- Mangle + OUTPUT
+ Responder ao Tópico
-
Mangle + OUTPUT
Senhores utilizo source routing para direcionar os servicos que quero para um link especifico...
Acontece é que o trafego da chain FORWARD obedece fielmente a esse esquema mas quando o trafego é gerado no servidor que faz esse direcionamento (chain OUTPUT) ele simplesmente ignora e sai pelo default gateway da tabela main.
Alguem poderia me ajudar com esse problema ?
Segue o script.
ADSL4M=1000
ADSL400=2000
#Direcionamento ADSL 400
# Trafego originado neste servidor
iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark $ADSL4M
iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 27 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 222 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 9922 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 2223 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 8022 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 2222 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 22110 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 2287 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 65300 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 53000 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 22000 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 31053 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 2002 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 4000 -j MARK --set-mark 2000
iptables -t mangle -A OUTPUT -p tcp --dport 5000 -j MARK --set-mark $ADSL400
iptables -t mangle -A OUTPUT -p tcp --dport 6735 -j MARK --set-mark $ADSL400
#Trafego originado na Rede Local e VPNs
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p icmp -j MARK --set-mark $ADSL4M
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 22 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 27 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 222 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 9922 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 2223 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 8022 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 2222 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 22110 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 2287 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 65300 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 53000 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 22000 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 31053 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 2002 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 4000 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 5000 -j MARK --set-mark $ADSL400
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 6735 -j MARK --set-mark $ADSL400###################################################
# ROTEAMENTO GVT E BRT
###################################################
echo "Inicializando procedimento de rotas"
# RESETANDO TABELAS DE ROTAS, PADRAO DO SISTEMA
echo "255 local" > /etc/iproute2/rt_tables
echo "254 main" >> /etc/iproute2/rt_tables
echo "253 default" >> /etc/iproute2/rt_tables
echo "0 unspec" >> /etc/iproute2/rt_tables
# ADICIONANDO OUTRAS TABELAS
echo "200 router1" >> /etc/iproute2/rt_tables
echo "201 router2" >> /etc/iproute2/rt_tables
echo "202 router3" >> /etc/iproute2/rt_tables
echo "203 router4" >> /etc/iproute2/rt_tables
echo "Declarando variaveis"
GATE1=192.168.254.254
LINK1=192.168.254.1
GATE2=10.1.1.1
LINK2=10.1.1.2
# RESETANDO AS TABELAS
echo " resetando as tabelas"
ip route flush table router1
ip route flush table router2
# CRIANDO A TABELA 1
echo " criando a tabela 1"
ip route show table main | grep -v ^default | while read ROUTE ; do
ip route add table router1 $ROUTE
done
ip route add $LINK1 via $GATE1 table router1
ip route add default via $GATE1 table router1
# CRIANDO A TABELA 2
echo " criando a tabela 2"
ip route show table main | grep -v ^default | while read ROUTE ; do
ip route add table router2 $ROUTE
done
ip route add $LINK2 via $GATE2 table router2
ip route add default via $GATE2 table router2
# CRIANDO AS REGRAS
ip rule del from $LINK1 table router1 prio 26
ip rule del from $LINK2 table router2 prio 27
ip rule del fwmark 1000 table router1 prio 29
ip rule del fwmark 2000 table router2 prio 30
ip rule del from $LINK1 table router1 prio 26
ip rule del from $LINK2 table router2 prio 27
ip rule del fwmark 1 table router1 prio 29
ip rule del fwmark 2 table router2 prio 30
echo " criando regras"
ip rule add from $LINK1 table router1 prio 26
ip rule add from $LINK2 table router2 prio 27
ip rule add fwmark 1000 table router1 prio 29
ip rule add fwmark 2000 table router2 prio 30
-
Cara, tive esse mesmo problema e tb nao achei solucao...
Espero que alguém ajude!
Abraco!
-
Grande Chara...
Pois é cara to com essa dificuldade e nao encontrei nada tbm no "Oráculo".
Por enquanto estou utilizando uma outra maquina atraz desse linux para gerar esse trafego conforme a necessidade, mas nao é o cenario ideal q eu imaginei.
Ai Galera ninguem conhece uma solucao pra isso ?
Abraços.
Fabricio
Citação