poste suas regras amigo...
Versão Imprimível
acredito que deva ser isso mesmo faça isso tb no nat em out-interface...
Então. fiz o balanceamento com 6links ADSL de 2.5mb.
ficou uma beleza.
confesso que não esperava tando.
o grande problema que estou tendo aki é que: não consigo me conectar ao mikrotik que faz o pcc (no caso é uma rb493ah), tão pouco me conectar ao servidor onde os clientes autenticam.
minha estrutura tá assim:
Link1 Link2 Link3 Link4 Link5 Link6------> RB_493ah_PCC------->PC_MK--->Clientes....
preciso me conectar pelas portas 2200 e 8291 remotamente. |_>proxy em paralelo.
mais não consegui.
:damnmate:
vc tem link dedicado, se sim post suas regras desde firewall filter, nat, e mangle e ip services...
add action=accept chain=dstnat comment=aceita_webmikrotik disabled=no dst-address=200.212.248.0/28 protocol=tcp
add action=dst-nat chain=pre-hotspot comment=mensagem_pendencia disabled=no dst-address=!200.212.248.0/28 protocol=tcp src-address-list=pendencia to-addresses=200.212.248.10 to-ports=11103
add action=dst-nat chain=pre-hotspot comment=mensagem_bloqueio disabled=no \
dst-address=!200.212.248.0/28 protocol=tcp src-address-list=bloqueio \
to-addresses=200.212.248.10 to-ports=12103
add action=dst-nat chain=dstnat comment=mensagem_pendencia disabled=no \
dst-address=!200.212.248.0/28 protocol=tcp src-address-list=pendencia \
to-addresses=200.212.248.10 to-ports=11103
add action=dst-nat chain=dstnat comment=mensagem_bloqueio disabled=no \
dst-address=!200.212.248.0/28 protocol=tcp src-address-list=bloqueio \
to-addresses=200.212.248.10 to-ports=12103
add action=masquerade chain=srcnat comment=faixa_padrao disabled=no \
src-address=10.0.0.1-10.0.255.253
no meu mk não tem nada dmais. até pq antes do pcc ele aceitava estas conexões naboa...
"Acredito" q o problema seja somente no PCC.
"add action=accept chain=dstnat comment=aceita_webmikrotik disabled=no dst-address=200.212.248.0/28 protocol=tcp"
"add action=accept chain=dstnat comment="winbox" disabled=no dst-nat (para o ip e porta do mk)"
Tiago é a segunda vez que posto minhas regras, obrigador por se dispor:
/ip firewall mangle
Código :
add action=accept chain=prerouting comment="Sem Balance" disabled=no dst-address-list=sem_balance in-interface=\ EthClientes add action=mark-connection chain=input comment=PCC connection-state=new disabled=no in-interface=EthLinkA \ new-connection-mark=conn_na passthrough=yes add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out1 \ new-connection-mark=conn_nb passthrough=yes add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out2 \ new-connection-mark=conn_nc passthrough=yes add action=mark-routing chain=output comment="" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=\ no add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=\ no add action=mark-routing chain=output comment="" connection-mark=conn_nc disabled=no new-routing-mark=to_rc passthrough=\ no add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_ma0 passthrough=yes per-connection-classifier=both-addresses:8/0 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=both-addresses:8/1 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/2 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/3 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/4 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/5 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/6 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \ new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/7 add action=mark-routing chain=prerouting comment="" connection-mark=conn_ma0 disabled=no in-interface=EthClientes \ new-routing-mark=to_nra passthrough=no add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=EthClientes \ new-routing-mark=to_nrb passthrough=no add action=mark-routing chain=prerouting comment="" connection-mark=conn_mc2 disabled=no in-interface=EthClientes \ new-routing-mark=to_nrc passthrough=no
/ip firewall nat
Código :
add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=EthLinkA add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1 add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
/ip route
Código :
add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=200.249.152.129 scope=30 \ target-scope=10 add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out1 add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=200.249.152.129 routing-mark=to_nra scope=30 \ target-scope=10 add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_nrc add comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out2 add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_nrb add comment="" disabled=no distance=2 dst-address=200.249.152.129/32 gateway=EthLinkA
DSS, aparentemente esta tudo certo seu loadbalaced com PCC, só para confirmar os pesos dos links q vc esta dividindo é:
conn_ma0 - 1
conn_mb1 - 4
conn_mc2 - 3
vc poderia nós dizer qual é a velocidade de cada link desse e nós dizer tmb o q exatamente acontece q vc acha q n esta correto.
abraços
ma0 - 2 mbits
ma1 - 8 mbits
mc2 - 6 mbits
O que acontece é que o link só usado quando esta em rota default ( distancia), por exemplo se o pego o ma0 e ponho ele com distancia 1 somente ele é que consumido, mesmo tendo a banda sobrando nos outros dois! crio o profiles no meu hot spot para 15 megas, o link ma0 estoura e eu fico só com 2 mbits de download, e os outros links não são "ativados", do mesmo modo acontece se eu fizer o mesmo com os outros links! O que será que pode ser? lembrando que nessa rb não tem nenhuma outra regra que não seja ao do PCC. Ja estou encucado com isso.
Abraços e obrigado por responder
Tiagomatias... se puder me ajudar eu agradeço muito.
