source: trunk/lvs/debian/config/etc/network/if-up.d/iptables

Last change on this file was 2699, checked in by andersk, 7 years ago
Remove joss-whedon
  • Property svn:executable set to *
File size: 2.0 KB
Line 
1#!/bin/sh
2## Joe Presbrey <presbrey@mit.edu>
3## Quentin Smith <quentin@mit.edu>
4## Mitchell Berger <mitchb@mit.edu>
5## SIPB Scripts LVS Firewall marks
6
7iptables -F -t mangle
8
9# Create a table for regular scripts hosts
10iptables -t mangle -N scripts 2>/dev/null || :
11
12# scripts-vhosts.mit.edu
13iptables -A PREROUTING -t mangle -d 18.181.0.46 -j scripts
14# scripts.mit.edu
15iptables -A PREROUTING -t mangle -d 18.181.0.43 -j scripts
16# scripts-cert.mit.edu
17iptables -A PREROUTING -t mangle -d 18.181.0.50 -j scripts
18
19# Send Apache-bound traffic to FWM 2 (load-balanced)
20iptables -A scripts -t mangle -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 2
21# Send SMTP-bound traffic to FWM 3 (load-balanced)
22iptables -A scripts -t mangle -m tcp -p tcp --dport 25 -j MARK --set-mark 3
23# Send finger-bound traffic to FWM 255 (the LVS director itself)
24iptables -A scripts -t mangle -m tcp -p tcp --dport 78:79 -j MARK --set-mark 255
25# Send everything else to FWM 1 (primary)
26iptables -A scripts -t mangle -m mark --mark 0 -j MARK --set-mark 1
27
28# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
29iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
30iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1
31
32# scripts-primary.mit.edu goes to the primary (FWM 1) on all ports
33iptables -A PREROUTING -t mangle -d 18.181.0.182 -j MARK --set-mark 1
34
35# sipb.mit.edu acts like regular scripts for the web ports, everything else goes to i-hate-penguins.xvm.mit.edu (FWM 4)
36iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 80,443,444 -j MARK --set-mark 2
37# Also send port 25 there too because the IP is shared with rtfm.mit.edu (fix this after renaming the machine)
38#iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 20,21,25 -j MARK --set-mark 4
39# All else to i-hate-penguins
40iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.29 -j MARK --set-mark 4
Note: See TracBrowser for help on using the repository browser.