+ Responder ao Tópico



  1. Boa noite a todos,

    Estou testando algumas regras de balanceamento retiradas do WiKi do CATVBrasil e, ate o momento esta funcionando, só que tenho algumas duvidas. Se alguem puder me ajudar agradeço.

    1 - Com esse balanceamento terei problemas com MSN e sites de bancos?
    2 - La no tuto do catvbrasil uma regra de route esta desabilitada, por que? vejam:
    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway adsl1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.253.253 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway adsl2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=yes

    Veja minhas configurações e opinem:
    / ip firewall mangle
    add chain=prerouting in-interface= Link1 connection-state=new nth=1,1,0 action=mark-connection
    new-connection-mark=Link1 passthrough=yes comment="Balanceamento de carga" disabled=no
    add chain=prerouting in-interface= Link1 connection-mark=Link1 action=mark-routing
    new-routing-mark=Link1 passthrough=no comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-state=new nth=1,1,1 action=mark-connection
    new-connection-mark=Link2 passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-mark=Link2 action=mark-routing
    new-routing-mark=Link2 passthrough=no comment="" disabled=no


    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway 2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway 1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=no


    / ip firewall nat
    add chain=srcnat out.interface= Link1 Actoin=masquerad comment="Nat Link1" disabled=no
    add chain=srcnat out.interface= Link2 Actoin=masquerad comment="Nat Link2" disabled=no


    / ip firewall mangle
    add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTP no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=443 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTPS no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=1863 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="MSN no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=21 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="FTP no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=22 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SSH no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=23 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="TELNET" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=25 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SMPTP" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=53 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="DNS" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=110 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="POP3" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=1080 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp p2p=all-p2p action=mark-routing new-routing-mark=Link1 passthrough=yes comment="p2p no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no





    No meu caso uso duas ADSL:
    Link 1 de 1MB
    Link 2 de 1.5MB

    Qual o link que será mais usado?

    Obrigado pela ajuda de que se dispor.


    Denys Lemes

  2. use a opção de destino por tempo de 4min, fica bom



  3. Bom dia,


    E como eu faria isso?

    Obrigado,


    Denys Lemes

  4. Citação Postado originalmente por denyslemes Ver Post
    Boa noite a todos,

    Estou testando algumas regras de balanceamento retiradas do WiKi do CATVBrasil e, ate o momento esta funcionando, só que tenho algumas duvidas. Se alguem puder me ajudar agradeço.

    1 - Com esse balanceamento terei problemas com MSN e sites de bancos?
    2 - La no tuto do catvbrasil uma regra de route esta desabilitada, por que? vejam:
    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway adsl1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.253.253 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway adsl2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=yes

    Veja minhas configurações e opinem:
    / ip firewall mangle
    add chain=prerouting in-interface= Link1 connection-state=new nth=1,1,0 action=mark-connection
    new-connection-mark=Link1 passthrough=yes comment="Balanceamento de carga" disabled=no
    add chain=prerouting in-interface= Link1 connection-mark=Link1 action=mark-routing
    new-routing-mark=Link1 passthrough=no comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-state=new nth=1,1,1 action=mark-connection
    new-connection-mark=Link2 passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-mark=Link2 action=mark-routing
    new-routing-mark=Link2 passthrough=no comment="" disabled=no

    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway 2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway 1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=no

    / ip firewall nat
    add chain=srcnat out.interface= Link1 Actoin=masquerad comment="Nat Link1" disabled=no
    add chain=srcnat out.interface= Link2 Actoin=masquerad comment="Nat Link2" disabled=no

    / ip firewall mangle
    add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTP no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=443 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTPS no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=1863 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="MSN no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=21 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="FTP no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=22 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SSH no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=23 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="TELNET" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=25 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SMPTP" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=53 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="DNS" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=110 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="POP3" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=1080 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp p2p=all-p2p action=mark-routing new-routing-mark=Link1 passthrough=yes comment="p2p no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no




    No meu caso uso duas ADSL:
    Link 1 de 1MB
    Link 2 de 1.5MB

    Qual o link que será mais usado?

    Obrigado pela ajuda de que se dispor.


    Denys Lemes

    Boa noite amigo!!? achei esse modo de Load Balance, no WiKi do CATVBrasil, muito interessante também. Tentei colocá-lo para funcionar em meu Server MK e não tive êxito.
    Você pode me auxiliar??

    Meus Links:

    Link1: 128k - Roteado IP 192.168.2.254 = ISP Wireless
    Link2: 150k - Roteado IP 192.168.0.254 = Satelite Web Rural

    A quem puder ajudar, tem como implementar uma regra neste código, para quando cair um link, o acesso passar para o outro ativo ???

    Desde ja agradeço a ajuda.
    Última edição por rasonline; 07-10-2009 às 02:56.



  5. Citação Postado originalmente por denyslemes Ver Post
    Boa noite a todos,

    Estou testando algumas regras de balanceamento retiradas do WiKi do CATVBrasil e, ate o momento esta funcionando, só que tenho algumas duvidas. Se alguem puder me ajudar agradeço.

    1 - Com esse balanceamento terei problemas com MSN e sites de bancos?
    2 - La no tuto do catvbrasil uma regra de route esta desabilitada, por que? vejam:
    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway adsl1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.253.253 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway adsl2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=yes

    Veja minhas configurações e opinem:
    / ip firewall mangle
    add chain=prerouting in-interface= Link1 connection-state=new nth=1,1,0 action=mark-connection
    new-connection-mark=Link1 passthrough=yes comment="Balanceamento de carga" disabled=no
    add chain=prerouting in-interface= Link1 connection-mark=Link1 action=mark-routing
    new-routing-mark=Link1 passthrough=no comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-state=new nth=1,1,1 action=mark-connection
    new-connection-mark=Link2 passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface= Link2 connection-mark=Link2 action=mark-routing
    new-routing-mark=Link2 passthrough=no comment="" disabled=no


    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 routing-mark=Link2
    comment="Gateway 2" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=Link1
    comment="Gateway 1" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.254.254 scope=255 target-scope=10 comment="principal" disabled=no


    / ip firewall nat
    add chain=srcnat out.interface= Link1 Actoin=masquerad comment="Nat Link1" disabled=no
    add chain=srcnat out.interface= Link2 Actoin=masquerad comment="Nat Link2" disabled=no


    / ip firewall mangle
    add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTP no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=443 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="HTTPS no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=1863 action=mark-routing new-routing-mark=Link2 passthrough=yes comment="MSN no Link2" disabled=no
    add chain=prerouting routing-mark=Link2 action=mark-packet new-packet-mark=Link2 passthrough=yes comment="Pacotes marcados do Link2" disabled=no

    add chain=prerouting protocol=tcp dst-port=21 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="FTP no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=22 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SSH no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=23 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="TELNET" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=25 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="SMPTP" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=53 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="DNS" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=110 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="POP3" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp dst-port=1080 action=mark-routing new-routing-mark=Link1 passthrough=yes comment="" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no

    add chain=prerouting protocol=tcp p2p=all-p2p action=mark-routing new-routing-mark=Link1 passthrough=yes comment="p2p no Link1" disabled=no
    add chain=prerouting routing-mark=Link1 action=mark-packet new-packet-mark=Link1 passthrough=yes comment="Pacotes marcados do Link1" disabled=no





    No meu caso uso duas ADSL:
    Link 1 de 1MB
    Link 2 de 1.5MB

    Qual o link que será mais usado?

    Obrigado pela ajuda de que se dispor.


    Denys Lemes
    deixei em negrito esta regra esta certa?
    pois não entendi como acerta-lá






Tópicos Similares

  1. Seu server de DNS está correto?
    Por Magal no fórum Servidores de Rede
    Respostas: 1
    Último Post: 03-12-2008, 04:45
  2. script htb esta correto ?
    Por odragaonegro no fórum Servidores de Rede
    Respostas: 1
    Último Post: 12-09-2008, 20:10
  3. Script firewall, Está correto?
    Por testeteste no fórum Servidores de Rede
    Respostas: 1
    Último Post: 31-07-2006, 16:14
  4. Respostas: 7
    Último Post: 27-06-2005, 13:39
  5. firewall esta correto?
    Por X-LOGAN no fórum Servidores de Rede
    Respostas: 3
    Último Post: 27-06-2005, 10:53

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L