for((i=0;i<4;i++)){
eval 'lan'"$i=`brctl show|grep eth$i|awk '{print $1}'`"
eval echo '$lan'$i
eval kk='$'lan$i
echo "kk=$kk"
}
#===============================================================
#iptables -t nat -A POSTROUTING -o br.phy.1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o br.phy.3 -j MASQUERADE
#=================================
#echo "1 wan1" >> /etc/iproute2/rt_tables
#echo "2 wan2" >> /etc/iproute2/rt_tables
#=================================
echo " 请WAN1的网关"
read wan1_gateway
echo " 请WAN2的网关"
read wan2_gateway
net1=`ip addr |grep br.phy.0 |grep inet|awk '{print $2}'`
echo "$net0"
net2=`ip addr |grep br.phy.1 |grep inet|awk '{print $2}'`
echo "$net1"
echo "1 wan1" >> /etc/iproute2/rt_tables
#ip ru add from $net0 to $net1 table wan1 pref 10
ip ru add iif br.phy.0 table wan1 pref 10
ip ro add $net1 dev br.phy.1
ip ro rep default via $wan1_gateway dev br.phy.1 table wan1
iptables -t nat -A POSTROUTING -s $net0 -o br.phy.1 -j MASQUERADE
#=================================
net2=`ip addr |grep br.phy.2 |grep inet|awk '{print $2}'`
echo "$net2"
net3=`ip addr |grep br.phy.3 |grep inet|awk '{print $2}'`
echo "$net3"
echo "2 wan2" >> /etc/iproute2/rt_tables
##ip ru add from $net2 to $net3 table wan2 pref 20
ip ru add iif br.phy.2 table wan2 pref 20
ip ro add $net3 dev br.phy.3
ip ro rep default via $wan2_gateway dev br.phy.3 table wan2
iptables -t nat -A POSTROUTING -s $net2 -o br.phy.3 -j MASQUERADE
===========================给很多个网段进行伪装==================================
1.用ipset定义一个IP set:
ipset -N my_policy ipmap --from 192.168.1.1 --to 192.168.1.100
ipset -A my_policy 192.168.2.0/24
ipset -A my_policy 192.168.3.0/24
ipset -A my_policy 192.168.4.0/24
..........
..........
2.iptables使用这个IP set:
iptables -t filter -A FORWARD -m set --match-set my_policy src -o br.phy.3 -j MASQUERADE
阅读(1511) | 评论(0) | 转发(0) |