海运的博客

ROS软路由常用命令及网络配置

发布时间:July 22, 2012 // 分类:ROS // No Comments

初始化配置命令,可设置IP相关信息

setup

列出所有指令及简短说明:

?

目录切换:

..
#返回上级
/
#返回主目录

IP配置相关命令:

ip address print 
#列出网卡及IP信息
ip address add address=192.168.1.22/255.255.255.0 interface=ether1 
#网卡1增加IP地址
ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1
#设置默认路由
ip dns set servers=192.168.1.1
#设置DNS
ip address remove numbers=0
#删除ID为0的IP

SNAT&DNAT

ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
#SNAT
ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-address=192.168.8.8/32 dst-port=80 to-addresses=192.168.1.8
#DNAT

PPPOE/ADSL拨号:

interface pppoe-client add user=user password=www.haiyun.me use-peer-dns=yes add-default-route=yes\
max-mtu=1492 max-mru=1492 interface=ether1-gateway disabled=no

系统管理相关命令:

system reboot 
#重启系统
system shutdown
#关机
system reset-configuration 
#恢复默认设置
system backup save name=20120721.bak
#备份配置文件
system backup load name=20120721.bak.backup
#恢复配置文件

系统监控相关命令:

tool sniffer start
#开启数据监听
tool sniffer stop
#关闭数据监听
tool sniffer packet print 
#列出监控的数的包
interface monitor-traffic ether1 
#监控指定网卡流量
user active print
#显示当前登录用户
ip firewall connection print
#显示当前所有连接
system resource print 
#列出系统资源占用
system resource monitor 
#实时监控资源占用

配置ROS时区及ntp客户端同步时间:

system clock set time-zone-name=Asia/Shanghai 
system ntp client set mode=unicast primary-ntp=202.112.31.197  enabled=yes 

使用winbox升级ROS官方最新版本

发布时间:July 22, 2012 // 分类:ROS // No Comments

winbox和ros升级版本官方下载地址:http://www.mikrotik.com/download
1.下载当前最新版本ROS npk文件,当前最新版本5.19,http://download2.mikrotik.com/routeros-x86-5.19.npk
2.通过winbox连接ros,将下载的程序上传到file。
3.重启路由即自动升级到ROS5.19版本。

Linux下ext3分区数据恢复工具ext3grep

发布时间:July 21, 2012 // 分类:备份存储 // No Comments

Linux下无回收站,rm -rf是个很危险的命令,ext3分区下误操作删除重要文件可使用ext3grep恢复。
ext3grep安装:

yum install ext3grep

ext3grep使用参数:

#选项:
--superblock #显示superblock信息
--print #

恢复删除文件应用示例,为快速新建磁盘分区:

dd if=/dev/zero of=/root/ext3grep bs=1M count=64
mkfs.ext3 ext3grep 
mkdir test
mount -o loop ext3grep test/

进入挂载目录新建测试文件并删除:

cd test
echo test > ext3grep
md5sum ext3grep 
d8e8fca2dc0f896fd7cb4cb0031ba249  ext3grep
rm -rf ext3grep

用ext3grep列出设备/root/ext3grep根目录下所有文件,包含已删除的。

ext3grep /root/ext3grep --ls --inode 2
Directory block 516:
          .-- File type in dir_entry (r=regular file, d=directory, l=symlink)
          |          .-- D: Deleted ; R: Reallocated
Indx Next |  Inode   | Deletion time                        Mode        File name
==========+==========+----------------data-from-inode------+-----------+=========
   0    1 d       2                                         drwxr-xr-x  .
   1    2 d       2                                         drwxr-xr-x  ..
   2    3 d      11                                         drwx------  lost+found
   3    4 r      12                                         rrw-r--r--  ext3grep
   4    5 r      13                                         rrw-r--r--  ext3grep.ext3grep.stage1
   5  end r      14                                         rrw-r--r--  ext3grep.ext3grep.stage2

恢复删除的文件ext3grep,inode为12.

