Tuesday, September 24, 2013

multiple wan connections failover in squid proxy.

As i have only one wan connection. so i have created two wan connection on my VM machine for that i chose two rhel5.5 64bit machine & 1 rhel6.4 machine

The actual wan Ip starts from 192.168.1.0 series

  

 Server 1 

we haven to apply iptable rules here

eth0 is a internet connect here in this server

eth2 is proxy lan ip in which internet is working for lan user

[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0c:29:b3:3a:aa
ONBOOT=yes
#DHCP_HOSTNAME=server
IPADDR=192.168.1.51
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
TYPE=Ethernet
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth2
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:b3:3a:b4
IPADDR=192.168.2.51
NETMASK=255.255.255.0

[root@server ~]#


eth0      Link encap:Ethernet  HWaddr 00:0C:29:B3:3A:AA
          inet addr:192.168.1.51  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feb3:3aaa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:65325 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19490 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7121317 (6.7 MiB)  TX bytes:2306883 (2.2 MiB)

eth2      Link encap:Ethernet  HWaddr 00:0C:29:B3:3A:B4
          inet addr:192.168.2.51  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feb3:3ab4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15587 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2616 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1571151 (1.4 MiB)  TX bytes:1185761 (1.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2285959 (2.1 MiB)  TX bytes:2285959 (2.1 MiB)

[root@server ~]#

the ip table rule is used in this server & also enable the port forwarding also added the dns entry in resolve.conf

iptables  -t nat  -A  PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables  -t nat  -A  POSTROUTING -o eth0 -j MASQUERADE      

[root@server ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

[root@server ~]# cat /etc/resolv.conf
nameserver 203.94.243.70
nameserver 59.179.243.70
[root@server ~]#

[root@server ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl  internet src 192.168.2.0/24
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow internet
http_access deny all
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
visible_hostname server
[root@server ~]#

Server 2

iptables  -t nat  -A  PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables  -t nat  -A  POSTROUTING -o eth0 -j MASQUERADE    



[root@loadbalance ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:94:E1:C4
          inet addr:192.168.1.50  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe94:e1c4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:88565 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82687 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7463961 (7.1 MiB)  TX bytes:7414865 (7.0 MiB)

eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:94:E1:C4
          inet addr:172.16.11.161  Bcast:172.16.11.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:0C:29:94:E1:CE
          inet addr:192.168.45.50  Bcast:192.168.45.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe94:e1ce/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21226 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4699 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2002661 (1.9 MiB)  TX bytes:1042120 (1017.6 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5184 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1014766 (990.9 KiB)  TX bytes:1014766 (990.9 KiB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:9832 (9.6 KiB)

[root@loadbalance ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0c:29:94:e1:c4
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.50
GATEWAY=192.168.1.1
TYPE=Ethernet
[root@loadbalance ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:94:e1:ce
IPADDR=192.168.45.50
NETMASK=255.255.255.0
[root@loadbalance ~]#


[root@loadbalance ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1



[root@loadbalance ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl  internet src 192.168.45.0/24
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow internet
http_access deny all
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
visible_hostname loadbalance
[root@loadbalance ~]#

[root@loadbalance ~]# cat /etc/resolv.conf
nameserver 203.94.243.70
nameserver 59.179.243.70
[root@loadbalance ~]#




PROXY SERVER RHEL6.4


172.16.11.0 is proxy lan network internet

[root@Proxy ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=253 time=1.40 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=253 time=1.21 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=253 time=1.14 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2869ms
rtt min/avg/max/mdev = 1.145/1.254/1.405/0.117 ms
[root@Proxy ~]# ping 192.168.2.51
PING 192.168.2.51 (192.168.2.51) 56(84) bytes of data.
64 bytes from 192.168.2.51: icmp_seq=1 ttl=64 time=1.17 ms
64 bytes from 192.168.2.51: icmp_seq=2 ttl=64 time=0.416 ms
^C
--- 192.168.2.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1406ms
rtt min/avg/max/mdev = 0.416/0.793/1.170/0.377 ms
[root@Proxy ~]# ping 192.168.45.50
PING 192.168.45.50 (192.168.45.50) 56(84) bytes of data.
64 bytes from 192.168.45.50: icmp_seq=1 ttl=64 time=0.361 ms
64 bytes from 192.168.45.50: icmp_seq=2 ttl=64 time=0.393 ms
64 bytes from 192.168.45.50: icmp_seq=3 ttl=64 time=0.404 ms
^C
--- 192.168.45.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2248ms
rtt min/avg/max/mdev = 0.361/0.386/0.404/0.018 ms
[root@Proxy ~]#


[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.11.131
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:DF
[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.45.100
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:E9
#GATEWAY=192.168.45.50
[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.2.52
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:F3
#GATEWAY=192.168.2.51
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1


[root@Proxy ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl internet src 172.16.11.0/24    # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow internet
http_access allow localhost
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
visible_hostname proxy
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
######rules for neting#############################
ip route add 192.168.45.0/24 dev eth1 src 192.168.45.100 table First_ISP
ip route add default via 192.168.45.50 table First_ISP
ip route add 192.168.2.0/24 dev eth2 src 192.168.2.52  table Second_ISP
ip route add default via 192.168.2.51 table Second_ISP
ip rule add from 192.168.45.100 table First_ISP
ip rule add from 192.168.2.52 table Second_ISP
ip route add default scope global nexthop via 192.168.45.50 dev eth1 weight 1 nexthop via 192.168.2.51 dev eth2 weight 1
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com


# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
nameserver 4.2.2.2
[root@Proxy ~]#

Posted by at

No comments:

Post a Comment

Thanks for the comment

Subscribe to: Post Comments (Atom)