Differences

This shows you the differences between two versions of the page.

Link to this comparison view

balanceamento_de_links_no_debian_wheezy_pt_br [2017/09/05 12:18] (current)
Line 1: Line 1:
 +====== Balanceamento de Links no Debian Wheezy ​ ======
  
 +E ai galera, aqui eu vou abordar o balanceamento de links com 2 links.
 +
 +O que vou utilizar:
 +
 +  * **Nome do servidor:** debian
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.20
 +  * **Interface link1:** eth1
 +    * **ip link1:** 200.0.10.2/​28
 +    * **gw link1:** 200.0.10.1
 +    * **tabela:** link1
 +    * **velocidade:​** 10MB
 +  * **Interface link2:** eth2
 +    * **ip link2:** 200.0.20.2/​28
 +    * **gw link2:** 200.0.20.1
 +    * **tabela:** link2
 +    * **velocidade:​** 10MB
 +
 +  * **Nome do cliente:** debian01
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.22/​24
 +    * **gw:** 192.168.1.20
 +
 +Prepare o seu sistema com o seguinte script http://​wiki.douglasqsantos.com.br/​doku.php/​confinicialwheezy_en para que não falte nenhum pacote ou configuração.
 +
 +
 +Vamos a configuração do arquivo interfaces do servidor Debian
 +<sxh bash>
 +vim /​etc/​network/​interfaces
 +#Interface de loopback
 +auto lo
 +iface lo inet loopback
 +
 +#Interface da lan
 +auto eth0
 +iface eth0 inet static
 +        address 192.168.1.20
 +        netmask 255.255.255.0
 +        network 192.168.1.0
 +        broadcast 192.168.1.255
 +
 +
 +#Interface do link1
 +auto eth1
 +iface eth1 inet static
 +        address 200.0.10.2
 +        netmask 255.255.255.240
 +        network 200.0.10.0
 +        broadcast 200.0.10.15
 +
 +
 +#Interface do link2
 +auto eth2
 +iface eth2 inet static
 +        address 200.0.20.2
 +        netmask 255.255.255.240
 +        network 200.0.20.0
 +        broadcast 200.0.20.15
 +
 +</​sxh>​
 +
 +Agora reinicie o servidor para ele carregar as novas configurações de rede.
 +<sxh bash>
 +reboot
 +</​sxh>​
 +
 +
 +Agora vamos testar os links com o ping, primeiro vamos testar o link1 vamos pingar no gw dele
 +<sxh bash>
 +ping -I eth1 200.0.10.1 -c 2
 +PING 200.0.10.1 (200.0.10.1) from 200.0.10.2 eth1: 56(84) bytes of data.
 +64 bytes from 200.0.10.1: icmp_req=1 ttl=64 time=0.610 ms
 +64 bytes from 200.0.10.1: icmp_req=2 ttl=64 time=0.245 ms
 +
 +--- 200.0.10.1 ping statistics ---
 +2 packets transmitted,​ 2 received, 0% packet loss, time 1001ms
 +rtt min/​avg/​max/​mdev = 0.245/​0.427/​0.610/​0.183 ms
 +</​sxh>​
 +
 +Agora vamos testar o link2, vamos pingar o gw dele
 +<sxh bash>
 +ping -I eth2 200.0.20.1 -c 2
 +PING 200.0.20.1 (200.0.20.1) from 200.0.20.2 eth2: 56(84) bytes of data.
 +64 bytes from 200.0.20.1: icmp_req=1 ttl=64 time=0.001 ms
 +64 bytes from 200.0.20.1: icmp_req=2 ttl=64 time=0.288 ms
 +
 +--- 200.0.20.1 ping statistics ---
 +2 packets transmitted,​ 2 received, 0% packet loss, time 999ms
 +rtt min/​avg/​max/​mdev = 0.001/​0.144/​0.288/​0.144 ms
 +</​sxh>​
 +
 +
 +Agora vamos criar uma tabela de roteamento para cada link
 +<sxh bash>
 +echo 10 link1 >> /​etc/​iproute2/​rt_tables
 +echo 20 link2 >> /​etc/​iproute2/​rt_tables
 +</​sxh>​
 +
 +
 +Agora vamos adicionar a rota para a rede 200.0.10.0/​28 na tabela de link1
 +<sxh bash>
 +ip route add 200.0.10.0/​28 dev eth1 src 200.0.10.2 table link1
 +</​sxh>​
 +
 +Agora vamos definir a rota padrão para o link1
 +<sxh bash>
 +ip route add default via 200.0.10.1 table link1
 +</​sxh>​
 +
 +Agora vamos listar as regras da tabela do link1
 +<sxh bash>
 +ip route list table link1
 +200.0.10.0/​28 dev eth1  scope link  src 200.0.10.2 ​
 +default via 200.0.10.1 dev eth1 
 +</​sxh>​
 +
 +Agora vamos adicionar a rota para a rede 200.0.20.0/​24 na tabela de link2
