Differences

This shows you the differences between two versions of the page.

Link to this comparison view

balanceamento_de_links_no_debian_wheezy_pt_br [2019/08/08 15:23] (current)
Line 1: Line 1:
 +====== Balanceamento de Links no Debian Wheezy  ======
  
 +E ai galera, aqui eu vou abordar o balanceamento de links com 2 links.
 +
 +O que vou utilizar:
 +
 +  * **Nome do servidor:** debian
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.20
 +  * **Interface link1:** eth1
 +    * **ip link1:** 200.0.10.2/28
 +    * **gw link1:** 200.0.10.1
 +    * **tabela:** link1
 +    * **velocidade:** 10MB
 +  * **Interface link2:** eth2
 +    * **ip link2:** 200.0.20.2/28
 +    * **gw link2:** 200.0.20.1
 +    * **tabela:** link2
 +    * **velocidade:** 10MB
 +
 +  * **Nome do cliente:** debian01
 +  * **Interface local:** eth0
 +    * **ip lan:** 192.168.1.22/24
 +    * **gw:** 192.168.1.20
 +
 +Prepare o seu sistema com o seguinte script http://wiki.douglasqsantos.com.br/doku.php/confinicialwheezy_en para que não falte nenhum pacote ou configuração.
 +
 +
 +Vamos a configuração do arquivo interfaces do servidor Debian
 +<sxh bash>
 +vim /etc/network/interfaces
 +#Interface de loopback
 +auto lo
 +iface lo inet loopback
 +
 +#Interface da lan
 +auto eth0
 +iface eth0 inet static
 +        address 192.168.1.20
 +        netmask 255.255.255.0
 +        network 192.168.1.0
 +        broadcast 192.168.1.255
 +
 +
 +#Interface do link1
 +auto eth1
 +iface eth1 inet static
 +        address 200.0.10.2
 +        netmask 255.255.255.240
 +        network 200.0.10.0
 +        broadcast 200.0.10.15
 +
 +
 +#Interface do link2
 +auto eth2
 +iface eth2 inet static
 +        address 200.0.20.2
 +        netmask 255.255.255.240
 +        network 200.0.20.0
 +        broadcast 200.0.20.15
 +
 +</sxh>
 +
 +Agora reinicie o servidor para ele carregar as novas configurações de rede.
 +<sxh bash>
 +reboot
 +</sxh>
 +
 +
 +Agora vamos testar os links com o ping, primeiro vamos testar o link1 vamos pingar no gw dele
 +<sxh bash>
 +ping -I eth1 200.0.10.1 -c 2
 +PING 200.0.10.1 (200.0.10.1) from 200.0.10.2 eth1: 56(84) bytes of data.
 +64 bytes from 200.0.10.1: icmp_req=1 ttl=64 time=0.610 ms
 +64 bytes from 200.0.10.1: icmp_req=2 ttl=64 time=0.245 ms
 +
 +--- 200.0.10.1 ping statistics ---
 +2 packets transmitted, 2 received, 0% packet loss, time 1001ms
 +rtt min/avg/max/mdev = 0.245/0.427/0.610/0.183 ms
 +</sxh>
 +
 +Agora vamos testar o link2, vamos pingar o gw dele
 +<sxh bash>
 +ping -I eth2 200.0.20.1 -c 2
 +PING 200.0.20.1 (200.0.20.1) from 200.0.20.2 eth2: 56(84) bytes of data.
 +64 bytes from 200.0.20.1: icmp_req=1 ttl=64 time=0.001 ms
 +64 bytes from 200.0.20.1: icmp_req=2 ttl=64 time=0.288 ms
 +
 +--- 200.0.20.1 ping statistics ---
 +2 packets transmitted, 2 received, 0% packet loss, time 999ms
 +rtt min/avg/max/mdev = 0.001/0.144/0.288/0.144 ms
 +</sxh>
 +
 +
 +Agora vamos criar uma tabela de roteamento para cada link
 +<sxh bash>
 +echo 10 link1 >> /etc/iproute2/rt_tables
 +echo 20 link2 >> /etc/iproute2/rt_tables
 +</sxh>
 +
 +
 +Agora vamos adicionar a rota para a rede 200.0.10.0/28 na tabela de link1
 +<sxh bash>
 +ip route add 200.0.10.0/28 dev eth1 src 200.0.10.2 table link1
 +</sxh>
 +
 +Agora vamos definir a rota padrão para o link1
 +<sxh bash>
 +ip route add default via 200.0.10.1 table link1
 +</sxh>
 +
 +Agora vamos listar as regras da tabela do link1
 +<sxh bash>
 +ip route list table link1
 +200.0.10.0/28 dev eth1  scope link  src 200.0.10.2 
 +default via 200.0.10.1 dev eth1 
 +</sxh>
 +
 +Agora vamos adicionar a rota para a rede 200.0.20.0/24 na tabela de link2
 +<sxh bash>
 +ip route add 200.0.20.0/28 dev eth2 src 200.0.20.2 table link2
 +</sxh>
 +
 +Agora vamos definir a rota padrão para o link2
 +<sxh bash>
 +ip route add default via 200.0.20.1 table link2
 +</sxh>
 +
 +Agora vamos listar as regras da tabela do link2
 +<sxh bash>
 +ip route list table link2
 +200.0.20.0/28 dev eth2  scope link  src 200.0.20.2 
 +default via 200.0.20.1 dev eth2 
 +</sxh>
 +
 +Agora vamos mandar remover a rota padrão caso haja alguma
 +<sxh bash>
 +route del default
 +</sxh>
 +
 +Agora devemos acrescentar as regras das rotas adicionadas que são 200.0.10.2 no link1 e 200.0.20.2 no link2
 +<sxh bash>
 +ip rule add from 200.0.10.2 table link1
 +ip rule add from 200.0.20.2 table link2
 +</sxh>
 +
 +Agora vamos listar as rules
 +<sxh bash>
 +ip rule list
 +0:  from all lookup local 
 +32764:  from 200.0.20.2 lookup link2 
 +32765:  from 200.0.10.2 lookup link1 
 +32766:  from all lookup main 
 +32767:  from all lookup default
 +</sxh>
 +
 +Agora precisamos inserir regras para as nossas redes interna, link2 e lo passar pelo link1
 +<sxh bash>
 +ip route add 192.168.1.0/24 dev eth0 table link1
 +ip route add 200.0.20.0/28 dev eth2 table link1
 +ip route add 127.0.0.0/8 dev lo table link1
 +</sxh>
 +
 +Agora precisamos inserir regras para as nossas redes interna, link1 e lo passar pelo link2
 +<sxh bash>
 +ip route add 192.168.1.0/24 dev eth0 table link2
 +ip route add 200.0.10.0/28 dev eth1 table link2
 +ip route add 127.0.0.0/8 dev lo table link2
 +</sxh>
 +
 +Agora vamos listar a tabela de roteamento do link1
 +<sxh bash>
 +ip route list table link1
 +default via 200.0.10.1 dev eth1 
 +127.0.0.0/8 dev lo  scope link 
 +192.168.1.0/24 dev eth0  scope link 
 +200.0.10.0/28 dev eth1  scope link  src 200.0.10.2 
 +200.0.20.0/28 dev eth2  scope link
 +</sxh>
 +
 +
 +Agora vamos listar a tabela de roteamento do link2
 +<sxh bash>
 +ip route list table link2
 +default via 200.0.20.1 dev eth2 
 +127.0.0.0/8 dev lo  scope link 
 +192.168.1.0/24 dev eth0  scope link 
 +200.0.10.0/28 dev eth1  scope link 
 +200.0.20.0/28 dev eth2  scope link  src 200.0.20.2
 +</sxh>
 +
 +Agora vamos fazer o balanceamento, aqui vou levar em consideração que os dois links são de 10MB. Aqui vamos especificar que o link é um para um, ou seja, 50% do tráfego será enviado para cada link.
