/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
## eth0 - IPLAN1
auto eth0
iface eth0 inet static
address 190.2.21.21
netmask 255.255.255.252
network 190.2.21.20
broadcast 190.2.21.23
gateway 190.2.21.22
## eth1 - DMZ y Hacklab
#auto eth1
#iface eth1 inet static
# address 10.1.0.1
# netmask 255.255.255.0
## eth2 - Enlace con Alvear
auto eth2
iface eth2 inet static
address 10.2.0.1
netmask 255.255.0.0
## eth3 - IPLAN2
#auto eth3
#iface eth3 inet static
# address 200.68.88.17
# netmask 255.255.255.252
#gateway 200.68.88.18
# eth3 - DMZ y Hacklab
auto eth3
iface eth3 inet static
address 10.1.0.1
netmask 255.255.0.0
# eth1 - IPLAN2
auto eth1
iface eth1 inet static
address 200.68.88.17
netmask 255.255.255.252
#gateway 200.68.88.18
## eth4 - Enlace con Bauen
auto eth4
iface eth4 inet static
address 10.4.0.1
netmask 255.255.0.0
network 10.4.0.0
broadcast 10.4.0.255
## eth5 - sala-muino sala-madres entrada
auto eth5
iface eth5 inet static
address 10.5.0.1
netmask 255.255.0.0
## eth6 - sala-c sala-d
auto eth6
iface eth6 inet static
address 10.6.0.1
netmask 255.255.0.0
## eth8 - redundante
auto eth7
iface eth7 inet static
address 10.7.0.1
netmask 255.255.0.0
## eth8 - Speedy
auto eth8
iface eth8 inet static
address 200.5.112.242
netmask 255.255.255.128
#gateway 200.5.112.241
/etc/dhcp3/dhcpd.conf
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "wikimania.bal.org.ar"; # by fefu 20090821
option domain-name-servers ns1, ns2; # by fefu 20090821
default-lease-time 3600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative; # by fefu 20090816
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
shared-network ccgsm1.wikimania.bal.org.ar {
subnet 10.1.0.0 netmask 255.255.0.0 {
option routers gwccgsm1;
range 10.1.1.1 10.1.254.254;
}
}
shared-network ccgsm5.wikimania.bal.org.ar {
subnet 10.5.0.0 netmask 255.255.0.0 {
option routers gwccgsm5;
range 10.5.1.1 10.5.254.254;
}
}
shared-network ccgsm6.wikimania.bal.org.ar {
subnet 10.6.0.0 netmask 255.255.0.0 {
option routers gwccgsm6;
range 10.6.1.1 10.6.254.254;
}
}
shared-network ccgsm7.wikimania.bal.org.ar {
subnet 10.7.0.0 netmask 255.255.0.0 {
option routers gwccgsm7;
range 10.7.1.1 10.7.254.254;
}
}
# Enlaces
shared-network ccgsm2.wikimania.bal.org.ar {
# Para administrar todo desde el ccgsm incluso con el servidor alvear apagado es que ponemos la ruta predeterminada en el ccgsm
subnet 10.2.0.0 netmask 255.255.0.0 {
range 10.2.1.1 10.2.254.254;
option routers gwccgsm-alvear;
}
host ap-ccgsm-alvear {
option routers gwccgsm-alvear;
hardware ethernet 00:15:6D:BD:9B:9D;
fixed-address ap-ccgsm-alvear;
}
host ap-alvear-ccgsm { # vamos a probar de routear sin option routers
hardware ethernet 00:15:6D:BD:6F:AE;
fixed-address ap-alvear-ccgsm;
}
}
shared-network bauen.wikimania.bal.org.ar {
option routers gwbahuen1;
subnet 10.4.0.0 netmask 255.255.0.0 {
range 10.4.1.1 10.4.254.254;
}
host ap-bauenpenthouse {
hardware ethernet 00:4F:62:09:59:55;
fixed-address ap-bauenpenthouse;
}
host ap-ccgsm-bauen {
hardware ethernet 00:15:6D:BE:9C:C8;
fixed-address ap-ccgsm-bauen;
}
host ap-bauen-ccgsm {
hardware ethernet 00:15:6D:BE:9C:90;
fixed-address ap-bauen-ccgsm;
}
}
# Access Points
host ap-hacklab {
hardware ethernet 00:15:6D:D4:FF:69;
fixed-address ap-hacklab;
}
host ap-muino {
hardware ethernet 00:15:6D:D6:25:2B;
fixed-address ap-muino;
}
host ap-madres {
hardware ethernet 00:15:6D:D6:23:3B;
fixed-address ap-madres;
}
host ap-c {
hardware ethernet 00:15:6D:D4:FF:61;
fixed-address ap-c;
}
host ap-f {
hardware ethernet 00:15:6D:D6:24:7A;
fixed-address ap-f;
}
host ap-d {
hardware ethernet 00:15:6D:D6:23:1C;
fixed-address ap-d;
}
host ap-hall {
hardware ethernet 00:15:6D:D6:23:1B;
fixed-address ap-hall;
}
host ap-hall2 {
hardware ethernet 00:15:6D:D4:FF:8D;
fixed-address ap-hall2;
}
host ap-entrada {
hardware ethernet 00:15:6D:D6:24:AA;
fixed-address ap-entrada;
}
# Video server
host video-muino {
hardware ethernet 00:24:21:7a:26:1c; # tute
fixed-address video-muino;
}
host video-madres {
hardware ethernet 00:24:21:7A:26:EA;
fixed-address video-madres;
}
host video-c {
hardware ethernet 00:24:21:7a:26:b6;
fixed-address video-c;
}
host video-f {
hardware ethernet 00:24:21:7a:2b:64;
fixed-address video-f;
}
host video-d {
hardware ethernet 00:24:21:7a:25:8c;
fixed-address video-d;
}
/etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
acl "ourlocalnets" {
127.0.0.1;
190.2.21.21;
200.68.88.17;
10.1.0.0/16;
10.2.0.0/16;
10.3.0.0/16;
10.4.0.0/16;
10.5.0.0/16;
10.6.0.0/16;
10.7.0.0/16;
10.8.0.0/16;
// 10.0.0.0/8;
};
view "internal" {
match-clients { ourlocalnets; };
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/wikimania.bal.org.ar-interna-reversas";
};
zone "wikimania.bal.org.ar" {
allow-transfer { 10.2.0.4; };
allow-update { 10.2.0.4; };
type master;
file "/etc/bind/wikimania.bal.org.ar-interna";
};
};
view "external" {
match-clients { any; };
//recursion no;
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "wikimania.bal.org.ar" {
allow-transfer { 10.4.0.6; 10.4.0.23; 10.2.0.4; 190.228.30.152; 200.32.106.149; };
allow-update { 10.4.0.6; 10.4.0.23; 10.2.0.4; 190.228.30.152; 200.32.106.149; };
type master;
file "/etc/bind/wikimania.bal.org.ar-externa";
};
};
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
//allow-query { any; };
//listen-on-v6 { any; };
allow-transfer { 190.228.30.152; };
};
/etc/bind/wikimania.bal.org.ar-externa
; wikimania.bal.org.ar
$TTL 86400
@ IN SOA ccgsm.bal.org.ar. hostmaster.wikimania.bal.org.ar. (
2009083203 ;serial
1200 ;slave refresh
600 ;slave retry
604800 ;slave expiration
3600 ) ;negative ttl
NS ccgsm.bal.org.ar.
NS alvear.bal.org.ar.
;
MX 10 ccgsm.bal.org.ar.
ccgsm A 190.2.21.21
;alvear A 190.3.21.21
public CNAME ccgsm
conferences CNAME ccgsm
ftp CNAME ccgsm
/etc/bind/wikimania.bal.org.ar-interna
; wikimania.bal.org.ar
$TTL 86400
@ IN SOA ccgsm.wikimania.bal.org.ar. hostmaster.wikimania.bal.org.ar. (
2009082702 ;serial
1200 ;slave refresh
600 ;slave retry
604800 ;slave expiration
3600 ) ;negative ttl
NS ccgsm.bal.org.ar.
NS alvear.bal.org.ar.
;
MX 10 ccgsm.bal.org.ar.
