+ Responder ao Tópico



  1. #1

    Padrão PCC + web proxy mk

    Bom dia pessoal, já procurei bastante e achei até alguns casos que mostram como fazer funcional o balance pcc com proxy.
    Mas infelizmente aqui não consegui colocar para rodar os 2 juntos.

    equipamento RB450G
    2 links dedicados 4 e 1 Mega.
    uso o proxy apenas para controle de acesso a sites, pois esse rb esta em uma empresa.

    bom aqui estão as minhas regras atuais do mangle, rout e do nat se alguém poder me dar uma dica onde estou errando.
    logo depois vou colocar imagnes para facilitar a visualização das regras já que algumas estão desativadas.

    da forma atual funciona o proxy mas o balance não, algumas estão ativas e outras não se precisarem de mais informação só pedir!



    /ip firewall mangle
    add action=mark-connection chain=output comment="SEM BALACE CACHE FULL" \
    content="X-Cache: HIT" disabled=yes new-connection-mark=conn_squid-up \
    protocol=tcp src-port=3128
    add action=mark-packet chain=output connection-mark=conn_squid-up disabled=\
    yes new-packet-mark=pacotes_squid-up
    add action=mark-connection chain=prerouting disabled=yes dst-port=3128 \
    new-connection-mark=conn_squid-down protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=conn_squid-down \
    disabled=yes new-packet-mark=pacotes_squid-down
    add chain=prerouting comment="FORA DO BALANCE" dst-address-list=sembalance \
    dst-port=443 in-interface=local protocol=tcp
    add chain=prerouting comment="ACEITAR TRAFEGO DA REDE INTERNA" dst-address=\
    192.168.1.0/24 src-address=192.186.1.0/24
    add action=mark-connection chain=prerouting comment=\
    "MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark in-interface=\
    link1 new-connection-mark=conn_link1 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=link2 new-connection-mark=conn_link2
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark disabled=\
    yes dst-port=3128 in-interface=link1 new-connection-mark=conn_link1 \
    protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-port=3128 in-interface=link2 new-connection-mark=conn_link2 \
    protocol=tcp
    add action=mark-connection chain=prerouting comment=\
    "MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/0
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/1
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/2
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/3
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/0 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/1 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/2 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/3 protocol=tcp
    add action=mark-connection chain=prerouting comment=\
    "MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link2 \
    per-connection-classifier=both-addresses-and-ports:5/4
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=\
    no-mark dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link2 per-connection-classifier=\
    both-addresses-and-ports:5/4 protocol=tcp
    add action=mark-routing chain=prerouting comment=\
    "MARCA\C7\C3O DE ROTA PARA LINKS" connection-mark=conn_link1 \
    in-interface=local new-routing-mark=rota_link1
    add action=mark-routing chain=prerouting connection-mark=conn_link2 \
    in-interface=local new-routing-mark=rota_link2
    add action=mark-routing chain=output comment=\
    "MARCANDO ROTA DE SAIDA PARA LINK" connection-mark=conn_link1 \
    new-routing-mark=rota_link1
    add action=mark-routing chain=output connection-mark=conn_link2 \
    new-routing-mark=rota_link2
    add action=mark-packet chain=postrouting connection-mark=thunder-c \
    new-packet-mark=thunder-P passthrough=no
    /ip firewall nat
    add chain=dstnat comment=\
    "\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" \
    dst-address-list=nobalance dst-port=80 protocol=tcp
    add action=redirect chain=dstnat comment="REDIRECIONAMENTO PROXY" dst-port=80 \
    in-interface=local protocol=tcp to-ports=3128
    add action=masquerade chain=srcnat comment="NAVEGA\C7\C3O" out-interface=\
    link1
    add action=masquerade chain=srcnat out-interface=link2
    add action=masquerade chain=srcnat out-interface=CLIENTES
    as rotas estão com ips ficticios validos mas que não são os meus

    /ip route
    add check-gateway=ping disabled=yes distance=1 gateway=199.199.1.1 \
    routing-mark=rota_link1
    add check-gateway=ping disabled=yes distance=1 gateway=188.188.2.2 \
    routing-mark=rota_link2
    add distance=1 gateway=199.199.1.1
    add distance=2 gateway=188.188.2.2
    Clique na imagem para uma versão maior

Nome:	         mangle.png
Visualizações:	132
Tamanho: 	50,0 KB
ID:      	53698

  2. #2
    Avatar de shuttner
    Ingresso
    Aug 2008
    Localização
    Boa Vista - Roraima
    Posts
    257
    Posts de Blog
    1

    Padrão Re: PCC + web proxy mk

    Que eu me lembre, webproxy numa rb ou pc rodando balance pcc não funciona.
    Terá que separar deixa uma rb com o balance e outra com o webproxy.



  3. #3

    Padrão Re: PCC + web proxy mk

    Citação Postado originalmente por shuttner Ver Post
    Que eu me lembre, webproxy numa rb ou pc rodando balance pcc não funciona.
    Terá que separar deixa uma rb com o balance e outra com o webproxy.
    Eu também imaginava isso, porem lendo sobre isso vi pelo menos 2 pessoas que falaram que funcionava tentei fazer mas não deu.
    No youtube se pesquisar acha um cara mencionando e mostrando mas não da para fazer com o que ele deixou.