 +<sxh bash>
 +ip route add 200.0.20.0/​28 dev eth2 src 200.0.20.2 table link2
 +</​sxh>​
 +
 +Agora vamos definir a rota padrão para o link2
 +<sxh bash>
 +ip route add default via 200.0.20.1 table link2
 +</​sxh>​
 +
 +Agora vamos listar as regras da tabela do link2
 +<sxh bash>
 +ip route list table link2
 +200.0.20.0/​28 dev eth2  scope link  src 200.0.20.2 ​
 +default via 200.0.20.1 dev eth2 
 +</​sxh>​
 +
 +Agora vamos mandar remover a rota padrão caso haja alguma
 +<sxh bash>
 +route del default
 +</​sxh>​
 +
 +Agora devemos acrescentar as regras das rotas adicionadas que são 200.0.10.2 no link1 e 200.0.20.2 no link2
 +<sxh bash>
 +ip rule add from 200.0.10.2 table link1
 +ip rule add from 200.0.20.2 table link2
 +</​sxh>​
 +
 +Agora vamos listar as rules
 +<sxh bash>
 +ip rule list
 +0:  from all lookup local 
 +32764: ​ from 200.0.20.2 lookup link2 
 +32765: ​ from 200.0.10.2 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora precisamos inserir regras para as nossas redes interna, link2 e lo passar pelo link1
 +<sxh bash>
 +ip route add 192.168.1.0/​24 dev eth0 table link1
 +ip route add 200.0.20.0/​28 dev eth2 table link1
 +ip route add 127.0.0.0/8 dev lo table link1
 +</​sxh>​
 +
 +Agora precisamos inserir regras para as nossas redes interna, link1 e lo passar pelo link2
 +<sxh bash>
 +ip route add 192.168.1.0/​24 dev eth0 table link2
 +ip route add 200.0.10.0/​28 dev eth1 table link2
 +ip route add 127.0.0.0/8 dev lo table link2
 +</​sxh>​
 +
 +Agora vamos listar a tabela de roteamento do link1
 +<sxh bash>
 +ip route list table link1
 +default via 200.0.10.1 dev eth1 
 +127.0.0.0/8 dev lo  scope link 
 +192.168.1.0/​24 dev eth0  scope link 
 +200.0.10.0/​28 dev eth1  scope link  src 200.0.10.2 ​
 +200.0.20.0/​28 dev eth2  scope link
 +</​sxh>​
 +
 +
 +Agora vamos listar a tabela de roteamento do link2
 +<sxh bash>
 +ip route list table link2
 +default via 200.0.20.1 dev eth2 
 +127.0.0.0/8 dev lo  scope link 
 +192.168.1.0/​24 dev eth0  scope link 
 +200.0.10.0/​28 dev eth1  scope link 
 +200.0.20.0/​28 dev eth2  scope link  src 200.0.20.2
 +</​sxh>​
 +
 +Agora vamos fazer o balanceamento,​ aqui vou levar em consideração que os dois links são de 10MB. Aqui vamos especificar que o link é um para um, ou seja, 50% do tráfego será enviado para cada link.
 +<sxh bash>
 +ip route add default nexthop via 200.0.10.1 dev eth1 weight 1 nexthop via 200.0.20.1 dev eth2 weight 1
 +</​sxh>​
 +
 +Agora vamos listar as rotas do nosso servidor
 +<sxh bash>
 +ip route list
 +default ​
 +  nexthop via 200.0.10.1 ​ dev eth1 weight 1
 +  nexthop via 200.0.20.1 ​ dev eth2 weight 1
 +192.168.1.0/​24 dev eth0  proto kernel ​ scope link  src 192.168.1.20 ​
 +200.0.10.0/​28 dev eth1  proto kernel ​ scope link  src 200.0.10.2 ​
 +200.0.20.0/​28 dev eth2  proto kernel ​ scope link  src 200.0.20.2 ​
 +</​sxh>​
 +
 +Agora precisamos habilitar o roteamento neste servidor
 +<sxh bash>
 +sed -i '​s/#​net.ipv4.ip_forward=1/​net.ipv4.ip_forward=1/​g'​ /​etc/​sysctl.conf
 +</​sxh>​
 +
 +Agora vamos ativar o roteamento no kernel
 +<sxh bash>
 +sysctl -p
 +net.ipv4.ip_forward = 1
 +</​sxh>​
 +
 +Agora vamos mascarar os pacotes da nossa lan
 +<sxh bash>
 +iptables -t nat -A POSTROUTING -s 192.168.1.0/​24 -j MASQUERADE
 +</​sxh>​
 +
 +Agora no servidor Debian vamos deixar o tcpdump monitorando o protocolo icmp que vamos utilizar para testar pelo cliente CentOS
 +<sxh bash>
 +tcpdump -i any -n proto '​ICMP'​
 +</​sxh>​
 +
 +Agora no cliente debian01 vamos enviar 10 pings para o site do terra
 +<sxh bash>
 +ping www.terra.com.br -c 10
 +PING www.terra.com.br (200.154.56.80) 56(84) bytes of data.
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=1 ttl=53 time=16.1 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=2 ttl=53 time=16.4 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=3 ttl=53 time=16.5 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=4 ttl=53 time=17.0 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=5 ttl=53 time=22.9 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=6 ttl=53 time=24.1 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=7 ttl=53 time=16.3 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=8 ttl=53 time=25.3 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=9 ttl=53 time=17.6 ms
 +64 bytes from www.terra.com.br (200.154.56.80):​ icmp_req=10 ttl=53 time=17.7 ms
 +
 +--- www.terra.com.br ping statistics ---
 +10 packets transmitted,​ 10 received, 0% packet loss, time 9014ms
 +rtt min/​avg/​max/​mdev = 16.184/​19.039/​25.356/​3.428 ms
 +</​sxh>​
 +
 +Agora vamos observar no servidor o que temos de pacotes
 +<sxh bash>
 +tcpdump -i any -n  proto '​ICMP'​
 +tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 +listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +13:​05:​35.496522 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 1, length 64
 +13:​05:​35.496564 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 1, length 64
 +13:​05:​35.512683 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 1, length 64
 +13:​05:​35.512717 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 1, length 64
 +13:​05:​36.498137 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 2, length 64
 +13:​05:​36.498175 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 2, length 64
 +13:​05:​36.514789 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 2, length 64
 +13:​05:​36.514821 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 2, length 64
 +13:​05:​37.498306 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 3, length 64
 +13:​05:​37.498346 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 3, length 64
 +13:​05:​37.516860 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 3, length 64
 +13:​05:​37.516887 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 3, length 64
 +13:​05:​38.500846 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 4, length 64
 +13:​05:​38.500884 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 4, length 64
 +13:​05:​38.519245 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 4, length 64
 +13:​05:​38.519276 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 4, length 64
 +13:​05:​39.502357 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 5, length 64
 +13:​05:​39.502396 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 5, length 64
 +13:​05:​39.519362 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 5, length 64
 +13:​05:​39.519393 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 5, length 64
 +13:​05:​40.504417 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 6, length 64
 +13:​05:​40.504455 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 6, length 64
 +13:​05:​40.520456 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 6, length 64
 +13:​05:​40.520482 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 6, length 64
 +13:​05:​41.506237 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 7, length 64
 +13:​05:​41.506276 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 7, length 64
 +13:​05:​41.537471 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 7, length 64
 +13:​05:​41.537529 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 7, length 64
 +13:​05:​42.507740 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 8, length 64
 +13:​05:​42.507777 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 8, length 64
 +13:​05:​42.524718 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 8, length 64
 +13:​05:​42.524743 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 8, length 64
 +13:​05:​43.508439 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 9, length 64
 +13:​05:​43.508467 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 9, length 64
 +13:​05:​43.528061 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 9, length 64
 +13:​05:​43.528086 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 9, length 64
 +13:​05:​44.510342 IP 192.168.1.22 > 200.154.56.80:​ ICMP echo request, id 2475, seq 10, length 64
 +13:​05:​44.510379 IP 200.0.20.2 > 200.154.56.80:​ ICMP echo request, id 2475, seq 10, length 64
 +13:​05:​44.526252 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 10, length 64
 +13:​05:​44.526284 IP 200.154.56.80 > 192.168.1.22:​ ICMP echo reply, id 2475, seq 10, length 64
 +</​sxh>​
 +
 +Note que os pacotes de icmp saíram pelo link1 200.0.10.2.
 +
 +Agora no servidor Debian vamos mandar monitorar a porta 80
 +<sxh bash>
 +tcpdump -i any port 80 -n -vv
 +[...]
 +</​sxh>​
 +
 +Agora no cliente Debian vamos mandar atualizar os repositórios
 +<sxh bash>
 +aptitude update
 +Hit http://​ftp.br.debian.org wheezy Release.gpg
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release.gpg
 +Hit http://​ftp.br.debian.org wheezy Release ​         ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release ​                    
 +Hit http://​ftp.br.debian.org wheezy/main Sources ​                                
 +Hit http://​ftp.br.debian.org wheezy/​contrib Sources ​                             ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free Sources ​                            
 +Hit http://​ftp.br.debian.org wheezy/main amd64 Packages ​                         ​
 +Hit http://​ftp.br.debian.org wheezy/​contrib amd64 Packages ​                      
 +Hit http://​ftp.br.debian.org wheezy/​non-free amd64 Packages ​                     ​
 +Hit http://​ftp.br.debian.org wheezy/​contrib Translation-en ​                      
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt_BR ​                      
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt ​                         ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-en ​                         ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free Translation-en ​                     ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Sources/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Sources/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Sources/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Translation-en/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Translation-en/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Translation-en/​DiffIndex
 +Hit http://​security.debian.org wheezy/​updates Release.gpg
 +Hit http://​security.debian.org wheezy/​updates Release
 +Hit http://​security.debian.org wheezy/​updates/​main Sources
 +Hit http://​security.debian.org wheezy/​updates/​contrib Sources
 +Hit http://​security.debian.org wheezy/​updates/​non-free Sources
 +Hit http://​security.debian.org wheezy/​updates/​main amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​non-free amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​main Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​non-free Translation-en
 +</​sxh>​
 +
 +
 +Agora vamos ver no servidor o que foi gerado no tcpdump
 +<sxh bash>
 +tcpdump -i any port 80 -n -vv
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +13:​57:​34.493664 IP (tos 0x0, ttl 64, id 18920, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.34370 > 128.31.0.36.80:​ Flags [S], cksum 0x55a6 (correct), seq 983283319, win 14600, options [mss 1460,​sackOK,​TS val 1048479 ecr 0,​nop,​wscale 3], length 0
 +13:​57:​34.493704 IP (tos 0x0, ttl 63, id 18920, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.34370 > 128.31.0.36.80:​ Flags [S], cksum 0x3b62 (correct), seq 983283319, win 14600, options [mss 1460,​sackOK,​TS val 1048479 ecr 0,​nop,​wscale 3], length 0
 +13:​57:​34.495855 IP (tos 0x0, ttl 64, id 61793, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [S], cksum 0x75eb (correct), seq 949489345, win 14600, options [mss 1460,​sackOK,​TS val 1048480 ecr 0,​nop,​wscale 3], length 0
 +13:​57:​34.495871 IP (tos 0x0, ttl 63, id 61793, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [S], cksum 0x65a7 (correct), seq 949489345, win 14600, options [mss 1460,​sackOK,​TS val 1048480 ecr 0,​nop,​wscale 3], length 0
 +13:​57:​34.502910 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [S.], cksum 0x6460 (correct), seq 978025221, ack 949489346, win 26844, options [mss 1452,​sackOK,​TS val 87365343 ecr 1048480,​nop,​wscale 8], length 0
 +13:​57:​34.502936 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [S.], cksum 0x74a4 (correct), seq 978025221, ack 949489346, win 26844, options [mss 1452,​sackOK,​TS val 87365343 ecr 1048480,​nop,​wscale 8], length 0
 +13:​57:​34.503244 IP (tos 0x0, ttl 64, id 61794, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [.], cksum 0x0523 (correct), seq 1, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 0
 +13:​57:​34.503259 IP (tos 0x0, ttl 63, id 61794, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [.], cksum 0xf4de (correct), seq 1, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 0
 +13:​57:​34.503569 IP (tos 0x0, ttl 64, id 61795, offset 0, flags [DF], proto TCP (6), length 269)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x01b6 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 217
 +13:​57:​34.503583 IP (tos 0x0, ttl 63, id 61795, offset 0, flags [DF], proto TCP (6), length 269)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xf171 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 217
 +13:​57:​34.512097 IP (tos 0x0, ttl 57, id 28134, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [.], cksum 0xfab7 (correct), seq 1, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 0
 +13:​57:​34.512117 IP (tos 0x0, ttl 56, id 28134, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [.], cksum 0x0afc (correct), seq 1, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 0
 +13:​57:​34.512481 IP (tos 0x0, ttl 57, id 28135, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0x39cc (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 171
 +13:​57:​34.512499 IP (tos 0x0, ttl 56, id 28135, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0x4a10 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 171
 +13:​57:​34.512850 IP (tos 0x0, ttl 64, id 61796, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [.], cksum 0x0316 (correct), seq 218, ack 172, win 1959, options [nop,nop,TS val 1048484 ecr 87365344], length 0
 +13:​57:​34.512870 IP (tos 0x0, ttl 63, id 61796, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [.], cksum 0xf2d1 (correct), seq 218, ack 172, win 1959, options [nop,nop,TS val 1048484 ecr 87365344], length 0
 +13:​57:​34.514658 IP (tos 0x0, ttl 64, id 61797, offset 0, flags [DF], proto TCP (6), length 286)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x298e (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1048485 ecr 87365344], length 234
 +13:​57:​34.514681 IP (tos 0x0, ttl 63, id 61797, offset 0, flags [DF], proto TCP (6), length 286)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x194a (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1048485 ecr 87365344], length 234
 +13:​57:​34.523193 IP (tos 0x0, ttl 57, id 28136, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0xe71c (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87365345 ecr 1048485], length 170
 +13:​57:​34.523219 IP (tos 0x0, ttl 56, id 28136, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0xf760 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87365345 ecr 1048485], length 170
 +13:​57:​34.524944 IP (tos 0x0, ttl 64, id 61798, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x23e5 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1048487 ecr 87365345], length 229
 +13:​57:​34.524967 IP (tos 0x0, ttl 63, id 61798, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x13a1 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1048487 ecr 87365345], length 229
 +13:​57:​34.533381 IP (tos 0x0, ttl 57, id 28137, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0xedaa (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87365346 ecr 1048487], length 172
 +13:​57:​34.533405 IP (tos 0x0, ttl 56, id 28137, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0xfdee (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87365346 ecr 1048487], length 172
 +13:​57:​34.548469 IP (tos 0x0, ttl 64, id 61799, offset 0, flags [DF], proto TCP (6), length 298)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x886d (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1048493 ecr 87365346], length 246
 +13:​57:​34.548493 IP (tos 0x0, ttl 63, id 61799, offset 0, flags [DF], proto TCP (6), length 298)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x7829 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1048493 ecr 87365346], length 246
 +13:​57:​34.557949 IP (tos 0x0, ttl 57, id 28138, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0xb146 (correct), seq 514:686, ack 927, win 122, options [nop,nop,TS val 87365348 ecr 1048493], length 172
 +13:​57:​34.557962 IP (tos 0x0, ttl 56, id 28138, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0xc18a (correct), seq 514:686, ack 927, win 122, options [nop,nop,TS val 87365348 ecr 1048493], length 172
 +13:​57:​34.559932 IP (tos 0x0, ttl 64, id 61800, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x9c01 (correct), seq 927:1156, ack 686, win 2361, options [nop,nop,TS val 1048496 ecr 87365348], length 229
 +13:​57:​34.559946 IP (tos 0x0, ttl 63, id 61800, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x8bbd (correct), seq 927:1156, ack 686, win 2361, options [nop,nop,TS val 1048496 ecr 87365348], length 229
 +13:​57:​34.568227 IP (tos 0x0, ttl 57, id 28139, offset 0, flags [DF], proto TCP (6), length 225)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0x65bf (correct), seq 686:859, ack 1156, win 126, options [nop,nop,TS val 87365349 ecr 1048496], length 173
 +13:​57:​34.568243 IP (tos 0x0, ttl 56, id 28139, offset 0, flags [DF], proto TCP (6), length 225)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0x7603 (correct), seq 686:859, ack 1156, win 126, options [nop,nop,TS val 87365349 ecr 1048496], length 173
 +13:​57:​34.568573 IP (tos 0x0, ttl 64, id 61801, offset 0, flags [DF], proto TCP (6), length 284)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xfc32 (correct), seq 1156:1388, ack 859, win 2495, options [nop,nop,TS val 1048498 ecr 87365349], length 232
 +13:​57:​34.568584 IP (tos 0x0, ttl 63, id 61801, offset 0, flags [DF], proto TCP (6), length 284)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xebee (correct), seq 1156:1388, ack 859, win 2495, options [nop,nop,TS val 1048498 ecr 87365349], length 232
 +13:​57:​34.577411 IP (tos 0x0, ttl 57, id 28140, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0xceb7 (correct), seq 859:1030, ack 1388, win 130, options [nop,nop,TS val 87365350 ecr 1048498], length 171
 +13:​57:​34.577427 IP (tos 0x0, ttl 56, id 28140, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0xdefb (correct), seq 859:1030, ack 1388, win 130, options [nop,nop,TS val 87365350 ecr 1048498], length 171
 +13:​57:​34.577815 IP (tos 0x0, ttl 64, id 61802, offset 0, flags [DF], proto TCP (6), length 285)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xf0f6 (correct), seq 1388:1621, ack 1030, win 2629, options [nop,nop,TS val 1048501 ecr 87365350], length 233
 +13:​57:​34.577836 IP (tos 0x0, ttl 63, id 61802, offset 0, flags [DF], proto TCP (6), length 285)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xe0b2 (correct), seq 1388:1621, ack 1030, win 2629, options [nop,nop,TS val 1048501 ecr 87365350], length 233
 +13:​57:​34.587325 IP (tos 0x0, ttl 57, id 28141, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017:​ Flags [P.], cksum 0xd901 (correct), seq 1030:1202, ack 1621, win 135, options [nop,nop,TS val 87365351 ecr 1048501], length 172
 +13:​57:​34.587338 IP (tos 0x0, ttl 56, id 28141, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017:​ Flags [P.], cksum 0xe945 (correct), seq 1030:1202, ack 1621, win 135, options [nop,nop,TS val 87365351 ecr 1048501], length 172
 +13:​57:​34.588148 IP (tos 0x0, ttl 64, id 61803, offset 0, flags [DF], proto TCP (6), length 288)
 +    192.168.1.22.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0xa19c (correct), seq 1621:1857, ack 1202, win 2763, options [nop,nop,TS val 1048503 ecr 87365351], length 236
 +13:​57:​34.588170 IP (tos 0x0, ttl 63, id 61803, offset 0, flags [DF], proto TCP (6), length 288)
 +    200.0.10.2.43017 > 200.236.31.3.80:​ Flags [P.], cksum 0x9158 (correct), seq 1621:1857, ack 1202, win 2763, options [nop,nop,TS val 1048503 ecr 87365351], length 236
 +</​sxh>​
 +
 +Note que agora temos pacotes pelo link 1 e pelo link2
 +
 +O nosso balanceamento com 2 links está funcionando ​
 +
 +Agora precisamos criar um script para efetuar o balanceamento na inicialização do sistema
 +<sxh bash>
 +vim /​etc/​init.d/​rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 13/01/2013
 +#​--------------------------------------------------------------------------
 +#Licença: http://​creativecommons.org/​licenses/​by-sa/​3.0/​legalcode
 +#
 +#​--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides: ​            rc.lb
 +# Required-Start: ​      ​$remote_fs $syslog
 +# Required-Stop: ​       $remote_fs $syslog
 +# Default-Start: ​       2 3 4 5
 +# Default-Stop:​
 +# Short-Description: ​   Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="​\033[01;​30m"​
 +RED="​\033[01;​31m"​
 +GREEN="​\033[01;​32m"​
 +YELLOW="​\033[01;​33m"​
 +BLUE="​\033[01;​34m"​
 +PURPLE="​\033[01;​35m"​
 +CYAN="​\033[01;​36m"​
 +WHITE="​\033[01;​37m"​
 +CLOSE="​\033[m"​
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/​sbin/​ip"​
 +ROUTE="/​sbin/​route"​
 +IPTABLES="/​sbin/​iptables"​
 +LO="​127.0.0.0/​8"​
 +LAN="​192.168.1.0/​24"​
 +INT_LAN="​eth0"​
 +LINK1="​200.0.10.0/​28"​
 +IP_LINK1="​200.0.10.2"​
 +GW_LINK1="​200.0.10.1"​
 +INT_LINK1="​eth1"​
 +PESO_LINK1="​1"​
 +LINK2="​200.0.20.0/​28"​
 +IP_LINK2="​200.0.20.2"​
 +GW_LINK2="​200.0.20.1"​
 +INT_LINK2="​eth2"​
 +PESO_LINK2="​1"​
 +
 +case $1 in
 +  start)
 +    echo "​${GREEN}[ ​        ​INICIANDO O BALANCEAMENTO ​      ​]${CLOSE}"​
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "​${GREEN}[ ​        ​BALANCEAMENTO INICIADO ​         ]${CLOSE}"​
 +
 +  ;;
 +  stop)
 +   echo "​${RED}[ ​        ​PARANDO BALANCEAMENTO ​      ​]${CLOSE}";​
 +   ​${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   ​echo ​ "​${RED}[ ​        ​BALANCEAMENTO PARADO ​       ] ${CLOSE}";​
 +  ;;
 +     ​restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   ​echo ​ "​${RED}Opcoes Validas:​(start|stop|restart)${CLOSE}"​
 +  ;;
 +esac
 +</​sxh>​
 +
 +Agora vamos dar permissão de execução para o script
 +<sxh bash>
 +chmod +x /​etc/​init.d/​rc.lb
 +</​sxh>​
 +
 +Agora vamos inserir o script na inicialização do sistema
 +<sxh bash>
 +insserv -f -v rc.lb 
 +</​sxh>​
 +
 +Agora podemos parar o balanceamento da seguinte forma
 +<sxh bash>
 +/​etc/​init.d/​rc.lb stop
 +[         ​PARANDO BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO PARADO ​       ] 
 +</​sxh>​
 +
 +Agora podemos iniciar o balanceamento da seguinte forma
 +<sxh bash>
 +/​etc/​init.d/​rc.lb start
 +[         ​INICIANDO O BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO INICIADO ​         ]
 +</​sxh>​
 +
 +====== Marcação de pacotes para definir link de saída ======
 +
 +Então galera, algumas pessoas me perguntão sobre a tal marcação de pacotes para saída por um determinado link utilizando balanceamento de link, então vocês vão notar bem simples.
 +
 +Depois que já temos o balanceamento de link precisamos definir o que queremos mandar por qual link, isso nós podemos definir por ip de origem, protocolo, porta etc.
 +
 +Vou pegar como exemplo 2 portas a porta 80 e a porta 587, que seria a saída web e a saída de email.
 +
 +Vamos marcar os pacotes com o iptables utilizando a tabela manble.
 +<sxh bash>
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/​24 --dport 80 -j MARK --set-mark 1
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/​24 --dport 587 -j MARK --set-mark 2
 +</​sxh>​
 +
 +Agora vamos listar as nossas regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L  PREROUTING -n -v
 +Chain PREROUTING (policy ACCEPT 11 packets, 812 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:80 MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:587 MARK set 0x2
 +</​sxh>​
 +
 +Note que agora temos a flags nos pacotes de porta 80 sendo 1 e flags nos pacotes de porta 587 sendo 2.
 +
 +Agora precisamos avisar o iproute que os pacotes com a flag 1 vão para o link 1 e os pacotes com a flag 2 vão para o link 2, com isso vamos definir que os pacotes da porta 80 vão para o link 1 e os pacotes da porta 587 vão para o link2.
 +
 +Vamos criar as regras
 +<sxh bash>
 +ip rule add fwmark 1 table link1
 +ip rule add fwmark 2 table link2
 +</​sxh>​
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32760: ​ from 200.0.20.2 lookup link2 
 +32761: ​ from 200.0.10.2 lookup link1 
 +32762: ​ from all fwmark 0x2 lookup link2 
 +32763: ​ from all fwmark 0x1 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default ​
 +</​sxh>​
 +
 +Agora vamos limpar o cache das regras de roteamento
 +<sxh bash>
 +ip route flush cache
 +</​sxh>​
 +
 +Vamos monitorar a porta 80 aqui no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +[...]
 +</​sxh>​
 +
 +Agora vamos testar com o cliente Debian
 +
 +Vamos atualizar os repositórios
 +<sxh bash>
 +aptitude update
 +Hit http://​ftp.br.debian.org wheezy Release.gpg
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release.gpg
 +Hit http://​ftp.br.debian.org wheezy Release
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates Release ​     ​
 +Hit http://​ftp.br.debian.org wheezy/main Sources ​                 ​
 +Hit http://​ftp.br.debian.org wheezy/​contrib Sources ​              
 +Hit http://​ftp.br.debian.org wheezy/​non-free Sources ​             ​
 +Hit http://​ftp.br.debian.org wheezy/main amd64 Packages ​          
 +Hit http://​ftp.br.debian.org wheezy/​contrib amd64 Packages ​       ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free amd64 Packages ​      
 +Hit http://​ftp.br.debian.org wheezy/​contrib Translation-en ​       ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt_BR ​       ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-pt ​                             ​
 +Hit http://​ftp.br.debian.org wheezy/main Translation-en ​                             ​
 +Hit http://​ftp.br.debian.org wheezy/​non-free Translation-en ​                         ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Sources/​DiffIndex ​         ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Sources/​DiffIndex ​      
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Sources/​DiffIndex ​     ​
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main amd64 Packages/​DiffIndex ​  
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free amd64 Packages/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​contrib Translation-en/​DiffIndex
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​main Translation-en/​DiffIndex ​  
 +Hit http://​ftp.br.debian.org wheezy-proposed-updates/​non-free Translation-en/​DiffIndex
 +Hit http://​security.debian.org wheezy/​updates Release.gpg
 +Hit http://​security.debian.org wheezy/​updates Release
 +Hit http://​security.debian.org wheezy/​updates/​main Sources
 +Hit http://​security.debian.org wheezy/​updates/​contrib Sources
 +Hit http://​security.debian.org wheezy/​updates/​non-free Sources
 +Hit http://​security.debian.org wheezy/​updates/​main amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​non-free amd64 Packages
 +Hit http://​security.debian.org wheezy/​updates/​contrib Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​main Translation-en
 +Hit http://​security.debian.org wheezy/​updates/​non-free Translation-en
 +</​sxh>​
 +
 +Agora vamos analisar a saída do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +14:​34:​35.442253 IP (tos 0x0, ttl 64, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [S], cksum 0xd631 (correct), seq 3923346505, win 14600, options [mss 1460,​sackOK,​TS val 1603714 ecr 0,​nop,​wscale 3], length 0
 +14:​34:​35.442299 IP (tos 0x0, ttl 63, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [S], cksum 0xc5ed (correct), seq 3923346505, win 14600, options [mss 1460,​sackOK,​TS val 1603714 ecr 0,​nop,​wscale 3], length 0
 +14:​34:​35.449200 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [S.], cksum 0x38c6 (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,​sackOK,​TS val 87587434 ecr 1603714,​nop,​wscale 8], length 0
 +14:​34:​35.449242 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [S.], cksum 0x490a (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,​sackOK,​TS val 87587434 ecr 1603714,​nop,​wscale 8], length 0
 +14:​34:​35.449688 IP (tos 0x0, ttl 64, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xd988 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:​34:​35.449708 IP (tos 0x0, ttl 63, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xc944 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:​34:​35.450139 IP (tos 0x0, ttl 64, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xd61b (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:​34:​35.450157 IP (tos 0x0, ttl 63, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xc5d7 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:​34:​35.458226 IP (tos 0x0, ttl 57, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [.], cksum 0xcf1d (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:​34:​35.458257 IP (tos 0x0, ttl 56, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [.], cksum 0xdf61 (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:​34:​35.458992 IP (tos 0x0, ttl 57, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0x1132 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:​34:​35.459011 IP (tos 0x0, ttl 56, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0x2176 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:​34:​35.459292 IP (tos 0x0, ttl 64, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xd77b (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:​34:​35.459309 IP (tos 0x0, ttl 63, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [.], cksum 0xc737 (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:​34:​35.459896 IP (tos 0x0, ttl 64, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xfdf3 (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:​34:​35.459917 IP (tos 0x0, ttl 63, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xedaf (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:​34:​35.468337 IP (tos 0x0, ttl 57, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0xbe82 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:​34:​35.468369 IP (tos 0x0, ttl 56, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0xcec6 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:​34:​35.469012 IP (tos 0x0, ttl 64, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xf84a (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:​34:​35.469033 IP (tos 0x0, ttl 63, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0xe806 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:​34:​35.480415 IP (tos 0x0, ttl 57, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43022:​ Flags [P.], cksum 0xc510 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:​34:​35.480442 IP (tos 0x0, ttl 56, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43022:​ Flags [P.], cksum 0xd554 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:​34:​35.490315 IP (tos 0x0, ttl 64, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +    192.168.1.22.43022 > 200.236.31.3.80:​ Flags [P.], cksum 0x5cd4 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1603726 ecr 87587437], length 246
 +14:​34:​35.490351 IP (tos 0x0, ttl 63, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +</​sxh>​
 +
 +Note que agora todas as saídas para a porta 80 saíram pelo link1.
 +
 +Agora vamos testar a porta 587
 +
 +Vamos monitorar a porta 587 no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +</​sxh>​
 +
 +Agora no cliente vamos abrir uma conexão com o gmail.
 +<sxh bash>
 +telnet smtp.gmail.com 587
 +Trying 74.125.137.108...
 +Connected to gmail-smtp-msa.l.google.com.
 +Escape character is '​^]'​.
 +220 mx.google.com ESMTP v22sm112112273yhn.12 - gsmtp
 +ehlo mx.google.com
 +250-mx.google.com at your service, [177.16.190.184]
 +250-SIZE 35882577
 +250-8BITMIME
 +250-STARTTLS
 +250-ENHANCEDSTATUSCODES
 +250 CHUNKING
 +quit
 +221 2.0.0 closing connection v22sm112112273yhn.12 - gsmtp
 +Connection closed by foreign host.
 +</​sxh>​
 +
 +Agora vamos análisar os logs do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +
 +14:​37:​21.324860 IP (tos 0x10, ttl 64, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [S], cksum 0x148a (correct), seq 1752499311, win 14600, options [mss 1460,​sackOK,​TS val 1645185 ecr 0,​nop,​wscale 3], length 0
 +14:​37:​21.325283 IP (tos 0x10, ttl 63, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [S], cksum 0xfa45 (correct), seq 1752499311, win 14600, options [mss 1460,​sackOK,​TS val 1645185 ecr 0,​nop,​wscale 3], length 0
 +14:​37:​21.469869 IP (tos 0x0, ttl 43, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [S.], cksum 0x6150 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,​sackOK,​TS val 987682085 ecr 1645185,​nop,​wscale 6], length 0
 +14:​37:​21.469928 IP (tos 0x0, ttl 42, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [S.], cksum 0x7b94 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,​sackOK,​TS val 987682085 ecr 1645185,​nop,​wscale 6], length 0
 +14:​37:​21.470429 IP (tos 0x10, ttl 64, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x4929 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:​37:​21.470452 IP (tos 0x10, ttl 63, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x2ee5 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:​37:​21.615668 IP (tos 0x0, ttl 44, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x1524 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:​37:​21.615713 IP (tos 0x0, ttl 43, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x2f68 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:​37:​21.616245 IP (tos 0x10, ttl 64, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x483d (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:​37:​21.616268 IP (tos 0x10, ttl 63, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x2df9 (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:​37:​27.637712 IP (tos 0x10, ttl 64, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0xe9b4 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:​37:​27.637757 IP (tos 0x10, ttl 63, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0xcf70 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:​37:​27.781158 IP (tos 0x0, ttl 44, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [.], cksum 0x1475 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:​37:​27.781205 IP (tos 0x0, ttl 43, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [.], cksum 0x2eb9 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:​37:​27.781648 IP (tos 0x0, ttl 44, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x2633 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:​37:​27.781664 IP (tos 0x0, ttl 43, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x4077 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:​37:​27.781967 IP (tos 0x10, ttl 64, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x28fc (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:​37:​27.781985 IP (tos 0x10, ttl 63, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x0eb8 (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:​37:​29.557360 IP (tos 0x10, ttl 64, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0x3f3e (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:​37:​29.557413 IP (tos 0x10, ttl 63, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [P.], cksum 0x24fa (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:​37:​29.702451 IP (tos 0x0, ttl 44, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [P.], cksum 0x50ba (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:​37:​29.702491 IP (tos 0x0, ttl 43, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [P.], cksum 0x6afe (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:​37:​29.703023 IP (tos 0x0, ttl 43, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [F.], cksum 0x0a48 (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:​37:​29.703039 IP (tos 0x0, ttl 42, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [F.], cksum 0x248c (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:​37:​29.703108 IP (tos 0x10, ttl 64, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x1f5b (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:​37:​29.703125 IP (tos 0x10, ttl 63, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [.], cksum 0x0517 (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:​37:​29.703566 IP (tos 0x10, ttl 64, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587:​ Flags [F.], cksum 0x1f58 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:​37:​29.703584 IP (tos 0x10, ttl 63, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587:​ Flags [F.], cksum 0x0514 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:​37:​29.848099 IP (tos 0x0, ttl 43, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064:​ Flags [.], cksum 0x0990 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +14:​37:​29.848141 IP (tos 0x0, ttl 42, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064:​ Flags [.], cksum 0x23d4 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +</​sxh>​
 +
 +Agora note que a saída para a porta 587 foram pelo link2.
