- Mangle y IP/route
+ Responder ao Tópico
-
Mangle y IP/route
Hola
saludos al forum aqui les pplanteo una duda
tengo un MT server(Pc) que hace balanceo de 4 adsl y 1 dedicado
el balanceo esta con nth(wiki) y anda muy bien
pero ahora necesito hacer que algunos servicios como http y msn salgan por el dedicado entonces tengo asi la configuracion de Mangle y ip/route
/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=uno passthrough=yes \
connection-state=new in-interface=Local nth=4,6,0 comment="******************* EMPIEZA \
EL BALANCEO *****************" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Uno passthrough=no \
in-interface=Local connection-mark=uno comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=dos passthrough=yes \
connection-state=new in-interface=Local nth=4,6,1 comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Dos passthrough=no \
in-interface=Local connection-mark=dos comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=tres passthrough=yes \
connection-state=new in-interface=Local nth=4,6,2 comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Tres passthrough=no \
in-interface=Local connection-mark=tres comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=cuatro passthrough=yes \
connection-state=new in-interface=Local nth=4,6,3 comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Cuatro passthrough=no \
in-interface=Local connection-mark=cuatro comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=cinco passthrough=yes \
connection-state=new in-interface=Local nth=4,6,4 comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Cinco passthrough=no \
in-interface=Local connection-mark=cinco comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=dns passthrough=yes \
dst-port=53 protocol=udp comment="***********DNS" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Dns passthrough=yes \
connection-mark=dns comment="" disabled=no
add chain=forward action=mark-packet new-packet-mark=DNS passthrough=no \
connection-mark=dns comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http passthrough=yes \
dst-port=80 protocol=tcp comment="********HTTP" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=Http passthrough=yes \
connection-mark=http comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=HTTP passthrough=no \
connection-mark=http comment="" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=190.12x.69.81 distance=1 scope=255 target-scope=10 \
comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.8x.113.105 distance=1 scope=255 target-scope=10 \
routing-mark=Cuatro comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.8x.105.97 distance=1 scope=255 target-scope=10 \
routing-mark=Uno comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=190.12x.69.81 distance=1 scope=255 target-scope=10 \
routing-mark=Cinco comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.8x.115.89 distance=1 scope=255 target-scope=10 \
routing-mark=Tres comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=190.12x.69.81 distance=1 scope=255 target-scope=10 \
routing-mark=Http comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.8x.109.185 distance=1 scope=255 target-scope=10 \
routing-mark=Dos comment="" disabled=no
pero viendo en mangle no marc nada en http todo es marcado en balanceo ya que son las primeras reglas y viendo en ip/firewal/conection solo muestra las coneciones con marca uno, dos, tres, curtro, cinco las marcas del balanceo y nada de http y dns
PD: este server no hace web proxy
podria alguien ayudar y ver donde esta el error
saludos
Marcelo
-
voce precisa marcar os pacotes http e msn com a mesma marca.. e fazer eles sairem por uma rota apenas !!