+ Responder ao Tópico

  1. Muito obrigado Dimix, vou testar hoje mesmo!

    Abraço!


  2.    Publicidade


  3. Pessoal, estou com uma dúvida quanto ao código gerado pelo programa. Eu ainda não coloquei o mesmo para rodar, porque tenho que fazer isso de madrugada e acaba que eu não tenho como ter uma resposta correta, porque o mais ideal é com os clientes conectados, mas para isso preciso evitar erros com o Balance, senão a coisa complica.

    **Minha estrutura para Balance é (Dedicado e ADSL):
    saida = 172.16.0.1
    dedicado = 189.89.189.190 (exemplo)
    adsl_1, adsl_2 e adsl_3 (todos em bridge, com usuário e senha)

    **Fiz um teste com a seguinte estrutura (Somente ADSL):
    saida = 172.16.0.1
    adsl_1, adsl_2 e adsl_3 (todos em bridge, com usuário e senha)

    A única diferença entre as duas estruturas é que uma possui Link Dedicado e a outra não.
    A diferença e minha dúvida nos códigos gerado é:
    _____________________________
    **Com Link Dedicado gerou a seguinte regra em IP Firewall Filter:

    /ip firewall filter add action=accept chain=input disabled=no in-interface=!dedicado src-address=172.16.0.1/24
    "Também foi gerada a regra de Bloqueio de DNS Reverso"

    **Sem o Link Dedicado não foi gerado nenhuma regra à mais além do Bloqueio do DNS Reverso.
    _____________________________
    **E no Mangle também é gerado uma regra a mais quando acrescento o Link Dedicado no programa, que é:

    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=189.89.189.190/29 in-interface=saida
    _____________________________
    Esse código e entradas que são gerados a mais quando utilizo o Link Dedicado no programa PCC são necessários mesmo, estão corretos, ou está ocorrendo algum erro na geração do código?
    Fico no aguardo da ajuda de vocês e agradeço a atenção.
    Até mais.
    Última edição por dimix; 04-01-2011 às 09:48.

  4. boa noite dimix!

    sim, está correto as regras a mais quando usado link dedicado, para tanto, vc pode entrar neste endereço oficial da MK e ver a documentação e confirmar o que falo..

    link:Manual:PCC - MikroTik Wiki

    Att.: Scan

  5. Bom dia Scan...
    Agradeço a ajuda no esclarecimento das dúvidas... Sou novato no Mikrotik e em balanceamento PCC e só tenho a agradecer a sua iniciativa, que logo vai completar 1 ano. Obrigado.
    Hoje de madrugada fui fazer uns testes no Balanceamento, tenho 1 Dedicado e 3 ADSL e no momento do testes estava usando 1 Dedicado e 2 ADSL, porque o 3º ADSL estava rodando no servidor, e está ocorrendo o seguinte problema:
    Os 2 ADSL se conectam normalmente, e o Dedicado sobe também, só que a Internet não é liberada, mesmo eu pingando do Balance para a Internet, mas quando eu desabilito a interface do Dedicado, ele pinga e libera a Internet normalmente, e se eu habilito o Dedicado, ele até pinga a Internet, mas não navega nos sites, e uma coisa que eu achei estranho é que ele não estava pingando o roteador também (gateway do dedicado), e eu conferi os IP's e estava tudo certo.
    Depois que desabilito o Dedicado e a navegação é liberada, fiz o teste de desabilitar o "Bloqueio do DNS Reverso" e entrei no site: Meu ip - Qual , para ver se eu atualizando a página, ia alternar entre as conexões, mas sempre só mostrava o IP do 1º ADSL que eu cadastrei (que foi cadastrado depois do Dedicado), porque na ordem da configuração dos Links, eu fiz, foi: ether2 = Dedicado, ether3 = ADSL1, ether4 = ADSL2 (não estava conectado no momento, porque estava no servidor MK), ether5 = ADSL3, e na ether1 = saida (para o servidor MK).
    Estou mandando abaixo o código gerado pelo programa.
    Você poderia dar uma analisada no mesmo e me falar se tem algum problema?
    Desde já agradeço a ajuda disponibilizada desde o início do tópico.
    Até mais.

