Re: Hotspot + Balanceamento de 2 Link ADSL
Veja ai as regras, coloquei um modem na porta 1 outro na porta 2 (todos em bridge) e o cabo que liga ao mikrotik na porta 5, tá funcionando que é uma beleza. Lembrando que esse rb só uso para load e agora estou querendo ativar o webproxy para filtro de conteúdo, mas sem fazer cache.
# dec/14/2010 10:11:05 by RouterOS 4.11
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1526 mac-address=xx.xx.xx.xx.xx:ED mtu=1500 name="LINK 1" speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524 mac-address=xx.xx.xx..xx:EE \ master-port=none mtu=1500 name="LINK 2" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524 mac-address=xx.xx.xx.xx.xx \ master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524 mac-address=xx.xx.xx.xx.xx \ master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524 mac-address=xx.xx.xx.xx.xx.xx \ master-port=none mtu=1500 name=SAIDA speed=100Mbps
/ip pool
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=SAIDA lease-time=3d name=dhcp1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption only-one=default use-compression=default use-encryption=yes use-vj-compression=\ default
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="===== Disca Link01 =====" dial-on-demand=no disabled=no interface="LINK 1" \
max-mru=1480 max-mtu=1480 mrru=disabled name=DISK1 password=ddd+numeroprofile=default service-name="" use-peer-dns=no user=ddd+numero@telemar.com.br
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="===== Disca Link02 =====" dial-on-demand=no disabled=no interface="LINK 2" \
max-mru=1480 max-mtu=1480 mrru=disabled name=DISK2 password=ddd+numeroprofile=default service-name="" use-peer-dns=no user=ddd+numero@telemar.com.br
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set default-small kind=pfifo name=default-small pfifo-limit=10
/ip address
add address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no interface=SAIDA network=192.168.2.0
add address=10.1.10.1/24 broadcast=10.1.10.255 comment="" disabled=no interface="LINK 1" network=10.1.10.0
add address=10.1.20.1/24 broadcast=10.1.20.255 comment="" disabled=no interface="LINK 2" network=10.1.20.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.2.0/24 comment="" dns-server=8.8.8.8 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10240KiB max-udp-packet-size=512 servers=200.204.0.10,200.204.0.138,8.8.4.4
/ip firewall address-list
add address=69.147.76.254 comment="" disabled=no list=loopback
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \ tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \ udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no dst-port=3128 in-interface=SAIDA protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting comment="FORA DO LOADBALACE" disabled=no dst-address-list=loopback in-interface=SAIDA
add action=mark-connection chain=input comment="===== Make the packet leaves via same interface =====" disabled=no in-interface=DISK1 new-connection-mark=\ LINK1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=LINK1 disabled=no new-routing-mark=LINK1 passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=DISK2 new-connection-mark=LINK2 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=LINK2 disabled=no new-routing-mark=LINK2 passthrough=yes
add action=mark-connection chain=prerouting comment="===== Balance_PCC =====" disabled=no dst-address-type=!local in-interface=SAIDA new-connection-mark=\ LINK1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=SAIDA new-connection-mark=LINK2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=LINK1 disabled=no in-interface=SAIDA new-routing-mark=LINK1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=LINK2 disabled=no in-interface=SAIDA new-routing-mark=LINK2 passthrough=yes
add action=mark-routing chain=prerouting comment="DNS PELO LINK1" disabled=no dst-port=53 new-routing-mark=LINK1 passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment="HTTPS PELO LINK1" disabled=no dst-port=443 new-routing-mark=LINK1 passthrough=no protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat comment="redirect port 80 to 3128" disabled=yes dst-port=80 protocol=tcp to-ports=3128
add action=masquerade chain=srcnat comment="MASCARAMENTO DAS INTERFACES DOS MODENS" disabled=no out-interface=DISK2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=DISK1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=SAIDA
/ip proxy
set always-from-cache=no cache-administrator=VILLAGGIO cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=none max-client-connections=200 \ max-fresh-time=3d max-server-connections=200 parent-proxy=0.0.0.0 parent-proxy-port=0 port=3128 serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=no dst-port=23-25
/ip proxy cache
add action=deny comment="" disabled=no dst-host=":cgi-bin \\\\\?"
add action=deny comment="" disabled=no dst-host=caixa.gov.br
add action=deny comment="" disabled=no dst-host=bb.gov.br
add action=deny comment="" disabled=no dst-host=https://
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=DISK1 routing-mark=LINK1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=DISK2 routing-mark=LINK2 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=DISK1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=DISK2 scope=30 target-scope=10
/queue interface
set "LINK 1" queue=ethernet-default
set "LINK 2" queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set SAIDA queue=ethernet-default
set DISK1 queue=default
set DISK2 queue=default
/system clock
set time-zone-name=America/Recife
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system ntp client
set enabled=yes mode=unicast primary-ntp=159.148.60.2 secondary-ntp=200.192.232.8
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""