Re: [gentoo-user-ru] Squid и два аплинка - gentoo-user-ru

From:	Sergey Kobzar <sergey.kobzar@××××.ru>
To:	gentoo-user-ru@l.g.o
Subject:	Re: [gentoo-user-ru] Squid и два аплинка
Date:	Fri, 22 Oct 2010 12:38:56
Message-Id:	`4CC185D2.2050100@mail.ru`
In Reply to:	Re: [gentoo-user-ru] Squid и два аплинка by Vladimir Solomatin

1

А можете пояснить вот этот блок:

2

3

                 local x="rules_${IFVAR}[@]"

4

                 local -a rules=( "${!x}" )

5

                 if [[ -n ${rules} ]] ; then

6

7

?

8

9

10

Я в postdown() заменил

11

12

ip rule list | grep " iif ${IFACE}[ ]*" | {

13

14

на

15

16

ip rule list | grep `ifconfig ${IFACE} | grep 'inet addr' | cut -d: -f2 

17

| awk '{print $1}'` | {

18

19

Т.е. ищем правила, где присутствует IP текущего интерфейса и удаляем их.

On 10/22/10 14:54, Vladimir Solomatin wrote:

24

>   On 10/22/2010 03:21 PM, Vladimir Solomatin wrote:

25

>

26

> правила забыл указать

27

>

28

> rules_eth2=(

29

>          "from 77.241.x.x/28 to all table isp1 priority 530"

30

>          "from 213.129.x.x/28 to all table isp2 priority 630"

31

>          "from 213.128.x.x/28 to all table isp3 priority 730"

32

> )

33

>

34

> Правила как добавляются так и удаляются.

35

>

36

> host ~# /etc/init.d/net.eth2 restart

37

>   * Stopping eth2

38

>   *   Bringing down eth2

39

>   *     Shutting down eth2

40

> ...                                                     [ ok ]

41

>   *   Running postdown function

42

>   *     Removing IP policy routing rules

43

>   *       from 77.241.x.x/28 to all table isp1 priority 530

44

> ...                    [ ok ]

45

>   *       from 213.129.x.x/28 to all table isp2 priority 630

46

> ...                   [ ok ]

47

>   *       from 213.128.x.x/28 to all table isp3 priority 730 ...

48

>            [ ok ]

49

>   * Starting eth2

50

>   *   Bringing up eth2

51

>   *

52

> 77.241.x.x/28

53

> [ ok ]

54

>   *

55

> 213.128.x.x/28

56

> [ ok ]

57

>   *

58

> 213.129.x.x/28

59

> [ ok ]

60

>   *   Adding routes

61

>   *     77.241.x.x/28 dev eth2 src 77.241.x.x table artnet proto static

62

> ...        [ ok ]

63

>   *     77.241.x.x/28 dev eth2 src 77.241.x.x table uvttk proto static

64

> ...         [ ok ]

65

>   *     77.241.x.x/28 dev eth2 src 77.241.x.x table sibintek proto

66

> static ...      [ ok ]

67

>   *     77.241.x.x/28 dev eth2 src 77.241.x.x table domolink proto

68

> static ...      [ ok ]

69

>   *     213.128.218.16/28 dev eth2 src 213.128.x.x table artnet proto

70

> static ...   [ ok ]

71

>   *     213.128.218.16/28 dev eth2 src 213.128.x.x table uvttk proto

72

> static ...    [ ok ]

73

>   *     213.128.218.16/28 dev eth2 src 213.128.x.x table sibintek proto

74

> static ... [ ok ]

75

>   *     213.128.218.16/28 dev eth2 src 213.128.x.x table domolink proto

76

> static ... [ ok ]

77

>   *     213.129.x.x/28 dev eth2 src 213.129.x.x table artnet proto

78

> static ...      [ ok ]

79

>   *     213.129.x.x/28 dev eth2 src 213.129.x.x table uvttk proto static

80

> ...       [ ok ]

81

>   *     213.129.x.x/28 dev eth2 src 213.129.x.x table sibintek proto

82

> static ...    [ ok ]

83

>   *     213.129.x.x/28 dev eth2 src 213.129.x.x table domolink proto

84

> static ...    [ ok ]

85

>   *   Running postup function

86

>   *     Adding IP policy routing rules

87

>   *       from 77.241.x.x/28 to all table isp1 priority 530

88

> ...                    [ ok ]

89

>   *       from 213.129.x.x/28 to all table isp2 priority 630

90

> ...                   [ ok ]

91

>   *       from 213.128.x.x/28 to all table isp3 priority 730

92

> ...                   [ ok ]

93

>

94

>>>>> Добавка: если убрать концовку dev "${IFACE}"  в postup в строке

95

>>>>>                     ip rule add ${x} dev "${IFACE}"

96

>>>>> то postdown не сможет найти свои правила (т.к. оно их находит grepом по

97

>>>>> iif ${IFACE}).

