+ Responder ao Tópico



  1. #1

    Padrão Load Balance

    Bom dia galera under-linux,

    Tenho uma lanhouse e montei um servidor MK 2.9, com loadbalance, onde a situacao e a seguinte,

    São dois Links
    Link-01 = 256kbs sem restrições
    Link-02 = 2Mb, com restricoes de portas, (nao funciona jogos online, FTP, e alguns sites como NarutoProject, Sites de sacanagem, entre outros)

    No meu load balance eu configurei pra passar somente HTTP/HTTPS/MSN pelo Link-02 pois e demanda mais link, e no Link-01, passa os Jogos Online, ftp, ETC...,

    Em quetes, liberei 128up e 256dow pra cada maquina na rede,

    Segue o meu Script
    LOAD BALANCE

    / ip address
    add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Internet-02 comment="IP Link-02" disabled=no
    add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Internet-01 comment="IP Link-01" disabled=no
    add address=192.168.100.254/24 network=192.168.100.0 broadcast=192.168.100.255 interface=Ether3-Rede_Local comment="IP Rede Local" disabled=no

    / ip firewall mangle
    add chain=prerouting in-interface=Internet-02 connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=Internet-02 passthrough=yes comment="Balanceamento de Carga" disabled=no
    add chain=prerouting in-interface=Internet-02 connection-mark=Internet-02 nth=2,0,0 action=mark-routing new-routing-mark=Internet-02 passthrough=no comment="" disabled=no
    add chain=prerouting in-interface=Internet-01 connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=Internet-01 passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=Internet-01 connection-mark=Internet-01 nth=2,0,0 action=mark-routing new-routing-mark=Internet-01 passthrough=no comment="" disabled=no

    / ip firewall nat
    add chain=srcnat out-interface=Internet-02 action=masquerade comment="NAT-02" disabled=no
    add chain=srcnat out-interface=Internet-01 action=masquerade comment="NAT-01" disabled=no

    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=255 target-scope=10 routing-mark=Internet-01 comment="Gateway-01" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.2.254 scope=255 target-scope=10 routing-mark=Internet-02 comment="Gateway-02" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=255 target-scope=10 comment="Gateway Principal" disabled=no

    TRATAMENTO DE PORTAS

    / ip firewall mangle
    add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="HTTP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=443 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="HTTPS no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=1863 action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="MSN no Link-02" disabled=no
    add chain=prerouting protocol=tcp routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp dst-port=21 action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="FTP no Link-02" disabled=no
    add chain=prerouting routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp dst-port=22 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="SSH no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=23 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="TELNET no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=25 action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="SMTP no Link-02" disabled=no
    add chain=prerouting routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp dst-port=53 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="DNS no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=110 action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="POP3 no Link-02" disabled=no
    add chain=prerouting routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp dst-port=1080 action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="OUTRAS no Link-02" disabled=no
    add chain=prerouting routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp p2p=all-p2p action=mark-routing new-routing-mark=Internet-02 passthrough=yes comment="P2P no Link-02" disabled=no
    add chain=prerouting routing-mark=Internet-02 action=mark-packet new-packet-mark=Internet-02 passthrough=yes comment="PACOTES MARCADOS no Link-02" disabled=no
    add chain=prerouting protocol=tcp dst-port=5000 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="Ragnarok Porta 5000 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=6000 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="Ragnarok Porta 6000 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=6900 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="Ragnarok Porta 6900 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=29000 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="Perfeck World Porta 29000 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=8360 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8360 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=udp dst-port=8360 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8360 udp no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=8360 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8361 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=udp dst-port=8360 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8361 udp no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=8362 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8362 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=udp dst-port=8362 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8362 udp no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=tcp dst-port=8372 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8372 TCP no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    add chain=prerouting protocol=udp dst-port=8372 action=mark-routing new-routing-mark=Internet-01 passthrough=yes comment="GunBound Porta 8372 udp no Link-01" disabled=no
    add chain=prerouting routing-mark=Internet-01 action=mark-packet new-packet-mark=Internet-01 passthrough=yes comment="PACOTES MARCADOS no Link-01" disabled=no
    Agora que vem a dor de cabeça,
    Preciso colocar um FailOver, aonde quando eu perder o link-02 o link 01 assume toda a carga da rede e automaticamente ele diminui a velocidade das maquinas pra 16up/32down, assim que o link voltar ele assume configuração antiga.

    poderiam me ajudar???

  2. #2

    Padrão

    Amigo tenho um load com PCC que pode resolver seu problema com muito menos trabalho se quiser me mande um e-mail que te passo dai e so restaurar e boa.
    Abrs
    Gallyleus
    [email protected]