je suis parti sur cette base:
#!/bin/sh
PRIVATE_NETWORK=192.168.0.0/24 # Private network
PRIVATE_NETWORK_ODD_IPS=192.168.0.1/255.255.255.1 # Odd IPs to be routed via Internet access #1
PRIVATE_NETWORK_EVEN_IPS=192.168.0.2/255.255.255.1 # Even IPs to be routed via Internet access #2
PRIVATE_IP=192.168.0.254 # IP associated to the private interface
PRIVATE_INTERFACE=eth0 # Interface connected to the private network
PUBLIC_NETWORK_1=192.168.1.0/24 # Public network associated to the Internet link #1
PUBLIC_IP_1=192.168.1.254 # IP associated to the public interface #1
PUBLIC_INTERFACE_1=eth1 # Interface connected to the public network #1
PUBLIC_ROUTER_1=192.168.1.253 # IP of the router connected to Internet link #1
MARK_1=4 # Mark associated to packets to forward them to router 1
PUBLIC_NETWORK_2=192.168.2.0/24 # Public network associated to the Internet link #2
PUBLIC_IP_2=192.168.2.254 # IP associated to the public interface #2
PUBLIC_INTERFACE_2=eth2 # Interface connected to the public network #2
PUBLIC_ROUTER_2=192.168.2.253 # IP of the router connected to Internet link #2
MARK_2=5 # Mark associated to packets to forward them to router 2
MODE=$1 # The mode to use (--load-balance | --router-1 | --router-2 | --off)
LOG_FILE=/root/log
# Check the mode provided is correct
case "$MODE" in
--load-balance)
echo
echo "Setting the gateway to split traffic over the 2 routers :"
echo "`date +%x` `date +%T` : Configure gateway to balance traffic" >> $LOG_FILE
;;
--router-1)
echo
echo "Setting the gateway to route all traffic to router #1 :"
echo "`date +%x` `date +%T` : Configure gateway to route traffic to router #1" >> $LOG_FILE
;;
--router-2)
echo
echo "Setting the gateway to route all traffic to router #2 :"
echo "`date +%x` `date +%T` : Configure gateway to route traffic to router #2" >> $LOG_FILE
;;
--off)
echo 0 > /proc/sys/net/ipv4/ip_forward
# Flush all firewall rules
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
# Set default policies to DROP all packets
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -P FORWARD DROP
# Accept ICMP traffic
iptables -t filter -A INPUT -p icmp -j ACCEPT # Accept ICMP input (e.g. PING requests)
iptables -t filter -A OUTPUT -p icmp -j ACCEPT # Accept ICMP output (e.g. PING replies)
# Accept VNC connections from the inner network
iptables -t filter -A INPUT -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -d $PRIVATE_IP -p tcp --dport 5900 -j ACCEPT # Accept VNC packets from the inner network
iptables -t filter -A OUTPUT -s $PRIVATE_IP -d $PRIVATE_NETWORK -o $PRIVATE_INTERFACE -p tcp --sport 5900 -j ACCEPT # Accept VNC packets to the inner network
echo "Gateway disabled"
echo "`date +%x` `date +%T` : Gateway disabled" >> $LOG_FILE
exit 0
;;
*)
echo "Usage: $0 {--load-balance|--router-1|--router-2|--off}"
exit 1
esac
###################################################################################################
### Setting the firewall rules ###
###################################################################################################
echo
echo " *** Setting up iptables rules ***"
echo
# Allow to forward packets to another interface
echo 1 > /proc/sys/net/ipv4/ip_forward
# Restart the service to make sure it is started
service iptables restart
# Flush all firewall rules
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
# Set default policies to DROP all packets
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -P FORWARD DROP
# Source NAT packets from the private network to public IPs of the firewall
iptables -t nat -A POSTROUTING -s $PRIVATE_NETWORK -o $PUBLIC_INTERFACE_1 -j SNAT --to-source $PUBLIC_IP_1
iptables -t nat -A POSTROUTING -s $PRIVATE_NETWORK -o $PUBLIC_INTERFACE_2 -j SNAT --to-source $PUBLIC_IP_2
# Load modules to handle FTP connections
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# Accept loopback traffic
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# Accept ICMP traffic
iptables -t filter -A INPUT -p icmp -j ACCEPT # Accept ICMP input (e.g. PING requests)
iptables -t filter -A OUTPUT -p icmp -j ACCEPT # Accept ICMP output (e.g. PING replies)
iptables -t filter -A FORWARD -p icmp -j ACCEPT # Accept to forward ICMP traffic in both ways
# Forward all traffic that has been initiated by/is related to a previous connection
# This way, we will only have to allow new connections from inner network for required protocols
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###################################################
### Dealing with "standard" connections ###
### (i.e. connections between a client and ###
### a remote server on the Internet) ###
###################################################
# Forward HTTP/HTTPS packets from connections established from private network
iptables -t filter -A FORWARD -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -p tcp --dport http -j ACCEPT # HTTP
iptables -t filter -A FORWARD -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -p tcp --dport https -j ACCEPT # HTTPS
# Forward FTP packets from connections established from private network
iptables -t filter -A FORWARD -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -p tcp --dport ftp -j ACCEPT
iptables -t filter -A FORWARD -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -p tcp --dport ftp-data -j ACCEPT
# Mark packets so as to route them according to the mode given as parameter
case "$MODE" in
--load-balance)
# Route the packets to the 2 routers depending on their source IP address
iptables -t mangle -A PREROUTING -s $PRIVATE_NETWORK_ODD_IPS -i $PRIVATE_INTERFACE -j MARK --set-mark $MARK_1
iptables -t mangle -A PREROUTING -s $PRIVATE_NETWORK_EVEN_IPS -i $PRIVATE_INTERFACE -j MARK --set-mark $MARK_2
;;
--router-1)
# Route all packets to the router #1 (e.g. in case of router #2 failure)
iptables -t mangle -A PREROUTING -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -j MARK --set-mark $MARK_1
;;
--router-2)
# Route all packets to the router #2 (e.g. in case of router #1 failure)
iptables -t mangle -A PREROUTING -s $PRIVATE_NETWORK -i $PRIVATE_INTERFACE -j MARK --set-mark $MARK_2
;;
esac
###################################################################################################
### Setting up the routing rules ###
###################################################################################################
echo
echo " *** Setting up routing rules ***"
echo
# Flush tables that will be used later
ip rule del fwmark $MARK_1
ip rule del fwmark $MARK_2
ip route flush table $MARK_1
ip route flush table $MARK_2
# Populate the 2 tables with the main routes
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table $MARK_1 $ROUTE
ip route add table $MARK_2 $ROUTE
done
# Add the default route for each table
ip route add table $MARK_1 default via $PUBLIC_ROUTER_1
ip route add table $MARK_2 default via $PUBLIC_ROUTER_2
# Associate the firewall marks to the tables
ip rule add fwmark $MARK_1 table $MARK_1
ip rule add fwmark $MARK_2 table $MARK_2
# Flush the cache
ip route flush cache
Rappel de mes config
Routeur 1 :
IP 192.168.1.253
Routeur 2 :
IP 192.168.2.253
Eth0
IP 192.168.0.254
Mask 255.255.255.0
Passerelle : Null
Eth1
IP 192.168.1.254
Mask 255.255.255.0
Passerelle : 192.168.1.253
Eth2
IP 192.168.2.254
Mask 255.255.255.0
Passerelle : 192.168.2.253
Config du poste client (test)
IP 192.168.0.10
Mask 255.255.255.0
Passerelle 192.168.0.254
DNS 192.168.0.254
le ping vers google du poste client ne repond pas idem avec son adresse ip ping 209.85.135.103 ou ping
www.google.fr, j'ai aussi remplacé l'adresse DNS du poste client directement par l'adresse ip d'orange et le probleme reste le même
je pense que le partage de connexion ne ce fait pas, pourquoi je ne sais pas.
j'ai fait un script basique comme :
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o eth1 -j SNAT --to 192.168.1.254
ou
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
et toujours pas de partage ?!
P.S :
J'ai trouvé un routeur dual WAN mais son prix n'est pas tres symphatique et c'est pour cela je souhaite le faire sur linux
http://www.xincom.com/images/flash/XiNCOM-demo.swf
il existe clackconnect qui fait du multi wan mais je n'ai pas spécialement envie d'une multitude d'ordinateur et de distribution dans mon petit cher moi