 +<sxh bash>
 +ip route add default nexthop via 200.0.10.1 dev eth1 weight 1 nexthop via 200.0.20.1 dev eth2 weight 1
 +</sxh>
 +
 +Agora vamos listar as rotas do nosso servidor
 +<sxh bash>
 +ip route list
 +default 
 +  nexthop via 200.0.10.1  dev eth1 weight 1
 +  nexthop via 200.0.20.1  dev eth2 weight 1
 +192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.20 
 +200.0.10.0/28 dev eth1  proto kernel  scope link  src 200.0.10.2 
 +200.0.20.0/28 dev eth2  proto kernel  scope link  src 200.0.20.2 
 +</sxh>
 +
 +Agora precisamos habilitar o roteamento neste servidor
 +<sxh bash>
 +sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
 +</sxh>
 +
 +Agora vamos ativar o roteamento no kernel
 +<sxh bash>
 +sysctl -p
 +net.ipv4.ip_forward = 1
 +</sxh>
 +
 +Agora vamos mascarar os pacotes da nossa lan
 +<sxh bash>
 +iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
 +</sxh>
 +
 +Agora no servidor Debian vamos deixar o tcpdump monitorando o protocolo icmp que vamos utilizar para testar pelo cliente CentOS
 +<sxh bash>
 +tcpdump -i any -n proto 'ICMP'
 +</sxh>
 +
 +Agora no cliente debian01 vamos enviar 10 pings para o site do terra
 +<sxh bash>
 +ping www.terra.com.br -c 10
 +PING www.terra.com.br (200.154.56.80) 56(84) bytes of data.
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=1 ttl=53 time=16.1 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=2 ttl=53 time=16.4 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=3 ttl=53 time=16.5 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=4 ttl=53 time=17.0 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=5 ttl=53 time=22.9 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=6 ttl=53 time=24.1 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=7 ttl=53 time=16.3 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=8 ttl=53 time=25.3 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=9 ttl=53 time=17.6 ms
 +64 bytes from www.terra.com.br (200.154.56.80): icmp_req=10 ttl=53 time=17.7 ms
 +
 +--- www.terra.com.br ping statistics ---
 +10 packets transmitted, 10 received, 0% packet loss, time 9014ms
 +rtt min/avg/max/mdev = 16.184/19.039/25.356/3.428 ms
 +</sxh>
 +
 +Agora vamos observar no servidor o que temos de pacotes
 +<sxh bash>
 +tcpdump -i any -n  proto 'ICMP'
 +tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 +listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +13:05:35.496522 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 1, length 64
 +13:05:35.496564 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 1, length 64
 +13:05:35.512683 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 1, length 64
 +13:05:35.512717 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 1, length 64
 +13:05:36.498137 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 2, length 64
 +13:05:36.498175 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 2, length 64
 +13:05:36.514789 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 2, length 64
 +13:05:36.514821 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 2, length 64
 +13:05:37.498306 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 3, length 64
 +13:05:37.498346 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 3, length 64
 +13:05:37.516860 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 3, length 64
 +13:05:37.516887 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 3, length 64
 +13:05:38.500846 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 4, length 64
 +13:05:38.500884 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 4, length 64
 +13:05:38.519245 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 4, length 64
 +13:05:38.519276 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 4, length 64
 +13:05:39.502357 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 5, length 64
 +13:05:39.502396 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 5, length 64
 +13:05:39.519362 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 5, length 64
 +13:05:39.519393 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 5, length 64
 +13:05:40.504417 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 6, length 64
 +13:05:40.504455 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 6, length 64
 +13:05:40.520456 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 6, length 64
 +13:05:40.520482 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 6, length 64
 +13:05:41.506237 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 7, length 64
 +13:05:41.506276 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 7, length 64
 +13:05:41.537471 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 7, length 64
 +13:05:41.537529 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 7, length 64
 +13:05:42.507740 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 8, length 64
 +13:05:42.507777 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 8, length 64
 +13:05:42.524718 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 8, length 64
 +13:05:42.524743 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 8, length 64
 +13:05:43.508439 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 9, length 64
 +13:05:43.508467 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 9, length 64
 +13:05:43.528061 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 9, length 64
 +13:05:43.528086 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 9, length 64
 +13:05:44.510342 IP 192.168.1.22 > 200.154.56.80: ICMP echo request, id 2475, seq 10, length 64
 +13:05:44.510379 IP 200.0.20.2 > 200.154.56.80: ICMP echo request, id 2475, seq 10, length 64
 +13:05:44.526252 IP 200.154.56.80 > 200.0.20.2: ICMP echo reply, id 2475, seq 10, length 64
 +13:05:44.526284 IP 200.154.56.80 > 192.168.1.22: ICMP echo reply, id 2475, seq 10, length 64
 +</sxh>
 +
 +Note que os pacotes de icmp saíram pelo link1 200.0.10.2.
 +
 +Agora no servidor Debian vamos mandar monitorar a porta 80
 +<sxh bash>
 +tcpdump -i any port 80 -n -vv
 +[...]
