+ Responder ao Tópico



  1. Debian Lenny 5

  2. #412
    diogenesneto
    Não estou conseguindo realizar acesso externo quando coloco a saída diretamente pela Interface.
    A única forma que está funcionando comigo é quando coloco o Gateway manualmente na configuração.
    O Balanceamento está funcionando normalmente e o FailOver também.

    Minha configuração da Rota está assim:

    add check-gateway=ping comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1-gateway



  3. #413
    diogenesneto
    Meus dois Links são via Cable Modem.

    Os dados são:

    Rede interna: 192.168.88.0/24
    Link1: IP e GW dinâmicos
    Link2: IP e GW dinâmicos

    Segue abaixo o arquivo gerado pelo programa e que não está funcionando neste caso:

    -------------------------------

    # ip address --------------------------
    /ip address add address=192.168.88.1/24 interface=ether2-local

    # ip dns --------------------------------
    /ip dns set primary-dns=192.168.88.1
    /ip dns set allow-remote-requests=yes

    # ip dns statico------------------------
    /ip dns static add address=192.168.88.1 comment="" disabled=no name=192.168.88.1. ttl=1d

    # ip firewall Filter------------------------

    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether1-gatewayadsl
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether3-gatewayadsl

    # ip firewall mangle------------------------
    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether2-local
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether2-local
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether1-gatewayadsl new-connection-mark=ether1-gatewayadsl_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether3-gatewayadsl new-connection-mark=ether3-gatewayadsl_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=ether1-gatewayadsl_conn disabled=no new-routing-mark=to_ether1-gatewayadsl passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=ether3-gatewayadsl_conn disabled=no new-routing-mark=to_ether3-gatewayadsl passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether2-local new-connection-mark=ether1-gatewayadsl_conn passthrough=yes per-connection-classifier=:2/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether2-local new-connection-mark=ether3-gatewayadsl_conn passthrough=yes per-connection-classifier=:2/1
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether1-gatewayadsl_conn disabled=no in-interface=ether2-local new-routing-mark=to_ether1-gatewayadsl passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether3-gatewayadsl_conn disabled=no in-interface=ether2-local new-routing-mark=to_ether3-gatewayadsl passthrough=yes

    # ip route----------------------------------
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1-gatewayadsl routing-mark=to_ether1-gatewayadsl comment="Link0"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether3-gatewayadsl routing-mark=to_ether3-gatewayadsl comment="Link1"
    /ip route add comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1-gatewayadsl scope=30 target-scope=10
    /ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ether3-gatewayadsl scope=30 target-scope=10

    # ip firewall address-list-----------------------------
    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback

    # /system script--------------------------------------
    /system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
    /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
    /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
    /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"

    ---------------------------------------

  4. Citação Postado originalmente por scan Ver Post
    Debian Lenny 5
    Vlw



  5. Citação Postado originalmente por diogenesneto Ver Post
    Não estou conseguindo realizar acesso externo quando coloco a saída diretamente pela Interface.
    A única forma que está funcionando comigo é quando coloco o Gateway manualmente na configuração.
    O Balanceamento está funcionando normalmente e o FailOver também.

    Minha configuração da Rota está assim:

    add check-gateway=ping comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1-gateway


    Se for acesso externo veja se server esse:
    https://under-linux.org/f143/tutoria...46/index8.html
    ou
    https://under-linux.org/f210/tutoria...dicado-124912/






Tópicos Similares

  1. Respostas: 24
    Último Post: 25-03-2014, 06:52
  2. script para gerar tabelas dos logs???
    Por tomelin no fórum Linguagens de Programação
    Respostas: 1
    Último Post: 26-06-2006, 08:25
  3. programa para testar segurança do firewall
    Por johnny no fórum Servidores de Rede
    Respostas: 9
    Último Post: 01-11-2005, 12:48
  4. problemas para gerar modulo do tomcat
    Por mcclaudio no fórum Servidores de Rede
    Respostas: 2
    Último Post: 03-09-2004, 09:07
  5. Programa para gerenciar configuração!!!
    Por Algoritmo_PB no fórum Servidores de Rede
    Respostas: 2
    Último Post: 24-07-2004, 14:10

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L