Differences

This shows you the differences between two versions of the page.

Link to this comparison view

balanceamento_de_links_no_debian_squeeze_pt_br [2017/09/05 12:18] (current)
Line 1: Line 1:
 +====== Balanceamento de Links no Debian Squeeze ​ ======
 +
 +E ai galera, aqui eu vou abordar o balanceamento de links com 2 links.
 +
 +O que vou utilizar:
 +
 +  * **Nome do servidor:** debian
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.8/​24
 +  * **Interface link1:** eth1
 +    * **ip link1:** 200.0.10.2/​28
 +    * **gw link1:** 200.0.10.1
 +    * **tabela:** link1
 +    * **velocidade:​** 10MB
 +  * **Interface link2:** eth2
 +    * **ip link2:** 200.0.20.2/​28
 +    * **gw link2:** 200.0.20.1
 +    * **tabela:** link2
 +    * **velocidade:​** 10MB
 +
 +  * **Nome do cliente:** centos
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.7/​24
 +    * **gw:** 192.168.1.8
 +
 +Prepare o seu sistema com o seguinte script http://​wiki.douglasqsantos.com.br/​doku.php/​confinicialsqueeze_en para que não falte nenhum pacote ou configuração.
 +
 +
 +Vamos a configuração do arquivo interfaces do servidor Debian
 +<sxh bash>
 +#Interface de loopback
 +auto lo
 +iface lo inet loopback
 +
 +#Interface da lan
 +auto eth0
 +iface eth0 inet static
 +        address 192.168.1.8
 +        netmask 255.255.255.0
 +        network 192.168.1.0
 +        broadcast 192.168.1.255
 +
 +
 +#Interface do link1
 +auto eth1
 +iface eth1 inet static
 +        address 200.0.10.2
 +        netmask 255.255.255.240
 +        network 200.0.10.0
 +        broadcast 200.0.10.15
 +
 +
 +#Interface do link2
 +auto eth2
 +iface eth2 inet static
 +        address 200.0.20.2
 +        netmask 255.255.255.240
 +        network 200.0.20.0
 +        broadcast 200.0.20.15
 +
 +</​sxh>​
 +
 +Agora reinicie o servidor para ele carregar as novas configurações de rede.
 +<sxh bash>
 +reboot
 +</​sxh>​
 +
 +
 +Agora vamos testar os links com o ping, primeiro vamos testar o link1 vamos pingar no gw dele
 +<sxh bash>
 +ping -I eth1 200.0.10.1 -c 2
 +PING 200.0.10.1 (200.0.10.1) from 200.0.10.2 eth1: 56(84) bytes of data.
 +64 bytes from 200.0.10.1: icmp_req=1 ttl=64 time=0.234 ms
 +64 bytes from 200.0.10.1: icmp_req=2 ttl=64 time=0.189 ms
 +
 +--- 200.0.10.1 ping statistics ---
 +2 packets transmitted,​ 2 received, 0% packet loss, time 999ms
 +rtt min/​avg/​max/​mdev = 0.189/​0.211/​0.234/​0.026 ms
 +</​sxh>​
 +
 +Agora vamos testar o link2, vamos pingar o gw dele
 +<sxh bash>
 +ping -I eth2 200.0.20.1 -c 2
 +PING 200.0.20.1 (200.0.20.1) from 200.0.20.2 eth2: 56(84) bytes of data.