 +
 +Tudo funcionando :D
 +
 +Agora vamos ajustar o nosso script para ele trabalhar com o balanceamento de link porém com a marcação de pacotes para definirmos o link que ele vai sair.
 +
 +<sxh bash>
 +vim /​etc/​init.d/​rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 30/09/2013
 +#​--------------------------------------------------------------------------
 +#Licença: http://​creativecommons.org/​licenses/​by-sa/​3.0/​legalcode
 +#
 +#​--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides: ​            rc.lb
 +# Required-Start: ​      ​$remote_fs $syslog
 +# Required-Stop: ​       $remote_fs $syslog
 +# Default-Start: ​       2 3 4 5
 +# Default-Stop:​
 +# Short-Description: ​   Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="​\033[01;​30m"​
 +RED="​\033[01;​31m"​
 +GREEN="​\033[01;​32m"​
 +YELLOW="​\033[01;​33m"​
 +BLUE="​\033[01;​34m"​
 +PURPLE="​\033[01;​35m"​
 +CYAN="​\033[01;​36m"​
 +WHITE="​\033[01;​37m"​
 +CLOSE="​\033[m"​
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/​sbin/​ip"​
 +ROUTE="/​sbin/​route"​
 +IPTABLES="/​sbin/​iptables"​
 +PORTS_LINK1="/​etc/​iproute2/​ports_link1"​
 +PORTS_LINK2="/​etc/​iproute2/​ports_link2"​
 +LO="​127.0.0.0/​8"​
 +LAN="​192.168.1.0/​24"​
 +INT_LAN="​eth0"​
 +LINK1="​200.0.10.0/​28"​
 +IP_LINK1="​200.0.10.2"​
 +GW_LINK1="​200.0.10.1"​
 +INT_LINK1="​eth1"​
 +PESO_LINK1="​1"​
 +LINK2="​200.0.20.0/​28"​
 +IP_LINK2="​200.0.20.2"​
 +GW_LINK2="​200.0.20.1"​
 +INT_LINK2="​eth2"​
 +PESO_LINK2="​1"​
 +
 +case $1 in
 +  start)
 +    echo "​${GREEN}[ ​        ​INICIANDO O BALANCEAMENTO ​      ​]${CLOSE}"​
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK1
 +        for PORT in $(cat ${PORTS_LINK1});​ do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
 +        ${IPTABLES} -t mangle -A OUTPUT -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
 +  done
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK2
 +        for PORT in $(cat ${PORTS_LINK2});​ do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
 +        ${IPTABLES} -t mangle -A OUTPUT -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
 +  done
 +
 +        # ADICIONANDO REGRAS NO IPROUTE PARA RECONHECER AS MARCACOES FEITAS PELA TABLE MANGLE
 +  ${IP} rule add fwmark 1 table link1
 +  ${IP} rule add fwmark 2 table link2
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "​${GREEN}[ ​        ​BALANCEAMENTO INICIADO ​         ]${CLOSE}"​
 +
 +  ;;
 +  stop)
 +   echo "​${RED}[ ​        ​PARANDO BALANCEAMENTO ​      ​]${CLOSE}";​
 +   ​${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   ​${IPTABLES} -t mangle -F
 +   ${IP} rule add fwmark 1 table link1
 +   ${IP} rule add fwmark 2 table link2
 +   ​echo ​ "​${RED}[ ​        ​BALANCEAMENTO PARADO ​       ] ${CLOSE}";​
 +  ;;
 +     ​restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   ​echo ​ "​${RED}Opcoes Validas:​(start|stop|restart)${CLOSE}"​
 +  ;;
 +esac
 +</​sxh>​
 +
 +Agora vamos criar os arquivo que vão armazenar quais portas vão sair por quais links.
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link1
 +<sxh bash>
 +vim /​etc/​iproute2/​ports_link1
 +80
 +443
 +20
 +21
 +</​sxh>​
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link2
 +<sxh bash>
 +cat /​etc/​iproute2/​ports_link2
 +25
 +110
 +143
 +587
 +993
 +995
 +</​sxh>​
 +
 +Agora vamos para o script de balanceamento
 +<sxh bash>
 +/​etc/​init.d/​rc.lb stop
 +[         ​PARANDO BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO PARADO ​       ] 
 +</​sxh>​
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora vamos listar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain INPUT (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain OUTPUT (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain POSTROUTING (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​
 +</​sxh>​
 +
 +Agora vamos subir o nosso balanceamento
 +<sxh bash>
 +/​etc/​init.d/​rc.lb start
 +[         ​INICIANDO O BALANCEAMENTO ​      ]
 +[         ​BALANCEAMENTO INICIADO ​         ]
 +</​sxh>​
 +
 +Agora vamos listas as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32762: ​ from all fwmark 0x2 lookup link2 
 +32763: ​ from all fwmark 0x1 lookup link1 
 +32764: ​ from 200.0.20.2 lookup link2 
 +32765: ​ from 200.0.10.2 lookup link1 
 +32766: ​ from all lookup main 
 +32767: ​ from all lookup default
 +</​sxh>​
 +
 +Agora vamos analisar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:80 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:443 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:20 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:21 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:25 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:110 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:143 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:587 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:993 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       ​tcp ​ --  *      *       ​192.168.1.0/​24 ​      ​0.0.0.0/​0 ​           tcp dpt:995 /* LINK 2 */ MARK set 0x2
 +
 +Chain INPUT (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain OUTPUT (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​        
 +
 +Chain POSTROUTING (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​
 +</​sxh>​
 +
 +Note que temos as marcações da porta 80 e 443 para sair pelo link 1 e as portas 25,​110,​143,​587,​993 e 995 vão sair pelo link2.