Boa tarde galera do furum, ja recorri muitas veses a este forum para resolver meus problemas, mas não teve jeito de arrumar o load balance com nth fazendo com que os bancos e alguns sites que fazem verificação de ip e o msn funcionassem direito, até tinha troca de ld varias veses, mas nenhum é tão bom quanto o nth, então bati muito a cabeçae saiu um lb bacana e venho aqui compartilhar com vcs, espero que ajude alguem, como ta me ajudando.... vai as regras ai em baixo.....
para fazer este load usei uma maquina só pra fazer o load, usei um pentiu 233 com 32 de ram, e 2 placas de rede, uma para entrar os links adsl e outra para mandar o link para o server que faz controle de banda
interfaces
/ ip address
add address=192.168.3.222/24 network=192.168.3.0 broadcast=192.168.3.255 \
interface=Link comment="Link1" disabled=no
add address=192.168.4.222/24 network=192.168.4.0 broadcast=192.168.4.255 \
interface=Link comment="LINK2" disabled=no
add address=172.20.254.254/16 network=172.20.0.0 broadcast=172.20.255.255 \
interface=Saida comment="SAIDA PARA SERVER" disabled=no
add address=192.168.2.222/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=Link comment="Link3" disabled=no
pulo do gato
/ ip firewall address-list
add list=nobalance address=65.54.0.0/16 comment="MSN1" disabled=no
add list=nobalance address=207.46.0.0/16 comment="MSN2" disabled=no
add list=nobalance address=64.4.0.0/16 comment="MSN3" disabled=no
coloque no address-list todos os ips dos sites de bancos msn, etc que vc não quer que passe pelo load
mangle
/ ip firewall mangle
add chain=prerouting in-interface=Saida connection-state=new nth=2,1,0 \
src-address-list=!nobalance action=mark-connection new-connection-mark=odd \
passthrough=yes comment="LB Odd" disabled=no
add chain=prerouting in-interface=Saida connection-mark=odd \
action=mark-routing new-routing-mark=odd passthrough=no comment="Odd LB" \
disabled=no
add chain=prerouting in-interface=Saida connection-state=new nth=2,1,1 \
src-address-list=!nobalance action=mark-connection \
new-connection-mark=even passthrough=yes comment="LB Even" disabled=no
add chain=prerouting in-interface=Saida connection-mark=even \
action=mark-routing new-routing-mark=even passthrough=no comment="Even LB" \
disabled=no
add chain=prerouting in-interface=Saida connection-state=new nth=2,1,2 \
src-address-list=!nobalance action=mark-connection \
new-connection-mark=odd1 passthrough=yes comment="LB Odd1" disabled=no
add chain=prerouting in-interface=Saida connection-mark=odd1 \
action=mark-routing new-routing-mark=odd1 passthrough=no comment="Odd LB1" \
disabled=no
nat
/ ip firewall nat
add chain=srcnat out-interface=Link action=masquerade comment="Nat" \
disabled=no
add chain=srcnat connection-mark=odd action=src-nat to-addresses=192.168.4.222 \
to-ports=0-65535 comment="LB Redirect Odd" disabled=no
add chain=srcnat connection-mark=even action=src-nat \
to-addresses=192.168.3.222 to-ports=0-65535 comment="LB Redirect Even" \
disabled=no
add chain=srcnat connection-mark=odd1 action=src-nat \
to-addresses=192.168.2.222 to-ports=0-65535 comment="LB Redirect Odd1" \
disabled=no
ip route
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.4.254 scope=255 target-scope=10 \
routing-mark=even comment="LB Route Odd" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.3.254 scope=255 target-scope=10 \
routing-mark=odd comment="LB Route Odd" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.4.254 scope=255 target-scope=10 \
comment="LB Route Odd" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.254 scope=255 target-scope=10 \
routing-mark=odd1 comment="" disabled=no
ta ai galera...o pulo do gato é o seguinte....adicionar os ips no / ip address-list isso fara com que eles não passem pelo lb e fica redondo....testem que vcs vão ver que funciona....
Abraços.....
Anderson Junior