Pessoal, estou tentando configurar um load balance no mikrotik versao 2.9.51 usando NTH em um link dedicado embratel de 2MB e um link ADSL de 1MB.
Consegui configurar e alguns clientes saem com a rota da embratel e outros saem com a rota do adsl, mas em alguns momentos percebo que ainda não está 100% pois alguns sites não abrem, o ping não funciona para determinados hosts, etc. O estranho é que estes mesmos sites que não abrem para um cliente, abrem para outro.
Abaixo posto as regras de mangle que utilizei :
Código :/ ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=primeira passthrough=yes connection-state=new src-address-list=link1 comment="LINK1" \ disabled=no add chain=prerouting action=mark-routing new-routing-mark=primeira_rota passthrough=no connection-mark=primeira src-address-list=link1 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=segunda passthrough=yes connection-state=new src-address-list=link2 comment="LINK2" \ disabled=no add chain=prerouting action=mark-routing new-routing-mark=segunda_rota passthrough=no connection-mark=segunda src-address-list=link2 comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=primeira passthrough=yes connection-state=new nth=2,1,0 comment="APARTIR DAQUI APLICA O NTH \ PARA O LINK 1 - PACOTE 1" disabled=no add chain=prerouting action=add-src-to-address-list connection-state=new connection-mark=primeira address-list=link1 address-list-timeout=3h comment="" \ disabled=no add chain=prerouting action=mark-routing new-routing-mark=primeira_rota passthrough=no connection-state=new connection-mark=primeira comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=primeira passthrough=yes connection-state=new nth=2,1,1 comment="APARTIR DAQUI APLICA O NTH \ PARA O LINK 1 - PACOTE 2" disabled=no add chain=prerouting action=add-src-to-address-list connection-state=new connection-mark=primeira address-list=link1 address-list-timeout=3h comment="" \ disabled=no add chain=prerouting action=mark-routing new-routing-mark=primeira_rota passthrough=no connection-state=new connection-mark=primeira comment="" disabled=no add chain=prerouting action=mark-connection new-connection-mark=segunda passthrough=yes connection-state=new nth=2,1,2 comment="APARTIR DAQUI APLICA O NTH \ PARA O LINK 2 - PACOTE 3" disabled=no add chain=prerouting action=add-src-to-address-list connection-state=new connection-mark=segunda address-list=link2 address-list-timeout=3h comment="" \ disabled=no add chain=prerouting action=mark-routing new-routing-mark=segunda_rota passthrough=no connection-state=new connection-mark=segunda comment="" disabled=no
As regras de NAT
Código :add chain=srcnat action=src-nat to-addresses=201.65.185.18 to-ports=0-65535 connection-mark=primeira comment="LINK 1" disabled=no add chain=srcnat action=src-nat to-addresses=10.1.1.14 to-ports=0-65535 connection-mark=segunda comment="LINK 2" disabled=no
A tabela de rotas :
Código :add dst-address=0.0.0.0/0 gateway=201.65.185.17 distance=1 scope=255 target-scope=10 routing-mark=primeira_rota comment="Rota do Link Embratel" disabled=no add dst-address=0.0.0.0/0 gateway=10.1.1.1 distance=1 scope=255 target-scope=10 routing-mark=segunda_rota comment="Rota do Link ADSL" disabled=no add dst-address=0.0.0.0/0 gateway=201.65.185.17 distance=1 scope=255 target-scope=10 comment="Rota do Link Embratel \(PADRAO\)" disabled=no