WL-550gE :: êàê íàñòðîèòü 2 âõîäÿùèõ êàíàëà? [Archive]

Bekijk de volledige versie : WL-550gE :: êàê íàñòðîèòü 2 âõîäÿùèõ êàíàëà?

andycpp

03-01-2007, 17:28

Êîëëåãè, õåëï, ò.ê. â þíèêñå - ëàìåð.
Ñèòóàöèÿ ñëåäóþùàÿ:
æåëåçî: åñòü wl-550gE, åñòü 2 ìîäåìà - îäèí (docsis) - ïîëó÷àåò IP ïî DHCP (õîòÿ IP íå ìåíÿåòñÿ, íî áåç DHCP âîçíèêàþò ïðîáëåìû), âòîðîé (adsl) - ñî âñòðîåííûì nat/fw/router è ïîëó÷àåò àäðåñ ÷åðåç PPPoE.
êîìïû: íåñêîëüêî, ïîäêëþ÷åíû â àñóñ ïðîâîäíûì è áåñïðîâîäíûì ïóò¸ì
ñåòü: âíóòðåííÿÿ 10.0.0.0/24, íåñêîëüêî ïîðòîâ ôîðâàðäÿòñÿ íà âíóòðåííèå ìàøèíû

àñóñ - 10.0.0.1, adsl-ìîäåì - 10.0.0.2

Êàê íàñòðîèòü ýòî äåëî òàê, ÷òîáû ÷àñòü òðàôèêà øëà ÷åðåç docsis-ìîäåì, à âñ¸ îñòàëüíîå - ÷åðåç adsl, êðîìå òîãî, íóæíî îñòàâèòü ôîðâàðäèíã ïîðòîâ ñ docsis íà âíóòðåííèå êîìïû?

ß ïîñòàâèë ïðîøèâêó Îëåãà, íî íàñòðîèòü íèêàê íå ïîëó÷àåòñÿ - ÷òî ÿ ñäåëàë - docsis âîòêíóë â WAN-ïîðò, adsl-ìîäåì â îäèí èç LAN-ïîðòîâ, à äàëüøå íè÷åãî íå ïîëó÷àåòñÿ - ïðîñòî ÷åðåç òàáëèöó ðîóòèíãà ìîãó çàäàòü âûáîðî÷íî ìàðøðóòû õîæäåíèÿ ÷åðåç adsl - îíè ðàáîòàþò, à âîò åñëè ïûòàþñü íàîáîðîò - default gateway'åì ñäåëàòü ýòîò adsl, òî íè÷åãî íå ðàáîòàåò - âåðíåå êàê, èñõîäÿùèå ñîåäèíåíèÿ îòðàáàòûâàþòñÿ, à âîò ôîðâàðäèíã ïîðòîâ è ò.ï. - îòêëþ÷àåòñÿ :(
äà, è äåëàòü 2 NAT'à íå íóæíî - ó adsl-ìîäåìà îí óæå åñòü. Åñëè íå ñëîæíî, íàïèøèòå êàê äëÿ èäèîòà êîìàíäû :)

andycpp

04-01-2007, 18:12

Â îáùåì êàê âûãëÿäèò êàðòèíà

[@root]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
82.144.206.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan1
82.144.206.0 0.0.0.0 255.255.255.128 U 0 0 0 vlan1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 82.144.206.1 0.0.0.0 UG 0 0 0 vlan1

[@root]$ iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
VSERVER all -- 0.0.0.0/0 82.144.206.10
NETMAP udp -- 0.0.0.0/0 82.144.206.10 udp spt:6112 10.0.0.0/24

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
NETMAP udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:6112 82.144.206.10/32
MASQUERADE all -- !82.144.206.10 0.0.0.0/0
MASQUERADE all -- 10.0.0.0/24 10.0.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain VSERVER (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:10.0.0.101:25
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100:80

Òåïåðü ìåíÿþ DG íà adsl-ìîäåì

[@root]$ route delete default
[@root]$ route add default gateway 10.0.0.2
[@root]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
82.144.206.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan1
82.144.206.0 0.0.0.0 255.255.255.128 U 0 0 0 vlan1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 br0
[@root]$ iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
VSERVER all -- 0.0.0.0/0 82.144.206.10
NETMAP udp -- 0.0.0.0/0 82.144.206.10 udp spt:6112 10.0.0.0/24

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
NETMAP udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:6112 82.144.206.10/32
MASQUERADE all -- !82.144.206.10 0.0.0.0/0
MASQUERADE all -- 10.0.0.0/24 10.0.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain VSERVER (1 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:10.0.0.101:25
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.100:80

è âîò ïîñëå ýòîãî ïîðòû óæå íà ôîðâàðäÿòñÿ :( (ò.å. ïàêåòû, ïðèõîäÿùèå íà 82.144.206.10:80 íå ïîïàäàþò íà 10.0.0.100:80 è ò.ï.

÷òî ÿ äåëàþ íå òàê? :(

çû. è ÷òî òàêîå NETMAP udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:6112 82.144.206.10/32 ?

andycpp

05-01-2007, 23:21

Ñèæó òóò, êîïàþñü :)
Âûÿñíèë ñëåäóþùåå - ïðè çàìåíå DG ïîëó÷àåòñÿ ñëåäóþùåå - ïî îäíîìó êàíàëó ïðèõîäèò SYN-çàïðîñ íà TCP ñîåäèíåíèå, à âîò SYN ACK îòñûëàåòñÿ óæå ïî âòîðîìó êàíàëó (â ñîîòâ. ñ DG). Ñîîòâåòñòâåííî, ñîåäèíåíèå íå óñòàíàâëèâàåòñÿ.
Êàê ýòî ìîæíî ïîáîðîòü?