    # ip address --------------------------
    /ip address add address=172.16.0.1/24 interface=saida
    /ip address add address=188.94.134.212/29 interface=dedicado

    # interface pppoe-client ---------------
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_1 password=senha1 profile=default service-name="" use-peer-dns=no user=adsl1@adsl1.com.br
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_2 password=senha2 profile=default service-name="" use-peer-dns=no user=adsl2@adsl2.com.br
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_3 password=senha3 profile=default service-name="" use-peer-dns=no user=adsl3@adsl3.com.br

    # ip dns --------------------------------
    /ip dns set primary-dns=8.8.8.8
    /ip dns set secondary-dns=8.8.4.4
    /ip dns set allow-remote-requests=yes

    # ip dns statico------------------------
    /ip dns static add address=172.16.0.1 disabled=no name=172.16.0.1.provedor.com.br ttl=1d

    # ip firewall Filter------------------------
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=dsl.telesp.net.br disabled=no
    /ip firewall filter add action=accept chain=input disabled=no in-interface=!dedicado src-address=172.16.0.1/24

    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=dedicado
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_1
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_2
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_3

    # ip firewall mangle------------------------

    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=saida new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=saida new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=adsl_adsl_1 routing-mark=Rota1
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=saida new-connection-mark=Sites2 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=saida new-routing-mark=Rota2 passthrough=no
    / ip route add gateway=adsl_adsl_2 routing-mark=Rota2

    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    # Fim LoopBack por link----------------------

  6. Continuação:

    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=saida
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=saida
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=dedicado new-connection-mark=dedicado_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_1 new-connection-mark=adsl_adsl_1_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_2 new-connection-mark=adsl_adsl_2_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_3 new-connection-mark=adsl_adsl_3_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=dedicado_conn disabled=no new-routing-mark=to_dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_1_conn disabled=no new-routing-mark=to_adsl_adsl_1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_2_conn disabled=no new-routing-mark=to_adsl_adsl_2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_3_conn disabled=no new-routing-mark=to_adsl_adsl_3 passthrough=yes
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=188.94.134.209/29 in-interface=saida
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=dedicado_conn passthrough=yes per-connection-classifier=both-addresses:6/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_1_conn passthrough=yes per-connection-classifier=both-addresses:6/1
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_1_conn passthrough=yes per-connection-classifier=both-addresses:6/2
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_2_conn passthrough=yes per-connection-classifier=both-addresses:6/3
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_2_conn passthrough=yes per-connection-classifier=both-addresses:6/4
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_3_conn passthrough=yes per-connection-classifier=both-addresses:6/5
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=dedicado_conn disabled=no in-interface=saida new-routing-mark=to_dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_1_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_2_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_3_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_3 passthrough=yes

    # ip route----------------------------------
    /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.94.134.211 routing-mark=to_dedicado comment="Link0"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_1 routing-mark=to_adsl_adsl_1 comment="Link1"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_2 routing-mark=to_adsl_adsl_2 comment="Link2"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_3 routing-mark=to_adsl_adsl_3 comment="Link3"
    /ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.94.134.211 scope=30 target-scope=10
    /ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_adsl_1 scope=30 target-scope=10
    /ip route add comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=adsl_adsl_2 scope=30 target-scope=10
    /ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_adsl_3 scope=30 target-scope=10

    # ip firewall address-list-----------------------------
    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback

    # /system script--------------------------------------
    /system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
    /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
    /system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
    /system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link3\"] disabled=yes;"
    /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
    /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
    /system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
    /system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=no;\r\ \n/ip route set [find comment=\"Link3\"] disabled=no;"




Tags para este Tópico

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L