+ Responder ao Tópico



  1. Pessoal, fiz o Load Balance em uma RB 450G, mas como aconteceu com muitas pessoas aqui, não houve equilíbrio de carga. Estou usando duas ADSL,s de 11 mega inicialmente com os modens em modo router, e agora em modo bridge. Segue o meu export para análise, se alguém se dispor. Informando também que resetei e excluí as configurações de fábrica da RB. Obrigado.

    /ip firewall mangle
    add action=accept chain=prerouting comment="ESTABELECIMENTO DE CONEX\D5ES ENTRE SI." disabled=no dst-address=192.168.88.0/30 src-address=192.168.88.0/30
    add action=accept chain=prerouting disabled=yes dst-address=10.0.10.0/30 src-address=192.168.88.0/30
    add action=accept chain=prerouting disabled=yes dst-address=10.0.20.0/30 src-address=192.168.88.0/30
    add action=mark-connection chain=prerouting comment="CONEX\D5ES EXTERNAS." connection-mark=no-mark disabled=no in-interface=pppoe-out1 new-connection-mark=ISP1_conn \
    passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=yes
    add action=jump chain=prerouting comment="ENCAMINHAMENTO PERSONALIZADO" connection-mark=no-mark disabled=no in-interface=Local jump-target=policy_router
    add action=mark-routing chain=prerouting comment="ROTAS PARA SA\CDDAS DAS CONEX\D5ES MARCADAS." connection-mark=ISP1_conn disabled=no new-routing-mark=ISP1_trafic \
    passthrough=yes src-address=192.168.88.0/30
    add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=no new-routing-mark=ISP2_trafic passthrough=yes src-address=192.168.88.0/30
    add action=mark-routing chain=output comment="MARCA\C7\D5ES DOS ROTEAMENTOS" connection-mark=ISP1_conn disabled=no new-routing-mark=ISP1_trafic passthrough=yes
    add action=mark-routing chain=output connection-mark=ISP2_conn disabled=no new-routing-mark=ISP2_trafic passthrough=yes
    add action=mark-connection chain=policy_router comment="DIVIS\C3O DE LINK" disabled=no dst-address-type=!local new-connection-mark=ISP1_conn passthrough=yes \
    per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=policy_router disabled=no dst-address-type=!local new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/1

  2. Olá, amigo o problema está nas suas regras teste com essas aqui refaça tudo desde o começo que vai funcionar normalmente

    # ip firewall mangle------------------------


    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether4 new-connection-mark=adsl_ether4_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether4_conn disabled=no new-routing-mark=to_adsl_ether4 passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether4 passthrough=yes
    Última edição por freitascs; 26-03-2013 às 13:33.



  3. Freitascs, estou voltando para lhe agradecer. Funcionou corretamente, obrigado.
    Assim ficou o meu mangle com as configurações recomendadas:

    /ip firewall mangle
    add action=mark-connection chain=prerouting connection-state=new disabled=no \
    dst-address-list=LINK1 in-interface=ether5 new-connection-mark=Sites1 \
    passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=Sites1 disabled=no \
    in-interface=ether5 new-routing-mark=Rota1 passthrough=no
    add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" \
    disabled=no dst-port=443 in-interface=ether5 protocol=tcp
    add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no \
    dst-address-list=loopback in-interface=ether5
    add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" \
    disabled=no new-ttl=set:30 protocol=icmp
    add action=mark-connection chain=prerouting connection-state=new disabled=no \
    in-interface=adsl_ether2 new-connection-mark=adsl_ether2_conn passthrough=\
    yes
    add action=mark-connection chain=prerouting connection-state=new disabled=no \
    in-interface=adsl_ether1 new-connection-mark=adsl_ether1_conn passthrough=\
    yes
    add action=mark-routing chain=output connection-mark=adsl_ether2_conn disabled=\
    no new-routing-mark=to_adsl_ether2 passthrough=yes
    add action=mark-routing chain=output connection-mark=adsl_ether1_conn disabled=\
    no new-routing-mark=to_adsl_ether1 passthrough=yes
    add action=mark-connection chain=prerouting connection-state=new disabled=no \
    dst-address-type=!local in-interface=ether5 new-connection-mark=\
    adsl_ether2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0
    add action=mark-connection chain=prerouting connection-state=new disabled=no \
    dst-address-type=!local in-interface=ether5 new-connection-mark=\
    adsl_ether1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1
    add action=mark-routing chain=prerouting connection-mark=adsl_ether2_conn \
    disabled=no in-interface=ether5 new-routing-mark=to_adsl_ether2 \
    passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=adsl_ether1_conn \
    disabled=no in-interface=ether5 new-routing-mark=to_adsl_ether1 \
    passthrough=yes


    Muito obrigado, valeu!

  4. De nada amigo fico feliz que tenha conseguido resolver seu problema, até mais.



  5. Citação Postado originalmente por freitascs Ver Post
    Olá, amigo o problema está nas suas regras teste com essas aqui refaça tudo desde o começo que vai funcionar normalmente

    # ip firewall mangle------------------------


    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether4 new-connection-mark=adsl_ether4_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether4_conn disabled=no new-routing-mark=to_adsl_ether4 passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether4 passthrough=yes

    Ola freitascs!

    Voce pode me explicar a função destas interfaces citadas na regra acima? por exemplo, a ether1, ela é saida pros clientes, placa que conecta o modem 1, ou o discador pppoe1?

    Meu balance aqui não suga o link que tem disponivel, se comparado com testes feitos direto na saida de cada moden individual! Ele extrai apenas 20% da banda!

    desde ja obrigado!

    bhyll






Tópicos Similares

  1. Load balance dúvida de carga
    Por diomond no fórum Mikrotik
    Respostas: 4
    Último Post: 20-10-2016, 16:09
  2. Respostas: 7
    Último Post: 26-05-2014, 06:44
  3. Load Balance não funciona
    Por tarcisiomk10 no fórum Redes
    Respostas: 2
    Último Post: 14-11-2009, 09:37
  4. Load Balance Não Funciona!!!
    Por JRNET no fórum Redes
    Respostas: 2
    Último Post: 27-02-2009, 21:51
  5. Respostas: 9
    Último Post: 26-02-2008, 07:58

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L