Acesso roteadores em loand balance
Tenho um ambiente corporativo e balance de 3 links:
port1= dedicado oi 8MB
port2 = velox 10mb
port5 = roteado 8mb
Balance funcionando normalmente.
Tenho duas faixas de IP na porta de saída
10.0.0.1/24 - rede interna
10.0.10.1/24 - hostpot wifi
Acontece que eu só consigo acessar os roteadores quando estou conectado com a faixa de Ip do hostpot (10.0.10.x). Se eu tentar acessar os roteadores de dentro da rede interna (10.0.0.x) não consigo acesso.
Alguém sabe dizer o que tá errado? Segue as configurações da rb.
Código :
# may/09/2017 22:21:02 by RouterOS 6.39.1
# software id = ZKT9-LFIL
#
/interface ethernet
set [ find default-name=ether1 ] comment="Link Dedicado (1)" name=internet-01
set [ find default-name=ether2 ] comment="Link Velox (2)" name=internet-02
set [ find default-name=ether5 ] comment="Link Itnet (5)" name=internet-05
set [ find default-name=ether3 ] comment="Saida(3)" name=saida-03
set [ find default-name=ether4 ] name=saida-04
/interface pppoe-client
add comment="Link Velox (2)" disabled=no interface=internet-02 name=oi-velox \
password=oi [email protected]
/interface ethernet switch port
set 0 vlan-mode=fallback
set 1 vlan-mode=fallback
set 2 vlan-mode=fallback
set 3 vlan-mode=fallback
set 4 vlan-mode=fallback
set 5 vlan-mode=fallback
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=login.wifi hotspot-address=10.0.10.1 html-directory=\
flash/hotspot login-by=http-chap,mac-cookie name=hsprof1
/ip hotspot
add disabled=no idle-timeout=6h interface=saida-03 name=hotspot1 profile=\
hsprof1
/ip hotspot user profile
set [ find default=yes ] shared-users=2
/ip pool
add name=pool_10.0.10.0 ranges=10.0.10.20-10.0.10.250
add name=pool_10.0.0.0 ranges=10.0.0.10-10.0.0.250
/ip dhcp-server
add address-pool=pool_10.0.10.0 authoritative=after-2sec-delay disabled=no \
interface=saida-03 lease-time=2d name=dhcp1
/ip address
add address=192.168.30.10/24 comment=" ## Acesso Ao Modem Dedicado" \
interface=internet-01 network=192.168.30.0
add address=187.12.X.X comment="Link dedicado" interface=\
internet-01 network=187.12.X.X
add address=192.168.1.50/24 comment="Link Roteado" interface=\
internet-05 network=192.168.1.0
add address=192.168.10.2/24 comment="Modem Velox Roteado" interface=\
internet-02 network=192.168.10.0
add address=10.0.10.1/24 interface=saida-03 network=10.0.10.0
add address=10.0.0.1/24 interface=saida-03 network=10.0.0.0
/ip dhcp-server config
set store-leases-disk=2d
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=\
208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4 gateway=10.0.0.1
add address=10.0.10.0/24 comment="hotspot network" dns-server=\
208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4 gateway=10.0.10.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=12h max-udp-packet-size=2048 \
servers="208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4,189.38.95.95,189.38\
.95.96,200.149.55.142,200.222.0.39"
/ip firewall mangle
add action=mark-connection chain=input comment="========================" \
in-interface=internet-01 new-connection-mark=link1_dedicado_conn \
passthrough=yes
add action=mark-connection chain=input in-interface=oi-velox \
new-connection-mark=link2_velox_conn passthrough=yes
add action=mark-connection chain=input in-interface=internet-05 \
new-connection-mark=link3_itnet_conn passthrough=yes
add action=mark-routing chain=output comment="========================" \
new-routing-mark=link1_dedicado_route out-interface=internet-01 \
passthrough=yes
add action=mark-routing chain=output new-routing-mark=link3_itnet_route \
out-interface=internet-05 passthrough=yes
add action=mark-routing chain=output new-routing-mark=link2_velox_route \
out-interface=oi-velox passthrough=yes
add action=mark-connection chain=prerouting comment=\
"======================== 13 marcacoes" in-interface=saida-03 \
new-connection-mark=link1_dedicado_conn passthrough=yes \
per-connection-classifier=both-addresses:13/0
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link1_dedicado_conn passthrough=yes \
per-connection-classifier=both-addresses:13/1
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link1_dedicado_conn passthrough=yes \
per-connection-classifier=both-addresses:13/2
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link1_dedicado_conn passthrough=yes \
per-connection-classifier=both-addresses:13/3
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link3_itnet_conn passthrough=yes \
per-connection-classifier=both-addresses:13/4
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link3_itnet_conn passthrough=yes \
per-connection-classifier=both-addresses:13/5
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link3_itnet_conn passthrough=yes \
per-connection-classifier=both-addresses:13/6
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link3_itnet_conn passthrough=yes \
per-connection-classifier=both-addresses:13/7
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link2_velox_conn passthrough=yes \
per-connection-classifier=both-addresses:13/8
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link2_velox_conn passthrough=yes \
per-connection-classifier=both-addresses:13/9
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link2_velox_conn passthrough=yes \
per-connection-classifier=both-addresses:13/10
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link2_velox_conn passthrough=yes \
per-connection-classifier=both-addresses:13/11
add action=mark-connection chain=prerouting in-interface=saida-03 \
new-connection-mark=link2_velox_conn passthrough=yes \
per-connection-classifier=both-addresses:13/12
add action=mark-routing chain=prerouting comment="========================" \
connection-mark=link1_dedicado_conn in-interface=saida-03 \
new-routing-mark=link1_dedicado_route passthrough=yes
add action=mark-routing chain=prerouting connection-mark=link2_velox_conn \
in-interface=saida-03 new-routing-mark=link2_velox_route passthrough=yes
add action=mark-routing chain=prerouting connection-mark=link3_itnet_conn \
in-interface=saida-03 new-routing-mark=link3_itnet_route passthrough=yes
add action=mark-packet chain=prerouting comment=\
"======================== Queues Rede Internet" in-interface=internet-01 \
new-packet-mark=Internet passthrough=yes
add action=mark-packet chain=prerouting in-interface=oi-velox \
new-packet-mark=Internet passthrough=yes
add action=mark-packet chain=prerouting in-interface=internet-05 \
new-packet-mark=Internet passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Masquerade Hotspot Network" \
src-address=10.0.0.0/24
add action=masquerade chain=srcnat src-address=10.0.10.0/24
add action=redirect chain=dstnat comment="Redirecionamento DNS" dst-port=53 \
in-interface=saida-03 protocol=udp to-ports=53
/ip route
add comment="Balance ==========================================" distance=1 \
gateway=187.12.X.X routing-mark=link1_dedicado_route
add distance=1 gateway=192.168.1.1 routing-mark=link3_itnet_route
add distance=1 gateway=oi-velox routing-mark=link2_velox_route
add check-gateway=ping comment="Link dedicado" distance=1 gateway=\
187.12.X.X
add check-gateway=ping comment="Link Velox" distance=2 gateway=oi-velox
add check-gateway=ping comment="Link Itnet" distance=3 gateway=192.168.1.1
Re: Acesso roteadores em loand balance
O hotspot faz um roteamento na rede. Por esse motivo você consegue acessar. Quando você não está no hotspot falta rota. Com isso não existe comunicação entre as interfaces por causa do mangle e route mark
Re: Acesso roteadores em loand balance
Há alguma forma de fazer isso na rede interna sem prejudicar algo? Ou não vale a pena?
Re: Acesso roteadores em loand balance
Você terá que criar algumas rotas estáticas para isso.
Re: Acesso roteadores em loand balance
Citação:
Postado originalmente por
rimaraujo
Você terá que criar algumas rotas estáticas para isso.
Como faço isso, amigo?
Desculpa a ignorância. Poderia dar um exemplo?
Creio que é IP / Routes mas o que preciso adicionar?
Re: Acesso roteadores em loand balance
