碼上快樂

相關內容    簡體    繁體

OpenWrt下的單路由復用

本文轉載自   查看原文   2020-09-10 16:52   1064    openwrt

OpenWrt下的單路由復用

https://lwz322.github.io/2018/10/09/Strategy-route.html

 

如何能夠使用一台路由器讓多個人擁有各自獨立的網絡(降低購買多個路由器的開銷), 如何在有多個網絡接入的情況下,提高網絡的體驗, 以上的問題都可以歸結到策略路由上,通過不同層級間的策略的組合就可以實現不同的效果

關鍵詞:iptables,VLAN,Route Load_Balance,IP rule

設備和環境

路由器:Xiaomi R3G

系統:OpenWrt 18.06.1

網絡:校園網PPPoE,中國聯通4G

原理

使用Linux網絡防火牆iptables對虛擬的出的Interface的數據包做標記,再結合一定的規則對標記的數據包進行路由,也就是通過自定的策略路由來實現,而需要實現這種特定需求下的策略路由就必須自下而上(此處特指是路由器的網絡結構)的對網絡重構,具體的網絡結構示意圖如下:

自頂而下的對結構的解讀:

Wireless Master0 和 Wireless Master1 是兩個獨立的無線網絡AP,橋接到不同的LAN,從屬於不同的子網,有不同的路由表;

Wireless Client0 是橋接自另外一個接入點的無線網絡,直接橋接到WWAN,主要目的是結合有線網絡,使用Linux網絡防火牆iptables的FwMark功能輪流給數據包打上標記,通過路由表級別的負載均衡來實現對網絡的加速和數據包的內外網分流;

兩個子網通過防火牆的空間(Firewall Zone)來划分,方便管理,再對出入路由器於特定接口的數據包 使FwMark功能打上標記,之后再添加一張新的路由表負責被標記的數據包的路由,這樣來自兩個LAN空間的流量會轉發到各自的WAN空間,圖示的內外網轉發也就是: lan->wan lan_2->wan_2

有線PPPoE連接單個網卡只能有一個,因為大多數路由器只有一塊網卡,所以在網絡接口方面需要用到虛擬網卡得到veth1,veth2…;

而虛擬網卡又坐落在VLAN之上,現在我們使用的大多數路由器都是通過VLAN來為網口進行划分的,通過設備對不同的VLAN ID的接口的標記,就可以划分出多組WAN口和LAN口,通過以上兩步就可以實現單/多有線鏈路的接入以及對LAN口的划分;

綜合以上,就是可以實現有線鏈路與無線橋接的負載均衡以及單個路由的復用。

注:

不同的設備和系統以及設置的名稱可能不同,這里僅供原理的敘述

代碼

代碼部分僅供參考,因為每個人的設備的情況不一樣,但是稍作修改就可以用,使用了uci方便快速配置

添加防火牆空間

echo "add firewall zone and add rules..." uci add firewall zone 1>/dev/null uci set firewall.@zone[2]=zone uci set firewall.@zone[2].name=wan_2 uci set firewall.@zone[2].input=REJECT uci set firewall.@zone[2].output=ACCEPT uci set firewall.@zone[2].forward=REJECT uci set firewall.@zone[2].masq=1 uci set firewall.@zone[2].mtu_fix=1 uci add firewall zone 1>/dev/null uci set firewall.@zone[3]=zone uci set firewall.@zone[3].name=lan_2 uci set firewall.@zone[3].input=ACCEPT uci set firewall.@zone[3].output=ACCEPT uci set firewall.@zone[3].forward=ACCEPT uci add firewall forwarding 1>/dev/null uci set firewall.@forwarding[1]=forwarding uci set firewall.@forwarding[1].src='lan_2' uci set firewall.@forwarding[1].dest='wan_2' uci commit firewall

設置無線網絡

這一步是設置好兩個5G頻段的無線信號,也可以手動設置,設置完成之后需要開啟無線網絡

echo "set and add wireless radio..." uci set wireless.default-radio1.ssid='OpenWrt_5G' uci set wireless.default-radio1.mode='ap' uci set wireless.default-radio1.encryption='psk-mixed' uci set wireless.default-radio1.key='key' uci add wireless wifi-iface uci set wireless.@wifi-iface[3]=wifi-iface uci set wireless.@wifi-iface[3].device='radio1' uci set wireless.@wifi-iface[3].ssid='OpenWrt_6' uci set wireless.@wifi-iface[3].mode='ap' uci set wireless.@wifi-iface[3].encryption='psk-mixed' uci set wireless.@wifi-iface[3].key='key' uci commit wireless echo "need to call wireless radio1 up..."

安裝必要的軟件

先設置好系統時間,連接網絡,安裝軟件和依賴,完成之后刪除默認的負載均衡設置

#!bin/sh uci set system.system[0].zonename='Asia/Hong Kong' uci set system.system[0].timezone='HKT-8' uci commit system uci set network.wan.proto="pppoe" uci set network.wan.username="username" uci set network.wan.password="password" uci commit network ubus call network.interface.wan up ifstatus=`ubus call network.interface.wwan status | grep \"up\" | sed "s/\"up\"://" | sed "s/,//"` sleep 10 if [ "$telstatus" = ture ];then echo "`date` interface.wan was successfully UP,and continum..." else echo "...please check your internet status and try again" exit 0 fi echo "try to install necessary software..." opkg update opkg install kmod-macvlan opkg install kmod-ipt-nat6 opkg install luci-app-mwan3 echo "rm default setting of load_blance..." sed -i "4,$d" /etc/config/mwan3 uci commit mwan3

添加接口

添加虛擬網卡,添加開機啟動項,橋接無線與LAN口,自訂防火牆規則,經過這一步之后,單路由的復用就可以使用了

ip link add link eth0.2 name veth_wan_2 type macvlan echo "add start up script..." sed -i '$d' /etc/rc.local cat > /etc/rc.local << EOF ip link add link eth0.2 name veth_wan_2 type macvlan ip rule add fwmark 0x6 table 300 ip route add default via 10.170.72.254 dev pppoe-wan_2 table 300 exit 0 EOF echo "add interfaces..." uci set network.wan_2=interface uci set network.wan_2.proto='pppoe' uci set network.wan_2.username="username_2" uci set network.wan_2.password="password_2" uci set network.wan_2.defaultroute="0" uci set network.wan_2.ifname="veth_wan_2" uci set network.lan_2=interface uci set network.lan_2.type='bridge' uci set network.lan_2.proto='static' uci set network.lan_2.ipaddr='192.168.2.1' uci set network.lan_2.netmask='255.255.255.0' uci set network.lan_2.ip6assign='60' uci commit network brctl addbr br-lan_2 brctl addif br-lan wlan1-1 uci set dhcp.lan_2=dhcp uci set dhcp.lan_2.start='100' uci set dhcp.lan_2.leasetime='12h' uci set dhcp.lan_2.limit='150' uci set dhcp.lan_2.interface='lan_2' uci set dhcp.lan_2.ra_default='1' uci set dhcp.lan_2.dhcpv6='server' uci set dhcp.lan_2.ra='server' uci set dhcp.lan_2.ra_management='1' uci add_list firewall.@zone[2].network=wan_2 uci add_list firewall.@zone[2].network=wan_2_6 uci add_list firewall.@zone[3].network=lan_2 echo "add firewall mark..." echo "ip6tables -t nat -I POSTROUTING -s \`uci get network.globals.ula_prefix\` -j MASQUERADE" >> /etc/firewall.user echo "iptables -t mangle -A PREROUTING -j MARK --set-mark 6 -i pppoe_wan_2" >> /etc/firewall.user echo "iptables -t mangle -A PREROUTING -j MARK --set-mark 6 -i br-lan_2" >> /etc/firewall.user uci commit firewall /etc/init.d/firewall restart ubus call network.interface.wan_2 up ubus call network.interface.lan_2 up ip rule add fwmark 0x6 table 300 ip route add default via 10.170.72.254 dev pppoe-wan_2 table 300 echo "mlan setting is finished,try to enable two wireless radio and enjoy"

負載均衡設置

這里只是采用了最基本的負載均衡設置,可以自行的添加接口,這里也附上多鏈路路由負載均衡的配置腳本供參考

對於分流的比例mwan3.member_$INTERFACE.metric可以根據具體的網絡狀況進行調節

uci set mwan3.wan=interface uci set mwan3.wan.enabled='1' uci set mwan3.wan.track_ip='10.170.72.254' uci set mwan3.wan.track_ip='223.5.5.5' uci set mwan3.wan.reliability='1' uci set mwan3.wan.count='1' uci set mwan3.wan.timeout='2' uci set mwan3.wan.interval='1' uci set mwan3.wan.down='1' uci set mwan3.wan.up='1' uci set mwan3.wwan=interface uci set mwan3.wwan.enabled='1' uci set mwan3.wwan.track_ip='223.5.5.5' uci set mwan3.wwan.track_ip='223.6.6.6' uci set mwan3.wwan.reliability='1' uci set mwan3.wwan.count='1' uci set mwan3.wwan.timeout='2' uci set mwan3.wwan.interval='1' uci set mwan3.wwan.down='1' uci set mwan3.wwan.up='1' uci commit mwan3 uci set mwan3.member_wwan=member uci set mwan3.member_wwan.interface="wwan" uci set mwan3.member_wwan.metric='1' uci set mwan3.member_wwan.weight='1' uci set mwan3.member_wan=member uci set mwan3.member_wan.interface="wan" uci set mwan3.member_wan.metric='1' uci set mwan3.member_wan.weight='1' uci commit mwan3 uci set mwan3.load_blance=policy uci set mwan3.load_blance.last_resort='unreachable' uci add_list mwan3.load_blance.use_member="member_wwan" uci add_list mwan3.load_blance.use_member="member_wan" uci commit mwan3 uci set mwan3.default_rule=rule uci set mwan3.default_rule.use_policy='load_blance' uci set mwan3.default_rule.proto='all' uci commit mwan3 /etc/init.d/mwan3 restart

hotplug腳本

因為路由表的修改是會因為接口的連接/斷開而變化/失效的,故需要添加熱插拔腳本來維持路由表

#!/bin/sh [ "$INTERFACE" = wan_2 ] || exit 0 [ "$ACTION" = ifup ] || exit 0 ip route add default via 10.170.72.254 dev pppoe-wan_2 table 300 logger -t dualroute "wan_2 is up again,table is upgraded"

 

============= End

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OpenWrt——神奇的路由系統 OpenWRT 路由配置技巧 [OpenWrt] 簡單的策略路由 制作橋接模式的openwrt路由 基於Openwrt虛擬路由MAC地址 在軟路由安裝openwrt系統 關閉openwrt路由的led燈 如何修改OpenWrt路由IP地址 openwrt下 samba設置 Win10下小米路由器4A百兆版刷Openwrt固件【圖片詳細版】
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM