+ Responder ao Tópico



  1. add action=accept chain=dstnat comment=aceita_webmikrotik disabled=no dst-address=200.212.248.0/28 protocol=tcp

    add action=dst-nat chain=pre-hotspot comment=mensagem_pendencia disabled=no dst-address=!200.212.248.0/28 protocol=tcp src-address-list=pendencia to-addresses=200.212.248.10 to-ports=11103

    add action=dst-nat chain=pre-hotspot comment=mensagem_bloqueio disabled=no \
    dst-address=!200.212.248.0/28 protocol=tcp src-address-list=bloqueio \
    to-addresses=200.212.248.10 to-ports=12103

    add action=dst-nat chain=dstnat comment=mensagem_pendencia disabled=no \
    dst-address=!200.212.248.0/28 protocol=tcp src-address-list=pendencia \
    to-addresses=200.212.248.10 to-ports=11103

    add action=dst-nat chain=dstnat comment=mensagem_bloqueio disabled=no \
    dst-address=!200.212.248.0/28 protocol=tcp src-address-list=bloqueio \
    to-addresses=200.212.248.10 to-ports=12103

    add action=masquerade chain=srcnat comment=faixa_padrao disabled=no \
    src-address=10.0.0.1-10.0.255.253
    no meu mk não tem nada dmais. até pq antes do pcc ele aceitava estas conexões naboa...

    "Acredito" q o problema seja somente no PCC.

    "add action=accept chain=dstnat comment=aceita_webmikrotik disabled=no dst-address=200.212.248.0/28 protocol=tcp"

    "add action=accept chain=dstnat comment="winbox" disabled=no dst-nat (para o ip e porta do mk)"

  2. Citação Postado originalmente por tiagomatias Ver Post
    poste suas regras amigo...
    Tiago é a segunda vez que posto minhas regras, obrigador por se dispor:
     
    /ip firewall mangle
    Código :
    add action=accept chain=prerouting comment="Sem Balance" disabled=no dst-address-list=sem_balance in-interface=\
        EthClientes
    add action=mark-connection chain=input comment=PCC connection-state=new disabled=no in-interface=EthLinkA \
        new-connection-mark=conn_na passthrough=yes
    add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out1 \
        new-connection-mark=conn_nb passthrough=yes
    add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out2 \
        new-connection-mark=conn_nc passthrough=yes
    add action=mark-routing chain=output comment="" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=\
        no
    add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=\
        no
    add action=mark-routing chain=output comment="" connection-mark=conn_nc disabled=no new-routing-mark=to_rc passthrough=\
        no
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_ma0 passthrough=yes per-connection-classifier=both-addresses:8/0
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=both-addresses:8/1
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/2
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/3
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/4
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/5
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/6
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/7
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_ma0 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nra passthrough=no
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nrb passthrough=no
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_mc2 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nrc passthrough=no
     
     
    /ip firewall nat
    Código :
    add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=EthLinkA
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
     
     
    /ip route
    Código :
    add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=200.249.152.129 scope=30 \
        target-scope=10
    add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out1
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=200.249.152.129 routing-mark=to_nra scope=30 \
        target-scope=10
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_nrc
    add comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out2
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_nrb
    add comment="" disabled=no distance=2 dst-address=200.249.152.129/32 gateway=EthLinkA
     



  3. Citação Postado originalmente por DSSS Ver Post
    Tiago é a segunda vez que posto minhas regras, obrigador por se dispor:
     
    /ip firewall mangle
    Código :
    add action=accept chain=prerouting comment="Sem Balance" disabled=no dst-address-list=sem_balance in-interface=\
        EthClientes
    add action=mark-connection chain=input comment=PCC connection-state=new disabled=no in-interface=EthLinkA \
        new-connection-mark=conn_na passthrough=yes
    add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out1 \
        new-connection-mark=conn_nb passthrough=yes
    add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=pppoe-out2 \
        new-connection-mark=conn_nc passthrough=yes
    add action=mark-routing chain=output comment="" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=\
        no
    add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=\
        no
    add action=mark-routing chain=output comment="" connection-mark=conn_nc disabled=no new-routing-mark=to_rc passthrough=\
        no
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_ma0 passthrough=yes per-connection-classifier=both-addresses:8/0
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=both-addresses:8/1
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/2
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/3
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=src-address:8/4
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/5
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/6
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=EthClientes \
        new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=src-address:8/7
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_ma0 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nra passthrough=no
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nrb passthrough=no
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_mc2 disabled=no in-interface=EthClientes \
        new-routing-mark=to_nrc passthrough=no
     
     
    /ip firewall nat
    Código :
    add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=EthLinkA
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
     
