+ Responder ao Tópico



  1. Olá a todos!
    Alguém pode me ajudar?
    tô com o seguinte problema, uso a rb1100, com 4 links adsl de 10mb, mas quase todo trafego sai pelo link 1, enquanto os outros 3 ficam baixissimo o consumo, e quando o link 1 ja esta no gargalo, causa lentidão na rede, e não puxa banda dos outros 3 links.
    não entendo muito bem como configurar o pcc mikrotik.
    alguém pode olhar minhas configurações e verificar onde está errado?
    segue o endereço com a tela mostrando as rotas e o trafego das interfaces;
    ImageShack

    segue também um export das minhas configurações ip/firewall;

    /ip firewall address-list
    add address=192.168.100.0/24 disabled=no list=rede-interna
    add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    add address=192.168.100.0/24 disabled=no list=loopback
    add address=189.72.217.102 comment="COLOCAR O IP PARA FICAR FORA DO BALANCE" disabled=no list=loopback
    add address=201.7.176.0/20 comment=Globo disabled=no list=loopback
    add address=201.88.207.50 disabled=no list=loopback
    /ip firewall connection tracking
    set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
    add action=drop chain=virus comment="bloqueio de VIRUS conhecidos" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=udp
    add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=udp
    add action=drop chain=virus comment=________ disabled=no dst-port=593 protocol=tcp
    add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=virus comment=________ disabled=no dst-port=1214 protocol=tcp
    add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 protocol=tcp
    add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp
    add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus comment="Drop porta proxy" disabled=no dst-port=3127-3128 protocol=tcp
    add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=udp
    add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp
    add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp
    add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 protocol=tcp
    add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 protocol=tcp
    add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 protocol=tcp
    add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp
    add action=drop chain=input comment=FTP disabled=yes dst-port=21 protocol=tcp
    add action=drop chain=input comment=SSH disabled=no dst-port=22 protocol=tcp
    add action=drop chain=input comment=TELNET disabled=no dst-port=23 protocol=tcp
    add action=accept chain=input comment="Accept established connections" connection-state=established disabled=no
    add action=accept chain=input comment="Accept related connections" connection-state=related disabled=no
    add action=drop chain=input comment="Drop invalid connections" connection-state=invalid disabled=no
    add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
    add action=drop chain=input comment="Drop excess pings" disabled=no protocol=icmp
    /ip firewall mangle
    add action=accept chain=prerouting comment="out load DST" disabled=no dst-address-list=rede-interna in-interface=Clientes
    add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=Clientes
    add action=mark-connection chain=input comment="Make the packet leaves via same interface" connection-state=new disabled=no in-interface=LINK1-pppoe new-connection-mark=LINK1_conn \
    passthrough=yes
    add action=mark-connection chain=input connection-state=new disabled=no in-interface=LINK2-pppoe new-connection-mark=LINK2_conn passthrough=yes
    add action=mark-connection chain=input connection-state=new disabled=no in-interface=LINK3-pppoe new-connection-mark=LINK3_conn passthrough=yes
    add action=mark-connection chain=input connection-state=new disabled=no in-interface=LINK4-pppoe new-connection-mark=LINK4_conn passthrough=yes
    add action=mark-routing chain=output connection-mark=LINK1_conn connection-state=new disabled=no new-routing-mark=to_LINK1 passthrough=no
    add action=mark-routing chain=output connection-mark=LINK2_conn connection-state=new disabled=no new-routing-mark=to_LINK2 passthrough=no
    add action=mark-routing chain=output connection-mark=LINK3_conn connection-state=new disabled=no new-routing-mark=to_LINK3 passthrough=no
    add action=mark-routing chain=output connection-mark=LINK4_conn connection-state=new disabled=no new-routing-mark=to_LINK4 passthrough=no
    add action=mark-connection chain=prerouting comment="PCC Balance" disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=LINK1_conn passthrough=yes \
    per-connection-classifier=both-addresses:4/0
    add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=LINK2_conn passthrough=yes per-connection-classifier=\
    both-addresses:4/1
    add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=LINK3_conn passthrough=yes per-connection-classifier=\
    both-addresses:4/2
    add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=LINK4_conn passthrough=yes per-connection-classifier=\
    both-addresses:4/3
    add action=mark-routing chain=prerouting comment="Marking all the packets" connection-mark=LINK1_conn disabled=no in-interface=Clientes new-routing-mark=to_LINK1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=LINK2_conn disabled=no in-interface=Clientes new-routing-mark=to_LINK2 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=LINK3_conn disabled=no in-interface=Clientes new-routing-mark=to_LINK3 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=LINK4_conn disabled=no in-interface=Clientes new-routing-mark=to_LINK4 passthrough=no
    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
    add action=masquerade chain=srcnat disabled=no out-interface=LINK1-pppoe
    add action=masquerade chain=srcnat disabled=no out-interface=LINK2-pppoe
    add action=masquerade chain=srcnat disabled=no out-interface=LINK3-pppoe
    add action=masquerade chain=srcnat disabled=no out-interface=LINK4-pppoe
    /ip firewall service-port
    set ftp disabled=no ports=21
    set tftp disabled=no ports=69
    set irc disabled=no ports=6667
    set h323 disabled=no
    set sip disabled=no ports=5060,5061
    set pptp disabled=no

    Por favor me ajudem!
    Desde ja muito Obrigado!
    bhyll

  2. Vou testar as regras em breve assim que minha RB450G chegar hehehe... Posto aqui os resultados.

    Abraço!



  3. Excelente post, balance funcionando 100% em uma rb750g com dois links ip telefonica...

    Att,
    Clistenes

  4. Luciano, coloquei as regras em uma RB750G funcionou numa boa, com 2 links ADSL 600k, como vi eles balanceiam, como poderia somar os dois link's e o acesso externo, seria a forma correta como os amigos aki ja falaram anteriormente? (só quero saber sua opnião, caso vc tenha alguma adição ao conteúdo abaixo, ficaria grato)

    Código :
    Para somar os links:
    both-address > para both-address and ports

    Código :
    Para o acesso externo:
    add action=accept chain=input comment="INPUT - IPs Gerenciamento -+-+-+" disabled=no src-address=0.0.0.0/0

    Parabéns pelo tuto super eficiente. Abraços!



  5. segui a risca tudo que vc postou com exeção que no meu são apenas dois links e na 1°regra
    < add action=accept chain=prerouting comment="SEM BALANCE" disabled=no dst-address-list=sem_balance in-interface=EthClientes
    esta primera regra aceita as conexões para todos os ips de destino que se encontrarem na lista 'sem_balance' que irão sair pela rota padrão> quando ativo o dst-address-list=sem_balance, para tudo não consi nem pingar pra fora Será que vc pode me ajudar seu post foi o unico que eu entedi melhor.






Tópicos Similares

  1. Respostas: 12
    Último Post: 15-05-2015, 17:14
  2. Respostas: 6
    Último Post: 08-03-2015, 02:04
  3. Respostas: 2
    Último Post: 18-06-2014, 16:27
  4. Respostas: 273
    Último Post: 20-09-2012, 10:39
  5. duvida sobre link dedicado por balance de operadora
    Por boneco no fórum Servidores de Rede
    Respostas: 13
    Último Post: 05-05-2011, 18:07

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L