在linux下实现双网接入技术的路由配置脚本

lishujin520

#!/bin/bash
IP0=
IP1=
GW0=
GW1=
NET0=
NET1=
DEV0=eth0
DEV1=eth1
# comment the next two line after first run this script.
echo 200 cernet >>/etc/iproute2/rt_tables
echo 210 chinanet >>/etc/iproute2/rt_tables
ip route add ${NET0} dev ${DEV0} src ${IP0} table cernet
ip route add default via ${GW0} table cernet
ip route add ${NET1} dev ${DEV1} src ${IP1} table chinanet
ip route add default via ${GW1} table chinanet
ip route add ${NET0} dev ${DEV0} src ${IP0}
ip route add ${NET1} dev ${DEV1} src ${IP1}
# delete old rule
ip rule del from ${IP0}
ip rule del from ${IP1}
# setup new rule
ip rule add from ${IP0} table cernet
ip rule add from ${IP1} table chinanet



脚本及策略路由技术：
#!/bin/sh
# IF1 是网通的网络接口
IF1="eth0"
# IF2 是内网的网络接口
IF2="eth2"
# IF0 是电信的网络接口
IF0="eth1"
# IP1 是网通的IP
IP1="221.8.60.54"
# IP2 是电信的IP
IP2="222.168.11.186"
# P1 是网通的网关
P1="221.8.60.53"
# P2 是电信的网关
P2="222.168.11.185"
# P1_NET 是网通的网段， 掩码30表示有分派了4个ip, 如果是8个ip就要写成29了。
P1_NET="221.8.60.52/30"
# P2_NET 为电信的网段
P2_NET="222.168.11.184/30"
# P0_NET 为内网网段
P0_NET="192.168.0.0/24"
# 设置基本的防火墙
echo "1" > /proc/sys/net/ipv4/ip_forward
echo 8000 > /proc/sys/net/ipv4/ip_conntrack_max
modprobe iptable_filter
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc
modprobe ipt_MASQUERADE
modprobe ipt_REJECT
modprobe ipt_limit
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF2 -j MASQUERADE
# 设置策略路由
ip route flush table T1
ip route flush table T2
ip rule list | grep T | while read line; do
    POS4=`echo $line | awk '{print $4}'`
    if [ "$POS4" = "to" ]
    then
        DST=`echo $line | awk '{print $5}'`
        RT=`echo $line | awk '{print $7}'`
        ip rule del to $DST table $RT
    fi
    if [ "$POS4" = "lookup" ]
    then
        src="/`echo" $line | awk '{print $3}'`
        RT=`echo $line | awk '{print $5}'`
        ip rule del from $SRC table $RT
    fi
done
if [ ! -z $IP1 ]
then
    ip route replace $P1_NET dev $IF1 src $IP1
    ip route add $P1_NET dev $IF1 src $IP1 table T1
    ip route add $P0_NET dev $IF0 table T1
    ip route add 127.0.0.0/8 dev lo table T1
    ip route add $P1_NET dev $IF1 table T2
    ip route replace default via $P1 dev $IF1 table T1
    ip rule add from $IP1 table T1
    WAN_RT1="nexthop via $P1 dev $IF1 weight 1"
fi
if [ ! -z $IP2 ]
then
    ip route replace $P2_NET dev $IF2 src $IP2
    ip route add $P2_NET dev $IF2 src $IP2 table T2
    ip route add $P0_NET dev $IF0 table T2
    ip route add 127.0.0.0/8 dev lo table T2
    ip route add $P2_NET dev $IF2 table T1
    ip route replace default via $P2 dev $IF2 table T2
    ip rule add from $IP2 table T2
    WAN_RT2="nexthop via $P2 dev $IF2 weight 1"
fi
WAN_RT3="$WAN_RT1 $WAN_RT2"
# 把网通作为默认网关
ip route replace default scope global $WAN_RT1
# 用两个网关做负载均衡
#ip route replace default equalize scope global $WAN_RT3
ip route flush cache
if [ -s /etc/ctc_1_net ]
then
    while read LINE
    do
        case $LINE in
        \#*) ;;
        *)
            ip rule add to $LINE table T2
            ;;
        esac
    done

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/45419/showart_356701.html