     
    /ip route
    Código :
    add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=200.249.152.129 scope=30 \
        target-scope=10
    add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out1
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=200.249.152.129 routing-mark=to_nra scope=30 \
        target-scope=10
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_nrc
    add comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out2
    add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_nrb
    add comment="" disabled=no distance=2 dst-address=200.249.152.129/32 gateway=EthLinkA
     
    DSS, aparentemente esta tudo certo seu loadbalaced com PCC, só para confirmar os pesos dos links q vc esta dividindo é:

    conn_ma0 - 1
    conn_mb1 - 4
    conn_mc2 - 3

    vc poderia nós dizer qual é a velocidade de cada link desse e nós dizer tmb o q exatamente acontece q vc acha q n esta correto.

    abraços

  4. Citação Postado originalmente por tiagomatias Ver Post
    DSS, aparentemente esta tudo certo seu loadbalaced com PCC, só para confirmar os pesos dos links q vc esta dividindo é:

    conn_ma0 - 1
    conn_mb1 - 4
    conn_mc2 - 3

    vc poderia nós dizer qual é a velocidade de cada link desse e nós dizer tmb o q exatamente acontece q vc acha q n esta correto.

    abraços

    ma0 - 2 mbits
    ma1 - 8 mbits
    mc2 - 6 mbits

    O que acontece é que o link só usado quando esta em rota default ( distancia), por exemplo se o pego o ma0 e ponho ele com distancia 1 somente ele é que consumido, mesmo tendo a banda sobrando nos outros dois! crio o profiles no meu hot spot para 15 megas, o link ma0 estoura e eu fico só com 2 mbits de download, e os outros links não são "ativados", do mesmo modo acontece se eu fizer o mesmo com os outros links! O que será que pode ser? lembrando que nessa rb não tem nenhuma outra regra que não seja ao do PCC. Ja estou encucado com isso.

    Abraços e obrigado por responder



  5. Tiagomatias... se puder me ajudar eu agradeço muito.

    Lembrando que tenho 2Links de 2MB FULL (2mb/2mb)

    /ip firewall nat
    add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=LINK1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=LINK2
    add action=masquerade chain=srcnat comment="" disabled=no src-address=10.0.0.0/8
    /ip route
    add comment="BALANCEAMENTO DE CARGA - LINK1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=201.90.162.161 routing-mark=to_nra scope=30 target-scope=\
    10
    add comment="BALANCEAMENTO DE CARGA - LINK2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=189.22.8.1 routing-mark=to_nrb scope=30 target-scope=10
    add comment="LINK2 - TELEFONICA" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=189.22.8.1 scope=30 target-scope=10
    add comment="LINK1 - EMBRATEL" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=201.90.162.161 scope=30 target-scope=10
    /ip fireall mangle
    add action=mark-connection chain=output comment="CACHE FULL" content="X-Cache: HIT" disabled=no new-connection-mark=conn_squid-up passthrough=yes protocol=\
    tcp src-port=3128
    add action=mark-packet chain=output comment="" connection-mark=conn_squid-up disabled=no new-packet-mark=pacotes_squid-up passthrough=yes
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=3128 new-connection-mark=conn_squid-down passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=conn_squid-down disabled=no new-packet-mark=pacotes_squid-down passthrough=yes
    add action=accept chain=prerouting comment="SEM BALANCE DE DESTINO" disabled=no dst-address-list=sem_balance in-interface=LOCAL
    add action=mark-connection chain=input comment="MARCACAO DE NOVAS CONEXOES" connection-state=new disabled=no in-interface=LINK1 new-connection-mark=conn_na \
    passthrough=yes
    add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=LINK2 new-connection-mark=conn_nb passthrough=yes
    add action=mark-routing chain=output comment="MARCACAO DE ROTAS" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=no
    add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=no
    add action=mark-connection chain=prerouting comment="MARCACAO DE NOVAS CONEXOES" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=\
    conn_ma0 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=conn_mb1 passthrough=yes \
    per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting comment="MARCACAO DE INTERFACES" connection-mark=conn_ma0 disabled=no in-interface=LOCAL new-routing-mark=to_nra \
    passthrough=no
    add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=LOCAL new-routing-mark=to_nrb passthrough=no
    Última edição por thiagotgc; 28-09-2009 às 08:06.






Tópicos Similares

  1. Respostas: 12
    Último Post: 15-05-2015, 17:14
  2. Respostas: 6
    Último Post: 08-03-2015, 02:04
  3. Respostas: 2
    Último Post: 18-06-2014, 16:27
  4. Respostas: 273
    Último Post: 20-09-2012, 10:39
  5. duvida sobre link dedicado por balance de operadora
    Por boneco no fórum Servidores de Rede
    Respostas: 13
    Último Post: 05-05-2011, 18:07

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L