 +</sxh>
 +
 +Agora no cliente Debian vamos mandar atualizar os repositórios
 +<sxh bash>
 +aptitude update
 +Hit http://ftp.br.debian.org wheezy Release.gpg
 +Hit http://ftp.br.debian.org wheezy-proposed-updates Release.gpg
 +Hit http://ftp.br.debian.org wheezy Release          
 +Hit http://ftp.br.debian.org wheezy-proposed-updates Release                     
 +Hit http://ftp.br.debian.org wheezy/main Sources                                 
 +Hit http://ftp.br.debian.org wheezy/contrib Sources                              
 +Hit http://ftp.br.debian.org wheezy/non-free Sources                             
 +Hit http://ftp.br.debian.org wheezy/main amd64 Packages                          
 +Hit http://ftp.br.debian.org wheezy/contrib amd64 Packages                       
 +Hit http://ftp.br.debian.org wheezy/non-free amd64 Packages                      
 +Hit http://ftp.br.debian.org wheezy/contrib Translation-en                       
 +Hit http://ftp.br.debian.org wheezy/main Translation-pt_BR                       
 +Hit http://ftp.br.debian.org wheezy/main Translation-pt                          
 +Hit http://ftp.br.debian.org wheezy/main Translation-en                          
 +Hit http://ftp.br.debian.org wheezy/non-free Translation-en                      
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main Sources/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Sources/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Sources/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main amd64 Packages/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib amd64 Packages/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free amd64 Packages/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Translation-en/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main Translation-en/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Translation-en/DiffIndex
 +Hit http://security.debian.org wheezy/updates Release.gpg
 +Hit http://security.debian.org wheezy/updates Release
 +Hit http://security.debian.org wheezy/updates/main Sources
 +Hit http://security.debian.org wheezy/updates/contrib Sources
 +Hit http://security.debian.org wheezy/updates/non-free Sources
 +Hit http://security.debian.org wheezy/updates/main amd64 Packages
 +Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
 +Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
 +Hit http://security.debian.org wheezy/updates/contrib Translation-en
 +Hit http://security.debian.org wheezy/updates/main Translation-en
 +Hit http://security.debian.org wheezy/updates/non-free Translation-en
 +</sxh>
 +
 +
 +Agora vamos ver no servidor o que foi gerado no tcpdump
 +<sxh bash>
 +tcpdump -i any port 80 -n -vv
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +13:57:34.493664 IP (tos 0x0, ttl 64, id 18920, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.34370 > 128.31.0.36.80: Flags [S], cksum 0x55a6 (correct), seq 983283319, win 14600, options [mss 1460,sackOK,TS val 1048479 ecr 0,nop,wscale 3], length 0
 +13:57:34.493704 IP (tos 0x0, ttl 63, id 18920, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.34370 > 128.31.0.36.80: Flags [S], cksum 0x3b62 (correct), seq 983283319, win 14600, options [mss 1460,sackOK,TS val 1048479 ecr 0,nop,wscale 3], length 0
 +13:57:34.495855 IP (tos 0x0, ttl 64, id 61793, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [S], cksum 0x75eb (correct), seq 949489345, win 14600, options [mss 1460,sackOK,TS val 1048480 ecr 0,nop,wscale 3], length 0
 +13:57:34.495871 IP (tos 0x0, ttl 63, id 61793, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [S], cksum 0x65a7 (correct), seq 949489345, win 14600, options [mss 1460,sackOK,TS val 1048480 ecr 0,nop,wscale 3], length 0
 +13:57:34.502910 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [S.], cksum 0x6460 (correct), seq 978025221, ack 949489346, win 26844, options [mss 1452,sackOK,TS val 87365343 ecr 1048480,nop,wscale 8], length 0
 +13:57:34.502936 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [S.], cksum 0x74a4 (correct), seq 978025221, ack 949489346, win 26844, options [mss 1452,sackOK,TS val 87365343 ecr 1048480,nop,wscale 8], length 0
 +13:57:34.503244 IP (tos 0x0, ttl 64, id 61794, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [.], cksum 0x0523 (correct), seq 1, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 0
 +13:57:34.503259 IP (tos 0x0, ttl 63, id 61794, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [.], cksum 0xf4de (correct), seq 1, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 0
 +13:57:34.503569 IP (tos 0x0, ttl 64, id 61795, offset 0, flags [DF], proto TCP (6), length 269)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0x01b6 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 217
 +13:57:34.503583 IP (tos 0x0, ttl 63, id 61795, offset 0, flags [DF], proto TCP (6), length 269)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0xf171 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1048482 ecr 87365343], length 217
 +13:57:34.512097 IP (tos 0x0, ttl 57, id 28134, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [.], cksum 0xfab7 (correct), seq 1, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 0
 +13:57:34.512117 IP (tos 0x0, ttl 56, id 28134, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [.], cksum 0x0afc (correct), seq 1, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 0
 +13:57:34.512481 IP (tos 0x0, ttl 57, id 28135, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0x39cc (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 171
 +13:57:34.512499 IP (tos 0x0, ttl 56, id 28135, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0x4a10 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87365344 ecr 1048482], length 171
 +13:57:34.512850 IP (tos 0x0, ttl 64, id 61796, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [.], cksum 0x0316 (correct), seq 218, ack 172, win 1959, options [nop,nop,TS val 1048484 ecr 87365344], length 0
 +13:57:34.512870 IP (tos 0x0, ttl 63, id 61796, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [.], cksum 0xf2d1 (correct), seq 218, ack 172, win 1959, options [nop,nop,TS val 1048484 ecr 87365344], length 0
 +13:57:34.514658 IP (tos 0x0, ttl 64, id 61797, offset 0, flags [DF], proto TCP (6), length 286)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0x298e (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1048485 ecr 87365344], length 234
 +13:57:34.514681 IP (tos 0x0, ttl 63, id 61797, offset 0, flags [DF], proto TCP (6), length 286)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0x194a (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1048485 ecr 87365344], length 234
 +13:57:34.523193 IP (tos 0x0, ttl 57, id 28136, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0xe71c (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87365345 ecr 1048485], length 170
 +13:57:34.523219 IP (tos 0x0, ttl 56, id 28136, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0xf760 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87365345 ecr 1048485], length 170
 +13:57:34.524944 IP (tos 0x0, ttl 64, id 61798, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0x23e5 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1048487 ecr 87365345], length 229
 +13:57:34.524967 IP (tos 0x0, ttl 63, id 61798, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0x13a1 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1048487 ecr 87365345], length 229
