Balanceamento de Links no Debian Squeeze

E ai galera, aqui eu vou abordar o balanceamento de links com 2 links.

O que vou utilizar:

  • Nome do servidor: debian
  • Interface local: eth0
    • ip lan: 192.168.1.8/24
  • Interface link1: eth1
    • ip link1: 200.0.10.2/28
    • gw link1: 200.0.10.1
    • tabela: link1
    • velocidade: 10MB
  • Interface link2: eth2
    • ip link2: 200.0.20.2/28
    • gw link2: 200.0.20.1
    • tabela: link2
    • velocidade: 10MB
  • Nome do cliente: centos
  • Interface local: eth0
    • ip lan: 192.168.1.7/24
    • gw: 192.168.1.8

Prepare o seu sistema com o seguinte script http://wiki.douglasqsantos.com.br/doku.php/confinicialsqueeze_en para que não falte nenhum pacote ou configuração.

Vamos a configuração do arquivo interfaces do servidor Debian

#Interface de loopback
auto lo
iface lo inet loopback

#Interface da lan
auto eth0
iface eth0 inet static
        address 192.168.1.8
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255


#Interface do link1
auto eth1
iface eth1 inet static
        address 200.0.10.2
        netmask 255.255.255.240
        network 200.0.10.0
        broadcast 200.0.10.15


#Interface do link2
auto eth2
iface eth2 inet static
        address 200.0.20.2
        netmask 255.255.255.240
        network 200.0.20.0
        broadcast 200.0.20.15

Agora reinicie o servidor para ele carregar as novas configurações de rede.

reboot

Agora vamos testar os links com o ping, primeiro vamos testar o link1 vamos pingar no gw dele

ping -I eth1 200.0.10.1 -c 2
PING 200.0.10.1 (200.0.10.1) from 200.0.10.2 eth1: 56(84) bytes of data.
64 bytes from 200.0.10.1: icmp_req=1 ttl=64 time=0.234 ms
64 bytes from 200.0.10.1: icmp_req=2 ttl=64 time=0.189 ms

--- 200.0.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.189/0.211/0.234/0.026 ms

Agora vamos testar o link2, vamos pingar o gw dele

ping -I eth2 200.0.20.1 -c 2
PING 200.0.20.1 (200.0.20.1) from 200.0.20.2 eth2: 56(84) bytes of data.
64 bytes from 200.0.20.1: icmp_req=1 ttl=64 time=3.48 ms
64 bytes from 200.0.20.1: icmp_req=2 ttl=64 time=0.200 ms

--- 200.0.20.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.200/1.843/3.487/1.644 ms

Agora vamos criar uma tabela de roteamento para cada link

echo 10 link1 >> /etc/iproute2/rt_tables
echo 20 link2 >> /etc/iproute2/rt_tables

Agora vamos adicionar a rota para a rede 200.0.10.0/28 na tabela de link1

ip route add 200.0.10.0/28 dev eth1 src 200.0.10.2 table link1

Agora vamos definir a rota padrão para o link1

ip route add default via 200.0.10.1 table link1

Agora vamos listar as regras da tabela do link1

ip route list table link1
200.0.10.0/28 dev eth1  scope link  src 200.0.10.2 
default via 200.0.10.1 dev eth1 

Agora vamos adicionar a rota para a rede 200.0.20.0/24 na tabela de link2

ip route add 200.0.20.0/28 dev eth2 src 200.0.20.2 table link2

Agora vamos definir a rota padrão para o link2

ip route add default via 200.0.20.1 table link2

Agora vamos listar as regras da tabela do link2

ip route list table link2
200.0.20.0/28 dev eth2  scope link  src 200.0.20.2 
default via 200.0.20.1 dev eth2 

Agora vamos mandar remover a rota padrão caso haja alguma

route del default

Agora devemos acrescentar as regras das rotas adicionadas que são 200.0.10.2 no link1 e 200.0.20.2 no link2

ip rule add from 200.0.10.2 table link1
ip rule add from 200.0.20.2 table link2

Agora vamos listar as rules

ip rule list
0:  from all lookup local 
32764:  from 200.0.20.2 lookup link2 
32765:  from 200.0.10.2 lookup link1 
32766:  from all lookup main 
32767:  from all lookup default

Agora precisamos inserir regras para as nossas redes interna, link2 e lo passar pelo link1

ip route add 192.168.1.0/24 dev eth0 table link1
ip route add 200.0.20.0/28 dev eth2 table link1
ip route add 127.0.0.0/8 dev lo table link1

Agora precisamos inserir regras para as nossas redes interna, link1 e lo passar pelo link2

ip route add 192.168.1.0/24 dev eth0 table link2
ip route add 200.0.10.0/28 dev eth1 table link2
ip route add 127.0.0.0/8 dev lo table link2

Agora vamos listar a tabela de roteamento do link1

ip route list table link1
200.0.20.0/28 dev eth2  scope link 
200.0.10.0/28 dev eth1  scope link  src 200.0.10.2 
192.168.1.0/24 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 200.0.10.1 dev eth1 

Agora vamos listar a tabela de roteamento do link2

ip route list table link2
200.0.20.0/28 dev eth2  scope link  src 200.0.20.2 
200.0.10.0/28 dev eth1  scope link 
192.168.1.0/24 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 200.0.20.1 dev eth2 

Agora vamos fazer o balanceamento, aqui vou levar em consideração que os dois links são de 10MB. Aqui vamos especificar que o link é um para um, ou seja, 50% do tráfego será enviado para cada link.

ip route add default nexthop via 200.0.10.1 dev eth1 weight 1 nexthop via 200.0.20.1 dev eth2 weight 1

Agora vamos listar as rotas do nosso servidor

ip route list
200.0.20.0/28 dev eth2  proto kernel  scope link  src 200.0.20.2 
200.0.10.0/28 dev eth1  proto kernel  scope link  src 200.0.10.2 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.8 
default 
  nexthop via 200.0.10.1  dev eth1 weight 1
  nexthop via 200.0.20.1  dev eth2 weight 1

Agora precisamos habilitar o roteamento neste servidor

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf

Agora vamos ativar o roteamento no kernel

sysctl -p
net.ipv4.ip_forward = 1

Agora vamos mascarar os pacotes da nossa lan

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

Agora no servidor Debian vamos deixar o tcpdump monitorando o protocolo icmp que vamos utilizar para testar pelo cliente CentOS

tcpdump -i any proto 'ICMP'

Agora no cliente CentOS vamos enviar 10 pings para o site do terra

ping www.terra.com.br -c 10
PING www.terra.com.br (200.154.56.80) 56(84) bytes of data.
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=1 ttl=53 time=20.0 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=2 ttl=53 time=19.2 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=3 ttl=53 time=18.9 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=4 ttl=53 time=19.2 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=5 ttl=53 time=19.0 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=6 ttl=53 time=18.9 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=7 ttl=53 time=20.3 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=8 ttl=53 time=19.0 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=9 ttl=53 time=18.5 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_seq=10 ttl=53 time=18.2 ms

--- www.terra.com.br ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9031ms
rtt min/avg/max/mdev = 18.231/19.163/20.386/0.610 ms

Agora vamos observar no servidor o que temos de pacotes

tcpdump -i any proto 'ICMP'
21:26:24.730134 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 1, length 64
21:26:24.749792 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 1, length 64
21:26:24.749819 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 1, length 64
21:26:25.732620 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 2, length 64
21:26:25.732646 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 2, length 64
21:26:25.751474 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 2, length 64
21:26:25.751491 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 2, length 64
21:26:26.734532 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 3, length 64
21:26:26.734562 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 3, length 64
21:26:26.753095 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 3, length 64
21:26:26.753111 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 3, length 64
21:26:27.731378 IP 192.168.1.8 > 192.168.1.8: ICMP host 192.168.1.1 unreachable, length 80
21:26:27.735341 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 4, length 64
21:26:27.735355 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 4, length 64
21:26:27.754180 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 4, length 64
21:26:27.754209 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 4, length 64
21:26:28.738548 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 5, length 64
21:26:28.738579 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 5, length 64
21:26:28.757161 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 5, length 64
21:26:28.757187 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 5, length 64
21:26:29.739691 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 6, length 64
21:26:29.739709 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 6, length 64
21:26:29.758295 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 6, length 64
21:26:29.758325 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 6, length 64
21:26:30.741639 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 7, length 64
21:26:30.741668 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 7, length 64
21:26:30.761568 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 7, length 64
21:26:30.761594 IP 200.154.56.80 > 192.168.1.7: ICMP echo reply, id 48132, seq 7, length 64
21:26:31.743249 IP 192.168.1.7 > 200.154.56.80: ICMP echo request, id 48132, seq 8, length 64
21:26:31.743273 IP 200.0.10.2 > 200.154.56.80: ICMP echo request, id 48132, seq 8, length 64

Note que os pacotes de icmp saíram pelo link1 200.0.10.2.

Agora no servidor Debian vamos mandar monitorar a porta 110

tcpdump -i any port 110 -n -vv
[...]

Agora no cliente CentOS vamos mandar efetuar uma conexão na porta 110

telnet mail.douglasqsantos.com.br 110
Trying 186.233.144.40...
Connected to mail.douglasqsantos.com.br.
Escape character is '^]'.
+OK <14404.1359329341@mail03.centralserver.com.br>
user douglas@douglasqsantos.com.br
+OK 
pass SENHA
+OK 
list 
+OK 
1 7866
2 2382
.
retr 1
+OK 
[...]

Agora vamos ver no servidor o que foi gerado no tcpdump

tcpdump -i any port 110 -n -vv
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
21:29:01.390300 IP (tos 0x10, ttl 64, id 17022, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.7.48906 > 186.233.144.40.110: Flags [S], cksum 0x56e5 (correct), seq 2115852259, win 14600, options [mss 1460,sackOK,TS val 4003229 ecr 0,nop,wscale 5], length 0
21:29:01.391302 IP (tos 0x10, ttl 63, id 17022, offset 0, flags [DF], proto TCP (6), length 60)
    200.0.20.2.48906 > 186.233.144.40.110: Flags [S], cksum 0x3c92 (correct), seq 2115852259, win 14600, options [mss 1460,sackOK,TS val 4003229 ecr 0,nop,wscale 5], length 0
21:29:01.401329 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    186.233.144.40.110 > 200.0.20.2.48906: Flags [S.], cksum 0xbf88 (correct), seq 1426686398, ack 2115852260, win 5792, options [mss 1452,sackOK,TS val 3754944718 ecr 4003229,nop,wscale 7], length 0
21:29:01.401354 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    186.233.144.40.110 > 192.168.1.7.48906: Flags [S.], cksum 0xd9db (correct), seq 1426686398, ack 2115852260, win 5792, options [mss 1452,sackOK,TS val 3754944718 ecr 4003229,nop,wscale 7], length 0
21:29:01.401704 IP (tos 0x10, ttl 64, id 17023, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.7.48906 > 186.233.144.40.110: Flags [.], cksum 0x1d6b (correct), seq 1, ack 1, win 457, options [nop,nop,TS val 4003241 ecr 3754944718], length 0
21:29:01.401717 IP (tos 0x10, ttl 63, id 17023, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.48906 > 186.233.144.40.110: Flags [.], cksum 0x0318 (correct), seq 1, ack 1, win 457, options [nop,nop,TS val 4003241 ecr 3754944718], length 0
21:29:01.410518 IP (tos 0x0, ttl 56, id 26984, offset 0, flags [DF], proto TCP (6), length 104)
    186.233.144.40.110 > 200.0.20.2.48906: Flags [P.], cksum 0xb4a2 (correct), seq 1:53, ack 1, win 46, options [nop,nop,TS val 3754944727 ecr 4003241], length 52
21:29:01.410553 IP (tos 0x0, ttl 55, id 26984, offset 0, flags [DF], proto TCP (6), length 104)
    186.233.144.40.110 > 192.168.1.7.48906: Flags [P.], cksum 0xcef5 (correct), seq 1:53, ack 1, win 46, options [nop,nop,TS val 3754944727 ecr 4003241], length 52
21:29:01.410911 IP (tos 0x10, ttl 64, id 17024, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.7.48906 > 186.233.144.40.110: Flags [.], cksum 0x1d25 (correct), seq 1, ack 53, win 457, options [nop,nop,TS val 4003250 ecr 3754944727], length 0
[...]