Lembrando que tenho 2Links de 2MB FULL (2mb/2mb)
/ip firewall nat
/ip routeCitação:
add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=LINK1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=LINK2
add action=masquerade chain=srcnat comment="" disabled=no src-address=10.0.0.0/8
/ip fireall mangleCitação:
add comment="BALANCEAMENTO DE CARGA - LINK1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=201.90.162.161 routing-mark=to_nra scope=30 target-scope=\
10
add comment="BALANCEAMENTO DE CARGA - LINK2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=189.22.8.1 routing-mark=to_nrb scope=30 target-scope=10
add comment="LINK2 - TELEFONICA" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=189.22.8.1 scope=30 target-scope=10
add comment="LINK1 - EMBRATEL" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=201.90.162.161 scope=30 target-scope=10
Citação:
add action=mark-connection chain=output comment="CACHE FULL" content="X-Cache: HIT" disabled=no new-connection-mark=conn_squid-up passthrough=yes protocol=\
tcp src-port=3128
add action=mark-packet chain=output comment="" connection-mark=conn_squid-up disabled=no new-packet-mark=pacotes_squid-up passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=3128 new-connection-mark=conn_squid-down passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=conn_squid-down disabled=no new-packet-mark=pacotes_squid-down passthrough=yes
add action=accept chain=prerouting comment="SEM BALANCE DE DESTINO" disabled=no dst-address-list=sem_balance in-interface=LOCAL
add action=mark-connection chain=input comment="MARCACAO DE NOVAS CONEXOES" connection-state=new disabled=no in-interface=LINK1 new-connection-mark=conn_na \
passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=LINK2 new-connection-mark=conn_nb passthrough=yes
add action=mark-routing chain=output comment="MARCACAO DE ROTAS" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=no
add action=mark-connection chain=prerouting comment="MARCACAO DE NOVAS CONEXOES" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=\
conn_ma0 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=conn_mb1 passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="MARCACAO DE INTERFACES" connection-mark=conn_ma0 disabled=no in-interface=LOCAL new-routing-mark=to_nra \
passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=LOCAL new-routing-mark=to_nrb passthrough=no
Bom dia pessoal, alguem teve problema com video da globo.com? to com pcc com 2 links, e globo.com nao abre os videos.
abraços.
veja esse link
>>> https://under-linux.org/f131999-load...ites-de-bancos
Tive que voltar à configuração antiga pq não estava funcionando nada. Vou alterar de novo o que você disse e postar as regras para você dar uma olhada. Acho que não mudei nada de errado, mantive o que estava feito e apenas alterei as interfaces como vc disse, não tem mistério algum, mas não funcionou e parou tudo.Dá uma luz aí.
Tiagomatias... se puder me ajudar eu agradeço muito.
Lembrando que tenho 2Links de 2MB FULL (2mb/2mb)
/ip firewall nat
/ip routeCitação:
add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=LINK1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=LINK2
add action=masquerade chain=srcnat comment="" disabled=no src-address=10.0.0.0/8
/ip fireall mangleCitação:
add comment="BALANCEAMENTO DE CARGA - LINK1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=201.90.162.161 routing-mark=to_nra scope=30 target-scope=\
10
add comment="BALANCEAMENTO DE CARGA - LINK2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=189.22.8.1 routing-mark=to_nrb scope=30 target-scope=10
add comment="LINK2 - TELEFONICA" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=189.22.8.1 scope=30 target-scope=10
add comment="LINK1 - EMBRATEL" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=201.90.162.161 scope=30 target-scope=10
Citação:
add action=mark-connection chain=output comment="CACHE FULL" content="X-Cache: HIT" disabled=no new-connection-mark=conn_squid-up passthrough=yes protocol=\
tcp src-port=3128
add action=mark-packet chain=output comment="" connection-mark=conn_squid-up disabled=no new-packet-mark=pacotes_squid-up passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=3128 new-connection-mark=conn_squid-down passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=conn_squid-down disabled=no new-packet-mark=pacotes_squid-down passthrough=yes
add action=accept chain=prerouting comment="SEM BALANCE DE DESTINO" disabled=no dst-address-list=sem_balance in-interface=LOCAL
add action=mark-connection chain=input comment="MARCACAO DE NOVAS CONEXOES" connection-state=new disabled=no in-interface=LINK1 new-connection-mark=conn_na \
passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=LINK2 new-connection-mark=conn_nb passthrough=yes
add action=mark-routing chain=output comment="MARCACAO DE ROTAS" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=no
add action=mark-connection chain=prerouting comment="MARCACAO DE NOVAS CONEXOES" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=\
conn_ma0 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=conn_mb1 passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="MARCACAO DE INTERFACES" connection-mark=conn_ma0 disabled=no in-interface=LOCAL new-routing-mark=to_nra \
passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=LOCAL new-routing-mark=to_nrb passthrough=no
Caro thiagotgc,
suas regras estao aparentemente normais tmb, n uso as regras q o m4d3 fez as minhas é um pouco diferente da deles, não q a dele esta errado, mas acredito q é algo q posso estar confundindo, vou revisar sua estrutura e vou postar elas de acordo com as q faço e vc troca para vermos o q dá.