 +13:57:34.533381 IP (tos 0x0, ttl 57, id 28137, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0xedaa (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87365346 ecr 1048487], length 172
 +13:57:34.533405 IP (tos 0x0, ttl 56, id 28137, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0xfdee (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87365346 ecr 1048487], length 172
 +13:57:34.548469 IP (tos 0x0, ttl 64, id 61799, offset 0, flags [DF], proto TCP (6), length 298)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0x886d (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1048493 ecr 87365346], length 246
 +13:57:34.548493 IP (tos 0x0, ttl 63, id 61799, offset 0, flags [DF], proto TCP (6), length 298)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0x7829 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1048493 ecr 87365346], length 246
 +13:57:34.557949 IP (tos 0x0, ttl 57, id 28138, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0xb146 (correct), seq 514:686, ack 927, win 122, options [nop,nop,TS val 87365348 ecr 1048493], length 172
 +13:57:34.557962 IP (tos 0x0, ttl 56, id 28138, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0xc18a (correct), seq 514:686, ack 927, win 122, options [nop,nop,TS val 87365348 ecr 1048493], length 172
 +13:57:34.559932 IP (tos 0x0, ttl 64, id 61800, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0x9c01 (correct), seq 927:1156, ack 686, win 2361, options [nop,nop,TS val 1048496 ecr 87365348], length 229
 +13:57:34.559946 IP (tos 0x0, ttl 63, id 61800, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0x8bbd (correct), seq 927:1156, ack 686, win 2361, options [nop,nop,TS val 1048496 ecr 87365348], length 229
 +13:57:34.568227 IP (tos 0x0, ttl 57, id 28139, offset 0, flags [DF], proto TCP (6), length 225)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0x65bf (correct), seq 686:859, ack 1156, win 126, options [nop,nop,TS val 87365349 ecr 1048496], length 173
 +13:57:34.568243 IP (tos 0x0, ttl 56, id 28139, offset 0, flags [DF], proto TCP (6), length 225)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0x7603 (correct), seq 686:859, ack 1156, win 126, options [nop,nop,TS val 87365349 ecr 1048496], length 173
 +13:57:34.568573 IP (tos 0x0, ttl 64, id 61801, offset 0, flags [DF], proto TCP (6), length 284)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0xfc32 (correct), seq 1156:1388, ack 859, win 2495, options [nop,nop,TS val 1048498 ecr 87365349], length 232
 +13:57:34.568584 IP (tos 0x0, ttl 63, id 61801, offset 0, flags [DF], proto TCP (6), length 284)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0xebee (correct), seq 1156:1388, ack 859, win 2495, options [nop,nop,TS val 1048498 ecr 87365349], length 232
 +13:57:34.577411 IP (tos 0x0, ttl 57, id 28140, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0xceb7 (correct), seq 859:1030, ack 1388, win 130, options [nop,nop,TS val 87365350 ecr 1048498], length 171
 +13:57:34.577427 IP (tos 0x0, ttl 56, id 28140, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0xdefb (correct), seq 859:1030, ack 1388, win 130, options [nop,nop,TS val 87365350 ecr 1048498], length 171
 +13:57:34.577815 IP (tos 0x0, ttl 64, id 61802, offset 0, flags [DF], proto TCP (6), length 285)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0xf0f6 (correct), seq 1388:1621, ack 1030, win 2629, options [nop,nop,TS val 1048501 ecr 87365350], length 233
 +13:57:34.577836 IP (tos 0x0, ttl 63, id 61802, offset 0, flags [DF], proto TCP (6), length 285)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0xe0b2 (correct), seq 1388:1621, ack 1030, win 2629, options [nop,nop,TS val 1048501 ecr 87365350], length 233
 +13:57:34.587325 IP (tos 0x0, ttl 57, id 28141, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43017: Flags [P.], cksum 0xd901 (correct), seq 1030:1202, ack 1621, win 135, options [nop,nop,TS val 87365351 ecr 1048501], length 172
 +13:57:34.587338 IP (tos 0x0, ttl 56, id 28141, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43017: Flags [P.], cksum 0xe945 (correct), seq 1030:1202, ack 1621, win 135, options [nop,nop,TS val 87365351 ecr 1048501], length 172
 +13:57:34.588148 IP (tos 0x0, ttl 64, id 61803, offset 0, flags [DF], proto TCP (6), length 288)
 +    192.168.1.22.43017 > 200.236.31.3.80: Flags [P.], cksum 0xa19c (correct), seq 1621:1857, ack 1202, win 2763, options [nop,nop,TS val 1048503 ecr 87365351], length 236
 +13:57:34.588170 IP (tos 0x0, ttl 63, id 61803, offset 0, flags [DF], proto TCP (6), length 288)
 +    200.0.10.2.43017 > 200.236.31.3.80: Flags [P.], cksum 0x9158 (correct), seq 1621:1857, ack 1202, win 2763, options [nop,nop,TS val 1048503 ecr 87365351], length 236
 +</sxh>
 +
 +Note que agora temos pacotes pelo link 1 e pelo link2
 +
 +O nosso balanceamento com 2 links está funcionando 
 +
 +Agora precisamos criar um script para efetuar o balanceamento na inicialização do sistema
 +<sxh bash>
 +vim /etc/init.d/rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 13/01/2013
 +#--------------------------------------------------------------------------
 +#Licença: http://creativecommons.org/licenses/by-sa/3.0/legalcode
 +#
 +#--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides:             rc.lb
 +# Required-Start:       $remote_fs $syslog
 +# Required-Stop:        $remote_fs $syslog
 +# Default-Start:        2 3 4 5
 +# Default-Stop:
 +# Short-Description:    Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="\033[01;30m"
 +RED="\033[01;31m"
 +GREEN="\033[01;32m"
 +YELLOW="\033[01;33m"
 +BLUE="\033[01;34m"
 +PURPLE="\033[01;35m"
 +CYAN="\033[01;36m"
 +WHITE="\033[01;37m"
 +CLOSE="\033[m"
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/sbin/ip"
 +ROUTE="/sbin/route"
 +IPTABLES="/sbin/iptables"
 +LO="127.0.0.0/8"
 +LAN="192.168.1.0/24"
 +INT_LAN="eth0"
 +LINK1="200.0.10.0/28"
 +IP_LINK1="200.0.10.2"
 +GW_LINK1="200.0.10.1"
 +INT_LINK1="eth1"
 +PESO_LINK1="1"
 +LINK2="200.0.20.0/28"
 +IP_LINK2="200.0.20.2"
 +GW_LINK2="200.0.20.1"
 +INT_LINK2="eth2"
 +PESO_LINK2="1"
 +
 +case $1 in
 +  start)
 +    echo "${GREEN}[         INICIANDO O BALANCEAMENTO       ]${CLOSE}"
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "${GREEN}[         BALANCEAMENTO INICIADO          ]${CLOSE}"
 +
 +  ;;
 +  stop)
 +   echo "${RED}[         PARANDO BALANCEAMENTO       ]${CLOSE}";
 +   ${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   echo  "${RED}[         BALANCEAMENTO PARADO        ] ${CLOSE}";
 +  ;;
 +     restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   echo  "${RED}Opcoes Validas:(start|stop|restart)${CLOSE}"
 +  ;;
 +esac
 +</sxh>
 +
 +Agora vamos dar permissão de execução para o script
 +<sxh bash>
 +chmod +x /etc/init.d/rc.lb
 +</sxh>
 +
 +Agora vamos inserir o script na inicialização do sistema
 +<sxh bash>
 +insserv -f -v rc.lb 
 +</sxh>
 +
 +Agora podemos parar o balanceamento da seguinte forma
 +<sxh bash>
 +/etc/init.d/rc.lb stop
 +[         PARANDO BALANCEAMENTO       ]
 +[         BALANCEAMENTO PARADO        ] 
 +</sxh>
 +
 +Agora podemos iniciar o balanceamento da seguinte forma
 +<sxh bash>
 +/etc/init.d/rc.lb start
 +[         INICIANDO O BALANCEAMENTO       ]
 +[         BALANCEAMENTO INICIADO          ]
 +</sxh>
 +
 +====== Marcação de pacotes para definir link de saída ======
 +
 +Então galera, algumas pessoas me perguntão sobre a tal marcação de pacotes para saída por um determinado link utilizando balanceamento de link, então vocês vão notar bem simples.
