Advertisement
Guest User

Untitled

a guest
Aug 30th, 2014
266
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.40 KB | None | 0 0
  1. 201 fiber
  2.  
  3. ip route add 20.20.20.20 dev eth2 src 20.20.20.22 table fiber
  4. ip route add default via 20.20.20.21 table fiber
  5. ip route add 20.20.20.20 dev eth2 src 20.20.20.22
  6. ip rule add fwmark 2 table fiber
  7.  
  8. iptables -F
  9. iptables -t nat -F
  10. iptables -t mangle -F
  11. iptables -X
  12. iptables -A INPUT -i lo -j ACCEPT
  13. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  14. iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
  15. iptables -A INPUT -m state --state NEW -i ! eth2 -j ACCEPT
  16. iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
  17. iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
  18. iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
  19. iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
  20. iptables -t mangle -N fiber
  21. iptables -t mangle -A fiber -j MARK --set-mark 2
  22. iptables -t mangle -A fiber -j ACCEPT
  23. # ONLY ROUTE TRAFFIC GOING TO 1.2.3.x OVER THE FIBER LINK
  24. iptables -t mangle -A PREROUTING -i eth1 -p tcp -d 1.2.3.4 --dport 80 -j fiber
  25. iptables -t mangle -A PREROUTING -i eth1 -p tcp -d 1.2.3.5 --dport 80 -j fiber
  26. iptables -t mangle -A PREROUTING -i eth1 -p tcp -d 1.2.3.4 --dport 443 -j fiber
  27. iptables -t mangle -A PREROUTING -i eth1 -p tcp -d 1.2.3.5 --dport 443 -j fiber
  28. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  29. iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
  30. iptables -A FORWARD -i eth1 -j ACCEPT
  31. iptables -A FORWARD -i eth0 -o eth0 -j REJECT
  32. iptables -A FORWARD -i eth2 -o eth2 -j REJECT
  33.  
  34. echo 1 > /proc/sys/net/ipv4/ip_forward
  35.  
  36. iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
  37. iptables -A INPUT -m state --state NEW -i ! eth2 -j ACCEPT
  38.  
  39. iptables -A INPUT -m state --state NEW -i eth1 -j ACCEPT
  40.  
  41. auto eth0
  42. iface eth0 inet static
  43. address 192.168.1.2
  44. netmask 255.255.255.0
  45. network 192.168.1.0
  46. broadcast 192.168.1.255
  47. gateway 192.168.1.1
  48. up ip route add table fiber scope link proto kernel dev eth0 192.168.1.0/24
  49.  
  50. auto eth1
  51. iface eth1 inet static
  52. address 10.254.239.1
  53. netmask 255.255.255.0
  54. network 10.254.239.0
  55. broadcast 10.254.239.255
  56. up ip route add table fiber scope link proto kernel dev eth1 10.254.239.0/24
  57.  
  58. auto eth2
  59. iface eth2 inet static
  60. address 20.20.20.22
  61. netmask 255.255.255.252
  62. network 20.20.20.20
  63. broadcast 20.20.20.23
  64. up ip route add table fiber scope link proto kernel dev eth2 20.20.20.20/30
  65. up ip route add default via 20.20.20.21 table fiber
  66. up ip rule add fwmark 2 table fiber
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement