multiwan 脚本
以下为校区ACM实验室多拨脚本,使用了macvlan模块,具体策略路由和连接标记等思路就不解释了。
1 #! /bin/bash 2 3 getip() { 4 ifconfig $1 |grep -o -e 'inet addr:[^ ]*' | grep -o -e '[^:]*$' 5 } 6 7 ip link add link br0 address 00:16:3e:aa:bb:xx dev veth0 type macvlan 8 ip link add link br0 address 00:16:3e:aa:bb:yy dev veth1 type macvlan 9 ip link add link br0 address 00:16:3e:aa:bb:zz dev veth2 type macvlan 10 dhclient veth0 veth1 veth2 11 12 iptables -t mangle -N PREROUTING_INPUT 13 iptables -t mangle -N POSTROUTING_GUESS 14 15 IPROUTE_ARGS="" 16 17 for((i=0;i<3;++i)); do 18 for ((j=0;j<15;++j)); do 19 IP="$(getip veth$i)" 20 [[ -n $IP ]] && break 21 sleep 3 22 done 23 [[ -z $IP ]] && continue 24 25 SUBNET="${IP%.[0-9]*}" 26 GATEWAY="${SUBNET}.254" 27 28 iptables -t mangle -A PREROUTING_INPUT -i veth$i -j MARK --set-mark $[$i+0x100] 29 iptables -t mangle -A PREROUTING_INPUT -i veth$i -j ACCEPT 30 31 iptables -t mangle -A POSTROUTING_GUESS -o veth$i -j MARK --set-mark $[$i+0x100] 32 33 ip route append "${SUBNET}.0/24" dev veth$i src $IP table default && 34 ip route del "${SUBNET}.0/24" dev veth$i table main 35 36 ip route add default via $GATEWAY dev veth$i table veth$i 37 38 ip rule add from $IP table veth$i 39 ip rule add to $IP table veth$i 40 ip rule add fwmark $[$i+0x100] table veth$i 41 IPROUTE_ARGS=$IPROUTE_ARGS" nexthop via "$GATEWAY" dev veth"$i" weight 1" 42 done 43 44 # Connections can not change link, get link from saved mark, even for 45 # incoming traffic 46 iptables -t mangle -A PREROUTING -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark 47 48 # Select link if not selected yet. NEW state can match conns even after reboot. 49 # Even for incoming connections destined to local address. 50 iptables -t mangle -A PREROUTING -m state --state NEW -j PREROUTING_INPUT 51 52 # Connection has no mark from PREROUTING, see which link is selected by routing 53 iptables -t mangle -A POSTROUTING -m state --state NEW -m mark --mark 0 -j POSTROUTING_GUESS 54 55 # Save mark in conntrack when connection is created 56 iptables -t mangle -A POSTROUTING -m conntrack --ctstate NEW -j CONNMARK --save-mark 57 58 59 ip route replace default scope global table default equalize $IPROUTE_ARGS 60 61 # Remove default route from table main 62 ip route del default table main 63 64 # Add main table at top. 65 ip rule add from all lookup main
