Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
documentation:infrastructure:exemple_sames [2011/06/20 11:54] maethor créée |
documentation:infrastructure:exemple_sames [2012/09/17 08:15] (Version actuelle) |
||
---|---|---|---|
Ligne 55: | Ligne 55: | ||
- | __**Schéma de la passerelle**__ | + | __**Schéma de la passerelle**__ |
- | {{: | ||
- | //Infos: Les IPs données dans ces exemples ne correspondent pas aux IPs réellement utilisées sur notre réseau.// | + | {{:documentation: |
- | Aujourd' | ||
- | ppp0 --> 80.68.167.128/ | ||
- | ppp1 --> 80.68.167.160/ | ||
- | ppp2 --> 80.68.167.192/ | ||
- | ppp3 --> 80.68.167.224/ | ||
- | Si l'on veut utiliser la même interface physique pour monter plusieurs connexions ppp il faut utiliser les vlan, car lors de la négociation pppoe avec le serveur, le serveur n' | + | //Infos: Les IPs données dans ces exemples ne correspondent pas aux IPs réellement utilisées |
- | Pour cela Il faut avoir installé le paquet vlan (voir vconfig) pour pouvoir utiliser les vlan sur une debian.\\ | + | |
- | http:// | ||
+ | Aujourd' | ||
- | __configuration du fichier interface__ | ||
- | //alix:/# cat / | + | Si l'on veut utiliser la même interface physique pour monter plusieurs connexions ppp il faut utiliser les vlan, car lors de la négociation pppoe avec le serveur, le serveur n' |
- | # This file describes the network interfaces available on your system | ||
- | # and how to activate them. For more information, | ||
- | |||
- | # The loopback network interface | ||
- | auto lo eth0 eth1 eth2 | ||
- | iface lo inet loopback | ||
- | |||
- | iface eth0 inet static | ||
- | post-up iptables-restore < / | ||
- | address 192.168.2.1 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.2.255 | ||
- | network 192.168.2.0 | ||
- | |||
- | auto eth0.101 | ||
- | iface eth0.101 inet static | ||
- | address 192.168.101.2 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.101.255 | ||
- | network 192.168.101.0 | ||
- | hwaddress ether 00: | ||
- | |||
- | auto eth0.102 | ||
- | iface eth0.102 inet static | ||
- | address 192.168.102.2 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.102.255 | ||
- | network 192.168.102.0 | ||
- | hwaddress ether 00: | ||
- | |||
- | auto eth0.103 | ||
- | iface eth0.103 inet static | ||
- | address 192.168.103.2 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.103.255 | ||
- | network 192.168.103.0 | ||
- | hwaddress ether 00: | ||
- | |||
- | auto eth0.104 | ||
- | iface eth0.104 inet static | ||
- | address 192.168.104.2 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.104.255 | ||
- | network 192.168.104.0 | ||
- | hwaddress ether 00: | ||
- | |||
- | # LAN Private Network | ||
- | iface eth1 inet static | ||
- | address 192.168.1.1 | ||
- | netmask 255.255.255.0 | ||
- | broadcast 192.168.1.255 | ||
- | network 192.168.1.0 | ||
- | |||
- | # LAN Publique Network | ||
- | iface eth2 inet static | ||
- | address 80.68.167.129 | ||
- | netmask 255.255.255.128 | ||
- | broadcast 80.68.167.255 | ||
- | network 80.68.167.128 | ||
- | __Définition de 4 tables iproute, une par connexion ppp (WAN1, | + | [[http:// |
