??í?òa±èμ￥í??′?óμ??à?￡

ê×?è°2×°Linux?????·óé°ü￡?ó?à???μ?ip?üá??￡
# apt-get install iproute

?è′′?¨á???±í

DT??
/etc/iproute2/rt_tablesè???

?ót1×??¨ò?±ào?10
?ót2×??¨ò?±ào?20

′ú??:
########################################
#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
10  T1
20  T2
########################################

è?oó?????tà?μ?cnc_1_netoíctc_1_net??±′μ?/etc??????￡?òò?a????μ???±?òaó?μ??￡
cnc_1_netê?í?í¨μ?ip??
ctc_1_netê?μ?D?μ?ip??

?ò??òa±à?-????±??￡

########################################

#!/bin/sh

# IF1 ê?í?í¨μ?í????ó?ú
IF1="eth0"

# IF2 ê??úí?μ?í????ó?ú
IF2="eth2"

# IF0 ê?μ?D?μ?í????ó?ú
IF0="eth1"

# IP1 ê?í?í¨μ?IP
IP1="221.8.60.54"

# IP2 ê?μ?D?μ?IP
IP2="222.168.11.186"

# P1 ê?í?í¨μ?í?1?
P1="221.8.60.53"

# P2 ê?μ?D?μ?í?1?
P2="222.168.11.185"


# P1_NET ê?í?í¨μ?í???￡? ?ú??30±íê?óD·??éá?4??ip, è?1?ê?8??ip?íòaD′3é29á??￡
P1_NET="221.8.60.52/30"

# P2_NET ?aμ?D?μ?í???
P2_NET="222.168.11.184/30"

# P0_NET ?a?úí?í???
P0_NET="192.168.0.0/24"


# éè???ù±?μ?·à?e??

echo "1" > /proc/sys/net/ipv4/ip_forward
echo 8000 > /proc/sys/net/ipv4/ip_conntrack_max

modprobe iptable_filter
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc
modprobe ipt_MASQUERADE

modprobe ipt_REJECT
modprobe ipt_limit


iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF2 -j MASQUERADE

# éè??2????·óé

ip route flush table T1
ip route flush table T2

ip rule list | grep T | while read line; do
    POS4=`echo $line | awk \'{print $4}\'`
    if [ "$POS4" = "to" ]
    then
        DST=`echo $line | awk \'{print $5}\'`
        RT=`echo $line | awk \'{print $7}\'`
        ip rule del to $DST table $RT
    fi
    if [ "$POS4" = "lookup" ]
    then
        SRC=`echo $line | awk \'{print $3}\'`
        RT=`echo $line | awk \'{print $5}\'`
        ip rule del from $SRC table $RT
    fi
done

if [ ! -z $IP1 ]
then
    ip route replace $P1_NET dev $IF1 src $IP1

    ip route add $P1_NET dev $IF1 src $IP1 table T1
    ip route add $P0_NET dev $IF0 table T1
    ip route add 127.0.0.0/8 dev lo table T1

    ip route add $P1_NET dev $IF1 table T2

    ip route replace default via $P1 dev $IF1 table T1

    ip rule add from $IP1 table T1

    WAN_RT1="nexthop via $P1 dev $IF1 weight 1"
fi
if [ ! -z $IP2 ]
then
    ip route replace $P2_NET dev $IF2 src $IP2

    ip route add $P2_NET dev $IF2 src $IP2 table T2
    ip route add $P0_NET dev $IF0 table T2
    ip route add 127.0.0.0/8 dev lo table T2

    ip route add $P2_NET dev $IF2 table T1

    ip route replace default via $P2 dev $IF2 table T2

    ip rule add from $IP2 table T2

    WAN_RT2="nexthop via $P2 dev $IF2 weight 1"
fi

WAN_RT3="$WAN_RT1 $WAN_RT2"

# °?í?í¨×÷?a??è?í?1?￡?è?1?ê?μ?D?°?$WAN_RT1DT???a$WAN_RT2
ip route replace default scope global $WAN_RT1

# ó?á???í?1?×??o???ùoa￡¨ò?°?2?ó?￡?
#ip route replace default equalize scope global $WAN_RT3

ip route flush cache

if [ -s /etc/ctc_1_net ]
then
    while read LINE
    do
        case $LINE in
        \\#*) ;;
        *)
            ip rule add to $LINE table T2
            ;;
        esac
    done < /etc/ctc_1_net
fi

if [ -s /etc/cnc_1_net ]
then
    while read LINE
    do
        case $LINE in
        \\#*) ;;
        *)
            ip rule add to $LINE table T1
            ;;
        esac
    done < /etc/cnc_1_net
fi

ip route flush cache