[AsteriskBrasil] RES: RES: RES: Asterisk com 2 links de internet
Estefanio Brunhara
estefanio em brunhara.com
Sexta Janeiro 3 23:50:47 BRST 2014
Pessoal, fiz alguns teste usando os comando abaixo, porém ainda não
consegui acertar as rotas, para que eu posso usar o link1 somente com o
asterisk, alguém pode me judar criticando o que eu fiz ?
Obrigado!
script básico das rotas para testes
#!/bin/bash
### Criando tabela link1 ###
ip route add table link1 200.150.10.0/24 dev eth1 proto kernel scope link
src 200.150.10.99
ip route add table link1 10.1.0.0/24 dev eth0 proto kernel scope link src
10.1.0.254
ip route add table link1 192.168.0.0/22 dev eth0 proto kernel scope link src
192.168.0.254
ip route add default via 200.150.10.99 table link1
### Criando tabela link2 ###
ip route add table link2 10.2.0.0/24 dev eth2 proto kernel scope link src
10.2.0.254
ip route add table link2 10.1.0.0/24 dev eth0 proto kernel scope link src
10.1.0.254
ip route add table link2 192.168.0.0/22 dev eth0 proto kernel scope link src
192.168.0.254
ip route add default via 10.2.0.253 table link2
ip rule add fwmark 1 lookup link1
ip rule add from 200.150.10.99 lookup link1
:x
#ip rule
0: from all lookup local
32764: from 200.150.10.99 lookup link1
32765: from all fwmark 0x1 lookup link1
32766: from all lookup main
32767: from all lookup default
ip route show table link1
200.150.10.0/24 dev eth1 proto kernel scope link src 200.150.10.99
10.1.0.0/24 dev eth0 proto kernel scope link src 10.1.0.254
192.168.0.0/22 dev eth0 proto kernel scope link src 192.168.0.254
default via 200.150.10.99 dev eth1
ip route show table link2
10.2.0.0/24 dev eth2 proto kernel scope link src 10.2.0.254
10.1.0.0/24 dev eth0 proto kernel scope link src 10.1.0.254
192.168.0.0/22 dev eth0 proto kernel scope link src 192.168.0.254
default via 10.2.0.253 dev eth2
Script firewall básico para testes
#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
iptables -t mangle -A OUTPUT -p udp -m multiport --sport 5060,10000:20000 -j
MARK --set-mark 1
iptables -t mangle -A INPUT -p udp -m multiport --dport 5060,10000:20000 -j
MARK --set-mark 1
iptables -A FORWARD -p udp --sport 5060 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp --dport 5060 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp --sport 10000:20000 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp --dport 10000:20000 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -p udp --dport 5060 -d 200.150.10.99 -j
MASQUERADE
iptables -t nat -A PREROUTING -p udp -i eth1 --dport 5060 -j DNAT --to
200.150.10.99
iptables -t nat -A POSTROUTING -p udp --dport 10000:20000 -d 200.150.10.99
-j MASQUERADE
iptables -t nat -A PREROUTING -p udp -i eth1 --dport 10000:20000 -j DNAT
--to 200.150.10.99
iptables -A FORWARD -t filter -j ACCEPT
iptables -A FORWARD -t filter -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 0/0 -d 0/0 -o eth+ -j MASQUERADE
:x
#iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 to:200.150.10.99
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000 to:200.150.10.99
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE udp -- 0.0.0.0/0 200.150.10.99 udp dpt:5060
MASQUERADE udp -- 0.0.0.0/0 200.150.10.99 udp dpts:10000:20000
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -nL -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
MARK udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,10000:20000 MARK set
0x1
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 5060,10000:20000 MARK set
0x1
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20140103/022e1313/attachment.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil