Вот написал скриптинку. Зацените, плз, какие будут рекомендации, советы т.к.
это моя первая скриптинка прошу в полном ламерсте не обвинять. Все мы учимся =)
#!/bin/sh
#----------------------------------------------------------------------
# Description: Channel emergency switching script
# Author: Britvin Danila <>
# Computer: router
# System: FreeBSD 5.2.1-RELEASE on i386
#----------------------------------------------------------------------
# Variables
#### First channel description
FRST="x.x.x.x" #First channel IP
FRSTGW="gw1.gw1.gw1.gw1" #First channel gateway
FRSTIF="if0" #First channel iface
#### Second channel description
SCND="y.y.y.y.y"
SCNDGW="ygw.ygw.ygw.ygw"
SCNDIF="if1"
TGT="194.226.96.8" #ns4.ripn.net #Target for ping
#### Reading current channel
netstat -rn | grep default > /log.txt
if [ $? -ne 0 ];then
current_link="gw1.gw1.gw1.gw1"
else
current_link=`awk '{print $2}' /log.txt`
rm /log.txt
fi
echo "Current link is $current_link"
#### Pinging target via first GW
route delete $TGT
route add -host $TGT $FRSTGW -static
ping -c 3 $TGT >/dev/null 2>&1
if [ $? -ne 0 ];then
echo "Ping on first channel: [ BAD ]"
frst_status=bad
else
echo "Ping on first channel: [ OK ]"
frst_status=good
fi
#### Pinging target via second GW
route delete $TGT
route add -host $TGT $SCNDGW -static
ping -c 3 $TGT >/dev/null 2>&1
if [ $? -ne 0 ];then
echo "Ping on second channel: [ BAD ]"
scnd_status=bad
else
echo "Ping on second channel: [ OK ]"
scnd_status=good
fi
#### Switching channel
#### All good
if [ "good" = $frst_status -a "good" = $scnd_status -a $current_link = $FRSTGW
];then
echo "All good. Wating for something bad..."
exit
fi
if [ $current_link = $SCNDGW -a "bad" = $frst_status -a "good" = $scnd_status
];then
echo "First channel is still down =("
exit
fi
#### First channel is UP!
if [ "good" = $frst_status -a $current_link = $SCNDGW ];then
echo First channel is UP now, switching. Current time `date`
EXT=$FRST
EXTGW=$FRSTGW
EXTIF=$FRSTIF
NATD="natd"
fi
#### If first channel is down
if [ "bad" = $frst_status -a "good" = $scnd_status -a $current_link = $FRSTGW
];then
echo First channel is going down, switching. Current time `date`
EXT=$SCND
EXTGW=$SCNDGW
EXTIF=$SCNDIF
NATD="8678"
fi
#### If both channels down
if [ "bad" = $frst_status -a "bad" = $scnd_status ];then
echo "Both channels down... How we can live without net?!?!?! "
echo "I will try to find live channel again"
echo `date`
exit
fi
route delete default 2>&1
route add default $EXTGW 2>&1
/sbin/ipfw -q flush
#Далее следует набор правил для ipfw примерно такого вида
####### VARIABLES #######
ext=$EXTIF #External interface
int="dc0" #Internal Interface
intip="192.168.0.10" #Internal IP
extip="$EXT" #External IP
dnsfwd="193.138.70.2" #Forward DNS server (Awax)
fw="/sbin/ipfw" #Path to IPFW
echo $ext "is an external interface"
echo $int "is an internal interface"
echo "Applying IPFW settings"
####### GLOBAL RULES #######
# Here is the rules applayed for all users
#просто несколько правил для примера
## Allow rules
${fw} add 20000 allow icmp from $intip/24 to any via $int #Allow ping requests
from intranet
${fw} add 20300 allow udp from $intip/24 67,68 to $intip via $int #Allow dhcp &
bootp
${fw} add 20400 allow tcp from $intip/24 67,68 to $intip via $int #Allow dhcp &
bootp
${fw} add 20700 allow udp from $extip/32 to any 53 keep-state #Allow DNS
requests to forward server
...........
## Deny rules
${fw} add 40000 deny ip from $intip/24 to $extip via $int
${fw} add 40100 unreach host log udp from any to $extip 1-1024 via $ext #Deny
any acces from inet to 1-1024 ports
............
##NATD & SQUID
${fw} add 100 forward localhost,8080 tcp from 192.168.0.1/24 to any 80,8080 out
recv $int xmit $ext #Forward from any to http to Squid
#Важно не забыть вот это
${fw} add 60000 divert $NATD ip from any to any via $ext #Enable natd
и при старте системы запускаються два natd один просто
natd -s -n if0 #это natd для канала по умолчанию
natd -s -p 8678 -n if0 #а это уже для запасного канала
У меня этот скриптик стоит в кроне каждые пять минут.
Ваши советы рекомендации.
Вариант для распечатки
Скрипты, настройки и файлы конфигурации. (Public)
(??) on
17-Сен-04, 13:07 (MSK)