Note que agora os pacotes saíram pelo link2 200.0.20.2

O nosso balanceamento com 2 links está funcionando

Agora precisamos criar um script para efetuar o balanceamento na inicialização do sistema

vim /etc/init.d/rc.lb
#!/bin/sh
#Autor: Douglas Q. dos Santos
#Data: 13/01/2013
#--------------------------------------------------------------------------
#Licença: http://creativecommons.org/licenses/by-sa/3.0/legalcode
#
#--------------------------------------------------------------------------
### BEGIN INIT INFO
# Provides:             rc.lb
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:
# Short-Description:    Balanceamento de Links
### END INIT INFO
### CORES UTILIZADAS NO SCRIPT ###
GREY="\033[01;30m"
RED="\033[01;31m"
GREEN="\033[01;32m"
YELLOW="\033[01;33m"
BLUE="\033[01;34m"
PURPLE="\033[01;35m"
CYAN="\033[01;36m"
WHITE="\033[01;37m"
CLOSE="\033[m"

# VARIAVEIS UTILIZADAS NO SCRIPT
IP="/sbin/ip"
ROUTE="/sbin/route"
IPTABLES="/sbin/iptables"
LO="127.0.0.0/8"
LAN="192.168.1.0/24"
INT_LAN="eth0"
LINK1="200.0.10.0/28"
IP_LINK1="200.0.10.2"
GW_LINK1="200.0.10.1"
INT_LINK1="eth1"
PESO_LINK1="1"
LINK2="200.0.20.0/28"
IP_LINK2="200.0.20.2"
GW_LINK2="200.0.20.1"
INT_LINK2="eth2"
PESO_LINK2="1"

case $1 in
  start)
    echo "${GREEN}[         INICIANDO O BALANCEAMENTO       ]${CLOSE}"

  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1

  # ADICIONANDO A ROTA DEFAULT DO LINK1
  ${IP} route add default via ${GW_LINK1} table link1

  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2

  # ADICIONANDO A ROTA DEFAULT DO LINK1
  ${IP} route add default via ${GW_LINK2} table link2


  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
  ${IP} rule add from ${IP_LINK1} table link1
  ${IP} rule add from ${IP_LINK2} table link2

  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
  ${IP} route add ${LAN} dev ${INT_LAN} table link1
  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
  ${IP} route add ${LO} dev lo table link1
  ${IP} route add ${LAN} dev ${INT_LAN} table link2
  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
  ${IP} route add ${LO} dev lo table link2


  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}

        # MASCARANDO A REDE
        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
   echo "${GREEN}[         BALANCEAMENTO INICIADO          ]${CLOSE}"

  ;;
  stop)
   echo "${RED}[         PARANDO BALANCEAMENTO       ]${CLOSE}";
   ${ROUTE} del default
   ${IP} route flush table link1
   ${IP} route flush table link2
   ${IP} rule del from ${IP_LINK1} table link1
   ${IP} rule del from ${IP_LINK2} table link2
   echo  "${RED}[         BALANCEAMENTO PARADO        ] ${CLOSE}";
  ;;
     restart)
     $0 stop
     $0 start
   ;;

  *)
   echo  "${RED}Opcoes Validas:(start|stop|restart)${CLOSE}"
  ;;
esac

Agora vamos dar permissão de execução para o script

chmod +x /etc/init.d/rc.lb

Agora vamos inserir o script na inicialização do sistema

insserv -f -v rc.lb 

Agora podemos parar o balanceamento da seguinte forma

/etc/init.d/rc.lb stop
[         PARANDO BALANCEAMENTO       ]
[         BALANCEAMENTO PARADO        ] 

Agora podemos iniciar o balanceamento da seguinte forma

/etc/init.d/rc.lb start
[         INICIANDO O BALANCEAMENTO       ]
[         BALANCEAMENTO INICIADO          ]

Marcação de pacotes para definir link de saída

Então galera, algumas pessoas me perguntão sobre a tal marcação de pacotes para saída por um determinado link utilizando balanceamento de link, então vocês vão notar bem simples.

Depois que já temos o balanceamento de link precisamos definir o que queremos mandar por qual link, isso nós podemos definir por ip de origem, protocolo, porta etc.

Vou pegar como exemplo 2 portas a porta 80 e a porta 587, que seria a saída web e a saída de email.

Vamos marcar os pacotes com o iptables utilizando a tabela manble.

iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/24 --dport 80 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/24 --dport 587 -j MARK --set-mark 2

Agora vamos listar as nossas regras da table mangle

iptables -t mangle -L  PREROUTING -n -v
Chain PREROUTING (policy ACCEPT 11 packets, 812 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:80 MARK set 0x1
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:587 MARK set 0x2

Note que agora temos a flags nos pacotes de porta 80 sendo 1 e flags nos pacotes de porta 587 sendo 2.

Agora precisamos avisar o iproute que os pacotes com a flag 1 vão para o link 1 e os pacotes com a flag 2 vão para o link 2, com isso vamos definir que os pacotes da porta 80 vão para o link 1 e os pacotes da porta 587 vão para o link2.

Vamos criar as regras

ip rule add fwmark 1 table link1
ip rule add fwmark 2 table link2

Agora vamos listar as regras do iproute

ip rule show
0:  from all lookup local 
32760:  from 200.0.20.2 lookup link2 
32761:  from 200.0.10.2 lookup link1 
32762:  from all fwmark 0x2 lookup link2 
32763:  from all fwmark 0x1 lookup link1 
32766:  from all lookup main 
32767:  from all lookup default 

Agora vamos limpar o cache das regras de roteamento

ip route flush cache

Vamos monitorar a porta 80 aqui no servidor

tcpdump -i any -n -v port 80
[...]

Agora vamos testar com o cliente Debian

Vamos atualizar os repositórios

aptitude update
Hit http://ftp.br.debian.org wheezy Release.gpg
Hit http://ftp.br.debian.org wheezy-proposed-updates Release.gpg
Hit http://ftp.br.debian.org wheezy Release
Hit http://ftp.br.debian.org wheezy-proposed-updates Release      
Hit http://ftp.br.debian.org wheezy/main Sources                  
Hit http://ftp.br.debian.org wheezy/contrib Sources               
Hit http://ftp.br.debian.org wheezy/non-free Sources              
Hit http://ftp.br.debian.org wheezy/main amd64 Packages           
Hit http://ftp.br.debian.org wheezy/contrib amd64 Packages        
Hit http://ftp.br.debian.org wheezy/non-free amd64 Packages       
Hit http://ftp.br.debian.org wheezy/contrib Translation-en        
Hit http://ftp.br.debian.org wheezy/main Translation-pt_BR        
Hit http://ftp.br.debian.org wheezy/main Translation-pt                              
Hit http://ftp.br.debian.org wheezy/main Translation-en                              
Hit http://ftp.br.debian.org wheezy/non-free Translation-en                          
Hit http://ftp.br.debian.org wheezy-proposed-updates/main Sources/DiffIndex          
Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Sources/DiffIndex       
Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Sources/DiffIndex      
Hit http://ftp.br.debian.org wheezy-proposed-updates/main amd64 Packages/DiffIndex   
Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib amd64 Packages/DiffIndex
Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free amd64 Packages/DiffIndex
Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Translation-en/DiffIndex
Hit http://ftp.br.debian.org wheezy-proposed-updates/main Translation-en/DiffIndex   
Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://security.debian.org wheezy/updates/non-free Sources
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://security.debian.org wheezy/updates/non-free Translation-en

Agora vamos analisar a saída do tcpdump

tcpdump -i any -n -v port 80
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
14:34:35.442253 IP (tos 0x0, ttl 64, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [S], cksum 0xd631 (correct), seq 3923346505, win 14600, options [mss 1460,sackOK,TS val 1603714 ecr 0,nop,wscale 3], length 0
14:34:35.442299 IP (tos 0x0, ttl 63, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [S], cksum 0xc5ed (correct), seq 3923346505, win 14600, options [mss 1460,sackOK,TS val 1603714 ecr 0,nop,wscale 3], length 0
14:34:35.449200 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    200.236.31.3.80 > 200.0.10.2.43022: Flags [S.], cksum 0x38c6 (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,sackOK,TS val 87587434 ecr 1603714,nop,wscale 8], length 0
14:34:35.449242 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    200.236.31.3.80 > 192.168.1.22.43022: Flags [S.], cksum 0x490a (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,sackOK,TS val 87587434 ecr 1603714,nop,wscale 8], length 0
14:34:35.449688 IP (tos 0x0, ttl 64, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [.], cksum 0xd988 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
14:34:35.449708 IP (tos 0x0, ttl 63, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [.], cksum 0xc944 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
14:34:35.450139 IP (tos 0x0, ttl 64, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xd61b (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
14:34:35.450157 IP (tos 0x0, ttl 63, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xc5d7 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
14:34:35.458226 IP (tos 0x0, ttl 57, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
    200.236.31.3.80 > 200.0.10.2.43022: Flags [.], cksum 0xcf1d (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
14:34:35.458257 IP (tos 0x0, ttl 56, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
    200.236.31.3.80 > 192.168.1.22.43022: Flags [.], cksum 0xdf61 (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
14:34:35.458992 IP (tos 0x0, ttl 57, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0x1132 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
14:34:35.459011 IP (tos 0x0, ttl 56, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0x2176 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
14:34:35.459292 IP (tos 0x0, ttl 64, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [.], cksum 0xd77b (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
14:34:35.459309 IP (tos 0x0, ttl 63, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [.], cksum 0xc737 (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
14:34:35.459896 IP (tos 0x0, ttl 64, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xfdf3 (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
14:34:35.459917 IP (tos 0x0, ttl 63, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xedaf (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
14:34:35.468337 IP (tos 0x0, ttl 57, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0xbe82 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
14:34:35.468369 IP (tos 0x0, ttl 56, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0xcec6 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
14:34:35.469012 IP (tos 0x0, ttl 64, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xf84a (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
14:34:35.469033 IP (tos 0x0, ttl 63, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xe806 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
14:34:35.480415 IP (tos 0x0, ttl 57, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0xc510 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
14:34:35.480442 IP (tos 0x0, ttl 56, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0xd554 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
14:34:35.490315 IP (tos 0x0, ttl 64, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0x5cd4 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1603726 ecr 87587437], length 246
14:34:35.490351 IP (tos 0x0, ttl 63, id 64721, offset 0, flags [DF], proto TCP (6), length 298)

Note que agora todas as saídas para a porta 80 saíram pelo link1.

Agora vamos testar a porta 587

Vamos monitorar a porta 587 no servidor

tcpdump -i any -n -v port 587

Agora no cliente vamos abrir uma conexão com o gmail.

telnet smtp.gmail.com 587
Trying 74.125.137.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP v22sm112112273yhn.12 - gsmtp
ehlo mx.google.com
250-mx.google.com at your service, [177.16.190.184]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 CHUNKING
quit
221 2.0.0 closing connection v22sm112112273yhn.12 - gsmtp
Connection closed by foreign host.

Agora vamos análisar os logs do tcpdump

tcpdump -i any -n -v port 587
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