SPI-Firewall âåäü åñòü, îí, ïî-èäåå, îòñëåæèâàåò TCP handshake ïîñëåäîâàòåëüíîñòè, è, êàê ÿ ïîíèìàþ, ìîæåò ïðàâèëüíî ðîóòèòü... Íî êàê ýòî ïðèìåíèòü?

Luddit

06-01-2007, 07:12

Ïî ïîâîäó äâóõ âíåøíèõ òóò âñòðå÷àþòñÿ ñîâåòû:

Íàñòðîéêà íåñêîëüêèõ WAN. Íóæíî òåì ó êîãî íåñêîëüêî ïðîâàéäåðîâ èëè åñëè õî÷åòñÿ ðàçäåëèòü ïîðòû è ðàçäàâàòü èíòåðíåò íåçàèñèìî. Â ðîóòåðå èñïîëüçóåòñÿ ñâèò÷ ñ ïîääåðæêîé vlan. Ïîðòû íóìåðóþòñÿ USB-1-2-3-4-0, ãäå 0-WAN. ×òîáû ñäåëàòü íàïðèìåð 1 ïîðò íåçàâèñèìûì íóæíî äàòü êîìàíäû
robocfg vlan 2 ports "1 5t" vlan 0 ports "2 3 4 5t"
vconfig add eth0 2
ïîñëå ýòîãî ïîÿâèòñÿ ïîëíîöåííûé èíòåðôåéñ vlan2. Ïîñìîòðåòü ñïèñîê èíòåðôåéñîâ êîìàíäîé ifconfig -a
ïîñìîòðåòü êîíôèãóðàöèþ ïîðòîâ ñâèò÷à robocfg show
Íîâîìó èíòåðôåéñó ìîæíî íàçíà÷èòü ñâîé MAC àäðåñ êîìàíäîé
ifconfig hw ether 00:11:32:23:32:23
çàïóñòèòü èíòåðôåéñ:
ifconfig vlan2 192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0 up

è

áàíàëüíûé ip route add default table XXX scope global nexthop via $IP1 dev ppp0 weight 1 nexthop via $IP2 dev ppp1 weight 1 óæå íå óñòðàèâàåò?
Ñ àäñë-îì äàæå èçâðàòîâ ñ ïàò÷àìè äëÿ dead-ìàðøðóòîâ íå íóæíî - âñå ÷åðåç ip-up è ip-down äåëàåòñÿ

Íî ÷óþ, ÷òî äîëæíî áûòü ÷òî-òî åùå. Òàêæå íåÿñíà ðàáîòîñïîñîáíîñòü áåç ñâîïà íà ôëýøêå.
Â îáùåì, î÷åíü õî÷åòñÿ öåëèêîì ðàáîòàþùèé ïðèìåð äëÿ áàëàíñèðîâêè äâóõ âíåøíèõ êàíàëîâ.

andycpp

06-01-2007, 09:29

Ïîíèìàåøü êàê ïîëó÷àåòñÿ - ïîñëå òîãî, êàê ÿ äîáàâëÿþ vlan2, è äàþ åìó ÈÏ, ñêàæåì, 10.0.2.10 (à àäñë-ìîäåì - 10.0.2.1) òî ñ ðîóòåðà ÿ ìîäåì ìîãó ïèíãîâàòü, à âîò ñ êîìïà - íåò :( Õîòÿ ÿ ðîóòèíã äîáàâèë
route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.10

ïî÷åìó òàê?

Luddit

06-01-2007, 09:39

Ðîóòèíã äîáàâèë â êîìï èëè â ðîóòåð? Ì.á. êîìïó ÿâíî íàäî óêàçàòü, ÷òî ïàêåòû äëÿ ìîäåìà íàäî ñëàòü íà ðîóòåð, à äàëüøå îí ñàì ðàçáåðåòñÿ?

andycpp

06-01-2007, 10:48

Ïî÷åìó íå ïèíãîâàëñÿ - ðàçîáðàëñÿ. Íóæíî îòêëþ÷àòü ìàñêàðàä äëÿ vlan2. Íî ñòàðàÿ ïðîáëåìà òàê è îñòàëàñü - ïåðåñòàþò ôîðâàðäèòüñÿ ïîðòû. Âåðíåå, (êàê ÿ ïîíèìàþ) íå ïîëó÷àåòñÿ tcp handshake - çàïðîñ íà ñîåäèíåíèå ïðèõîäèò ïî îäíîìó êàíàëó, à îòâåò íà íåãî îòñûëàåòñÿ ïî äðóãîìó...

Êàê ñäåëàòü òàê, ÷òî åñëè ïàêåò ïðèøåë ÷åðåç îäèí êàíàë (èíòåðôåéñ), òî è îòâå÷àòü íóæíî òóäà æå?

ß íàøåë âîò ÷òî:

Next, you set up the routing rules. These actually choose what routing table to route with. You want to make sure that you route out a given interface if you already have the corresponding source address:
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
This set of commands makes sure all answers to traffic coming in on a particular interface get answered from that interface.

Íî ó ìåíÿ íå ðàáîòàþò êîìàíäà ip rule è òàáëèöû ðîóòèíãà :( Ìîæåò ïðîøèâêà íå ñîáðàíà êàê advanced router?