- | //alix:/# cat / | ||
- | # | + | __configuration du fichier interface__ |
- | # reserved values | + | |
- | # | + | |
- | 255 | + | |
- | 254 | + | |
- | 253 | + | |
- | 0 | + | |
- | + | ||
- | 201 WAN1 | + | |
- | 202 WAN2 | + | |
- | 203 WAN3 | + | |
- | 204 WAN4 | + | |
- | __script de routage lancé au boot__ | ||
- | //alix:/# cat / | + | //alix:/# cat / |
+ | < | ||
+ | # This file describes the network interfaces available on your system | ||
+ | # and how to activate them. For more information, | ||
+ | |||
+ | # The loopback network interface | ||
+ | auto lo eth0 eth1 eth2 | ||
+ | iface lo inet loopback | ||
+ | |||
+ | iface eth0 inet static | ||
+ | post-up iptables-restore </ | ||
+ | address 192.168.2.1 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.2.255 | ||
+ | network 192.168.2.0 | ||
+ | |||
+ | auto eth0.101 | ||
+ | iface eth0.101 inet static | ||
+ | address 192.168.101.2 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.101.255 | ||
+ | network 192.168.101.0 | ||
+ | hwaddress ether 00: | ||
+ | |||
+ | auto eth0.102 | ||
+ | iface eth0.102 inet static | ||
+ | address 192.168.102.2 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.102.255 | ||
+ | network 192.168.102.0 | ||
+ | hwaddress ether 00: | ||
+ | |||
+ | auto eth0.103 | ||
+ | iface eth0.103 inet static | ||
+ | address 192.168.103.2 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.103.255 | ||
+ | network 192.168.103.0 | ||
+ | hwaddress ether 00: | ||
+ | |||
+ | auto eth0.104 | ||
+ | iface eth0.104 inet static | ||
+ | address 192.168.104.2 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.104.255 | ||
+ | network 192.168.104.0 | ||
+ | hwaddress ether 00: | ||
+ | |||
+ | # LAN Private Network | ||
+ | iface eth1 inet static | ||
+ | address 192.168.1.1 | ||
+ | netmask 255.255.255.0 | ||
+ | broadcast 192.168.1.255 | ||
+ | network 192.168.1.0 | ||
+ | |||
+ | # LAN Publique Network | ||
+ | iface eth2 inet static | ||
+ | address 80.68.167.129 | ||
+ | netmask 255.255.255.128 | ||
+ | broadcast 80.68.167.255 | ||
+ | network 80.68.167.128 | ||
+ | </ | ||
+ | |||
+ | |||
+ | __Définition de 4 tables iproute, une par connexion ppp (WAN1, | ||
+ | |||
+ | |||
+ | //alix:/# cat / | ||
+ | < | ||
+ | # | ||
+ | # reserved values | ||
+ | # | ||
+ | 255 | ||
+ | 254 | ||
+ | 253 | ||
+ | 0 | ||
+ | |||
+ | 201 WAN1 | ||
+ | 202 WAN2 | ||
+ | 203 WAN3 | ||
+ | 204 WAN4 | ||
+ | </ | ||
+ | |||
+ | |||
+ | __script de routage lancé au boot__ | ||
+ | |||
+ | |||
+ | //alix:/# cat / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | |||
+ | PATH=/ | ||
+ | |||
+ | do_stop () { | ||
+ | ip route flush cache | ||
+ | } | ||
+ | |||
+ | do_start () { | ||
+ | ip route flush table WAN1 | ||
+ | ip route flush table WAN2 | ||
+ | ip route flush table WAN3 | ||
+ | ip route flush table WAN4 | ||
+ | |||
+ | # Table WAN1 | ||
+ | ip route add 127.0.0.0/8 dev lo table WAN1 | ||
+ | ip route add 80.68.167.128/ | ||
+ | ip route add 192.168.101.0/ | ||
+ | ip route add 192.168.102.0/ | ||
+ | ip route add 192.168.103.0/ | ||
+ | ip route add 192.168.104.0/ | ||