14:37:21.324860 IP (tos 0x10, ttl 64, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [S], cksum 0x148a (correct), seq 1752499311, win 14600, options [mss 1460,sackOK,TS val 1645185 ecr 0,nop,wscale 3], length 0
14:37:21.325283 IP (tos 0x10, ttl 63, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [S], cksum 0xfa45 (correct), seq 1752499311, win 14600, options [mss 1460,sackOK,TS val 1645185 ecr 0,nop,wscale 3], length 0
14:37:21.469869 IP (tos 0x0, ttl 43, id 38060, offset 0, flags [none], proto TCP (6), length 60)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [S.], cksum 0x6150 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,sackOK,TS val 987682085 ecr 1645185,nop,wscale 6], length 0
14:37:21.469928 IP (tos 0x0, ttl 42, id 38060, offset 0, flags [none], proto TCP (6), length 60)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [S.], cksum 0x7b94 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,sackOK,TS val 987682085 ecr 1645185,nop,wscale 6], length 0
14:37:21.470429 IP (tos 0x10, ttl 64, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x4929 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
14:37:21.470452 IP (tos 0x10, ttl 63, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x2ee5 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
14:37:21.615668 IP (tos 0x0, ttl 44, id 38061, offset 0, flags [none], proto TCP (6), length 106)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x1524 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
14:37:21.615713 IP (tos 0x0, ttl 43, id 38061, offset 0, flags [none], proto TCP (6), length 106)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x2f68 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
14:37:21.616245 IP (tos 0x10, ttl 64, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x483d (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
14:37:21.616268 IP (tos 0x10, ttl 63, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x2df9 (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
14:37:27.637712 IP (tos 0x10, ttl 64, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [P.], cksum 0xe9b4 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
14:37:27.637757 IP (tos 0x10, ttl 63, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [P.], cksum 0xcf70 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
14:37:27.781158 IP (tos 0x0, ttl 44, id 38062, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [.], cksum 0x1475 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
14:37:27.781205 IP (tos 0x0, ttl 43, id 38062, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [.], cksum 0x2eb9 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
14:37:27.781648 IP (tos 0x0, ttl 44, id 38063, offset 0, flags [none], proto TCP (6), length 191)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x2633 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
14:37:27.781664 IP (tos 0x0, ttl 43, id 38063, offset 0, flags [none], proto TCP (6), length 191)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x4077 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
14:37:27.781967 IP (tos 0x10, ttl 64, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x28fc (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
14:37:27.781985 IP (tos 0x10, ttl 63, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x0eb8 (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
14:37:29.557360 IP (tos 0x10, ttl 64, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [P.], cksum 0x3f3e (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
14:37:29.557413 IP (tos 0x10, ttl 63, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [P.], cksum 0x24fa (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
14:37:29.702451 IP (tos 0x0, ttl 44, id 38064, offset 0, flags [none], proto TCP (6), length 111)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x50ba (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
14:37:29.702491 IP (tos 0x0, ttl 43, id 38064, offset 0, flags [none], proto TCP (6), length 111)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x6afe (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
14:37:29.703023 IP (tos 0x0, ttl 43, id 38065, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [F.], cksum 0x0a48 (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
14:37:29.703039 IP (tos 0x0, ttl 42, id 38065, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [F.], cksum 0x248c (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
14:37:29.703108 IP (tos 0x10, ttl 64, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x1f5b (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
14:37:29.703125 IP (tos 0x10, ttl 63, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x0517 (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
14:37:29.703566 IP (tos 0x10, ttl 64, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.22.56064 > 74.125.137.108.587: Flags [F.], cksum 0x1f58 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
14:37:29.703584 IP (tos 0x10, ttl 63, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
    200.0.20.2.56064 > 74.125.137.108.587: Flags [F.], cksum 0x0514 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
14:37:29.848099 IP (tos 0x0, ttl 43, id 38066, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 200.0.20.2.56064: Flags [.], cksum 0x0990 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
14:37:29.848141 IP (tos 0x0, ttl 42, id 38066, offset 0, flags [none], proto TCP (6), length 52)
    74.125.137.108.587 > 192.168.1.22.56064: Flags [.], cksum 0x23d4 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0

Agora note que a saída para a porta 587 foram pelo link2.

Tudo funcionando :D

Agora vamos ajustar o nosso script para ele trabalhar com o balanceamento de link porém com a marcação de pacotes para definirmos o link que ele vai sair.

vim /etc/init.d/rc.lb
#!/bin/sh
#Autor: Douglas Q. dos Santos
#Data: 30/09/2013
#--------------------------------------------------------------------------
#Licença: http://creativecommons.org/licenses/by-sa/3.0/legalcode
#
#--------------------------------------------------------------------------
### BEGIN INIT INFO
# Provides:             rc.lb
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:
# Short-Description:    Balanceamento de Links
### END INIT INFO
### CORES UTILIZADAS NO SCRIPT ###
GREY="\033[01;30m"
RED="\033[01;31m"
GREEN="\033[01;32m"
YELLOW="\033[01;33m"
BLUE="\033[01;34m"
PURPLE="\033[01;35m"
CYAN="\033[01;36m"
WHITE="\033[01;37m"
CLOSE="\033[m"

# VARIAVEIS UTILIZADAS NO SCRIPT
IP="/sbin/ip"
ROUTE="/sbin/route"
IPTABLES="/sbin/iptables"
PORTS_LINK1="/etc/iproute2/ports_link1"
PORTS_LINK2="/etc/iproute2/ports_link2"
LO="127.0.0.0/8"
LAN="192.168.1.0/24"
INT_LAN="eth0"
LINK1="200.0.10.0/28"
IP_LINK1="200.0.10.2"
GW_LINK1="200.0.10.1"
INT_LINK1="eth1"
PESO_LINK1="1"
LINK2="200.0.20.0/28"
IP_LINK2="200.0.20.2"
GW_LINK2="200.0.20.1"
INT_LINK2="eth2"
PESO_LINK2="1"

case $1 in
  start)
    echo "${GREEN}[         INICIANDO O BALANCEAMENTO       ]${CLOSE}"

