weight 1
;;
10) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
11) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
12) ip route replace default equalize nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
13) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
14) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
15) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
esac
ip route flush cache
fi
ACTIVE_PPP_STATUS="$PPP_STATUS"
sleep 5
done
然后呢,放到后台去处理把……
?
shell命令范例
1
nohup sh 你创建的脚本名 &
8.后续的一些交代……
察看当前路由情况和网关
?
shell命令范例
1
ip route
察看ADSL连线情况
?
shell命令范例
1
ip link ls
其实,可以修改上面的脚本,如果有连线异常,可以做发邮件或短信报警,主要是否有额外需求了。
恩,好意淫完毕!