 +
 +Depois que já temos o balanceamento de link precisamos definir o que queremos mandar por qual link, isso nós podemos definir por ip de origem, protocolo, porta etc.
 +
 +Vou pegar como exemplo 2 portas a porta 80 e a porta 587, que seria a saída web e a saída de email.
 +
 +Vamos marcar os pacotes com o iptables utilizando a tabela manble.
 +<sxh bash>
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/24 --dport 80 -j MARK --set-mark 1
 +iptables -t mangle -A PREROUTING -m tcp -p tcp -s 192.168.1.0/24 --dport 587 -j MARK --set-mark 2
 +</sxh>
 +
 +Agora vamos listar as nossas regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L  PREROUTING -n -v
 +Chain PREROUTING (policy ACCEPT 11 packets, 812 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:80 MARK set 0x1
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:587 MARK set 0x2
 +</sxh>
 +
 +Note que agora temos a flags nos pacotes de porta 80 sendo 1 e flags nos pacotes de porta 587 sendo 2.
 +
 +Agora precisamos avisar o iproute que os pacotes com a flag 1 vão para o link 1 e os pacotes com a flag 2 vão para o link 2, com isso vamos definir que os pacotes da porta 80 vão para o link 1 e os pacotes da porta 587 vão para o link2.
 +
 +Vamos criar as regras
 +<sxh bash>
 +ip rule add fwmark 1 table link1
 +ip rule add fwmark 2 table link2
 +</sxh>
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32760:  from 200.0.20.2 lookup link2 
 +32761:  from 200.0.10.2 lookup link1 
 +32762:  from all fwmark 0x2 lookup link2 
 +32763:  from all fwmark 0x1 lookup link1 
 +32766:  from all lookup main 
 +32767:  from all lookup default 
 +</sxh>
 +
 +Agora vamos limpar o cache das regras de roteamento
 +<sxh bash>
 +ip route flush cache
 +</sxh>
 +
 +Vamos monitorar a porta 80 aqui no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +[...]
 +</sxh>
 +
 +Agora vamos testar com o cliente Debian
 +
 +Vamos atualizar os repositórios
 +<sxh bash>
 +aptitude update
 +Hit http://ftp.br.debian.org wheezy Release.gpg
 +Hit http://ftp.br.debian.org wheezy-proposed-updates Release.gpg
 +Hit http://ftp.br.debian.org wheezy Release
 +Hit http://ftp.br.debian.org wheezy-proposed-updates Release      
 +Hit http://ftp.br.debian.org wheezy/main Sources                  
 +Hit http://ftp.br.debian.org wheezy/contrib Sources               
 +Hit http://ftp.br.debian.org wheezy/non-free Sources              
 +Hit http://ftp.br.debian.org wheezy/main amd64 Packages           
 +Hit http://ftp.br.debian.org wheezy/contrib amd64 Packages        
 +Hit http://ftp.br.debian.org wheezy/non-free amd64 Packages       
 +Hit http://ftp.br.debian.org wheezy/contrib Translation-en        
 +Hit http://ftp.br.debian.org wheezy/main Translation-pt_BR        
 +Hit http://ftp.br.debian.org wheezy/main Translation-pt                              
 +Hit http://ftp.br.debian.org wheezy/main Translation-en                              
 +Hit http://ftp.br.debian.org wheezy/non-free Translation-en                          
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main Sources/DiffIndex          
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Sources/DiffIndex       
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Sources/DiffIndex      
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main amd64 Packages/DiffIndex   
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib amd64 Packages/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free amd64 Packages/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/contrib Translation-en/DiffIndex
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/main Translation-en/DiffIndex   
 +Hit http://ftp.br.debian.org wheezy-proposed-updates/non-free Translation-en/DiffIndex
 +Hit http://security.debian.org wheezy/updates Release.gpg
 +Hit http://security.debian.org wheezy/updates Release
 +Hit http://security.debian.org wheezy/updates/main Sources
 +Hit http://security.debian.org wheezy/updates/contrib Sources
 +Hit http://security.debian.org wheezy/updates/non-free Sources
 +Hit http://security.debian.org wheezy/updates/main amd64 Packages
 +Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
 +Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
 +Hit http://security.debian.org wheezy/updates/contrib Translation-en
 +Hit http://security.debian.org wheezy/updates/main Translation-en
 +Hit http://security.debian.org wheezy/updates/non-free Translation-en
 +</sxh>
 +
 +Agora vamos analisar a saída do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 80
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +14:34:35.442253 IP (tos 0x0, ttl 64, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [S], cksum 0xd631 (correct), seq 3923346505, win 14600, options [mss 1460,sackOK,TS val 1603714 ecr 0,nop,wscale 3], length 0
 +14:34:35.442299 IP (tos 0x0, ttl 63, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [S], cksum 0xc5ed (correct), seq 3923346505, win 14600, options [mss 1460,sackOK,TS val 1603714 ecr 0,nop,wscale 3], length 0