  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1

  # ADICIONANDO A ROTA DEFAULT DO LINK1
  ${IP} route add default via ${GW_LINK1} table link1

  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2

  # ADICIONANDO A ROTA DEFAULT DO LINK1
  ${IP} route add default via ${GW_LINK2} table link2


  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
  ${IP} rule add from ${IP_LINK1} table link1
  ${IP} rule add from ${IP_LINK2} table link2

  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
  ${IP} route add ${LAN} dev ${INT_LAN} table link1
  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
  ${IP} route add ${LO} dev lo table link1
  ${IP} route add ${LAN} dev ${INT_LAN} table link2
  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
  ${IP} route add ${LO} dev lo table link2


  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}


        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK1
        for PORT in $(cat ${PORTS_LINK1}); do
        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
  done

        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK2
        for PORT in $(cat ${PORTS_LINK2}); do
        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
  done

        # ADICIONANDO REGRAS NO IPROUTE PARA RECONHECER AS MARCACOES FEITAS PELA TABLE MANGLE
  ${IP} rule add fwmark 1 table link1
  ${IP} rule add fwmark 2 table link2

        # MASCARANDO A REDE
        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
   echo "${GREEN}[         BALANCEAMENTO INICIADO          ]${CLOSE}"

  ;;
  stop)
   echo "${RED}[         PARANDO BALANCEAMENTO       ]${CLOSE}";
   ${ROUTE} del default
   ${IP} route flush table link1
   ${IP} route flush table link2
   ${IP} rule del from ${IP_LINK1} table link1
   ${IP} rule del from ${IP_LINK2} table link2
   ${IPTABLES} -t mangle -F
   ${IP} rule add fwmark 1 table link1
   ${IP} rule add fwmark 2 table link2
   echo  "${RED}[         BALANCEAMENTO PARADO        ] ${CLOSE}";
  ;;
     restart)
     $0 stop
     $0 start
   ;;

  *)
   echo  "${RED}Opcoes Validas:(start|stop|restart)${CLOSE}"
  ;;
esac

Agora vamos criar os arquivo que vão armazenar quais portas vão sair por quais links.

Vamos criar o arquivo que vai controlar quais portas vão sair pelo link1

vim /etc/iproute2/ports_link1
80
443
20
21

Vamos criar o arquivo que vai controlar quais portas vão sair pelo link2

cat /etc/iproute2/ports_link2
25
110
143
587
993
995

Agora vamos para o script de balanceamento

/etc/init.d/rc.lb stop
[         PARANDO BALANCEAMENTO       ]
[         BALANCEAMENTO PARADO        ] 

Agora vamos listar as regras do iproute

ip rule show
0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

Agora vamos listar as regras da table mangle

iptables -t mangle -L -n -v
Chain PREROUTING (policy ACCEPT 147 packets, 11496 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 147 packets, 11496 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 73 packets, 7540 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 73 packets, 7540 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Agora vamos subir o nosso balanceamento

/etc/init.d/rc.lb start
[         INICIANDO O BALANCEAMENTO       ]
[         BALANCEAMENTO INICIADO          ]

Agora vamos listas as regras do iproute

ip rule show
0:  from all lookup local 
32762:  from all fwmark 0x2 lookup link2 
32763:  from all fwmark 0x1 lookup link1 
32764:  from 200.0.20.2 lookup link2 
32765:  from 200.0.10.2 lookup link1 
32766:  from all lookup main 
32767:  from all lookup default

Agora vamos analisar as regras da table mangle

iptables -t mangle -L -n -v
Chain PREROUTING (policy ACCEPT 130 packets, 10960 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:80 /* LINK 1 */ MARK set 0x1
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:443 /* LINK 1 */ MARK set 0x1
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:20 /* LINK 1 */ MARK set 0x1
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:21 /* LINK 1 */ MARK set 0x1
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:25 /* LINK 2 */ MARK set 0x2
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:110 /* LINK 2 */ MARK set 0x2
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:143 /* LINK 2 */ MARK set 0x2
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:587 /* LINK 2 */ MARK set 0x2
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:993 /* LINK 2 */ MARK set 0x2
    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/0            tcp dpt:995 /* LINK 2 */ MARK set 0x2

Chain INPUT (policy ACCEPT 130 packets, 10960 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 59 packets, 6316 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 59 packets, 6316 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Note que temos as marcações da porta 80 e 443 para sair pelo link 1 e as portas 25,110,143,587,993 e 995 vão sair pelo link2.