-
Notifications
You must be signed in to change notification settings - Fork 0
/
lb-enable
179 lines (154 loc) · 6.42 KB
/
lb-enable
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#!/bin/bash
source ./vars
# CONFIRM forwarding enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
# Raise the number of connections that can be tracked because it is possible to exhaust them easily
# The first to settings are legacy, I think
echo 196608 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 196608 > /proc/sys/net/nf_conntrack_max
# This is the real setting
echo 196608 > /proc/sys/net/netfilter/nf_conntrack_max
# Display interfaces
echo In Interface is: $in_if
echo Out Interface is: $out_if
echo Load Balancer DNAT IP is: $lb_dnat_ip - DNS entry for "mslnp" should be set to this IP
echo Load Balancer SNAT IP is: $lb_snat_ip - All connection to the server to come from this IP
# FLUSH EM ALL
echo Flushing ALL Iptables
$iptb -F
$iptb -F -t nat
$iptb -F -t mangle
# SNAT FOR RETURN TRAFFIC (termination trix-if necessary)
#$iptb -t nat -A POSTROUTING -o $out_if -j SNAT --to-source $lb_snat_ip
#$iptb -t nat -A POSTROUTING -o $in_if -j LOG
$iptb -t nat -A POSTROUTING -o $in_if -j MASQUERADE
#echo SNAT Traffic out $out_if to $lb_snat_ip
#$iptb -A FORWARD -o $out_if -j LOG
# MARK the PACKETS
if [ -n "$lb_pool_ip1" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip1/32 --dport $lb_port_1 -j MARK --set-mark=1
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip1/32 --dport $lb_port_2 -j MARK --set-mark=1
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip1/32 --dport $lb_port_3 -j MARK --set-mark=1
fi
fi
if [ -n "$lb_pool_ip2" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip2/32 --dport $lb_port_1 -j MARK --set-mark=1
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip2/32 --dport $lb_port_2 -j MARK --set-mark=1
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip2/32 --dport $lb_port_3 -j MARK --set-mark=1
fi
fi
if [ -n "$lb_pool_ip3" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip3/32 --dport $lb_port_1 -j MARK --set-mark=1
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip3/32 --dport $lb_port_2 -j MARK --set-mark=1
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -o $out_if -p tcp -d $lb_pool_ip3/32 --dport $lb_port_3 -j MARK --set-mark=1
fi
fi
if [ -n "$lb_pool_ip1" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip1/32 --sport $lb_port_1 -j MARK --set-mark=2
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip1/32 --sport $lb_port_2 -j MARK --set-mark=2
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip1/32 --sport $lb_port_3 -j MARK --set-mark=2
fi
fi
if [ -n "$lb_pool_ip2" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip2/32 --sport $lb_port_1 -j MARK --set-mark=2
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip2/32 --sport $lb_port_2 -j MARK --set-mark=2
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip2/32 --sport $lb_port_3 -j MARK --set-mark=2
fi
fi
if [ -n "$lb_pool_ip3" ]; then
if [ -n "$lb_port_1" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip3/32 --sport $lb_port_1 -j MARK --set-mark=2
fi
if [ -n "$lb_port_2" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip3/32 --sport $lb_port_2 -j MARK --set-mark=2
fi
if [ -n "$lb_port_3" ]; then
$iptb -A FORWARD -t mangle -p tcp -o $in_if -s $lb_pool_ip3/32 --sport $lb_port_3 -j MARK --set-mark=2
fi
fi
if [ $lb_port_1_persistence_timeout -ne "0" ]; then
persistence_args_port_1=-p\ $lb_port_1_persistence_timeout
fi
if [ $lb_port_2_persistence_timeout -ne "0" ]; then
persistence_args_port_2=-p\ $lb_port_2_persistence_timeout
fi
if [ $lb_port_3_persistence_timeout -ne "0" ]; then
persistence_args_port_3=-p\ $lb_port_3_persistence_timeout
fi
# Add Load Balancing through ipvsadm
$ipvs -C
$ipvs -A -t $lb_dnat_ip:$lb_port_1 -s wrr $persistence_args_port_1
$ipvs -A -t $lb_dnat_ip:$lb_port_2 -s wrr $persistence_args_port_2
$ipvs -A -t $lb_dnat_ip:$lb_port_3 -s wrr $persistence_args_port_3
$ipvs --set $lb_timeout_tcp $lb_timeout_tcpfin 300
echo Added $lb_dnat_ip as the Virtual IP for Load Balancing - port $lb_port_1 and $lb_port_2 ONLY
if [ -n "$lb_pool_ip1" ]; then
if [ -n "$lb_port_1" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_1 -r $lb_pool_ip1:$lb_port_1 -m --u-threshold=$lb_max_conns_host_port_1
echo Adding $lb_pool_ip1 to $lb_dnat_ip:$lb_port_1 Virtual Server Pool
fi
if [ -n "$lb_port_2" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_2 -r $lb_pool_ip1:$lb_port_2 -m --u-threshold=$lb_max_conns_host_port_2
echo Adding $lb_pool_ip1 to $lb_dnat_ip:$lb_port_2 Virtual Server Pool
fi
if [ -n "$lb_port_3" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_3 -r $lb_pool_ip1:$lb_port_3 -m --u-threshold=$lb_max_conns_host_port_3
echo Adding $lb_pool_ip1 to $lb_dnat_ip:$lb_port_3 Virtual Server Pool
fi
fi
if [ -n "$lb_pool_ip2" ]; then
if [ -n "$lb_port_1" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_1 -r $lb_pool_ip2:$lb_port_1 -m --u-threshold=$lb_max_conns_host_port_1
echo Adding $lb_pool_ip2 to $lb_dnat_ip:$lb_port_1 Virtual Server Pool
fi
if [ -n "$lb_port_2" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_2 -r $lb_pool_ip2:$lb_port_2 -m --u-threshold=$lb_max_conns_host_port_2
echo Adding $lb_pool_ip2 to $lb_dnat_ip:$lb_port_2 Virtual Server Pool
fi
if [ -n "$lb_port_3" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_3 -r $lb_pool_ip2:$lb_port_3 -m --u-threshold=$lb_max_conns_host_port_3
echo Adding $lb_pool_ip2 to $lb_dnat_ip:$lb_port_3 Virtual Server Pool
fi
fi
if [ -n "$lb_pool_ip3" ]; then
if [ -n "$lb_port_1" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_1 -r $lb_pool_ip3:$lb_port_1 -m --u-threshold=$lb_max_conns_host_port_1
echo Adding $lb_pool_ip3 to $lb_dnat_ip:$lb_port_1 Virtual Server Pool
fi
if [ -n "$lb_port_2" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_2 -r $lb_pool_ip3:$lb_port_2 -m --u-threshold=$lb_max_conns_host_port_2
echo Adding $lb_pool_ip3 to $lb_dnat_ip:$lb_port_2 Virtual Server Pool
fi
if [ -n "$lb_port_3" ]; then
$ipvs -a -t $lb_dnat_ip:$lb_port_3 -r $lb_pool_ip3:$lb_port_3 -m --u-threshold=$lb_max_conns_host_port_3
echo Adding $lb_pool_ip3 to $lb_dnat_ip:$lb_port_3 Virtual Server Pool
fi
fi
$iptb -nvL OUTPUT -t mangle
$iptb -nvL FORWARD -t mangle
$ipvs -l -n