Configure the F20 realservers to respond to the new proxy infrastructure

For the moment, this only works for traffic coming from the test
proxies, because the production ones don't exist yet.

Author: Mitchell E Berger

server/fedora/config/etc/modules-load.d/iptables.conf

@@ -5,3 +5,5 @@ ip6_tables
 ip6table_filter
 ip6t_REJECT
 nf_log_ipv6
+ipt_MARK
+ipt_dscp

server/fedora/config/etc/sysconfig/iptables

@@ -4,6 +4,9 @@
 :OUTPUT ACCEPT [0:0]
 :log-smtp - [0:0]
 -A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT
+-A INPUT -m dscp --dscp 11 -j MARK --set-mark 11
+-A INPUT -m dscp --dscp 12 -j MARK --set-mark 12
+-A INPUT -m dscp --dscp 13 -j MARK --set-mark 13
 -A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp
 -A log-smtp -m owner --uid-owner postfix -j RETURN
 -A log-smtp -m owner --uid-owner nrpe -o lo -d 127.0.0.1 -j RETURN

server/fedora/config/etc/sysconfig/network-scripts/route-vlan486

@@ -0,0 +1,3 @@
+default via 18.4.86.187 dev vlan486 table 11
+default via 18.4.86.192 dev vlan486 table 12
+default via 18.4.86.194 dev vlan486 table 13

server/fedora/config/etc/sysconfig/network-scripts/rule-vlan486

@@ -0,0 +1,3 @@
+fwmark 11 lookup 11
+fwmark 12 lookup 12
+fwmark 13 lookup 13

server/fedora/config/etc/sysctl.conf

@@ -1,6 +1,7 @@
 net.ipv4.ip_forward = 1
 net.ipv4.conf.all.rp_filter = 2
 net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.tcp_fwmark_accept = 1
 kernel.panic = 5
 kernel.panic_on_oops = 1
 kernel.sysrq = 1