Postado originalmente por
Pedroh
Pessoal,
tudo bem voces?
Mas uma vez, antes que eu possa fazer alguma coisa gostaria que os mestres dessem uma olhada neste balance para ver possíveis erros, melhoras e outras coisas que talvez esteja faltando.
# O mesmo foi feito em maquina virtual em caráter de testes e aprendizado.
Os link são respectivamente de 10MB e 15MB. Fiz a divisão proporcional, gostaria de saber se está correto. fiz 2 marcações para o link de 10MB e 3 para o Link de 15MB.
Link1 = 10MB com o IP 187.100.100.0/24
Link2 = 15MB com o IP 187.200.200.0/24
Lan = com o range de IP 192.168.0.0/16
a opção
passthrough=yes ou no, ela influencia em que? qual a importância dela?
segue as regras separadamente:
Código :
=========================================== REGRAS DO MANGLE ============================================
0 ;;; ========== FORA DO BALLANCE ==========
chain=prerouting action=accept protocol=tcp in-interface=ether3 dst-port=443
1 chain=prerouting action=accept dst-address-list=sembalance in-interface=ether3
2 ;;; ========== ACEITAR TODO TRAFEGO PARA REDE INTERNA ==========
chain=prerouting action=accept src-address=192.168.0.0/16 dst-address=192.168.0.0/16
3 ;;; ========== MARCAR CONEXAO DOS LINKS 1 E 2 ==========
chain=prerouting action=mark-connection new-connection-mark=conn_link1 passthrough=yes protocol=tcp in-interface=ether1 connection-mark=no-mark
4 chain=prerouting action=mark-connection new-connection-mark=conn_link2 passthrough=yes protocol=tcp in-interface=ether2 connection-mark=no-mark
5 ;;; ========== DIVISAO DAS CARGAS 10MB ==========
chain=prerouting action=mark-connection new-connection-mark=conn_link1 passthrough=yes dst-address-type=!local in-interface=ether3 connection-mark=no-mark
per-connection-classifier=both-addresses:5/0
6 chain=prerouting action=mark-connection new-connection-mark=conn_link1 passthrough=yes dst-address-type=!local in-interface=ether3 connection-mark=no-mark
per-connection-classifier=both-addresses:5/1
7 ;;; ========== DIVISAO DE CARGAS LINK 15MB ==========
chain=prerouting action=mark-connection new-connection-mark=conn_link2 passthrough=yes dst-address-type=!local in-interface=ether3 connection-mark=no-mark
per-connection-classifier=both-addresses:5/2
8 chain=prerouting action=mark-connection new-connection-mark=conn_link2 passthrough=yes dst-address-type=!local in-interface=ether3 connection-mark=no-mark
per-connection-classifier=both-addresses:5/3
9 chain=prerouting action=mark-connection new-connection-mark=conn_link2 passthrough=yes dst-address-type=!local in-interface=ether3 connection-mark=no-mark
per-connection-classifier=both-addresses:5/4
10 ;;; ========== MARCACAO DA ROTA DO LINK 1 E 2 ==========
chain=prerouting action=mark-routing new-routing-mark=rota_link1 passthrough=yes in-interface=ether3 connection-mark=conn_link1
11 chain=prerouting action=mark-routing new-routing-mark=rota_link2 passthrough=yes in-interface=ether3 connection-mark=conn_link2
12 ;;; ========== MARCAR ROTA DE SAIDA PARA LINK 1 E 2 ==========
chain=output action=mark-routing new-routing-mark=rota_link1 passthrough=yes connection-mark=conn_link1
13 chain=output action=mark-routing new-routing-mark=rota_link2 passthrough=yes connection-mark=conn_link2
Código :
============================================ ROTAS ============================================
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 S dst-address=0.0.0.0/0 gateway=187.200.200.1 gateway-status=187.200.200.1 unreachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=rota_link2
1 S dst-address=0.0.0.0/0 gateway=187.100.100.1 gateway-status=187.100.100.1 unreachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=rota_link1
2 S dst-address=0.0.0.0/0 gateway=187.100.100.1 gateway-status=187.100.100.1 unreachable distance=>
scope=30 target-scope=10
3 S dst-address=0.0.0.0/0 gateway=187.200.200.1 gateway-status=187.200.200.1 unreachable distance=>
scope=30 target-scope=10
4 ADC dst-address=187.100.100.0/24 pref-src=187.100.100.254 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10
5 ADC dst-address=187.200.200.0/24 pref-src=187.200.200.254 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
6 ADC dst-address=192.168.0.0/16 pref-src=192.168.0.254 gateway=ether3
gateway-status=ether3 reachable distance=0 scope=10
Código :
============================================ MASCARAMENTO ============================================
0 ;;; ====== LINK1-10MB ======
chain=srcnat action=masquerade out-interface=ether1
1 ;;; ====== LINK2-15MB =======
chain=srcnat action=masquerade out-interface=ether2
Código :
============ DNS ================
ip dns print
servers: 8.8.8.8,8.8.4.4
dynamic-servers:
allow-remote-requests: no
max-udp-packet-size: 4096
cache-size: 20480KiB
cache-max-ttl: 1w
cache-used: 8KiB
havendo erros podem corrigir.
obrigado.