; Servidores
alvear A 10.2.0.4
ccgsm A 10.4.0.1
nagios A 10.4.0.5 ; servidor de tute con nagios
;
; CNAMEs
ns1 CNAME ccgsm
ns2 CNAME alvear
public CNAME ccgsm
conferences CNAME ccgsm
proxy CNAME ccgsm
ftp CNAME ccgsm
;
; Gateways
gwccgsm1 A 10.1.0.1; gateway de iplan y otros fefu 20090821
gwalvear1 A 10.21.0.1; gateway de clientes en alvear fefu 20090825
gwalvear2 CNAME alvear; gateway de clientes en alvear fefu 20090825
gwccgsm2 A 10.2.0.1; gateway de eth2 fefu 20090825
gwccgsm-alvear CNAME gwccgsm2; gateway para el enlace alvar-gccsm fefu 20090825
gwbahuen1 A 10.4.0.1; gateway bahuen-ccgsm fefu 20090821
gwccgsm5 A 10.5.0.1; gateway de eth5 fefu 20090821
gwccgsm6 A 10.6.0.1; gateway de eth6 y otros fefu 20090821
gwccgsm7 A 10.7.0.1; gateway de eth7 y otros fefu 20090821
;
ap-muino A 10.5.0.2 ;MAC 00156DD6252B
ap-madres A 10.5.0.4 ;MAC 00156DD6233B
ap-f A 10.7.0.2 ;MAC 00156DD6247A
ap-c A 10.6.0.2 ;MAC 00156DD4FF61
ap-d A 10.7.0.4 ;MAC 00156DD6231C
ap-hall A 10.6.0.4 ;MAC 00156DD6231B
ap-hall2 A 10.6.0.5 ;MAC 00:15:6D:D4:FF:8D guido 20090827
ap-hacklab A 10.1.0.3 ;MAC 00156DD4FF69
ap-entrada A 10.5.0.6 ;MAC 00156DD624AA
ap-alvear A 10.21.0.2 ;MAC 00156DD624CF tut
ap-alvear2 A 10.21.0.3 ;MAC 00156DD62527 kensuke 20090826
ap-bauenpenthouse A 10.4.0.4 ;MAC 004F62095955 fefu 20090821
;
; Enlaces
ap-ccgsm-alvear A 10.2.0.2 ;MAC 00156DBE9B9D
ap-alvear-ccgsm A 10.2.0.3 ;MAC 00156DBD6FAE fefu 20090822
ap-ccgsm-bauen A 10.4.0.2 ;MAC 00156DBE9CC8
ap-bauen-ccgsm A 10.4.0.3 ;MAC 00156DBE9C90 tute
;
; Equipos para Streaming
video-server A 10.4.0.25 ;MAC
video-muino A 10.4.0.24 ;MAC 00:24:21:7a:26:1c
video-madres A 10.4.0.23 ;MAC 00:24:21:7a:26:ea
video-c A 10.4.0.22 ;MAC 00:24:21:7a:26:b6
video-f A 10.4.0.21 ;MAC 00:24:21:7a:2b:64
video-d A 10.4.0.20 ;MAC 00:24:21:7a:25:8c
swich1 A 10.5.0.2 ;tute 20
swich2 A 10.1.0.4 ;tute 20
/etc/bind/wikimania.bal.org.ar-interna-reversas
;
; BIND reverse data file for Wikimania internal IPs
;
$TTL 86400
@ IN SOA ccgsm.wikimania.bal.org.ar. hostmaster.wikimania.bal.org.ar. (
2009082801 ;serial
1200 ;slave refresh
600 ;slave retry
604800 ;slave expiration
3600 ) ;negative ttl
IN NS ccgsm.bal.org.ar.
IN NS alvear.bal.org.ar.
;
1.0.4 IN PTR ccgsm.
2.0.4 IN PTR ap-ccgsm-bauen.
3.0.4 IN PTR ap-bauen-ccgsm.
4.0.4 IN PTR ap-bauhenpenthouse.
5.0.4 IN PTR nagios.
1.0.2 IN PTR gwccgsm2.
2.0.2 IN PTR ap-ccgsm-alvear.
3.0.2 IN PTR ap-alvear-ccgsm.
4.0.2 IN PTR alvear.
1.0.1 IN PTR gwccgsm1.
3.0.1 IN PTR ap-hacklab.
4.0.1 IN PTR swich2.
5.0.1 IN PTR video-server.
1.0.5 IN PTR gwccgsm5.
2.0.5 IN PTR ap-muino. ; o swich1???
3.0.5 IN PTR video-muino.
4.0.5 IN PTR ap-madres.
5.0.5 IN PTR video-madres.
6.0.5 IN PTR ap-entrada.
1.0.6 IN PTR gwccgsm6.
2.0.6 IN PTR ap-c.
3.0.6 IN PTR video-c.
4.0.6 IN PTR ap-hall.
5.0.6 IN PTR ap-hall2.
1.0.7 IN PTR gwccgsm7.
2.0.7 IN PTR ap-f.
3.0.7 IN PTR video-f.
4.0.7 IN PTR ap-d.
5.0.7 IN PTR video-d.
1.0.21 IN PTR gwalvear1.
2.0.21 IN PTR ap-alvear.
3.0.21 IN PTR ap-alvear2.
/ect/squid/squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
http_port 8080
hierarchy_stoplist cgi-bin ?
cache_dir aufs /var/spool/squid 30000 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern http://windowsupdate.microsoft.com/ 0 80% 604800 reload-into-ims
refresh_pattern http://windowsupdate.com/ 0 80% 604800 reload-into-ims
refresh_pattern http://*.windowsupdate.com/ 0 80% 604800 reload-into-ims
refresh_pattern http://symantecliveupdate.com 0 80% 604800 reload-into-ims
refresh_pattern -i debian 0 80% 86400 reload-into-ims
refresh_pattern -i .*.deb$ 0 80% 86400 reload-into-ims
refresh_pattern -i .*.tar.* 0 80% 86400 reload-into-ims
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
/etc/samba/smb.conf
[global]
workgroup = WIKIMANIA
netbios name = CCGSM
server string = Wikimania Linux Server
security = share
[conferences]
path=/srv/public/conferences
guest ok = yes
browseable = yes
read only = yes
#write list = salas
[public]
path=/srv/public/public
guest ok = yes
browseable = yes
create mask = 0444
directory mask = 0555
read only = no
/etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
1 iplan1
2 iplan2
3 speedy
/etc/apache2/sites-enabled/001-conferences
<VirtualHost *:80>
ServerName conferences
ServerAlias conferences.wikimania.bal.org.ar
DocumentRoot /srv/public/conferences
<Directory /srv/public/conferences>
Options Indexes Includes FollowSymLinks MultiViews
IndexOptions +FoldersFirst +IconsAreLinks +ScanHTMLTitles
HeaderName /HEADER.html
ReadmeName /README.html
IndexIgnore HEADER.html
IndexIgnore README.html
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/apache2/sites-enabled/002-public
<VirtualHost *:80>
ServerName public
ServerAlias public.wikimania.bal.org.ar
DocumentRoot /srv/public/public
<Directory /srv/public/public>
Options Indexes Includes FollowSymLinks MultiViews
IndexOptions +FoldersFirst +IconsAreLinks +ScanHTMLTitles
HeaderName /HEADER.html
ReadmeName /README.html
IndexIgnore HEADER.html
IndexIgnore README.html
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/root/ccgsm-firewall-nat.sh
/root/ccgsm-balanceo.sh -f
/root/ccgsm-rutas.sh
exit 0
/root/ccgsm-firewall-nat.sh
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# nat MASQUERADE
iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.2.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.5.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.6.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.7.0.0/16 -d 0.0.0.0/0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# localhost ACCEPT
iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT
# icmp ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
# ssh ACCEPT
#iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP
# iptables -A INPUT -p tcp --dport 1990 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 1990 -m state --state NEW -j ACCEPT
# -m recent --set --name SSH
# iptables -A INPUT -p tcp --dport 1990 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP
# http ACCEPT
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -m state --state NEW -j ACCEPT
# https ACCEPT
iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
# munin
iptables -A INPUT -p tcp --dport 4949 -m state --state NEW -j ACCEPT
# iperf ACCEPT
iptables -A INPUT -p tcp --dport 5001 -m state --state NEW -j ACCEPT
# syslog ACCEPT
#iptables -A INPUT -p udp --dport 541 -m state --state NEW -j ACCEPT
# tcp related ACCEPT
#iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
# new DROP
#iptables -A INPUT -i eth1 -p tcp -m state --state NEW,INVALID -j DROP
# related ACCEPT
iptables -A FORWARD -i eth1 -p tcp -m state --state RELATED -j ACCEPT
#Fodwar ___________________________________________________________
#para fodwardear puertos internos. usar puerto publico asi. 80 web ip interna 10.4.0.5 = puero externo 80(puerto)+4(red)+5(ip)
#doy salida al nagios provisorio al puerto 8005 por dominio/iplan ccgsm.wikimania.bal.org tute 22
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8045 -j DNAT --to 10.4.0.5:80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2245 -j DNAT --to 10.4.0.5:22
# SQUID
#iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth4 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth5 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth6 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth7 -p tcp --dport 80 -j REDIRECT --to-port 3128
/root/ccgsm-balanceo.sh
#!/bin/bash -x
##
##190.2.21.20/30 dev eth0 proto kernel scope link src 190.2.21.21
##200.68.88.16/30 dev eth3 proto kernel scope link src 200.68.88.17
##10.4.0.0/24 dev eth4 proto kernel scope link src 10.4.0.1
##10.2.0.0/16 dev eth2 proto kernel scope link src 10.2.0.1
##default via 190.2.21.22 dev eth0
# INTERFACES
IF_IPLAN1='eth0'
IF_IPLAN2='eth1'
IF_SPEEDY='eth8'
# WEIGHT
W1=10
W2=10
W3=4
#ISP
IP_IPLAN1='190.2.21.21'
IP_IPLAN2='200.68.88.17'
IP_SPEEDY='200.5.112.242'
# GATEWAYS
GW_IPLAN1='190.2.21.22'
GW_IPLAN2='200.68.88.18'
GW_SPEEDY='200.5.112.241'
# NETWORKS
NW_IPLAN1='190.2.21.20/30'
NW_IPLAN2='200.68.88.16/30'
NW_SPEEDY='200.5.112.240/29'
IN_IPLAN1=$IP_IPLAN1'/'$(echo $NW_IPLAN1 | awk -F\/ '{print $2}')
IN_IPLAN2=$IP_IPLAN2'/'$(echo $NW_IPLAN2 | awk -F\/ '{print $2}')
IN_SPEEDY=$IP_SPEEDY'/'$(echo $NW_SPEEDY | awk -F\/ '{print $2}')
# TABLES
TB_IPLAN1='iplan1'
TB_IPLAN2='iplan2'
TB_SPEEDY='speedy'
TB1=$(grep "$TB_IPLAN1" /etc/iproute2/rt_tables | awk '{print $2}')
TB2=$(grep "$TB_IPLAN2" /etc/iproute2/rt_tables | awk '{print $2}')
TB3=$(grep "$TB_SPEEDY" /etc/iproute2/rt_tables | awk '{print $2}')
RT_TABLES='/etc/iproute2/rt_tables'
if [ "$TB1" != "$TB_IPLAN1" ]
then
echo "Add $TB_IPLAN1 to $RT_TABLES"
echo "1 $TB_IPLAN1" >>$RT_TABLES
fi
if [ "$TB2" != "$TB_IPLAN2" ]
then
echo "Add $TB_IPLAN2 to $RT_TABLES"
echo "2 $TB_IPLAN2" >>$RT_TABLES
fi
if [ "$TB3" != "$TB_SPEEDY" ]
then
echo "Add $TB_SPEEDY to $RT_TABLES"
echo "3 $TB_SPEEDY" >>$RT_TABLES
fi
function usage()
{
echo
echo "Uso:"
echo "# $0 [options]"
echo " -f, --force fuerza la ejecución, por defecto no ejecuta, solo muestra."
