28.9.2003

ZNOVU SOURCE ROUTING

Filed under: Uncategorized — nax @ 19:04

Dnes jsem snad konecne pochopil co mi chtel LOC vcera rict tim prikladem. Vysledkem meho dnesniho snazeni jsou 2 scripty, spoustene po nahozeni interfacu. Tadu jsou:

naxrouter:~# cat /sbin/routy
#!/bin/bash
ip route flush table upc
ip route flush table czfree
# Routa pro provoz uvnitr czfree pro tabulku main, pouzitou pro localhost
ip route add 10.0.0.0/8 via 10.27.4.1 dev wlan1

# Tabulka upc s definovanym MARK 1 a routou do AP, do lokalni site a czfree
# s default doutou do upc. Pro lidi ktery budou preze mne lezt na inet.
ip rule add fwmark 1 table upc
ip route add 10.27.8.0/24 dev wlan0 table upc
ip route add 10.27.72.0/24 dev eth0 table upc
ip route add 10.0.0.0/8 via 10.27.4.1 dev wlan1 table upc
ip route add default via 10.27.72.1 dev eth0 table upc

ip rule add fwmark 2 table czfree
ip route add 10.27.8.0/24 dev wlan0 table czfree
ip route add 10.27.72.0/24 dev eth0 table czfree
ip route add default via 10.27.4.1 dev wlan1 table czfree

/sbin/ipmarks
naxrouter:~# cat /sbin/ipmarks
#!/bin/bash
# Smaznem predchozi pravidla
iptables -t mangle -F
iptables -A PREROUTING -t mangle -j MARK –set-mark 2

echo ‘
open(ADDR,”/etc/upc.allow”);
while ($IP=) {
chomp($IP);
system(“iptables -A PREROUTING -s $IP -t mangle -j MARK –set-mark 1”);
}
‘ | perl

Comments are closed.

Powered by WordPress