98

>>>> Заменил ip rule add ${x} dev "${IFACE}" на ip rule add ${x} - работает.

99

>>>>

100

>>>> Сейчас буду думать как бы привязать правила к интерфейсу, чтобы

101

>>>> postdown() могла их корректно удалить...

102

>>>>

103

>>> Можно попробовать получать список правил для удаления не из ip rule show

104

>>> | grep что-нибудь, а из той же самой rules_...

105

>>>

106

>>

107

>> В общем, вам либо поменять функции и убрать это добавление iif $IFACE,

108

>> либо добавлять правила другим способом.

109

>

110

>> config_eth2=(

111

>>         "77.241.x.x/28 brd 77.241.x.x"

112

>>         "213.128.x.x/28 brd 213.128.x.x"

113

>>         "213.129.x.x/28 brd 213.129.x.x"

114

>> )

115

>>

116

>> routes_eth2=(

117

>>        "77.241.x.x/28 dev eth2 src 77.241.x.x table isp1 proto static"

118

>>         "77.241.x.x/28 dev eth2 src 77.241.x.x table isp2 proto static"

119

>>         "77.241.x.x/28 dev eth2 src 77.241.x.x table isp3 proto static"

120

>>         "77.241.x.x/28 dev eth2 src 77.241.x.x table isp4 proto static"

121

>>         "213.128.x.x/28 dev eth2 src 213.128.x.x table isp1 proto static"

122

>>         "213.128.x.x/28 dev eth2 src 213.128.x.x table isp2 proto static"

123

>>         "213.128.x.x/28 dev eth2 src 213.128.x.x table isp3 proto static"

124

>>         "213.128.x.x/28 dev eth2 src 213.128.x.x table isp4 proto static"

125

>>         "213.129.x.x/28 dev eth2 src 213.129.x.x table isp1 proto static"

126

>>         "213.129.x.x/28 dev eth2 src 213.129.x.x table isp2 proto static"

127

>>         "213.129.x.x/28 dev eth2 src 213.129.x.x table isp3 proto static"

128

>>         "213.129.x.x/28 dev eth2 src 213.129.x.x table isp4 proto static"

129

>> )

130

>>

131

>> postup() {

132

>>         local x="rules_${IFVAR}[@]"

133

>>         local -a rules=( "${!x}" )

134

>>         if [[ -n ${rules} ]] ; then

135

>>                 einfo "Adding IP policy routing rules"

136

>>                 eindent

137

>>                 # Ensure that the kernel supports policy routing

138

>>                 if ! ip rule list | grep -q "^" ; then

139

>>                         eerror "You need to enable IP Policy Routing

140

>> (CONFIG_IP_MULTIPLE_TABLES)"

141

>>                         eerror "in your kernel to use ip rules"

142

>>                 else

143

>>                         for x in "${rules[@]}" ; do

144

>>                                 ebegin "${x}"

145

>> #                               ip rule add ${x} dev "${IFACE}"

146

>>                                 ip rule add ${x}

147

>>                                 eend $?

148

>>                         done

149

>>                 fi

150

>>                 eoutdent

151

>>                 # Flush the cache

152

>>                 ip route flush cache dev "${IFACE}"

153

>>         fi

154

>> }

155

>>

156

>> postdown() {

157

>> #       Automatically erase any ip rules created in the example postup

158

>> above

159

>>         if interface_exists "${IFACE}" ; then

160

>>                 local x="rules_${IFVAR}[@]"

161

>>                 local -a rules=( "${!x}" )

162

>>                 if [[ -n ${rules} ]] ; then

163

>>                         einfo "Removing IP policy routing rules"

164

>>                         eindent

165

>>                         for x in "${rules[@]}" ; do

166

>>                                 ebegin "${x}"

167

>>                                 ip rule del ${x}

168

>>                                 eend $?

169

>>                         done

170

>>                         eoutdent

171

>>                         # Flush the route cache

172

>>                         ip route flush cache dev "${IFACE}"

173

>>                 fi

174

>>         fi

175

>>

176

>>         # Return 0 always

177

>>         return 0

178

>> }

179

>>

180

>> см. http://geekscrap.com/2010/02/multiple-ip-uplinks-with-gentoo/

181

>> --

182

>> Vladimir Solomatin (slash@×××××.ru)

183

>> Phone: + 7 (4732) 711711

184

>> Relex Inc, Voronezh.

185

>

186

>

187

> --

188

> Vladimir Solomatin (slash@×××××.ru)

189

> Phone: + 7 (4732) 711711

190

> Relex Inc, Voronezh.

191

>

Gentoo Archives: gentoo-user-ru

Replies

1	А можете пояснить вот этот блок:
2
3	local x="rules_${IFVAR}[@]"
4	local -a rules=( "${!x}" )
5	if [[ -n ${rules} ]] ; then
6
7	?
8
9
10	Я в postdown() заменил
11
12	ip rule list \| grep " iif ${IFACE}[ ]*" \| {
13
14	на
15
16	ip rule list \| grep `ifconfig ${IFACE} \| grep 'inet addr' \| cut -d: -f2
17	\| awk '{print $1}'` \| {
18
19	Т.е. ищем правила, где присутствует IP текущего интерфейса и удаляем их.
20
21
22
23	On 10/22/10 14:54, Vladimir Solomatin wrote:
24	> On 10/22/2010 03:21 PM, Vladimir Solomatin wrote:
25	>
26	> правила забыл указать
27	>
28	> rules_eth2=(
29	> "from 77.241.x.x/28 to all table isp1 priority 530"
30	> "from 213.129.x.x/28 to all table isp2 priority 630"
31	> "from 213.128.x.x/28 to all table isp3 priority 730"
32	> )
33	>
34	> Правила как добавляются так и удаляются.
35	>
36	> host ~# /etc/init.d/net.eth2 restart
37	> * Stopping eth2
38	> * Bringing down eth2
39	> * Shutting down eth2
40	> ... [ ok ]
41	> * Running postdown function
42	> * Removing IP policy routing rules
43	> * from 77.241.x.x/28 to all table isp1 priority 530
44	> ... [ ok ]
45	> * from 213.129.x.x/28 to all table isp2 priority 630
46	> ... [ ok ]
47	> * from 213.128.x.x/28 to all table isp3 priority 730 ...
48	> [ ok ]
49	> * Starting eth2
50	> * Bringing up eth2
51	> *
52	> 77.241.x.x/28
53	> [ ok ]
54	> *
55	> 213.128.x.x/28
56	> [ ok ]
57	> *
58	> 213.129.x.x/28
59	> [ ok ]
60	> * Adding routes
61	> * 77.241.x.x/28 dev eth2 src 77.241.x.x table artnet proto static
62	> ... [ ok ]
63	> * 77.241.x.x/28 dev eth2 src 77.241.x.x table uvttk proto static
64	> ... [ ok ]
65	> * 77.241.x.x/28 dev eth2 src 77.241.x.x table sibintek proto
66	> static ... [ ok ]
67	> * 77.241.x.x/28 dev eth2 src 77.241.x.x table domolink proto
68	> static ... [ ok ]
69	> * 213.128.218.16/28 dev eth2 src 213.128.x.x table artnet proto
70	> static ... [ ok ]
71	> * 213.128.218.16/28 dev eth2 src 213.128.x.x table uvttk proto
72	> static ... [ ok ]
73	> * 213.128.218.16/28 dev eth2 src 213.128.x.x table sibintek proto
74	> static ... [ ok ]
75	> * 213.128.218.16/28 dev eth2 src 213.128.x.x table domolink proto
76	> static ... [ ok ]
77	> * 213.129.x.x/28 dev eth2 src 213.129.x.x table artnet proto
78	> static ... [ ok ]
79	> * 213.129.x.x/28 dev eth2 src 213.129.x.x table uvttk proto static
80	> ... [ ok ]
81	> * 213.129.x.x/28 dev eth2 src 213.129.x.x table sibintek proto
82	> static ... [ ok ]
83	> * 213.129.x.x/28 dev eth2 src 213.129.x.x table domolink proto
84	> static ... [ ok ]
85	> * Running postup function
86	> * Adding IP policy routing rules
87	> * from 77.241.x.x/28 to all table isp1 priority 530
88	> ... [ ok ]
89	> * from 213.129.x.x/28 to all table isp2 priority 630
90	> ... [ ok ]
91	> * from 213.128.x.x/28 to all table isp3 priority 730
92	> ... [ ok ]
93	>
94	>>>>> Добавка: если убрать концовку dev "${IFACE}" в postup в строке
95	>>>>> ip rule add ${x} dev "${IFACE}"
96	>>>>> то postdown не сможет найти свои правила (т.к. оно их находит grepом по
