Saturday, December 6, 2014

Access two Internet links Simultaneously

1- information
 *** interface,
- lxcbr0 is lxc container interface connect to squid
- usb0 : internet link 1
- ppp0 : internet link 2

# ip link  | grep "^[0-9]"
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
4: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
5: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
6: vmnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
7: vmnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
8: vmnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
9: vmnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
10: vmnet6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
11: vmnet7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
12: vmnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
13: vmnet9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
14: vmnet10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
22: tap0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 500
23: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
27: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
29: veth123L7C: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master lxcbr0 state UP mode DEFAULT group default qlen 1000
30: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 3


2-  create proxy server, squid on lxc contain with  the following configure
root@deb1-proxy:/etc/squid# cat /etc/squid/squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$       0       20%     2880
refresh_pattern .               0       20%     4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid

3- mangle packet that come from lxcbr0 to go to usb0
192.168.42.129 is the gateway of usb0

iptables -A PREROUTING -i lxcbr0  -t mangle -j MARK --set-mark 2
echo 201 mail.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table mail.out
ip route add default via 192.168.42.129 table mail.out
ip route flush cache

for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $f ; done
echo 0 > /proc/sys/net/ipv4/route/flush

4- Nat on interface usb0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE


5- show all show table
#ip route show table all
default via 192.168.42.129 dev usb0  table mail.out
default dev ppp0  scope link
10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1
10.64.64.64 dev ppp0  proto kernel  scope link  src 10.27.215.106
172.16.28.0/24 dev vmnet5  proto kernel  scope link  src 172.16.28.1
172.16.109.0/24 dev vmnet6  proto kernel  scope link  src 172.16.109.1
172.16.130.0/24 dev vmnet10  proto kernel  scope link  src 172.16.130.1
172.16.146.0/24 dev vmnet4  proto kernel  scope link  src 172.16.146.1
172.16.154.0/24 dev vmnet2  proto kernel  scope link  src 172.16.154.1
172.16.168.0/24 dev vmnet7  proto kernel  scope link  src 172.16.168.1
192.168.11.0/24 dev tap0  proto kernel  scope link  src 192.168.11.1
192.168.25.0/24 dev vmnet9  proto kernel  scope link  src 192.168.25.1
192.168.30.0/24 dev br0  proto kernel  scope link  src 192.168.30.1
192.168.42.0/24 dev usb0  proto kernel  scope link  src 192.168.42.220
192.168.54.0/24 dev vmnet8  proto kernel  scope link  src 192.168.54.1
192.168.126.0/24 dev vmnet3  proto kernel  scope link  src 192.168.126.1
192.168.202.0/24 dev vmnet1  proto kernel  scope link  src 192.168.202.1
broadcast 10.0.3.0 dev lxcbr0  table local  proto kernel  scope link  src 10.0.3.1
local 10.0.3.1 dev lxcbr0  table local  proto kernel  scope host  src 10.0.3.1
broadcast 10.0.3.255 dev lxcbr0  table local  proto kernel  scope link  src 10.0.3.1
local 10.27.215.106 dev ppp0  table local  proto kernel  scope host  src 10.27.215.106
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local 127.0.0.2 dev lo  table local  proto kernel  scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1
broadcast 172.16.28.0 dev vmnet5  table local  proto kernel  scope link  src 172.16.28.1
local 172.16.28.1 dev vmnet5  table local  proto kernel  scope host  src 172.16.28.1
broadcast 172.16.28.255 dev vmnet5  table local  proto kernel  scope link  src 172.16.28.1
broadcast 172.16.109.0 dev vmnet6  table local  proto kernel  scope link  src 172.16.109.1
local 172.16.109.1 dev vmnet6  table local  proto kernel  scope host  src 172.16.109.1
broadcast 172.16.109.255 dev vmnet6  table local  proto kernel  scope link  src 172.16.109.1
broadcast 172.16.130.0 dev vmnet10  table local  proto kernel  scope link  src 172.16.130.1
local 172.16.130.1 dev vmnet10  table local  proto kernel  scope host  src 172.16.130.1
broadcast 172.16.130.255 dev vmnet10  table local  proto kernel  scope link  src 172.16.130.1
broadcast 172.16.146.0 dev vmnet4  table local  proto kernel  scope link  src 172.16.146.1
local 172.16.146.1 dev vmnet4  table local  proto kernel  scope host  src 172.16.146.1
broadcast 172.16.146.255 dev vmnet4  table local  proto kernel  scope link  src 172.16.146.1
