最近公司有个需求,需要使用多条 adsl 接入到一台linux 服务器上并做NAT使用,而且要实现带宽负载均衡。在网上搜索一些资料后。把过程中重要点记录一下,留以备用。
1.需要安装rp-pppoe,拨号所需
2.创建拨号配置文件,以/etc/sysconfig/network-scripts/ifcfg-ppp309 为例,根据实际情况不必照抄 
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@***** ~]
# cat /etc/sysconfig/network-scripts/ifcfg-ppp309
USERCTL=
yes
BOOTPROTO=dialup
NAME=DSLppp309
DEVICE=ppp309
TYPE=xDSL
ONBOOT=no
PIDFILE=
/var/run/pppoe-adsl309
.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=
yes
SYNCHRONOUS=no
ETH=eth4
#这里我使用物理网卡ETH4,记得把猫的网线插在这个网卡上,这样才能拨号
PROVIDER=DSLppp309
USER=XXXXX
#ADSL帐号
PEERDNS=no
DEMAND=no
|
3.创建拨号的密码文件
|
1
2
3
4
5
6
|
[root@**** ~]
# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
"ADSL帐号"
*
"密码"
|
4.把所有的猫都插在不同的物理网卡上。按照2,3步骤一次添加配置文件和密码。
5.现在测试拨号(然后一次测试不同配置文件,等同于测试不同的帐号是否都可以拨号成功,注意猫是否都加载电源,网线是否插好)
|
1
|
/sbin/adsl-start
/etc/sysconfig/network-scripts/ifcfg-ppp309
|
若拨号成功,ifconfig后显示ppp0的相关信息(注意这里没有给出其他物理网卡的信息,你懂的,但实战中并不影响效果)
|
1
2
3
4
5
6
7
8
|
[root@**** ~]
#ifconfig
ppp0 Link encap:Point-to-Point Protocol
inet addr:121.34.103.105 P-t-P:121.34.100.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:54809 errors:0 dropped:0 overruns:0 frame:0
TX packets:57439 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47257780 (45.0 MiB) TX bytes:4184643 (3.9 MiB)
|
断开拨号连接
|
1
|
/sbin/adsl-stop
/etc/sysconfig/network-scripts/ifcfg-ppp309
|
6.所有拨号成功后,现在创建iptables规则,让服务器提供NAT功能(这里有4条ADSL,ppp0~ppp3)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -F
iptables -X
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT
####
modprobe ip_conntrack hashsize=30000
iptables -t nat -A POSTROUTING -s 10.13.0.0
/255
.255.0.0 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0
/255
.255.0.0 -o ppp1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0
/255
.255.0.0 -o ppp2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0
/255
.255.0.0 -o ppp3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.13.0.0
/255
.255.0.0 -o eth0 -j MASQUERADE
#(若ADSL都失效的话,让起走默认的ETH0,备用策略)
iptables -A FORWARD -s 10.13.0.0
/16
-j ACCEPT
iptables -A FORWARD -d 10.13.0.0
/16
-j ACCEPT
###
iptables -A INPUT -s 10.13.0.0
/16
-p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -d 127.0.0.1 -j ACCEPT
ip route
|
7.到目前位置,还有一个问题没有解决,如何带宽的负载均衡?
其实主要一个命令即可搞定,需要添加多个网关嘛……嘿嘿
|
1
|
ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
|
但还是有问题啊,万一那条ADSL DOWN掉了肿么办呢?
这个问题,让下面这个脚本来解决吧。
脚本工作原理:每隔5秒检测当前ADSL连线的状态,若有掉线的,将此线路踢出网关集合中(这里4条线路,你有几条就自己重新修改脚本啊,千万不要照抄……)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
#!/bin/bash
#check ppp status
#date:2013-03-29
#by minyoni
#
#
##########################################################################################################
ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
ACTIVE_PPP_STATUS=
"15"
while
(
true
)
do
PPP_STATUS=
"0"
if
[
"`ifconfig | awk -F"
[ :]
" '/ppp0/{print $1}'`"
=
"ppp0"
];
then
PPP_STATUS=`
expr
$PPP_STATUS + 1`
fi
#
if
[
"`ifconfig | awk -F"
[ :]
" '/ppp1/{print $1}'`"
=
"ppp1"
];
then
PPP_STATUS=`
expr
$PPP_STATUS + 2`
fi
#
if
[
"`ifconfig | awk -F"
[ :]
" '/ppp2/{print $1}'`"
=
"ppp2"
];
then
PPP_STATUS=`
expr
$PPP_STATUS + 4`
fi
#
if
[
"`ifconfig | awk -F"
[ :]
" '/ppp3/{print $1}'`"
=
"ppp3"
];
then
PPP_STATUS=`
expr
$PPP_STATUS + 8`
fi
###
if
[ $ACTIVE_PPP_STATUS -
ne
$PPP_STATUS ];
then
case
"$PPP_STATUS"
in
0)
/root/check-ppp-status
.sh
;;
1) ip route replace default via 120.197.94.1
;;
2) ip route replace default via 120.197.94.1
;;
3) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1
;;
4) ip route replace default via 120.197.94.1
;;
5) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1
;;
6) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
7) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
8)ip route replace default via 120.197.94.1
;;
9) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp3 weight 1
;;
10) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
11) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
12) ip route replace default equalize nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
13) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
14) ip route replace default equalize nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
15) ip route replace default equalize nexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
esac
ip route flush cache
fi
ACTIVE_PPP_STATUS=
"$PPP_STATUS"
sleep
5
done
|
然后呢,放到后台去处理把……
|
1
|
nohup
sh 你创建的脚本名 &
|
8.后续的一些交代……
察看当前路由情况和网关
|
1
|
ip route
|
察看ADSL连线情况
|
1
|
ip link
ls
|
其实,可以修改上面的脚本,如果有连线异常,可以做发邮件或短信报警,主要是否有额外需求了。
恩,好意淫完毕!
扫一扫
1191
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
