sudo iptables --flush
sudo iptables --table nat --flush
sudo iptables --delete-chain
sudo iptables --table nat --delete-chain
sudo iptables -A FORWARD -i eth0 -o eth1 -s 172.10.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"SHELL=bin/sh а должно бытьSHELL=/bin/sh
# tgt-admin -s
.Target 1: iqn.2018-06.pz:fast
System information:
Driver: iscsi
State: ready
I_T nexus information:
I_T nexus: 1
Initiator: iqn.1993-08.org.debian:01:6b28041b594 alias: n0
Connection: 0
IP Address: 127.0.0.1
LUN information:
LUN: 0
Type: controller
SCSI ID: IET 00010000
SCSI SN: beaf10
Size: 0 MB, Block size: 1
Online: Yes
Removable media: No
Prevent removal: No
Readonly: No
SWP: No
Thin-provisioning: No
Backing store type: null
Backing store path: None
Backing store flags:
Account information:
ACL information:
ALL
Target 2: iqn.2018-06.pz:slow
System information:
Driver: iscsi
State: ready
I_T nexus information:
I_T nexus: 2
Initiator: iqn.1993-08.org.debian:01:6b28041b594 alias: n0
Connection: 0
IP Address: 127.0.0.1
LUN information:
LUN: 0
Type: controller
SCSI ID: IET 00020000
SCSI SN: beaf20
Size: 0 MB, Block size: 1
Online: Yes
Removable media: No
Prevent removal: No
Readonly: No
SWP: No
Thin-provisioning: No
Backing store type: null
Backing store path: None
Backing store flags:
LUN: 1
Type: disk
SCSI ID: IET 00020001
SCSI SN: beaf21
Size: 863023 MB, Block size: 512
Online: Yes
Removable media: No
Prevent removal: No
Readonly: No
SWP: No
Thin-provisioning: No
Backing store type: rdwr
Backing store path: /dev/md0p4
Backing store flags:
Account information:
ACL information:
ALL# tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 -b /dev/bcache0ip route flush table T1 #обнуляем первую таблицу маршрутов
ip route flush table T2 #обнуляем вторую таблицу маршрутов
ip rule delete table T1 #удаляем наши таблицы, если они присутствуют в текущей конфигурации (вдруг мы просто перезапускаем скрипт?)
ip rule delete table T2 #аналогично для второй.
ip rule add from $I1_IP table T1
ip route add $LOCAL src $LOCAL_GW dev $LOCAL_ETH table T1
ip route add default via $I1_GW table T1 metric 1000
ip route add default via $I2_GW table T1 metric 1200
ip rule add fwmark 1 table T1 #все пакеты, которые имеют метку 1 маршрутизировать по таблице T1
ip rule add from $I2_IP table T2
ip route add $LOCAL src $LOCAL_GW dev $LOCAL_ETH table T2
ip route add default via $I2_GW table T2 metric 1000
ip route add default via $I1_GW table T2 metric 1200
ip rule add fwmark 2 table T2 #все пакеты, которые имеют метку 2 маршрутизировать по таблицу T2
iptables -t mangle -N I2_RULE
iptables -t mangle -A I2_RULE -i $I1_ETH -j CONNMARK --set-mark 1
iptables -t mangle -A I2_RULE -i $I2_ETH -j CONNMARK --set-mark 2
iptables -t mangle -A FORWARD -m state --state NEW -j I2_RULE
iptables -t mangle -A PREROUTING -m state --state ESTABLISHED -j CONNMARK --restore-mark