broadcast 172.16.154.0 dev vmnet2  table local  proto kernel  scope link  src 172.16.154.1
local 172.16.154.1 dev vmnet2  table local  proto kernel  scope host  src 172.16.154.1
broadcast 172.16.154.255 dev vmnet2  table local  proto kernel  scope link  src 172.16.154.1
broadcast 172.16.168.0 dev vmnet7  table local  proto kernel  scope link  src 172.16.168.1
local 172.16.168.1 dev vmnet7  table local  proto kernel  scope host  src 172.16.168.1
broadcast 172.16.168.255 dev vmnet7  table local  proto kernel  scope link  src 172.16.168.1
broadcast 192.168.11.0 dev tap0  table local  proto kernel  scope link  src 192.168.11.1
local 192.168.11.1 dev tap0  table local  proto kernel  scope host  src 192.168.11.1
broadcast 192.168.11.255 dev tap0  table local  proto kernel  scope link  src 192.168.11.1
broadcast 192.168.25.0 dev vmnet9  table local  proto kernel  scope link  src 192.168.25.1
local 192.168.25.1 dev vmnet9  table local  proto kernel  scope host  src 192.168.25.1
broadcast 192.168.25.255 dev vmnet9  table local  proto kernel  scope link  src 192.168.25.1
broadcast 192.168.30.0 dev br0  table local  proto kernel  scope link  src 192.168.30.1
local 192.168.30.1 dev br0  table local  proto kernel  scope host  src 192.168.30.1
broadcast 192.168.30.255 dev br0  table local  proto kernel  scope link  src 192.168.30.1
broadcast 192.168.42.0 dev usb0  table local  proto kernel  scope link  src 192.168.42.220
local 192.168.42.220 dev usb0  table local  proto kernel  scope host  src 192.168.42.220
broadcast 192.168.42.255 dev usb0  table local  proto kernel  scope link  src 192.168.42.220
broadcast 192.168.54.0 dev vmnet8  table local  proto kernel  scope link  src 192.168.54.1
local 192.168.54.1 dev vmnet8  table local  proto kernel  scope host  src 192.168.54.1
broadcast 192.168.54.255 dev vmnet8  table local  proto kernel  scope link  src 192.168.54.1
broadcast 192.168.126.0 dev vmnet3  table local  proto kernel  scope link  src 192.168.126.1
local 192.168.126.1 dev vmnet3  table local  proto kernel  scope host  src 192.168.126.1
broadcast 192.168.126.255 dev vmnet3  table local  proto kernel  scope link  src 192.168.126.1
broadcast 192.168.202.0 dev vmnet1  table local  proto kernel  scope link  src 192.168.202.1
local 192.168.202.1 dev vmnet1  table local  proto kernel  scope host  src 192.168.202.1
broadcast 192.168.202.255 dev vmnet1  table local  proto kernel  scope link  src 192.168.202.1
fe80::/64 dev lxcbr0  proto kernel  metric 256
fe80::/64 dev vmnet1  proto kernel  metric 256
fe80::/64 dev vmnet2  proto kernel  metric 256
fe80::/64 dev vmnet3  proto kernel  metric 256
fe80::/64 dev vmnet4  proto kernel  metric 256
fe80::/64 dev vmnet5  proto kernel  metric 256
fe80::/64 dev vmnet6  proto kernel  metric 256
fe80::/64 dev vmnet7  proto kernel  metric 256
fe80::/64 dev vmnet8  proto kernel  metric 256
fe80::/64 dev vmnet9  proto kernel  metric 256
fe80::/64 dev vmnet10  proto kernel  metric 256
fe80::/64 dev br0  proto kernel  metric 256
fe80::/64 dev veth123L7C  proto kernel  metric 256
fe80::/64 dev usb0  proto kernel  metric 256
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101
local ::1 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:1 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:2 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:3 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:4 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:5 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:6 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:7 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:8 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:9 dev lo  table local  proto none  metric 0
local fe80::250:56ff:fec0:a dev lo  table local  proto none  metric 0
local fe80::70ac:a2ff:fe59:411f dev lo  table local  proto none  metric 0
local fe80::c87f:dfff:feef:a590 dev lo  table local  proto none  metric 0
local fe80::c8b9:54ff:fe56:652 dev lo  table local  proto none  metric 0
local fe80::fc7d:eeff:fece:31a5 dev lo  table local  proto none  metric 0
ff00::/8 dev lxcbr0  table local  metric 256
ff00::/8 dev vmnet1  table local  metric 256
ff00::/8 dev vmnet2  table local  metric 256
ff00::/8 dev vmnet3  table local  metric 256
ff00::/8 dev vmnet4  table local  metric 256
ff00::/8 dev vmnet5  table local  metric 256
ff00::/8 dev vmnet6  table local  metric 256
ff00::/8 dev vmnet7  table local  metric 256
ff00::/8 dev vmnet8  table local  metric 256
ff00::/8 dev vmnet9  table local  metric 256
ff00::/8 dev vmnet10  table local  metric 256
ff00::/8 dev br0  table local  metric 256
ff00::/8 dev veth123L7C  table local  metric 256
ff00::/8 dev usb0  table local  metric 256
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101




6- finally set application that what to go through usb0 with proxy server on lxc container and if not set, it will go though ppp0



Posted by
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)