Página 1 de 7 123456 ... ÚltimoÚltimo
+ Responder ao Tópico



  1. Bom amigos após testar varias soluções de balanço cheguei a esta configuração,Considerando que funcionam bem.
    Esta configuração também permite fallover no caso de qualquer uma dos Links cair ou Desligar, A primeira seção das regras de mangle são feitas explicitamente para permitir conexões de entrada como Winbox / ftp / http / etc, basicamente, qualquer coisa que você deseja transmitir para um usuário interno irá funcionar correctamente e ser enviadas de volta o mesmo link (incluindo qualquer coisa adicionado por regras upnp).
    Antes de mais nada gostaria de ressaltar pra nao usar copiar e colar,entender as regras e adaptar as suas necessidades e fundamental para um bom funcionamento do sistema.

    *******************************************************************
    / ip address
    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan1
    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan2
    add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=wlan3
    add address=10.114.0.2/24 network=10.114.0.0 broadcast=10.114.0.255 interface=wlan4

    ###########################################################
    / ip firewall mangle
    add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn
    add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn
    add chain=input in-interface=wlan3 action=mark-connection new-connection-mark=wlan3_conn
    add chain=input in-interface=wlan4 action=mark-connection new-connection-mark=wlan4_conn
    add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1
    add chain=output connection-mark=wlan2_conn action=mark-routing new-routing-mark=to_wlan2
    add chain=output connection-mark=wlan3_conn action=mark-routing new-routing-mark=to_wlan3
    add chain=output connection-mark=wlan4_conn action=mark-routing new-routing-mark=to_wlan4
    add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.113.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address=10.114.0.0/24 action=accept in-interface=Local
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:4/0 \
    action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:4/1 \
    action=mark-connection new-connection-mark=wlan2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:4/2 \
    action=mark-connection new-connection-mark=wlan3_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:4/3 \
    action=mark-connection new-connection-mark=wlan4_conn passthrough=yes
    add chain=prerouting connection-mark=wlan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan1
    add chain=prerouting connection-mark=wlan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan2
    add chain=prerouting connection-mark=wlan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan3
    add chain=prerouting connection-mark=wlan4_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan4
    add chain=prerouting connection-mark=wlan3_conn in-interface=Local action=mark-routing new-routing-mark="http1" dst-port=80 protocol=tcp
    add chain=prerouting connection-mark=wlan4_conn in-interface=Local action=mark-routing new-routing-mark="http2" dst-port=80 protocol=tcp

    ###########################################################
    / ip route
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wlan1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_wlan2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.113.0.1 routing-mark=to_wlan3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.114.0.1 routing-mark=to_wlan4 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark="http1" check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark="http2" check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.113.0.1 distance=3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.114.0.1 distance=4 check-gateway=ping

    ******************************************************************
    / ip firewall nat
    add chain=srcnat out-interface=wlan1 action=masquerade
    add chain=srcnat out-interface=wlan2 action=masquerade
    add chain=srcnat out-interface=wlan3 action=masquerade
    add chain=srcnat out-interface=wlan4 action=masquerade
    ******************************************************************
    nao esqueça de clicar na Estrelinha para agradecer.

  2. Sostenes, vendo as regras que vc postou para 3 links, vi que nao postou as regras abaixo, sao necessárias?
    /ip firewall address-list
    add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    add address=208.69.32.0/24 comment="" disabled=no list=loopback
    add address=208.67.217.0/24 comment="" disabled=no list=loopback
    add address=201.7.178.0/24 comment="" disabled=no list=loopback
    add address=201.7.176.0/24 comment="" disabled=no list=loopback
    add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    add address=201.7.176.0/20 comment="Vdeos - Globo" disabled=no list=loopback
    add address=208.84.247.0/24 comment="Vdeos - terratv" disabled=no list=loopback
    add address=200.154.56.0/24 comment="Vdeos - terratv" disabled=no list=loopback
    add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    add address=200.201.166.0/24 comment="" disabled=no list=loopback
    add address=200.201.173.0/24 comment="" disabled=no list=loopback
    add address=200.201.174.0/24 comment="" disabled=no list=loopback
    add address=200.141.207.3 comment=Detran disabled=no list=loopback
    add address=85.17.216.46 comment=www.easy-share.com disabled=no list=loopback
    add address=200.222.8.9 comment=Detran disabled=no list=loopback

    valeu
    Última edição por zipfile; 07-07-2010 às 07:45.



  3. sim amigo,elas servem para esses sites sairem somente pelo link defult.
    outra coisa, vc precisa de adicionar uma regra acima de todas no mangle.
    ****************************************************************************************/ip firewall mangle
    add action=accept chain=prerouting comment="FORA DO LOAD BALACED" disabled=no dst-address-list=loopback in-interface=lan
    ****************************************************************************************
    onde "lan" e a inteface que vai para seus clientes.

  4. e impressao minha ou as regras para os 3 links vc fez com mais carinho? tudo comentada e tal, tem mais detalhes la que nao encontrei aqui.
    abraçao



  5. Citação Postado originalmente por sostenes Ver Post
    Antes de mais nada gostaria de ressaltar pra nao usar copiar e colar,entender as regras e adaptar as suas necessidades e fundamental para um bom funcionamento do sistema.
    amigo nao e que fiz com mais carinho,a ideia e a mesma, so muda a marcação das interfaces.
    fiz assim pro pessoal comparar , analisar e aprender com as regras.
    Última edição por sostenes; 30-06-2010 às 00:36.






Tópicos Similares

  1. Respostas: 15
    Último Post: 19-07-2012, 22:22
  2. Respostas: 11
    Último Post: 02-01-2012, 13:01
  3. Respostas: 47
    Último Post: 11-12-2011, 17:34
  4. Políticas de rotas com dois links DSL
    Por huskie no fórum Redes
    Respostas: 17
    Último Post: 25-06-2010, 22:48
  5. Controle de Banda com CBQ em 2 Links
    Por clicsis no fórum Sistemas Operacionais
    Respostas: 0
    Último Post: 11-02-2009, 17:47

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L