+ | ip route add 192.168.1.0/ | ||
+ | |||
+ | # Table WAN2 | ||
+ | ip route add 127.0.0.0/8 dev lo table WAN2 | ||
+ | ip route add 80.68.167.128/ | ||
+ | ip route add 192.168.101.0/ | ||
+ | ip route add 192.168.102.0/ | ||
+ | ip route add 192.168.103.0/ | ||
+ | ip route add 192.168.104.0/ | ||
+ | ip route add 192.168.1.0/ | ||
+ | |||
+ | # Table WAN3 | ||
+ | ip route add 127.0.0.0/8 dev lo table WAN3 | ||
+ | ip route add 80.68.167.128/ | ||
+ | ip route add 192.168.101.0/ | ||
+ | ip route add 192.168.102.0/ | ||
+ | ip route add 192.168.103.0/ | ||
+ | ip route add 192.168.104.0/ | ||
+ | ip route add 192.168.1.0/ | ||
+ | |||
+ | # Table WAN4 | ||
+ | ip route add 127.0.0.0/8 dev lo table WAN4 | ||
+ | ip route add 80.68.167.128/ | ||
+ | ip route add 192.168.101.0/ | ||
+ | ip route add 192.168.102.0/ | ||
+ | ip route add 192.168.103.0/ | ||
+ | ip route add 192.168.104.0/ | ||
+ | ip route add 192.168.1.0/ | ||
+ | |||
+ | ip route add 127.0.0.0/8 dev lo | ||
+ | |||
+ | # DEMARRAGE des connexions PPPOE | ||
+ | pon dsl-provider1 | ||
+ | pon dsl-provider2 | ||
+ | pon dsl-provider3 | ||
+ | pon dsl-provider4 | ||
+ | } | ||
+ | |||
+ | case " | ||
+ | start) | ||
+ | do_start | ||
+ | exit 0 | ||
+ | ;; | ||
+ | restart|reload|force-reload) | ||
+ | echo " | ||
+ | exit 3 | ||
+ | ;; | ||
+ | stop) | ||
+ | do_stop | ||
+ | exit 0 | ||
+ | ;; | ||
+ | *) | ||
+ | echo " | ||
+ | exit 3 | ||
+ | ;; | ||
+ | esac | ||
+ | </ | ||
+ | |||
+ | |||
+ | __configuration des fichiers dsl-provider1, | ||
+ | |||
+ | |||
+ | //alix:~# cat / | ||
+ | |||
+ | |||
+ | < | ||
+ | noipdefault | ||
+ | defaultroute | ||
+ | |||
+ | hide-password | ||
+ | lcp-echo-interval 15 | ||
+ | lcp-echo-failure 5 | ||
+ | |||
+ | connect /bin/true | ||
+ | noauth | ||
+ | persist | ||
+ | mtu 1462 | ||
+ | |||
+ | noaccomp | ||
+ | |||
+ | default-asyncmap | ||
+ | |||
+ | plugin rp-pppoe.so eth0.101 | ||
+ | user " | ||
+ | </ | ||
+ | |||
+ | |||
+ | __script de routage lors du montage d'une connexion ppp__ | ||
+ | |||
+ | |||
+ | //alix:~# cat / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | |||
+ | PATH=/ | ||
+ | |||
+ | WAN=WAN1 | ||
+ | NETW=80.68.167.128 | ||
+ | MAXUP0=700 | ||
+ | MAXUP1=600 | ||
+ | |||
+ | if [ " | ||
+ | WAN=WAN1 | ||
+ | NETW=80.68.167.128 | ||
+ | elif [ " | ||
+ | WAN=WAN2 | ||
+ | NETW=80.68.167.160 | ||
+ | elif [ " | ||
+ | WAN=WAN3 | ||
+ | NETW=80.68.167.192 | ||
+ | elif [ " | ||
+ | WAN=WAN4 | ||
+ | NETW=80.68.167.224 | ||
+ | fi | ||
+ | |||
+ | ip route add $PPP_REMOTE dev $PPP_IFACE proto kernel scope link src $PPP_LOCAL table $WAN | ||
+ | ip route add default dev $PPP_IFACE scope link table $WAN | ||
+ | |||
+ | tc qdisc del dev $PPP_IFACE root handle 1: htb | ||
+ | |||
+ | tc qdisc add dev $PPP_IFACE root handle 1: htb default 100 | ||
+ | tc class add dev $PPP_IFACE parent 1: classid 1:1 htb rate 100000Kbit ceil 100000Kbit burst 1023975b cburst 126575b prio 0 quantum 60000 | ||
+ | tc class add dev $PPP_IFACE parent 1:1 classid 1:2 htb rate 800kbit ceil 800kbit burst 6Kb cburst 2224b quantum 60000 | ||
+ | |||