 +14:34:35.449200 IP (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 200.0.10.2.43022: Flags [S.], cksum 0x38c6 (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,sackOK,TS val 87587434 ecr 1603714,nop,wscale 8], length 0
 +14:34:35.449242 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.236.31.3.80 > 192.168.1.22.43022: Flags [S.], cksum 0x490a (correct), seq 3677618798, ack 3923346506, win 26844, options [mss 1452,sackOK,TS val 87587434 ecr 1603714,nop,wscale 8], length 0
 +14:34:35.449688 IP (tos 0x0, ttl 64, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [.], cksum 0xd988 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:34:35.449708 IP (tos 0x0, ttl 63, id 64716, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [.], cksum 0xc944 (correct), ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 0
 +14:34:35.450139 IP (tos 0x0, ttl 64, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xd61b (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:34:35.450157 IP (tos 0x0, ttl 63, id 64717, offset 0, flags [DF], proto TCP (6), length 269)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xc5d7 (correct), seq 1:218, ack 1, win 1825, options [nop,nop,TS val 1603716 ecr 87587434], length 217
 +14:34:35.458226 IP (tos 0x0, ttl 57, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 200.0.10.2.43022: Flags [.], cksum 0xcf1d (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:34:35.458257 IP (tos 0x0, ttl 56, id 30724, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.236.31.3.80 > 192.168.1.22.43022: Flags [.], cksum 0xdf61 (correct), ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 0
 +14:34:35.458992 IP (tos 0x0, ttl 57, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0x1132 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:34:35.459011 IP (tos 0x0, ttl 56, id 30725, offset 0, flags [DF], proto TCP (6), length 223)
 +    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0x2176 (correct), seq 1:172, ack 218, win 110, options [nop,nop,TS val 87587435 ecr 1603716], length 171
 +14:34:35.459292 IP (tos 0x0, ttl 64, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [.], cksum 0xd77b (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:34:35.459309 IP (tos 0x0, ttl 63, id 64718, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [.], cksum 0xc737 (correct), ack 172, win 1959, options [nop,nop,TS val 1603718 ecr 87587435], length 0
 +14:34:35.459896 IP (tos 0x0, ttl 64, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xfdf3 (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:34:35.459917 IP (tos 0x0, ttl 63, id 64719, offset 0, flags [DF], proto TCP (6), length 286)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xedaf (correct), seq 218:452, ack 172, win 1959, options [nop,nop,TS val 1603719 ecr 87587435], length 234
 +14:34:35.468337 IP (tos 0x0, ttl 57, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0xbe82 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:34:35.468369 IP (tos 0x0, ttl 56, id 30726, offset 0, flags [DF], proto TCP (6), length 222)
 +    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0xcec6 (correct), seq 172:342, ack 452, win 114, options [nop,nop,TS val 87587436 ecr 1603719], length 170
 +14:34:35.469012 IP (tos 0x0, ttl 64, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0xf84a (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:34:35.469033 IP (tos 0x0, ttl 63, id 64720, offset 0, flags [DF], proto TCP (6), length 281)
 +    200.0.10.2.43022 > 200.236.31.3.80: Flags [P.], cksum 0xe806 (correct), seq 452:681, ack 342, win 2093, options [nop,nop,TS val 1603721 ecr 87587436], length 229
 +14:34:35.480415 IP (tos 0x0, ttl 57, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 200.0.10.2.43022: Flags [P.], cksum 0xc510 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:34:35.480442 IP (tos 0x0, ttl 56, id 30727, offset 0, flags [DF], proto TCP (6), length 224)
 +    200.236.31.3.80 > 192.168.1.22.43022: Flags [P.], cksum 0xd554 (correct), seq 342:514, ack 681, win 118, options [nop,nop,TS val 87587437 ecr 1603721], length 172
 +14:34:35.490315 IP (tos 0x0, ttl 64, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +    192.168.1.22.43022 > 200.236.31.3.80: Flags [P.], cksum 0x5cd4 (correct), seq 681:927, ack 514, win 2227, options [nop,nop,TS val 1603726 ecr 87587437], length 246
 +14:34:35.490351 IP (tos 0x0, ttl 63, id 64721, offset 0, flags [DF], proto TCP (6), length 298)
 +</sxh>
 +
 +Note que agora todas as saídas para a porta 80 saíram pelo link1.
 +
 +Agora vamos testar a porta 587
 +
 +Vamos monitorar a porta 587 no servidor
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +</sxh>
 +
 +Agora no cliente vamos abrir uma conexão com o gmail.
 +<sxh bash>
 +telnet smtp.gmail.com 587
 +Trying 74.125.137.108...
 +Connected to gmail-smtp-msa.l.google.com.
 +Escape character is '^]'.
 +220 mx.google.com ESMTP v22sm112112273yhn.12 - gsmtp
 +ehlo mx.google.com
 +250-mx.google.com at your service, [177.16.190.184]
 +250-SIZE 35882577
 +250-8BITMIME
 +250-STARTTLS
 +250-ENHANCEDSTATUSCODES
 +250 CHUNKING
 +quit
 +221 2.0.0 closing connection v22sm112112273yhn.12 - gsmtp
 +Connection closed by foreign host.