97	>>>>> iif ${IFACE}).
98	>>>> Заменил ip rule add ${x} dev "${IFACE}" на ip rule add ${x} - работает.
99	>>>>
100	>>>> Сейчас буду думать как бы привязать правила к интерфейсу, чтобы
101	>>>> postdown() могла их корректно удалить...
102	>>>>
103	>>> Можно попробовать получать список правил для удаления не из ip rule show
104	>>> \| grep что-нибудь, а из той же самой rules_...
105	>>>
106	>>
107	>> В общем, вам либо поменять функции и убрать это добавление iif $IFACE,
108	>> либо добавлять правила другим способом.
109	>
110	>> config_eth2=(
111	>> "77.241.x.x/28 brd 77.241.x.x"
112	>> "213.128.x.x/28 brd 213.128.x.x"
113	>> "213.129.x.x/28 brd 213.129.x.x"
114	>> )
115	>>
116	>> routes_eth2=(
117	>> "77.241.x.x/28 dev eth2 src 77.241.x.x table isp1 proto static"
118	>> "77.241.x.x/28 dev eth2 src 77.241.x.x table isp2 proto static"
119	>> "77.241.x.x/28 dev eth2 src 77.241.x.x table isp3 proto static"
120	>> "77.241.x.x/28 dev eth2 src 77.241.x.x table isp4 proto static"
121	>> "213.128.x.x/28 dev eth2 src 213.128.x.x table isp1 proto static"
122	>> "213.128.x.x/28 dev eth2 src 213.128.x.x table isp2 proto static"
123	>> "213.128.x.x/28 dev eth2 src 213.128.x.x table isp3 proto static"
124	>> "213.128.x.x/28 dev eth2 src 213.128.x.x table isp4 proto static"
125	>> "213.129.x.x/28 dev eth2 src 213.129.x.x table isp1 proto static"
126	>> "213.129.x.x/28 dev eth2 src 213.129.x.x table isp2 proto static"
127	>> "213.129.x.x/28 dev eth2 src 213.129.x.x table isp3 proto static"
128	>> "213.129.x.x/28 dev eth2 src 213.129.x.x table isp4 proto static"
129	>> )
130	>>
131	>> postup() {
132	>> local x="rules_${IFVAR}[@]"
133	>> local -a rules=( "${!x}" )
134	>> if [[ -n ${rules} ]] ; then
135	>> einfo "Adding IP policy routing rules"
136	>> eindent
137	>> # Ensure that the kernel supports policy routing
138	>> if ! ip rule list \| grep -q "^" ; then
139	>> eerror "You need to enable IP Policy Routing
140	>> (CONFIG_IP_MULTIPLE_TABLES)"
141	>> eerror "in your kernel to use ip rules"
142	>> else
143	>> for x in "${rules[@]}" ; do
144	>> ebegin "${x}"
145	>> # ip rule add ${x} dev "${IFACE}"
146	>> ip rule add ${x}
147	>> eend $?
148	>> done
149	>> fi
150	>> eoutdent
151	>> # Flush the cache
152	>> ip route flush cache dev "${IFACE}"
153	>> fi
154	>> }
155	>>
156	>> postdown() {
157	>> # Automatically erase any ip rules created in the example postup
158	>> above
159	>> if interface_exists "${IFACE}" ; then
160	>> local x="rules_${IFVAR}[@]"
161	>> local -a rules=( "${!x}" )
162	>> if [[ -n ${rules} ]] ; then
163	>> einfo "Removing IP policy routing rules"
164	>> eindent
165	>> for x in "${rules[@]}" ; do
166	>> ebegin "${x}"
167	>> ip rule del ${x}
168	>> eend $?
169	>> done
170	>> eoutdent
171	>> # Flush the route cache
172	>> ip route flush cache dev "${IFACE}"
173	>> fi
174	>> fi
175	>>
176	>> # Return 0 always
177	>> return 0
178	>> }
179	>>
180	>> см. http://geekscrap.com/2010/02/multiple-ip-uplinks-with-gentoo/
181	>> --
182	>> Vladimir Solomatin (slash@×××××.ru)
183	>> Phone: + 7 (4732) 711711
184	>> Relex Inc, Voronezh.
185	>
186	>
187	> --
188	> Vladimir Solomatin (slash@×××××.ru)
189	> Phone: + 7 (4732) 711711
190	> Relex Inc, Voronezh.
191	>