[转]Centos7移动电信双线实现

目标：路由器{Centos7}有两条宽带链路，想实现让电信IP走电信线路，移动IP走移动线路，同时移动的ip从电信线路过来的也正常。

1.首先从https://ip.cn/chnroutes.html 下载移动的路由表

wget  http://f.ip.cn/rt/isproutes-cmcc.txt   -o > /etc/misc/isproutes/isproutes-cmcc.txt

2.把这个表转成ipset

#!/bin/bash
rulefile="/tmp/ipset_cmcc.rule"
rm -rf $rulefile
echo "" > $rulefile
isExit=`ipset list cmcc | grep 'Name: cmcc' | wc -l`
if [  "$isExit" == "1" ]; then
   echo "flush cmcc " >>$rulefile
else
   echo "create cmcc hash:net family inet hashsize 4096 maxelem 65536" >>$rulefile
fi
 
ip_tmp_file='/etc/misc/isproutes/isproutes-cmcc.txt'
cat $ip_tmp_file | grep -v "#" | while read line
do
        echo  "add cmcc $line"  >>$rulefile
done
ipset restore <$rulefile

3.iptable 的mangle 表加上以下规则

*mangle
#来自电信的线路的要新建的连接打个mark成200,
iptables -t mangle -I  PREROUTING -i ppp0 -p tcp   -m state --state NEW  -j MARK --set-xmark 0xc8/0xfffff
# 同时把这个mark保存到连接中，
-A PREROUTING -p tcp -m mark --mark 0xc8 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
#把mark从连接上恢复到每一个连接包中
-A PREROUTING -p tcp -m connmark --mark 0xc8 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -p tcp -m mark --mark 0xc8 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
 
#没有打过Mark才进行根据地址来打Mark, 防止访问电信的线路的服务返回时走了移动的线路
-A PREROUTING -m set --match-set cmcc dst -m mark --mark 0x0 -j MARK --set-xmark 0x64/0xffffffff
-A OUTPUT -m set --match-set cmcc dst -m mark --mark 0x0 -j MARK --set-xmark 0x64/0xffffffff
 
COMMIT

4.增加路由表

echo "100 ctc" >> /etc/iproute2/rt_tables
echo "200 cmcc" >> /etc/iproute2/rt_tables

5.增加策略路由

inetip=`ifconfig ppp1 | grep inet | awk '{print $2}'`
if [ "$inetip" == "" -o "${inetip:0:3}" != "172" ]; then 
 echo "it not cmcc ppp"
 exit
fi
 
inetgw=`ifconfig ppp1 | grep inet | awk '{print $6}'`
 
if [ "$inetgw" == "" ]; then 
 exit
fi
 
ip route flush table cmcc
ip route replace default scope global dev ppp0
 
ip rule del lookup cmcc
ip rule del lookup cmcc
 
ip rule add from $inetip lookup cmcc
ip rule add fwmark 100 lookup cmcc
 
ip route add default via $inetgw  dev ppp1 proto static table cmcc
ip route flush cach
sysctl net.ipv4.conf.ppp1.rp_filter=2

6.在/etc/sysconfig/network-scripts/ifup-post, 文件结束前，增加几行，以拔号后自动加上策略路由

if [ "ppp1" == "${DEVICE}" ]; then
 
    net_log " ${DEVICE}  is UP need add customized route for cmcc"
    /etc/misc/add_rule_to_cmcc.sh >  /var/log/add_route_to_cmcc.log 2>&1
      
fi