Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Citação Postado originalmente por brunocemeru Ver Post
    boa noite segue minhas regras para analise:

    # ip address --------------------------
    /ip address add address=10.1.1.1/24 interface=255.255.255.0
    /ip address add address=10.1.1.1/24 interface=255.255.255.0
    /ip address add address=10.10.10.1/24 interface=255.255.255.0


    # interface pppoe-client ---------------


    # ip dns --------------------------------
    /ip dns set primary-dns=8.8.8.8
    /ip dns set secondary-dns=8.8.4.4
    /ip dns set allow-remote-requests=yes




    # ip firewall Filter------------------------
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=gvt.user.com.br disabled=no
    /ip firewall filter add action=accept chain=input disabled=no in-interface=!255.255.255.0 src-address=10.1.1.0/24
    /ip firewall filter add action=accept chain=input disabled=no in-interface=!255.255.255.0 src-address=10.1.1.0/24


    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=255.255.255.0
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=255.255.255.0


    # ip firewall mangle------------------------


    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=255.255.255.0 new-connection-mark=Sites0 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=255.255.255.0 new-routing-mark=Rota0 passthrough=no
    / ip route add gateway=10.1.1.1 routing-mark=Rota0
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=255.255.255.0 new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=255.255.255.0 new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=10.10.10.1 routing-mark=Rota1


    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK0
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    # Fim LoopBack por link----------------------


    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=255.255.255.0 new-connection-mark=255.255.255.0_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=255.255.255.0 new-connection-mark=255.255.255.0_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=255.255.255.0_conn disabled=no new-routing-mark=to_255.255.255.0 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=255.255.255.0_conn disabled=no new-routing-mark=to_255.255.255.0 passthrough=yes
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.1.1.0/24 in-interface=255.255.255.0
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.10.10.0/24 in-interface=255.255.255.0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=255.255.255.0 new-connection-mark=255.255.255.0_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=255.255.255.0 new-connection-mark=255.255.255.0_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=255.255.255.0 new-connection-mark=255.255.255.0_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=255.255.255.0_conn disabled=no in-interface=255.255.255.0 new-routing-mark=to_255.255.255.0 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=255.255.255.0_conn disabled=no in-interface=255.255.255.0 new-routing-mark=to_255.255.255.0 passthrough=yes


    # ip route----------------------------------
    /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.1.1.1 routing-mark=to_255.255.255.0 comment="Link0"
    /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_255.255.255.0 comment="Link1"
    /ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.1.1.1 scope=30 target-scope=10
    /ip route add check-gateway=ping comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 target-scope=10

  2. essas regras ae amigo e com o modem rotiado






Tópicos Similares

  1. Respostas: 12
    Último Post: 10-10-2016, 05:34
  2. Respostas: 4
    Último Post: 17-07-2014, 17:20
  3. Respostas: 0
    Último Post: 21-03-2014, 16:49
  4. Respostas: 20
    Último Post: 02-02-2012, 09:33
  5. Balanceamento de links com modem 3G
    Por tobias no fórum Servidores de Rede
    Respostas: 2
    Último Post: 27-02-2011, 18:58

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L