 +</sxh>
 +
 +Agora vamos análisar os logs do tcpdump
 +<sxh bash>
 +tcpdump -i any -n -v port 587
 +tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
 +
 +14:37:21.324860 IP (tos 0x10, ttl 64, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [S], cksum 0x148a (correct), seq 1752499311, win 14600, options [mss 1460,sackOK,TS val 1645185 ecr 0,nop,wscale 3], length 0
 +14:37:21.325283 IP (tos 0x10, ttl 63, id 7918, offset 0, flags [DF], proto TCP (6), length 60)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [S], cksum 0xfa45 (correct), seq 1752499311, win 14600, options [mss 1460,sackOK,TS val 1645185 ecr 0,nop,wscale 3], length 0
 +14:37:21.469869 IP (tos 0x0, ttl 43, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [S.], cksum 0x6150 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,sackOK,TS val 987682085 ecr 1645185,nop,wscale 6], length 0
 +14:37:21.469928 IP (tos 0x0, ttl 42, id 38060, offset 0, flags [none], proto TCP (6), length 60)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [S.], cksum 0x7b94 (correct), seq 1680258992, ack 1752499312, win 42540, options [mss 1430,sackOK,TS val 987682085 ecr 1645185,nop,wscale 6], length 0
 +14:37:21.470429 IP (tos 0x10, ttl 64, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x4929 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:37:21.470452 IP (tos 0x10, ttl 63, id 7919, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x2ee5 (correct), ack 1, win 1825, options [nop,nop,TS val 1645221 ecr 987682085], length 0
 +14:37:21.615668 IP (tos 0x0, ttl 44, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x1524 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:37:21.615713 IP (tos 0x0, ttl 43, id 38061, offset 0, flags [none], proto TCP (6), length 106)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x2f68 (correct), seq 1:55, ack 1, win 665, options [nop,nop,TS val 987682231 ecr 1645221], length 54
 +14:37:21.616245 IP (tos 0x10, ttl 64, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x483d (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:37:21.616268 IP (tos 0x10, ttl 63, id 7920, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x2df9 (correct), ack 55, win 1825, options [nop,nop,TS val 1645257 ecr 987682231], length 0
 +14:37:27.637712 IP (tos 0x10, ttl 64, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [P.], cksum 0xe9b4 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:37:27.637757 IP (tos 0x10, ttl 63, id 7921, offset 0, flags [DF], proto TCP (6), length 72)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [P.], cksum 0xcf70 (correct), seq 1:21, ack 55, win 1825, options [nop,nop,TS val 1646763 ecr 987682231], length 20
 +14:37:27.781158 IP (tos 0x0, ttl 44, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [.], cksum 0x1475 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:37:27.781205 IP (tos 0x0, ttl 43, id 38062, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [.], cksum 0x2eb9 (correct), ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 0
 +14:37:27.781648 IP (tos 0x0, ttl 44, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x2633 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:37:27.781664 IP (tos 0x0, ttl 43, id 38063, offset 0, flags [none], proto TCP (6), length 191)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x4077 (correct), seq 55:194, ack 21, win 665, options [nop,nop,TS val 987688397 ecr 1646763], length 139
 +14:37:27.781967 IP (tos 0x10, ttl 64, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x28fc (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:37:27.781985 IP (tos 0x10, ttl 63, id 7922, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x0eb8 (correct), ack 194, win 1959, options [nop,nop,TS val 1646799 ecr 987688397], length 0
 +14:37:29.557360 IP (tos 0x10, ttl 64, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [P.], cksum 0x3f3e (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:37:29.557413 IP (tos 0x10, ttl 63, id 7923, offset 0, flags [DF], proto TCP (6), length 58)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [P.], cksum 0x24fa (correct), seq 21:27, ack 194, win 1959, options [nop,nop,TS val 1647243 ecr 987688397], length 6
 +14:37:29.702451 IP (tos 0x0, ttl 44, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [P.], cksum 0x50ba (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:37:29.702491 IP (tos 0x0, ttl 43, id 38064, offset 0, flags [none], proto TCP (6), length 111)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [P.], cksum 0x6afe (correct), seq 194:253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 59
 +14:37:29.703023 IP (tos 0x0, ttl 43, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [F.], cksum 0x0a48 (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:37:29.703039 IP (tos 0x0, ttl 42, id 38065, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [F.], cksum 0x248c (correct), seq 253, ack 27, win 665, options [nop,nop,TS val 987690317 ecr 1647243], length 0
 +14:37:29.703108 IP (tos 0x10, ttl 64, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [.], cksum 0x1f5b (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:37:29.703125 IP (tos 0x10, ttl 63, id 7924, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [.], cksum 0x0517 (correct), ack 253, win 1959, options [nop,nop,TS val 1647279 ecr 987690317], length 0
 +14:37:29.703566 IP (tos 0x10, ttl 64, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    192.168.1.22.56064 > 74.125.137.108.587: Flags [F.], cksum 0x1f58 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:37:29.703584 IP (tos 0x10, ttl 63, id 7925, offset 0, flags [DF], proto TCP (6), length 52)
 +    200.0.20.2.56064 > 74.125.137.108.587: Flags [F.], cksum 0x0514 (correct), seq 27, ack 254, win 1959, options [nop,nop,TS val 1647280 ecr 987690317], length 0
 +14:37:29.848099 IP (tos 0x0, ttl 43, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 200.0.20.2.56064: Flags [.], cksum 0x0990 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +14:37:29.848141 IP (tos 0x0, ttl 42, id 38066, offset 0, flags [none], proto TCP (6), length 52)
 +    74.125.137.108.587 > 192.168.1.22.56064: Flags [.], cksum 0x23d4 (correct), ack 28, win 665, options [nop,nop,TS val 987690463 ecr 1647280], length 0
 +</sxh>
 +
 +Agora note que a saída para a porta 587 foram pelo link2.
 +
 +Tudo funcionando :D
 +
 +Agora vamos ajustar o nosso script para ele trabalhar com o balanceamento de link porém com a marcação de pacotes para definirmos o link que ele vai sair.
 +
 +<sxh bash>
 +vim /etc/init.d/rc.lb
 +#!/bin/sh
 +#Autor: Douglas Q. dos Santos
 +#Data: 30/09/2013
 +#--------------------------------------------------------------------------
 +#Licença: http://creativecommons.org/licenses/by-sa/3.0/legalcode
 +#
 +#--------------------------------------------------------------------------
 +### BEGIN INIT INFO