echo " -h, --help ayuda"
echo
exit 1
}
while [ ! -z "$1" ];do
case "$1" in
-f|--force)
FORCE=true
shift 1
;;
-h|--help)
usage
;;
esac
done
if [ $FORCE ]
then
ECHO=' '
else
ECHO='echo '
fi
# LIMPIO CACHE
$ECHO ip route flush cache
$ECHO ip addr flush $IF_IPLAN1
$ECHO ip addr flush $IF_IPLAN2
$ECHO ip addr flush $IF_SPEEDY
# LOCALHOST
$ECHO ip addr flush lo ip link set lo down
$ECHO ip addr add 127.0.0.1/8 dev lo
$ECHO ip link set lo up
##inet addr:10.4.0.1 Bcast:10.4.0.255 Mask:255.255.0.0
$ECHO ip addr flush eth4
$ECHO ip link set eth4 down
$ECHO ip addr add 10.4.0.1/16 dev eth4
$ECHO ip link set eth4 up
##10.2.0.0/16 dev eth2 proto kernel scope link src 10.2.0.1
$ECHO ip addr flush eth2
$ECHO ip link set eth2 down
$ECHO ip addr add 10.2.0.1/16 dev eth2
$ECHO ip link set eth2 up
# LIMPIO TABLAS
$ECHO route del default gateway $GW_IPLAN1 $IF_IPLAN1
$ECHO route del default gateway $GW_IPLAN2 $IF_IPLAN2
$ECHO route del default gateway $GW_SPEEDY $IF_SPEEDY
$ECHO ip route flush table 1
$ECHO ip route flush table 2
$ECHO ip route flush table 3
# TIRO ABAJO Y LEVANTO INTERFACES
$ECHO ip addr flush $IF_IPLAN1
$ECHO ip link set $IF_IPLAN1 down
$ECHO ip addr add $IN_IPLAN1 dev $IF_IPLAN1
$ECHO ip route add default via $GW_IPLAN1
$ECHO ip link set $IF_IPLAN1 up
$ECHO ip addr flush $IF_IPLAN2
$ECHO ip link set $IF_IPLAN2 down
$ECHO ip addr add $IN_IPLAN2 dev $IF_IPLAN2
$ECHO ip route add default via $GW_IPLAN2
$ECHO ip link set $IF_IPLAN2 up
$ECHO ip addr flush $IF_SPEEDY
$ECHO ip link set $IF_SPEEDY down
$ECHO ip addr add $IN_SPEEDY dev $IF_SPEEDY
$ECHO ip route add default via $GW_SPEEDY
$ECHO ip link set $IF_SPEEDY up
# STATUS
$ECHO ip route
# TABLAS DE RUTEO
$ECHO ip route add $NW_IPLAN1 dev $IF_IPLAN1 src $IP_IPLAN1 table $TB_IPLAN1
$ECHO ip route add default via $GW_IPLAN1 table $TB_IPLAN1
$ECHO ip route add $NW_IPLAN2 dev $IF_IPLAN2 src $IP_IPLAN2 table $TB_IPLAN2
$ECHO ip route add default via $GW_IPLAN2 table $TB_IPLAN2
$ECHO ip route add $NW_SPEEDY dev $IF_SPEEDY src $IP_SPEEDY table $TB_SPEEDY
$ECHO ip route add default via $GW_SPEEDY table $TB_SPEEDY
$ECHO ip route add $NW_IPLAN1 dev $IF_IPLAN1 src $IP_IPLAN1
$ECHO ip route add $NW_IPLAN2 dev $IF_IPLAN2 src $IP_IPLAN2
$ECHO ip route add $NW_SPEEDY dev $IF_SPEEDY src $IP_SPEEDY
$ECHO ip rule add from $IP_IPLAN1 table $TB_IPLAN1
$ECHO ip rule add from $IP_IPLAN2 table $TB_IPLAN2
$ECHO ip rule add from $IP_SPEEDY table $TB_SPEEDY
TEST_IP=google.com
ERROR1=1;ERROR2=1;ERROR3=1
TEST_PING1=$(ping -c 1 -W 2 -I $IP_IPLAN1 $TEST_IP)
ERROR1=$(echo $?)
TEST_PING2=$(ping -c 1 -W 2 -I $IP_IPLAN2 $TEST_IP)
ERROR2=$(echo $?)
TEST_PING3=$(ping -c 1 -W 2 -I $IP_SPEEDY $TEST_IP)
ERROR3=$(echo $?)
