#! /bin/sh # /etc/rc.d/rc.nano1 # This brings up the network interfaces with multipath routing. # On entry, rc.netdevice has been run from rc.M echo -n "rc.nano1: " BARRY1="63.201.0.0/16" BARRY1="63.202.0.0/16" BARRY1="69.231.0.0/16" ISW1="216.196.97.142" # news.iswest.com SKYN="207.106.92.0/23" # Include 207.106.93.0 UNS1="63.223.5.0/24" # UseNetServer (west = nntp2) nYIC="206.72.89.154" # NextWeb sYIC="66.209.101.194" # SkyRiver nNEW="206.72.89.155" sNEW="66.209.101.195" nSON="206.72.89.156" sSON="66.209.101.196" nNOP="206.72.89.157" sNOP="66.209.101.197" # Abbreviations: # IFI internal interface # IPI IP address of internal interface # NWI internal network IP # NMI netmask for the internal interface # IFE1, IFE2 external interfaces # IPE1, IPE2 external IP addresses # NWE1, NWE2 external network addresses # NME1, NME2 masks for the external network in CIDR format (E.G. /24) # BRD1, BRD2 broadcast addresses for external networks # GWE1, GWE2 gateways for external interfaces IFI="eth0" # IFI is the internal interface IPI="206.72.89.158" # IPI is the IP address of the internal interface NWI="206.72.89.152" # NWI is the internal network IP NMI="29" # NMI is the netmask for the internal interface BRDI="206.72.89.159" IFE1="eth1" # NextWeb (search "NextWeb") IFE2="eth2" # IFEn are the external interfaces IFE3="eth3" # Dead Qwest dsl connection IFE4="ppp0" IPE1="206.72.89.158" # NextWeb IPE2="66.209.101.198" # IPEn are the external IP addresses IPE3="" #IPE4=`cat /etc/firewall/localIP` # dynamic NWE1="206.72.89.152" NWE2="66.209.101.192" # NWEn are the external network addresses NWE3="" #NWE4=`cat /etc/firewall/localIP` NME1="29" # NextWeb NME2="29" # NMEn are the masks for the external network in CIDR format (E.G. /24) NME3="" NME4="" BRD1="206.72.89.159" # NextWeb BRD2="66.209.101.199" # BRDn are broadcast addresses for external networks BRD3="" #BRD4=`cat /etc/firewall/remoteIP` # Broadcast (use "peer" for ppp0) GWE1="206.72.89.153" # NextWeb GWE2="66.209.101.193" # GWEn are gateways for external interfaces GWE3="" #GWE4=`cat /etc/firewall/remoteIP` # peer, dynamic # lo ip link set lo up # To be sure there are no preexisting IPs assigned to the interface, we flush: ip addr flush dev lo # Assigning an address will cause the kernel to automatically insert an # appropriate route into table main: ip addr add 127.0.0.1/8 brd + dev lo # "+" is shorthand for the broadcast address, here 127.0.0.255 # Can now ping localhost. # internal interface eth0 ip link set $IFI up ip addr flush dev $IFI ip addr add dev $IFI local $IPI/32 brd $BRDI # Can now ping any host on the internal interface. ip rule del prio 50 table main ip rule del prio 201 from $NWE1/$NME1 table 201 ip rule del prio 201 to $SKYN table 201 ip rule del prio 201 to $BARRY1 table 201 ip rule del prio 201 to $BARRY2 table 201 ip rule del prio 201 to $BARRY3 table 201 ip route del prohibit default table 201 metric 1 proto static ip rule del prio 201 table 201 ip rule del prio 202 from $NWE2/$NME2 table 202 ip rule del prio 202 to $ISW1 table 202 ip rule del prio 202 to $UNS1 table 202 ip route del prohibit default table 202 metric 1 proto static ip rule del prio 202 table 202 ip rule del prio 222 table 222 ip rule del prio 222 table 222 # For the external interfaces, don't specify a gateway. # Don't insert a default route. # NextLan on eth1: ip link set $IFE1 up # To be sure there are no preexisting IPs assigned to the interface, we flush: ip addr flush dev $IFE1 # BRD# specifies the broadcast address: ip addr add dev $IFE1 local $IPE1/32 brd $BRD1 ip route add $nYIC dev $IFI src $IPE1 ip route add $nNEW dev $IFI src $IPE1 ip route add $nSON dev $IFI src $IPE1 ip route add $nNOP dev $IFI src $IPE1 ip route add $GWE1/32 dev $IFE1 src $IPE1 # SKyRiver on eth2: ip link set $IFE2 up # To be sure there are no preexisting IPs assigned to the interface, we flush: ip addr flush dev $IFE2 # BRD# specifies the broadcast address: ip addr add dev $IFE2 local $IPE2/32 brd $BRD2 ip route add $sYIC dev $IFI src $IPE2 ip route add $sNEW dev $IFI src $IPE2 ip route add $sSON dev $IFI src $IPE2 ip route add $sNOP dev $IFI src $IPE2 ip route add $GWE2/32 dev $IFE2 src $IPE2 # table main with priority 50, the highest one # We want to make sure there is no default route in table main. If there isn't # one, this will fail (which is fine): ip route del default table main 2>>/var/log/nano ip rule add prio 50 table main # table 201 - eth1 ip rule add prio 201 from $NWE1/$NME1 table 201 ip route add default via $GWE1 dev $IFE1 src $IPE1 proto static table 201 ip route append prohibit default table 201 metric 1 proto static # table 202 - eth2 ip rule add prio 202 from $NWE2/$NME2 table 202 ip route add default via $GWE2 dev $IFE2 src $IPE2 proto static table 202 ip route append prohibit default table 202 metric 1 proto static # Special-case: # SkyPipeline news must be on NextWeb/eth1. ip rule add prio 201 to $SKYN table 201 # Barry accessing NetOp. ip rule add prio 201 to 63.201.0.0/16 table 201 ip rule add prio 201 to 63.202.0.0/16 table 201 ip rule add prio 201 to 69.231.0.0/16 table 201 # UseNetServer ip rule add prio 202 to $ISW1 table 202 ip rule add prio 202 to $UNS1 table 202 # table 222 - multipath ip rule add prio 222 table 222 ip route add default table 222 proto static nexthop via $GWE2 dev $IFE2 weight 3 nexthop via $GWE1 dev $IFE1 weight 2 ip route flush cache # ProxyARP: echo 1 >/proc/sys/net/ipv4/ip_forward echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp /usr/sbin/proxy-arp.sh start # Firewall runs from /etc/rc.d/rc.local # EOF rc.nano1