+ | tc class add dev $PPP_IFACE parent 1:2 classid 1:10 htb rate 500kbit ceil ${MAXUP0}kbit burst 48Kb prio 1 quantum 60000 | ||
+ | tc qdisc add dev $PPP_IFACE parent 1:10 handle 10: sfq perturb 10 | ||
+ | |||
+ | tc class add dev $PPP_IFACE parent 1:2 classid 1:3 htb rate 200kbit ceil ${MAXUP0}kbit burst 24Kb prio 2 quantum 60000 | ||
+ | |||
+ | tc class add dev $PPP_IFACE parent 1:3 classid 1:100 htb rate 100kbit ceil ${MAXUP1}kbit burst 24Kb prio 3 quantum 60000 | ||
+ | tc qdisc add dev $PPP_IFACE parent 1:100 handle 100: sfq perturb 10 | ||
+ | |||
+ | tc qdisc del dev $PPP_IFACE ingress | ||
+ | tc qdisc add dev $PPP_IFACE handle ffff: ingress | ||
+ | tc filter replace dev $PPP_IFACE parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 10000kbit burst 500k drop flowid :1 | ||
+ | |||
+ | tc filter add dev $PPP_IFACE parent 1:0 protocol ip prio 1 handle 0x01/0xF fw flowid 1:10 | ||
+ | |||
+ | ip rule del from 80.68.167.128/ | ||
+ | ip rule del from 80.68.167.160/ | ||
+ | ip rule del from 80.68.167.192/ | ||
+ | ip rule del from 80.68.167.224/ | ||
+ | |||
+ | ip rule add from $NETW/27 table $WAN | ||
+ | </ | ||
- | #!/bin/sh | ||
- | |||
- | PATH=/ | ||
- | |||
- | do_stop () { | ||
- | ip route flush cache | ||
- | } | ||
- | |||
- | do_start () { | ||
- | ip route flush table WAN1 | ||
- | ip route flush table WAN2 | ||
- | ip route flush table WAN3 | ||
- | ip route flush table WAN4 | ||
- | |||
- | # Table WAN1 | ||
- | ip route add 127.0.0.0/8 dev lo table WAN1 | ||
- | ip route add 80.68.167.128/ | ||
- | ip route add 192.168.101.0/ | ||
- | ip route add 192.168.102.0/ | ||
- | ip route add 192.168.103.0/ | ||
- | ip route add 192.168.104.0/ | ||
- | ip route add 192.168.1.0/ | ||
- | |||
- | # Table WAN2 | ||
- | ip route add 127.0.0.0/8 dev lo table WAN2 | ||
- | ip route add 80.68.167.128/ | ||
- | ip route add 192.168.101.0/ | ||
- | ip route add 192.168.102.0/ | ||
- | ip route add 192.168.103.0/ | ||
- | ip route add 192.168.104.0/ | ||
- | ip route add 192.168.1.0/ | ||
- | |||
- | # Table WAN3 | ||
- | ip route add 127.0.0.0/8 dev lo table WAN3 | ||
- | ip route add 80.68.167.128/ | ||
- | ip route add 192.168.101.0/ | ||
- | ip route add 192.168.102.0/ | ||
- | ip route add 192.168.103.0/ | ||
- | ip route add 192.168.104.0/ | ||
- | ip route add 192.168.1.0/ | ||
- | |||
- | # Table WAN4 | ||
- | ip route add 127.0.0.0/8 dev lo table WAN4 | ||
- | ip route add 80.68.167.128/ | ||
- | ip route add 192.168.101.0/ | ||
- | ip route add 192.168.102.0/ | ||
- | ip route add 192.168.103.0/ | ||
- | ip route add 192.168.104.0/ | ||
- | ip route add 192.168.1.0/ | ||
- | |||
- | ip route add 127.0.0.0/8 dev lo | ||
- | |||
- | # DEMARRAGE des connexions PPPOE | ||
- | pon dsl-provider1 | ||
- | pon dsl-provider2 | ||
- | pon dsl-provider3 | ||
- | pon dsl-provider4 | ||
- | } | ||
- | |||
- | |||
- | case " | ||
- | start) | ||
- | do_start | ||
- | exit 0 | ||
- | ;; | ||
- | restart|reload|force-reload) | ||
- | echo " | ||
- | exit 3 | ||
- | ;; | ||
- | stop) | ||
- | do_stop | ||
- | exit 0 | ||
- | ;; | ||
- | *) | ||
- | echo " | ||
- | exit 3 | ||
- | ;; | ||
- | esac |