 +# Provides:             rc.lb
 +# Required-Start:       $remote_fs $syslog
 +# Required-Stop:        $remote_fs $syslog
 +# Default-Start:        2 3 4 5
 +# Default-Stop:
 +# Short-Description:    Balanceamento de Links
 +### END INIT INFO
 +### CORES UTILIZADAS NO SCRIPT ###
 +GREY="\033[01;30m"
 +RED="\033[01;31m"
 +GREEN="\033[01;32m"
 +YELLOW="\033[01;33m"
 +BLUE="\033[01;34m"
 +PURPLE="\033[01;35m"
 +CYAN="\033[01;36m"
 +WHITE="\033[01;37m"
 +CLOSE="\033[m"
 +
 +# VARIAVEIS UTILIZADAS NO SCRIPT
 +IP="/sbin/ip"
 +ROUTE="/sbin/route"
 +IPTABLES="/sbin/iptables"
 +PORTS_LINK1="/etc/iproute2/ports_link1"
 +PORTS_LINK2="/etc/iproute2/ports_link2"
 +LO="127.0.0.0/8"
 +LAN="192.168.1.0/24"
 +INT_LAN="eth0"
 +LINK1="200.0.10.0/28"
 +IP_LINK1="200.0.10.2"
 +GW_LINK1="200.0.10.1"
 +INT_LINK1="eth1"
 +PESO_LINK1="1"
 +LINK2="200.0.20.0/28"
 +IP_LINK2="200.0.20.2"
 +GW_LINK2="200.0.20.1"
 +INT_LINK2="eth2"
 +PESO_LINK2="1"
 +
 +case $1 in
 +  start)
 +    echo "${GREEN}[         INICIANDO O BALANCEAMENTO       ]${CLOSE}"
 +
 +  # ADICIONANDO A REDE DO LINK1 NA TABELA LINK1
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} src ${IP_LINK1} table link1
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK1} table link1
 +
 +  # ADICIONANDO A REDE DO LINK2 NA TABELA LINK2
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} src ${IP_LINK2} table link2
 +
 +  # ADICIONANDO A ROTA DEFAULT DO LINK1
 +  ${IP} route add default via ${GW_LINK2} table link2
 +
 +
 +  # ADICIONANDO AS REGRAS DAS ROTAS ADICIONADAS
 +  ${IP} rule add from ${IP_LINK1} table link1
 +  ${IP} rule add from ${IP_LINK2} table link2
 +
 +  # ADICIONANDO ROTAS ENTRE LINKS, LAN E LO
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link1
 +  ${IP} route add ${LINK2} dev ${INT_LINK2} table link1
 +  ${IP} route add ${LO} dev lo table link1
 +  ${IP} route add ${LAN} dev ${INT_LAN} table link2
 +  ${IP} route add ${LINK1} dev ${INT_LINK1} table link2
 +  ${IP} route add ${LO} dev lo table link2
 +
 +
 +  # CRIANDO O BALANCEAMENTO ENTRE DOIS LINKS
 +  ${IP} route add default nexthop via ${GW_LINK1} dev ${INT_LINK1} weight ${PESO_LINK1} nexthop via ${GW_LINK2} dev ${INT_LINK2} weight ${PESO_LINK2}
 +
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK1
 +        for PORT in $(cat ${PORTS_LINK1}); do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
 +        ${IPTABLES} -t mangle -A OUTPUT -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 1 -m comment --comment "LINK 1"
 +  done
 +
 +        # MARCANDO OS PACOTES QUE VÃO SAIR PELO LINK2
 +        for PORT in $(cat ${PORTS_LINK2}); do
 +        ${IPTABLES} -t mangle -A PREROUTING -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
 +        ${IPTABLES} -t mangle -A OUTPUT -p tcp -s ${LAN} --dport ${PORT} -j MARK --set-mark 2 -m comment --comment "LINK 2"
 +  done
 +
 +        # ADICIONANDO REGRAS NO IPROUTE PARA RECONHECER AS MARCACOES FEITAS PELA TABLE MANGLE
 +  ${IP} rule add fwmark 1 table link1
 +  ${IP} rule add fwmark 2 table link2
 +
 +        # MASCARANDO A REDE
 +        ${IPTABLES} -t nat -A POSTROUTING -s ${LAN} -j MASQUERADE
 +   echo "${GREEN}[         BALANCEAMENTO INICIADO          ]${CLOSE}"
 +
 +  ;;
 +  stop)
 +   echo "${RED}[         PARANDO BALANCEAMENTO       ]${CLOSE}";
 +   ${ROUTE} del default
 +   ${IP} route flush table link1
 +   ${IP} route flush table link2
 +   ${IP} rule del from ${IP_LINK1} table link1
 +   ${IP} rule del from ${IP_LINK2} table link2
 +   ${IPTABLES} -t mangle -F
 +   ${IP} rule add fwmark 1 table link1
 +   ${IP} rule add fwmark 2 table link2
 +   echo  "${RED}[         BALANCEAMENTO PARADO        ] ${CLOSE}";
 +  ;;
 +     restart)
 +     $0 stop
 +     $0 start
 +   ;;
 +
 +  *)
 +   echo  "${RED}Opcoes Validas:(start|stop|restart)${CLOSE}"
 +  ;;
 +esac
 +</sxh>
 +
 +Agora vamos criar os arquivo que vão armazenar quais portas vão sair por quais links.
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link1
 +<sxh bash>
 +vim /etc/iproute2/ports_link1
 +80
 +443
 +20
 +21
 +</sxh>
 +
 +Vamos criar o arquivo que vai controlar quais portas vão sair pelo link2
 +<sxh bash>
 +cat /etc/iproute2/ports_link2
 +25
 +110
 +143
 +587
 +993
 +995
 +</sxh>
 +
 +Agora vamos para o script de balanceamento
 +<sxh bash>
 +/etc/init.d/rc.lb stop
 +[         PARANDO BALANCEAMENTO       ]
 +[         BALANCEAMENTO PARADO        ] 
 +</sxh>
 +
 +Agora vamos listar as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32766:  from all lookup main 
 +32767:  from all lookup default
 +</sxh>
 +
 +Agora vamos listar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain INPUT (policy ACCEPT 147 packets, 11496 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain OUTPUT (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain POSTROUTING (policy ACCEPT 73 packets, 7540 bytes)
 + pkts bytes target     prot opt in     out     source               destination 
 +</sxh>
 +
 +Agora vamos subir o nosso balanceamento
 +<sxh bash>
 +/etc/init.d/rc.lb start
 +[         INICIANDO O BALANCEAMENTO       ]
 +[         BALANCEAMENTO INICIADO          ]
 +</sxh>
 +
 +Agora vamos listas as regras do iproute
 +<sxh bash>
 +ip rule show
 +0:  from all lookup local 
 +32762:  from all fwmark 0x2 lookup link2 
 +32763:  from all fwmark 0x1 lookup link1 
 +32764:  from 200.0.20.2 lookup link2 
 +32765:  from 200.0.10.2 lookup link1 
 +32766:  from all lookup main 
 +32767:  from all lookup default
 +</sxh>
 +
 +Agora vamos analisar as regras da table mangle
 +<sxh bash>
 +iptables -t mangle -L -n -v
 +Chain PREROUTING (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:80 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:443 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:20 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:21 /* LINK 1 */ MARK set 0x1
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:25 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:110 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:143 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:587 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:993 /* LINK 2 */ MARK set 0x2
 +    0     0 MARK       tcp  --  *      *       192.168.1.0/24       0.0.0.0/           tcp dpt:995 /* LINK 2 */ MARK set 0x2
 +
 +Chain INPUT (policy ACCEPT 130 packets, 10960 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain OUTPUT (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target     prot opt in     out     source               destination         
 +
 +Chain POSTROUTING (policy ACCEPT 59 packets, 6316 bytes)
 + pkts bytes target     prot opt in     out     source               destination 
 +</sxh>
 +
 +Note que temos as marcações da porta 80 e 443 para sair pelo link 1 e as portas 25,110,143,587,993 e 995 vão sair pelo link2.
Print/export
QR Code
QR Code balanceamento_de_links_no_debian_wheezy_pt_br (generated for current page)