Load Balancing - Single Multipath Route HOWTO



Similar documents
1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

10.4. Multiple Connections to the Internet

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Load Balancing Sophos Web Gateway. Deployment Guide

Load Balancing Trend Micro InterScan Web Gateway

Load Balancing McAfee Web Gateway. Deployment Guide

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Load Balancing Bloxx Web Filter. Deployment Guide

Load Balancing Smoothwall Secure Web Gateway

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Smoothwall Web Filter Deployment Guide

Linux as an IPv6 dual stack Firewall

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Linux Routers and Community Networks

Firewalls. Chien-Chung Shen

LAB THREE STATIC ROUTING

Load Balancing Clearswift Secure Web Gateway

IP Address: the per-network unique identifier used to find you on a network

Linux Firewalls (Ubuntu IPTables) II

Intro to Linux Kernel Firewall

Linux Firewall. Linux workshop #2.

Protecting and controlling Virtual LANs by Linux router-firewall

Linux Home Networking II Websites At Home

Network security Exercise 9 How to build a wall of fire Linux Netfilter

EXPLORING LINUX KERNEL: THE EASY WAY!

Linux Firewall Wizardry. By Nemus

Network Security Exercise 10 How to build a wall of fire

Building a Home Gateway/Firewall with Linux (aka Firewalling and NAT with iptables )

Linux Networking: IP Packet Filter Firewalling

Advanced routing scenarios POLICY BASED ROUTING: CONCEPTS AND LINUX IMPLEMENTATION

Load Balancing Barracuda Web Filter. Deployment Guide

McAfee Web Filter Deployment Guide

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the

Netfilter / IPtables

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Linux: 20 Iptables Examples For New SysAdmins

+ iptables. packet filtering && firewall

CS Computer and Network Security: Firewalls

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

ipchains and iptables for Firewalling and Routing

Corso di Configurazione e Gestione di Reti Locali

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation

Bridgewalling - Using Netfilter in Bridge Mode

Packet filtering with Linux

Worksheet 9. Linux as a router, packet filtering, traffic shaping

Definition of firewall

Linux Networking Basics

CS Computer and Network Security: Firewalls

Linux Bridge+Firewall Mini HOWTO version 1.2.0

Home Networking In Linux

TECHNICAL NOTES. Security Firewall IP Tables

Linux Cluster Security Neil Gorsuch NCSA, University of Illinois, Urbana, Illinois.

Secure use of iptables and connection tracking helpers

Main functions of Linux Netfilter

Lab Objectives & Turn In

Chapter 7. Firewalls

Open Source Bandwidth Management: Introduction to Linux Traffic Control

Managing Multiple Internet Connections with Shorewall

CSC574 - Computer and Network Security Module: Firewalls

Redhat 6.2 Installation Howto -Basic Proxy and Transparent

Firewall implementation and testing

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

HOWTO: Set up a Vyatta device with ThreatSTOP in router mode

How To Understand A Firewall

Lab 1: Introduction to the network lab

iproute2 and Advanced Linux Routing

Matthew Rossmiller 11/25/03

How to install PowerChute Network Shutdown on VMware ESXi 3.5, 4.0 and 4.1

IPv6.marceln.org.

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Assignment 3 Firewalls

pp=pod number, xxx=static IP address assigned to your pod

NAT Using Source Routing through BGP Gateways

Appliance Quick Start Guide. v7.6

Linux Squid Proxy Server

Load Balancing VMware Horizon View. Deployment Guide

ADSL Bandwidth Management HOWTO

How to Turn a Unix Computer into a Router and Firewall Using IPTables

Sample Configuration Using the ip nat outside source static

Firewall and Shaping on Broadband SoHo Routers using Linux

Firewalls. October 23, 2015

Windows Template Creation Guide. How to build your own Windows VM templates for deployment in Cloudturk.

CS179i: Guide - Virtual Machine Setup and Internal Networking in Alpha Lab

===================================================================

Optimisacion del ancho de banda (Introduccion al Firewall de Linux)

Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) 1. Gather information about current system.

Host Configuration (Linux)

Load Balancing VMware Horizon View. Deployment Guide

HOWTO: Set up a Vyatta device with ThreatSTOP in bridge mode

Appliance Quick Start Guide v8.1

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Loadbalancer.org Appliance Setup v4.1.5

Policy Routing in Linux

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Appliance Quick Start Guide. v7.6

Focus on Security. Keeping the bad guys out

Transcription:

Load Balancing - Single Multipath Route HOWTO Shakthi Kannan, shaks_wants_no_spam_at_shakthimaan_dot_com January 5, 2007 Revision: 1.2

Abstract This documentation provides the steps to setup load-balancing for two NIC cards that are connected to a common router. The Redhat 9.0 (shrike) distribution is used for testing on x86 hardware.

1 Network Diagram Router 192.168.201.1 ( eth0 ) Switch 192.168.201.11 192.168.201.13 ( eth1 ) ( eth2 ) PC2 192.168.0.1 ( eth0 ) 192.168.0.4 ( eth0 ) PC1 1.1 Install the kernel sources Redhat 9.0 is used for testing, and the kernel sources are not installed by default. Redhat 9.0 uses the 2.4.20-8 kernel. You can get the: kernel - source -2.4.20-8. i386. rpm from the 2nd installation CD and install it using: rpm - ivh kernel - source -2.4.20-8. i386. rpm The kernel sources will get installed in /usr/src/linux-2.4.20-8. 1.2 Build iptables The iptables version present in Redhat 9.0 does not have the to-source option for SNAT. Hence, you need to download iptables v1.2.11. Extract the same and run the following in its sources directory: make KERNEL_DIR =/ usr / src / linux -2.4.20-8 make install KERNEL_DIR =/ usr / src / linux -2.4.20-8 3

1.3 Run patch-o-matic patch-o-matic-ng does not work with 2.4.20 Linux kernels. Hence, you need to download patch-o-matic-20031219.tar.bz2. Extract the same and do: KERNEL_DIR =/ usr / src / linux -2.4.20-8 \ IPTABLES_DIR =/ path /to/ iptables / sources./ runme base It will prompt for applying various patches. Say N to all, except for the random.patch. 1.4 Recompile the kernel The 2.4.20-8custom kernel will be built when you recompile the kernel. make clean make dep make bzimage make modules make modules_ install cp arch / i386 / boot / bzimage / boot / vmlinuz -2.4.20-8 custom mkinitrd / boot / initrd -2.4.20-8 custom. img 2.4.20-8 custom 1.5 Update grub Update the grub boot-loader, /boot/grub/menu.lst file: title Redhat GNU / Linux (2.4.20-8 custom ) root ( hd0,0) kernel / vmlinuz -2.4.20-8 custom ro root = LABEL =/ initrd / initrd -2.4.20-8 custom. img Reboot into the new kernel. 1.6 Configure ethernet On PC2: ifconfig eth0 192. 168. 0. 1 ifconfig eth2 192. 168. 201. 13 ifconfig eth1 192. 168. 201. 11 On PC1: ifconfig eth0 192. 168. 0. 4 4

1.7 Load the driver modules Check if the network driver modules are loaded, else load them using modprobe or insmod. Load the ip_tables.o and ipt_random.o drivers. 1.8 iptables script Create the loadbalance.sh script. # Iptables userspace executable IPTABLES ="/ path /to/ iptables - sources / iptables " # Internal Interface NET_INT_INT = eth0 # Internal IP NET_INT_IP =192.168.0.1 # Internal Subnet NET_INT_SUB =/24 # Internal Network NET_INT_NET =192.168.0.0 # First external interface NET_EXT_INT1 = eth1 # First external IP NET_EXT_IP1 =192.168.201.11 # First external interface s gateway NET_EXT_GW1 =192.168.201.1 # Second external interface NET_EXT_INT2 = eth2 # Second external IP NET_EXT_IP2 =192.168.201.13 # Second external interface s gateway NET_EXT_GW2 =192.168.201.1 echo " Flushing All Tables " $IPTABLES -F $IPTABLES -F -t nat $IPTABLES -F -t mangle $IPTABLES -X -t nat $IPTABLES -X -t mangle $IPTABLES -X $IPTABLES -t mangle -N ETH1 $IPTABLES -t mangle -F ETH1 $IPTABLES -t mangle -A ETH1 -p tcp -j LOG -- log - prefix \ " MANGLE_ TCP_ ETH1 " $IPTABLES -t mangle -A ETH1 -p icmp -j LOG -- log - prefix \ " MANGLE_ ICMP_ ETH1 " $IPTABLES -t mangle -A ETH1 -j MARK -- set - mark 1 $IPTABLES -t mangle -N ETH2 $IPTABLES -t mangle -F ETH2 5

$IPTABLES -t mangle -A ETH2 -p tcp -j LOG -- log - prefix \ " MANGLE_ TCP_ ETH2 " $IPTABLES -t mangle -A ETH2 -p icmp -j LOG -- log - prefix \ " MANGLE_ ICMP_ ETH2 " $IPTABLES -t mangle -A ETH2 -j MARK -- set - mark 2 $IPTABLES -t nat -N SPOOF_ ETH1 $IPTABLES -t nat -F SPOOF_ ETH1 $IPTABLES -t nat -A SPOOF_ ETH1 -j LOG -- log - prefix \ " SPOOF_ ETH1 " $IPTABLES -t nat -A SPOOF_ ETH1 -j SNAT -- to - source \ 192.168.201.11 $IPTABLES -t nat -N SPOOF_ ETH2 $IPTABLES -t nat -F SPOOF_ ETH2 $IPTABLES -t nat -A SPOOF_ ETH2 -j LOG -- log - prefix \ " SPOOF_ ETH2 " $IPTABLES -t nat -A SPOOF_ ETH2 -j SNAT -- to - source \ 192.168.201.13 echo " Setting some local network rules..." $IPTABLES -A INPUT -p icmp -s 192. 168. 0. 0/ 24 -d 192. 168. 0. 1 \ -j ACCEPT echo " Setting Mangle rules for eth1..." $IPTABLES -t mangle -A OUTPUT -o! eth0 -m random -- average 50 \ -j ETH1 $IPTABLES -t mangle -A PREROUTING -i eth0 -m random -- average 50 \ -j ETH1 ip ro add table 10 default via 192. 168. 201. 1 dev eth1 ip ru add fwmark 1 table 10 ip ro fl ca echo " Setting Mangle rules for eth2..." $IPTABLES -t mangle -A OUTPUT -o! eth0 -m random -- average 50 \ -j ETH2 $IPTABLES -t mangle -A PREROUTING -i eth0 -m random -- average 50 \ -j ETH2 ip ro add table 20 default via 192. 168. 201. 1 dev eth2 ip ru add fwmark 2 table 20 6

ip ro fl ca echo " Setting up spoofing rules..." $IPTABLES -t nat -A POSTROUTING -o eth1 -j SPOOF_ ETH1 $IPTABLES -t nat -A POSTROUTING -o eth2 -j SPOOF_ ETH2 echo " Adding default route..." ip ro add default nexthop via 192. 168. 201. 1 dev eth1 weight 1 \ nexthop via 192. 168. 201. 1 dev eth2 weight 1 echo " Disabling Reverse Path Filtering..." echo 0> / proc / sys / net / ipv4 / conf / eth1 / rp_filter echo 0> / proc / sys / net / ipv4 / conf / eth2 / rp_filter echo " Enabling IPv4 Packet forwarding..." echo "1" > / proc / sys / net / ipv4 / ip_forward Run it. sh loadbalance. sh 1.9 Testing Add a default route for PC2 from PC1: route add default gw 192. 168. 0. 1 eth0 Ping the gateway IP address from PC1: ping 192. 168. 201. 1 You should see packets going out from eth1 and eth2. 2 Bibliography Hisham. Hisham Mardam Bey. July 26, 2004. Load Balancing across Multiple Links. http://www.linux.com.lb/wiki/index.pl?node=how-tos. Chris. Chris Lowth. April 1, 2004. The Hidden Treasures of iptables. http://www.linuxjournal.com/ article/7180. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information