if [[ $ERROR1 -eq 0 && $ERROR2 -eq 0 && $ERROR3 -eq 0 ]] ;then
echo $TB_IPLAN1 OK
echo $TB_IPLAN2 OK
echo $TB_SPEEDY OK
echo Load Balanced by $TB_IPLAN1:$GW_IPLAN1 $TB_IPLAN2:$GW_IPLAN2 $TB_SPEEDY:$GW_SPEEDY
$ECHO ip route add default scope global nexthop via $GW_IPLAN1 dev $IF_IPLAN1 weight $W1 \
nexthop via $GW_IPLAN2 dev $IF_IPLAN2 weight $W2 \
nexthop via $GW_SPEEDY dev $IF_SPEEDY weight $W3
elif [[ $ERROR1 -eq 0 && $ERROR2 -eq 0 && $ERROR3 -eq 1 ]] ;then
echo $TB_IPLAN1 OK
echo $TB_IPLAN2 OK
echo $TB_SPEEDY ERROR
echo Load Balanced by $TB_IPLAN1:$GW_IPLAN1 and $TB_IPLAN2:$GW_IPLAN2
$ECHO ip route add default scope global nexthop via $GW_IPLAN1 dev $IF_IPLAN1 weight $W1 \
nexthop via $GW_IPLAN2 dev $IF_IPLAN2 weight $W2
elif [[ $ERROR1 -eq 0 && $ERROR2 -eq 1 && $ERROR3 -eq 0 ]] ;then
echo $TB_IPLAN1 OK
echo $TB_IPLAN2 ERROR
echo $TB_SPEEDY OK
echo Load Balanced by $TB_IPLAN1:$GW_IPLAN1 and $TB_SPEEDY:$GW_SPEEDY
$ECHO ip route add default scope global nexthop via $GW_IPLAN1 dev $IF_IPLAN1 weight $W1 \
nexthop via $GW_SPEEDY dev $IF_SPEEDY weight $W3
elif [[ $ERROR1 -eq 1 && $ERROR2 -eq 0 && $ERROR3 -eq 0 ]] ;then
echo $TB_IPLAN1 ERROR
echo $TB_IPLAN2 OK
echo $TB_SPEEDY OK
echo Load Balanced by $TB_IPLAN2:$GW_IPLAN2 and $TB_SPEEDY:$GW_SPEEDY
$ECHO ip route add default scope global nexthop via $GW_IPLAN2 dev $IF_IPLAN2 weight $W2 \
nexthop via $GW_SPEEDY dev $IF_SPEEDY weight $W3
elif [[ $ERROR1 -eq 0 && $ERROR2 -eq 1 && $ERROR3 -eq 1 ]] ;then
echo $TB_IPLAN1 OK
echo $TB_IPLAN2 ERROR
echo $TB_SPEEDY ERROR
echo Not Load Balanced Only Default Gateway $TB_IPLAN1:$GW_IPLAN1
$ECHO ip route add default scope global via $GW_IPLAN1 dev $IF_IPLAN1
elif [[ $ERROR1 -eq 1 && $ERROR2 -eq 0 && $ERROR3 -eq 1 ]] ;then
echo $TB_IPLAN1 ERROR
echo $TB_IPLAN2 OK
echo $TB_SPEEDY ERROR
echo Not Load Balanced Only Default Gateway $TB_IPLAN2:$GW_IPLAN2
$ECHO ip route add default scope global via $GW_IPLAN2 dev $IF_IPLAN2
elif [[ $ERROR1 -eq 1 && $ERROR2 -eq 1 && $ERROR3 -eq 0 ]] ;then
echo $TB_IPLAN1 ERROR
echo $TB_IPLAN2 ERROR
echo $TB_SPEEDY OK
echo Not Load Balanced Only Default Gateway $TB_SPEEDY:$GW_SPEEDY
$ECHO ip route add default scope global via $GW_SPEEDY dev $IF_SPEEDY
elif [[ $ERROR1 -eq 1 && $ERROR2 -eq 1 && $ERROR3 -eq 1 ]] ;then
echo $TB_IPLAN1 ERROR
echo $TB_IPLAN2 ERROR
echo $TB_SPEEDY ERROR
echo Not Load Balanced Only Default Gateway 10.2.0.4 ALVEAR
$ECHO ip route add default scope global nexthop via 10.2.0.4 dev eth2
fi
## Saliendo solo por Iplan1 en eth0
##ip route add default scope global via $GW_IPLAN1 dev $IF_IPLAN1
## Saliendo solo por Iplan2 en eth1
##ip route add default scope global via $GW_IPLAN2 dev $IF_IPLAN2
# STATUS
$ECHO ip route
#/root/ccgsm-rutas.sh
/root/ccgsm-rutas.sh
#!/bin/bash
# DMZ
route add -net 10.1.0.0 netmask 255.255.0.0 gw 10.1.0.1
# ALVEAR
route add -net 10.2.0.0 netmask 255.255.0.0 gw 10.2.0.1
route add -net 10.21.0.0/16 gw 10.2.0.4
# BAUEN
route add -net 10.4.0.0 netmask 255.255.0.0 gw 10.4.0.1
#
route add -net 10.5.0.0 netmask 255.255.0.0 gw 10.5.0.1
#
route add -net 10.6.0.0 netmask 255.255.0.0 gw 10.6.0.1
#
route add -net 10.7.0.0 netmask 255.255.0.0 gw 10.7.0.1