ext3grep /root/ext3grep --restore-inode 12
Running ext3grep version 0.10.2
Number of groups: 8
Minimum / maximum journal block: 530 / 4644
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1342293703 = Sun Jul 15 03:21:43 2012
Number of descriptors in journal: 30; min / max sequence numbers: 2 / 8
Writing output to directory RESTORED_FILES/
Restoring inode.12

可见文件已恢复并以inode为名字存放在RESTORED_FILES目录下,查看恢复的文件与删除的文件是否一致。

cd RESTORED_FILES/
cat inode.12 
test
md5sum inode.12 
d8e8fca2dc0f896fd7cb4cb0031ba249  inode.12

其它应用:
查看inode对应的block:

ext3grep /root/ext3grep --print  --inode-to-block 8194

查看inode的superblock:

ext3grep /root/ext3grep --print --superblock --inode 2

LVS+Keepalived下Iptables配置

发布时间:July 18, 2012 // 分类:Iptables // No Comments

iptables -I INPUT -d 224.0.0.0/8 -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT

Centos配置LVS Keepalived高可用负载均衡服务器

发布时间:July 18, 2012 // 分类:高可用 // No Comments

LVS IP信息:

主LVS:192.168.1.2
备LVS:192.168.1.3
虚拟IP:192.168.1.6
应用服务器1:192.168.1.12
应用服务器2:192.168.1.13

查看内核是否支持LVS模块:

modprobe -l |grep ipvs
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_dh.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_ftp.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_lblc.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_lblcr.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_lc.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_nq.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_rr.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_sed.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_sh.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_wlc.ko
/lib/modules/2.6.18-274.17.1.el5/kernel/net/ipv4/ipvs/ip_vs_wrr.ko

根据内核版本下载安装相应的ipvsadm:

ln -s /usr/src/kernels/2.6.18-274.17.1.el5-x86_64/ /usr/src/linux
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install

也可使用yum直接安装:

yum install ipvsadm

安装Keepalived:

wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz
tar zxvf keepalived-1.1.19.tar.gz 
cd keepalived-1.1.19
./configure --sysconf=/etc/ --with-kernel-dir=/usr/src/kernels/2.6.18-274.17.1.el5-x86_64/
make
make install
ln -s /usr/local/sbin/keepalived /sbin/keepalived

主LVS配置keepalived:

! Configuration File for keepalived

global_defs {
   notification_email {
     admin@www.haiyun.me
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.6
    }
}

virtual_server 192.168.1.6 80 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP

    real_server 192.168.1.12 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.1.13 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    } 
}

启动keepalived,同时会在主LVS绑定VIP:

/etc/init.d/keepalived start
ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:e7:cc:3b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.3/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.6/32 scope global eth0

查看当前LVS参数:

ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.6:http rr
  -> 192.168.1.12:http            Route   1      0          0         
  -> 192.168.1.13:http            Route   1      0          0      

复制主keepalived到备LVS,修改以下参数:

state BACKUP
priority 90

应用服务器增加虚拟VIP:

#!/bin/bash
VIP=192.168.1.6
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $SNS
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac

测试LVS故障切换,停止主LVS上keepalived服务:

/etc/init.d/keepalived stop

查看备LVS已经接管为主LVS:

tail -n 10 /var/log/message
Jul 14 20:30:28 centos5 Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 14 20:30:29 centos5 Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 14 20:30:29 centos5 Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 14 20:30:29 centos5 Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.6

应用服务器故障测试,停止其中之一httpd服务:

/etc/init.d/httpd stop

查看keepalved日志已将出错服务器移除并邮件报警:

tail -n 10 /var/log/message
Jul 14 21:36:18 centos5 Keepalived_healthcheckers: TCP connection to [192.168.1.12:80] failed !!!
Jul 14 21:36:18 centos5 Keepalived_healthcheckers: Removing service [192.168.1.12:80] from VS [192.168.1.6:80]
Jul 14 21:36:18 centos5 Keepalived_healthcheckers: Remote SMTP server [127.0.0.1:25] connected.
ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.6:http rr
  -> 192.168.1.13:http            Route   1      0          0    
分类
最新文章
最近回复
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
归档