 +64 bytes from 200.0.20.1: icmp_req=1 ttl=64 time=3.48 ms
 +64 bytes from 200.0.20.1: icmp_req=2 ttl=64 time=0.200 ms
 +
 +--- 200.0.20.1 ping statistics ---
 +2 packets transmitted,​ 2 received, 0% packet loss, time 1002ms
 +rtt min/​avg/​max/​mdev = 0.200/​1.843/​3.487/​1.644 ms
 +</​sxh>​
 +
 +
 +Agora vamos criar uma tabela de roteamento para cada link
 +<sxh bash>
 +echo 10 link1 >> /​etc/​iproute2/​rt_tables
 +echo 20 link2 >> /​etc/​iproute2/​rt_tables
 +</​sxh>​
 +
 +
 +Agora vamos adicionar a rota para a rede 200.0.10.0/​28 na tabela de link1
 +<sxh bash>
 +ip route add 200.0.10.0/​28 dev eth1 src 200.0.10.2 table link1
 +</​sxh>​
 +
 +Agora vamos definir a rota padrão para o link1
 +<sxh bash>
 +ip route add default via 200.0.10.1 table link1
 +</​sxh>​
 +
 +Agora vamos listar as regras da tabela do link1
 +<sxh bash>
 +ip route list table link1
 +200.0.10.0/​28 dev eth1  scope link  src 200.0.10.2 ​
 +default via 200.0.10.1 dev eth1 
 +</​sxh>​
 +
 +Agora vamos adicionar a rota para a rede 200.0.20.0/​24 na tabela de link2
 +<sxh bash>
 +ip route add 200.0.20.0/​28 dev eth2 src 200.0.20.2 table link2
 +</​sxh>​
 +
 +Agora vamos definir a rota padrão para o link2
 +<sxh bash>
 +ip route add default via 200.0.20.1 table link2
 +</​sxh>​
 +
 +Agora vamos listar as regras da tabela do link2
 +<sxh bash>
 +ip route list table link2
 +200.0.20.0/​28 dev eth2  scope link  src 200.0.20.2 ​
 +default via 200.0.20.1 dev eth2 
 +</​sxh>​
 +
 +Agora vamos mandar remover a rota padrão caso haja alguma
 +<sxh bash>
 +route del default
 +</​sxh>​
 +
 +Agora devemos acrescentar as regras das rotas adicionadas que são 200.0.10.2 no link1 e 200.0.20.2 no link2
 +<sxh bash>
 +ip rule add from 200.0.10.2 table link1
 +ip rule add from 200.0.20.2 table link2
 +</​sxh>​
 +
 +Agora vamos listar as rules
 +<sxh bash>
 +ip rule list
 +0:  from all lookup local 
 +32764: ​ from 200.0.20.2 lookup link2 
 +32765: ​ from 200.0.10.2 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora precisamos inserir regras para as nossas redes interna, link2 e lo passar pelo link1
 +<sxh bash>
 +ip route add 192.168.1.0/​24 dev eth0 table link1
 +ip route add 200.0.20.0/​28 dev eth2 table link1
 +ip route add 127.0.0.0/8 dev lo table link1
 +</​sxh>​
 +
 +Agora precisamos inserir regras para as nossas redes interna, link1 e lo passar pelo link2
 +<sxh bash>
 +ip route add 192.168.1.0/​24 dev eth0 table link2
 +ip route add 200.0.10.0/​28 dev eth1 table link2
 +ip route add 127.0.0.0/8 dev lo table link2
 +</​sxh>​
 +
 +Agora vamos listar a tabela de roteamento do link1
 +<sxh bash>
 +ip route list table link1
 +200.0.20.0/​28 dev eth2  scope link 
 +200.0.10.0/​28 dev eth1  scope link  src 200.0.10.2 ​
 +192.168.1.0/​24 dev eth0  scope link 
 +127.0.0.0/8 dev lo  scope link 
 +default via 200.0.10.1 dev eth1 
 +</​sxh>​
 +
 +
 +Agora vamos listar a tabela de roteamento do link2
 +<sxh bash>
 +ip route list table link2
 +200.0.20.0/​28 dev eth2  scope link  src 200.0.20.2 ​
 +200.0.10.0/​28 dev eth1  scope link 
 +192.168.1.0/​24 dev eth0  scope link 
 +127.0.0.0/8 dev lo  scope link 
 +default via 200.0.20.1 dev eth2 
 +</​sxh>​
 +
 +Agora vamos fazer o balanceamento,​ aqui vou levar em consideração que os dois links são de 10MB. Aqui vamos especificar que o link é um para um, ou seja, 50% do tráfego será enviado para cada link.
 +<sxh bash>
 +ip route add default nexthop via 200.0.10.1 dev eth1 weight 1 nexthop via 200.0.20.1 dev eth2 weight 1
 +</​sxh>​
 +
 +Agora vamos listar as rotas do nosso servidor
 +<sxh bash>
 +ip route list
 +200.0.20.0/​28 dev eth2  proto kernel ​ scope link  src 200.0.20.2 ​
 +200.0.10.0/​28 dev eth1  proto kernel ​ scope link  src 200.0.10.2 ​
 +192.168.1.0/​24 dev eth0  proto kernel ​ scope link  src 192.168.1.8 ​
 +default ​
 +  nexthop via 200.0.10.1 ​ dev eth1 weight 1
 +  nexthop via 200.0.20.1 ​ dev eth2 weight 1
 +</​sxh>​
 +
 +Agora precisamos habilitar o roteamento neste servidor
 +<sxh bash>
 +sed -i '​s/#​net.ipv4.ip_forward=1/​net.ipv4.ip_forward=1/​g'​ /​etc/​sysctl.conf
 +</​sxh>​
 +
 +Agora vamos ativar o roteamento no kernel
 +<sxh bash>
 +sysctl -p
 +net.ipv4.ip_forward = 1
 +</​sxh>​
 +
 +Agora vamos mascarar os pacotes da nossa lan
 +<sxh bash>
 +iptables -t nat -A POSTROUTING -s 192.168.1.0/​24 -j MASQUERADE
 +</​sxh>​
 +
 +Agora no servidor Debian vamos deixar o tcpdump monitorando o protocolo icmp que vamos utilizar para testar pelo cliente CentOS
 +<sxh bash>
 +tcpdump -i any proto '​ICMP'​
 +</​sxh>​
 +
 +Agora no cliente CentOS vamos enviar 10 pings para o site do terra
 +<sxh bash>
 +ping www.terra.com.br -c 10
 +PING www.terra.com.br (200.154.56.80) 56(84) bytes of data.
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=1 ttl=53 time=20.0 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=2 ttl=53 time=19.2 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=3 ttl=53 time=18.9 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=4 ttl=53 time=19.2 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=5 ttl=53 time=19.0 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=6 ttl=53 time=18.9 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=7 ttl=53 time=20.3 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=8 ttl=53 time=19.0 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=9 ttl=53 time=18.5 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_seq=10 ttl=53 time=18.2 ms
 +
 +--- www.terra.com.br ping statistics ---
 +10 packets transmitted,​ 10 received, 0% packet loss, time 9031ms
 +rtt min/​avg/​max/​mdev = 18.231/​19.163/​20.386/​0.610 ms
 +</​sxh>​
 +
 +Agora vamos observar no servidor o que temos de pacotes
 +<sxh bash>
 +tcpdump -i any proto '​ICMP'​
 +21:​26:​24.730134 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 1, length 64
 +21:​26:​24.749792 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 1, length 64
 +21:​26:​24.749819 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 1, length 64
 +21:​26:​25.732620 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 2, length 64
 +21:​26:​25.732646 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 2, length 64
 +21:​26:​25.751474 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 2, length 64
 +21:​26:​25.751491 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 2, length 64
 +21:​26:​26.734532 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 3, length 64
 +21:​26:​26.734562 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 3, length 64
 +21:​26:​26.753095 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 3, length 64
 +21:​26:​26.753111 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 3, length 64
 +21:​26:​27.731378 IP 192.168.1.8 > 192.168.1.8:​ ICMP host 192.168.1.1 unreachable,​ length 80
 +21:​26:​27.735341 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 4, length 64
 +21:​26:​27.735355 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 4, length 64
 +21:​26:​27.754180 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 4, length 64
 +21:​26:​27.754209 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 4, length 64
 +21:​26:​28.738548 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 5, length 64
 +21:​26:​28.738579 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 5, length 64
 +21:​26:​28.757161 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 5, length 64
 +21:​26:​28.757187 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 5, length 64
 +21:​26:​29.739691 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 6, length 64
 +21:​26:​29.739709 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 6, length 64
 +21:​26:​29.758295 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 6, length 64
 +21:​26:​29.758325 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 6, length 64
 +21:​26:​30.741639 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 7, length 64
 +21:​26:​30.741668 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 7, length 64
 +21:​26:​30.761568 IP 200.154.56.80 > 200.0.10.2: ICMP echo reply, id 48132, seq 7, length 64
 +21:​26:​30.761594 IP 200.154.56.80 > 192.168.1.7:​ ICMP echo reply, id 48132, seq 7, length 64
 +21:​26:​31.743249 IP 192.168.1.7 > 200.154.56.80:​ ICMP echo request, id 48132, seq 8, length 64
 +21:​26:​31.743273 IP 200.0.10.2 > 200.154.56.80:​ ICMP echo request, id 48132, seq 8, length 64
 +</​sxh>​
 +
 +Note que os pacotes de icmp saíram pelo link1 200.0.10.2.
 +
 +Agora no servidor Debian vamos mandar monitorar a porta 110
 +<sxh bash>
 +tcpdump -i any port 110 -n -vv
 +[...]
 +</​sxh>​
 +
 +Agora no cliente CentOS vamos mandar efetuar uma conexão na porta 110
 +<sxh bash>
 +telnet mail.douglasqsantos.com.br 110
 +Trying 186.233.144.40...
 +Connected to mail.douglasqsantos.com.br.
 +Escape character is '​^]'​.
 ++OK <​14404.1359329341@mail03.centralserver.com.br>​
 +user douglas@douglasqsantos.com.br
 ++OK 
 +pass SENHA
 ++OK 
 +list 
 ++OK 
 +1 7866
 +2 2382
 +.
 +retr 1
 ++OK 
 +[...]
 +</​sxh>​
 +
 +
 +Agora vamos ver no servidor o que foi gerado no tcpdump
 +<sxh bash>
 +tcpdump -i any port 110 -n -vv
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +21:​29:​01.390300 IP (tos 0x10, ttl 64, id 17022, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.7.48906 > 186.233.144.40.110:​ Flags [S], cksum 0x56e5 (correct), seq 2115852259, win 14600, options [mss 1460,​sackOK,​TS val 4003229 ecr 0,​nop,​wscale 5], length 0
 +21:​29:​01.391302 IP (tos 0x10, ttl 63, id 17022, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.48906 > 186.233.144.40.110:​ Flags [S], cksum 0x3c92 (correct), seq 2115852259, win 14600, options [mss 1460,​sackOK,​TS val 4003229 ecr 0,​nop,​wscale 5], length 0
 +21:​29:​01.401329 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    186.233.144.40.110 > 200.0.20.2.48906:​ Flags [S.], cksum 0xbf88 (correct), seq 1426686398, ack 2115852260, win 5792, options [mss 1452,​sackOK,​TS val 3754944718 ecr 4003229,​nop,​wscale 7], length 0
 +21:​29:​01.401354 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    186.233.144.40.110 > 192.168.1.7.48906:​ Flags [S.], cksum 0xd9db (correct), seq 1426686398, ack 2115852260, win 5792, options [mss 1452,​sackOK,​TS val 3754944718 ecr 4003229,​nop,​wscale 7], length 0
 +21:​29:​01.401704 IP (tos 0x10, ttl 64, id 17023, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.7.48906 > 186.233.144.40.110:​ Flags [.], cksum 0x1d6b (correct), seq 1, ack 1, win 457, options [nop,nop,TS val 4003241 ecr 3754944718],​ length 0
 +21:​29:​01.401717 IP (tos 0x10, ttl 63, id 17023, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.48906 > 186.233.144.40.110:​ Flags [.], cksum 0x0318 (correct), seq 1, ack 1, win 457, options [nop,nop,TS val 4003241 ecr 3754944718],​ length 0
 +21:​29:​01.410518 IP (tos 0x0, ttl 56, id 26984, offset 0, flags [DF], proto TCP (6), length 104)
 +    186.233.144.40.110 > 200.0.20.2.48906:​ Flags [P.], cksum 0xb4a2 (correct), seq 1:53, ack 1, win 46, options [nop,nop,TS val 3754944727 ecr 4003241], length 52
 +21:​29:​01.410553 IP (tos 0x0, ttl 55, id 26984, offset 0, flags [DF], proto TCP (6), length 104)
 +    186.233.144.40.110 > 192.168.1.7.48906:​ Flags [P.], cksum 0xcef5 (correct), seq 1:53, ack 1, win 46, options [nop,nop,TS val 3754944727 ecr 4003241], length 52
 +21:​29:​01.410911 IP (tos 0x10, ttl 64, id 17024, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.7.48906 > 186.233.144.40.110:​ Flags [.], cksum 0x1d25 (correct), seq 1, ack 53, win 457, options [nop,nop,TS val 4003250 ecr 3754944727],​ length 0
 +[...]
 +</​sxh>​
 +
 +Note que agora os pacotes saíram pelo link2 200.0.20.2 ​
 +
 +O nosso balanceamento com 2 links está funcionando ​
 +
 +Agora precisamos criar um script para efetuar o balanceamento na inicialização do sistema
 +<sxh bash>
 +vim /​etc/​init.d/​rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 13/01/2013
 +#​--------------------------------------------------------------------------
 +#Licença: http://​creativecommons.org/​licenses/​by-sa/​3.0/​legalcode
 +#
 +#​--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides: ​            rc.lb
 +# Required-Start: ​      ​$remote_fs $syslog
 +# Required-Stop: ​       $remote_fs $syslog
 +# Default-Start: ​       2 3 4 5
 +# Default-Stop:​
 +# Short-Description: ​   Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="​\033[01;​30m"​
 +RED="​\033[01;​31m"​
 +GREEN="​\033[01;​32m"​
 +YELLOW="​\033[01;​33m"​
 +BLUE="​\033[01;​34m"​
 +PURPLE="​\033[01;​35m"​
 +CYAN="​\033[01;​36m"​
 +WHITE="​\033[01;​37m"​
 +CLOSE="​\033[m"​
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/​sbin/​ip"​
 +ROUTE="/​sbin/​route"​
 +IPTABLES="/​sbin/​iptables"​
 +LO="​127.0.0.0/​8"​
 +LAN="​192.168.1.0/​24"​
 +INT_LAN="​eth0"​
 +LINK1="​200.0.10.0/​28"​
 +IP_LINK1="​200.0.10.2"​
 +GW_LINK1="​200.0.10.1"​
 +INT_LINK1="​eth1"​
 +PESO_LINK1="​1"​
 +LINK2="​200.0.20.0/​28"​
 +IP_LINK2="​200.0.20.2"​
 +GW_LINK2="​200.0.20.1"​
 +INT_LINK2="​eth2"​
 +PESO_LINK2="​1"​
 +
 +case $1 in
 +  start)
 +    echo "​${GREEN}[ ​        ​INICIANDO O BALANCEAMENTO ​      ​]${CLOSE}"​
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "​${GREEN}[ ​        ​BALANCEAMENTO INICIADO ​         ]${CLOSE}"​
 +
 +  ;;
 +  stop)
 +   echo "​${RED}[ ​        ​PARANDO BALANCEAMENTO ​      ​]${CLOSE}";​
 +   ​${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   ​echo ​ "​${RED}[ ​        ​BALANCEAMENTO PARADO ​       ] ${CLOSE}";​
 +  ;;
 +     ​restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   ​echo ​ "​${RED}Opcoes Validas:​(start|stop|restart)${CLOSE}"​
 +  ;;
 +esac
 +</​sxh>​
 +
 +Agora vamos dar permissão de execução para o script
 +<sxh bash>
 +chmod +x /​etc/​init.d/​rc.lb
 +</​sxh>​
 +
 +Agora vamos inserir o script na inicialização do sistema
 +<sxh bash>
 +insserv -f -v rc.lb 
 +</​sxh>​
 +
 +Agora podemos parar o balanceamento da seguinte forma
 +<sxh bash>
 +/​etc/​init.d/​rc.lb stop
 +[         ​PARANDO BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO PARADO ​       ] 
 +</​sxh>​
 +
 +Agora podemos iniciar o balanceamento da seguinte forma
 +<sxh bash>
 +/​etc/​init.d/​rc.lb start
 +[         ​INICIANDO O BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO INICIADO ​         ]
 +</​sxh>​
 +
 +====== Marcação de pacotes para definir link de saída ======
 +
 +Então galera, algumas pessoas me perguntão sobre a tal marcação de pacotes para saída por um determinado link utilizando balanceamento de link, então vocês vão notar bem simples.
 +
 +Depois que já temos o balanceamento de link precisamos definir o que queremos mandar por qual link, isso nós podemos definir por ip de origem, protocolo, porta etc.
 +
 +Vou pegar como exemplo 2 portas a porta 80 e a porta 587, que seria a saída web e a saída de email.
 +
 +Vamos marcar os pacotes com o iptables utilizando a tabela manble.
 +<sxh bash>
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/​24 --dport 80 -j MARK --set-mark 1
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/​24 --dport 587 -j MARK --set-mark 2
 +</​sxh>​
 +
 +Agora vamos listar as nossas regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L  PREROUTING -n -v
 +Chain PREROUTING (policy ACCEPT 11 packets, 812 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:80 MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:587 MARK set 0x2
 +</​sxh>​
 +
 +Note que agora temos a flags nos pacotes de porta 80 sendo 1 e flags nos pacotes de porta 587 sendo 2.
 +
 +Agora precisamos avisar o iproute que os pacotes com a flag 1 vão para o link 1 e os pacotes com a flag 2 vão para o link 2, com isso vamos definir que os pacotes da porta 80 vão para o link 1 e os pacotes da porta 587 vão para o link2.
 +
 +Vamos criar as regras
 +<sxh bash>
 +ip rule add fwmark 1 table link1
 +ip rule add fwmark 2 table link2
 +</​sxh>​
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32760: ​ from 200.0.20.2 lookup link2 
 +32761: ​ from 200.0.10.2 lookup link1 
 +32762: ​ from all fwmark 0x2 lookup link2 
 +32763: ​ from all fwmark 0x1 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default ​
 +</​sxh>​
 +
 +Agora vamos limpar o cache das regras de roteamento
 +<sxh bash>
 +ip route flush cache
 +</​sxh>​
 +
 +Vamos monitorar a porta 80 aqui no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +[...]
 +</​sxh>​
 +
 +Agora vamos testar com o cliente Debian
 +
 +Vamos atualizar os repositórios
 +<sxh bash>
 +aptitude update
 +Hit http://​ftp.br.debian.org wheezy Release.gpg
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release.gpg
 +Hit http://​ftp.br.debian.org wheezy Release
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release ​     ​
 +Hit http://​ftp.br.debian.org wheezy/main Sources ​                 ​
 +Hit http://​ftp.br.debian.org wheezy/​contrib Sources ​              
 +Hit http://​ftp.br.debian.org wheezy/​non-free Sources ​             ​
 +Hit http://​ftp.br.debian.org wheezy/main amd64 Packages ​          
 +Hit http://​ftp.br.debian.org wheezy/​contrib amd64 Packages ​       ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free amd64 Packages ​      
 +Hit http://​ftp.br.debian.org wheezy/​contrib Translation-en ​       ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt_BR ​       ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt ​                             ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-en ​                             ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free Translation-en ​                         ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Sources/​DiffIndex ​         ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Sources/​DiffIndex ​      
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Sources/​DiffIndex ​     ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main amd64 Packages/​DiffIndex ​  
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Translation-en/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Translation-en/​DiffIndex ​  
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Translation-en/​DiffIndex
 +Hit http://​security.debian.org wheezy/​updates Release.gpg
 +Hit http://​security.debian.org wheezy/​updates Release
 +Hit http://​security.debian.org wheezy/​updates/​main Sources
 +Hit http://​security.debian.org wheezy/​updates/​contrib Sources
 +Hit http://​security.debian.org wheezy/​updates/​non-free Sources
 +Hit http://​security.debian.org wheezy/​updates/​main amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​non-free amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​main Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​non-free Translation-en
 +</​sxh>​
 +
 +Agora vamos analisar a saída do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +14:​34:​35.442253 IP (tos 0x0, ttl 64, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [S], cksum 0xd631 (correct), seq 3923346505, win 14600, options [mss 1460,​sackOK,​TS val 1603714 ecr 0,​nop,​wscale 3], length 0
 +14:​34:​35.442299 IP (tos 0x0, ttl 63, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [S], cksum 0xc5ed (correct), seq 3923346505, win 14600, options [mss 1460,​sackOK,​TS val 1603714 ecr 0,​nop,​wscale 3], length 0
 +14:​34:​35.449200 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [S.], cksum 0x38c6 (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,​sackOK,​TS val 87587434 ecr 1603714,​nop,​wscale 8], length 0
 +14:​34:​35.449242 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [S.], cksum 0x490a (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,​sackOK,​TS val 87587434 ecr 1603714,​nop,​wscale 8], length 0
 +14:​34:​35.449688 IP (tos 0x0, ttl 64, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xd988 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:​34:​35.449708 IP (tos 0x0, ttl 63, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xc944 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:​34:​35.450139 IP (tos 0x0, ttl 64, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xd61b (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:​34:​35.450157 IP (tos 0x0, ttl 63, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xc5d7 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:​34:​35.458226 IP (tos 0x0, ttl 57, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [.], cksum 0xcf1d (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:​34:​35.458257 IP (tos 0x0, ttl 56, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [.], cksum 0xdf61 (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:​34:​35.458992 IP (tos 0x0, ttl 57, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0x1132 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:​34:​35.459011 IP (tos 0x0, ttl 56, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0x2176 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:​34:​35.459292 IP (tos 0x0, ttl 64, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xd77b (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:​34:​35.459309 IP (tos 0x0, ttl 63, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xc737 (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:​34:​35.459896 IP (tos 0x0, ttl 64, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xfdf3 (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:​34:​35.459917 IP (tos 0x0, ttl 63, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xedaf (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:​34:​35.468337 IP (tos 0x0, ttl 57, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0xbe82 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:​34:​35.468369 IP (tos 0x0, ttl 56, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0xcec6 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:​34:​35.469012 IP (tos 0x0, ttl 64, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xf84a (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:​34:​35.469033 IP (tos 0x0, ttl 63, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xe806 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:​34:​35.480415 IP (tos 0x0, ttl 57, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0xc510 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:​34:​35.480442 IP (tos 0x0, ttl 56, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0xd554 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:​34:​35.490315 IP (tos 0x0, ttl 64, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0x5cd4 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1603726 ecr 87587437], length 246
 +14:​34:​35.490351 IP (tos 0x0, ttl 63, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +</​sxh>​
 +
 +Note que agora todas as saídas para a porta 80 saíram pelo link1.
 +
 +Agora vamos testar a porta 587
 +
 +Vamos monitorar a porta 587 no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +</​sxh>​
 +
 +Agora no cliente vamos abrir uma conexão com o gmail.
 +<sxh bash>
 +telnet smtp.gmail.com 587
 +Trying 74.125.137.108...
 +Connected to gmail-smtp-msa.l.google.com.
 +Escape character is '​^]'​.
 +220 mx.google.com ESMTP v22sm112112273yhn.12 - gsmtp
 +ehlo mx.google.com
 +250-mx.google.com at your service, [177.16.190.184]
 +250-SIZE 35882577
 +250-8BITMIME
 +250-STARTTLS
 +250-ENHANCEDSTATUSCODES
 +250 CHUNKING
 +quit
 +221 2.0.0 closing connection v22sm112112273yhn.12 - gsmtp
 +Connection closed by foreign host.
 +</​sxh>​
 +
 +Agora vamos análisar os logs do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +
 +14:​37:​21.324860 IP (tos 0x10, ttl 64, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [S], cksum 0x148a (correct), seq 1752499311, win 14600, options [mss 1460,​sackOK,​TS val 1645185 ecr 0,​nop,​wscale 3], length 0
 +14:​37:​21.325283 IP (tos 0x10, ttl 63, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [S], cksum 0xfa45 (correct), seq 1752499311, win 14600, options [mss 1460,​sackOK,​TS val 1645185 ecr 0,​nop,​wscale 3], length 0
 +14:​37:​21.469869 IP (tos 0x0, ttl 43, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [S.], cksum 0x6150 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,​sackOK,​TS val 987682085 ecr 1645185,​nop,​wscale 6], length 0
 +14:​37:​21.469928 IP (tos 0x0, ttl 42, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [S.], cksum 0x7b94 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,​sackOK,​TS val 987682085 ecr 1645185,​nop,​wscale 6], length 0
 +14:​37:​21.470429 IP (tos 0x10, ttl 64, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x4929 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:​37:​21.470452 IP (tos 0x10, ttl 63, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x2ee5 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:​37:​21.615668 IP (tos 0x0, ttl 44, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x1524 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:​37:​21.615713 IP (tos 0x0, ttl 43, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x2f68 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:​37:​21.616245 IP (tos 0x10, ttl 64, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x483d (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:​37:​21.616268 IP (tos 0x10, ttl 63, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x2df9 (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:​37:​27.637712 IP (tos 0x10, ttl 64, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0xe9b4 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:​37:​27.637757 IP (tos 0x10, ttl 63, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0xcf70 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:​37:​27.781158 IP (tos 0x0, ttl 44, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [.], cksum 0x1475 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:​37:​27.781205 IP (tos 0x0, ttl 43, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [.], cksum 0x2eb9 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:​37:​27.781648 IP (tos 0x0, ttl 44, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x2633 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:​37:​27.781664 IP (tos 0x0, ttl 43, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x4077 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:​37:​27.781967 IP (tos 0x10, ttl 64, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x28fc (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:​37:​27.781985 IP (tos 0x10, ttl 63, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x0eb8 (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:​37:​29.557360 IP (tos 0x10, ttl 64, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0x3f3e (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:​37:​29.557413 IP (tos 0x10, ttl 63, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0x24fa (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:​37:​29.702451 IP (tos 0x0, ttl 44, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x50ba (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:​37:​29.702491 IP (tos 0x0, ttl 43, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x6afe (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:​37:​29.703023 IP (tos 0x0, ttl 43, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [F.], cksum 0x0a48 (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:​37:​29.703039 IP (tos 0x0, ttl 42, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [F.], cksum 0x248c (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:​37:​29.703108 IP (tos 0x10, ttl 64, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x1f5b (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:​37:​29.703125 IP (tos 0x10, ttl 63, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x0517 (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:​37:​29.703566 IP (tos 0x10, ttl 64, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [F.], cksum 0x1f58 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:​37:​29.703584 IP (tos 0x10, ttl 63, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [F.], cksum 0x0514 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:​37:​29.848099 IP (tos 0x0, ttl 43, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [.], cksum 0x0990 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +14:​37:​29.848141 IP (tos 0x0, ttl 42, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [.], cksum 0x23d4 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +</​sxh>​
 +
 +Agora note que a saída para a porta 587 foram pelo link2.
 +
 +Tudo funcionando :D
 +
 +Agora vamos ajustar o nosso script para ele trabalhar com o balanceamento de link porém com a marcação de pacotes para definirmos o link que ele vai sair.
 +
 +<sxh bash>
 +vim /​etc/​init.d/​rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 30/09/2013
 +#​--------------------------------------------------------------------------
 +#Licença: http://​creativecommons.org/​licenses/​by-sa/​3.0/​legalcode
 +#
 +#​--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides: ​            rc.lb
 +# Required-Start: ​      ​$remote_fs $syslog
 +# Required-Stop: ​       $remote_fs $syslog
 +# Default-Start: ​       2 3 4 5
 +# Default-Stop:​
 +# Short-Description: ​   Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="​\033[01;​30m"​
 +RED="​\033[01;​31m"​
 +GREEN="​\033[01;​32m"​
 +YELLOW="​\033[01;​33m"​
 +BLUE="​\033[01;​34m"​
 +PURPLE="​\033[01;​35m"​
 +CYAN="​\033[01;​36m"​
 +WHITE="​\033[01;​37m"​
 +CLOSE="​\033[m"​
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/​sbin/​ip"​
 +ROUTE="/​sbin/​route"​
 +IPTABLES="/​sbin/​iptables"​
 +PORTS_LINK1="/​etc/​iproute2/​ports_link1"​
 +PORTS_LINK2="/​etc/​iproute2/​ports_link2"​
 +LO="​127.0.0.0/​8"​
 +LAN="​192.168.1.0/​24"​
 +INT_LAN="​eth0"​
 +LINK1="​200.0.10.0/​28"​
 +IP_LINK1="​200.0.10.2"​
 +GW_LINK1="​200.0.10.1"​
 +INT_LINK1="​eth1"​
 +PESO_LINK1="​1"​
 +LINK2="​200.0.20.0/​28"​
 +IP_LINK2="​200.0.20.2"​
 +GW_LINK2="​200.0.20.1"​
 +INT_LINK2="​eth2"​
 +PESO_LINK2="​1"​
 +
 +case $1 in
 +  start)
 +    echo "​${GREEN}[ ​        ​INICIANDO O BALANCEAMENTO ​      ​]${CLOSE}"​
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK1
 +        for PORT in $(cat ${PORTS_LINK1});​ do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
 +  done
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK2
 +        for PORT in $(cat ${PORTS_LINK2});​ do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
 +  done
 +
 +        # ADICIONANDO REGRAS NO IPROUTE PARA RECONHECER AS MARCACOES FEITAS PELA TABLE MANGLE
 +  ${IP} rule add fwmark 1 table link1
 +  ${IP} rule add fwmark 2 table link2
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "​${GREEN}[ ​        ​BALANCEAMENTO INICIADO ​         ]${CLOSE}"​
 +
 +  ;;
 +  stop)
 +   echo "​${RED}[ ​        ​PARANDO BALANCEAMENTO ​      ​]${CLOSE}";​
 +   ​${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   ​${IPTABLES} -t mangle -F
 +   ${IP} rule add fwmark 1 table link1
 +   ${IP} rule add fwmark 2 table link2
 +   ​echo ​ "​${RED}[ ​        ​BALANCEAMENTO PARADO ​       ] ${CLOSE}";​
 +  ;;
 +     ​restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   ​echo ​ "​${RED}Opcoes Validas:​(start|stop|restart)${CLOSE}"​
 +  ;;
 +esac
 +</​sxh>​
 +
 +Agora vamos criar os arquivo que vão armazenar quais portas vão sair por quais links.
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link1
 +<sxh bash>
 +vim /​etc/​iproute2/​ports_link1
 +80
 +443
 +20
 +21
 +</​sxh>​
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link2
 +<sxh bash>
 +cat /​etc/​iproute2/​ports_link2
 +25
 +110
 +143
 +587
 +993
 +995
 +</​sxh>​
 +
 +Agora vamos para o script de balanceamento
 +<sxh bash>
 +/​etc/​init.d/​rc.lb stop
 +[         ​PARANDO BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO PARADO ​       ] 
 +</​sxh>​
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora vamos listar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain INPUT (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain OUTPUT (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain POSTROUTING (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​
 +</​sxh>​
 +
 +Agora vamos subir o nosso balanceamento
 +<sxh bash>
 +/​etc/​init.d/​rc.lb start
 +[         ​INICIANDO O BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO INICIADO ​         ]
 +</​sxh>​
 +
 +Agora vamos listas as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32762: ​ from all fwmark 0x2 lookup link2 
 +32763: ​ from all fwmark 0x1 lookup link1 
 +32764: ​ from 200.0.20.2 lookup link2 
 +32765: ​ from 200.0.10.2 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora vamos analisar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:80 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:443 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:20 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:21 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:25 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:110 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:143 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:587 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:993 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:995 /* LINK 2 */ MARK set 0x2
 +
 +Chain INPUT (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain OUTPUT (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain POSTROUTING (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​
 +</​sxh>​
 +
 +Note que temos as marcações da porta 80 e 443 para sair pelo link 1 e as portas 25,​110,​143,​587,​993 e 995 vão sair pelo link2.