+ Responder ao Tópico



  1. Bom dia pessoal, já procurei bastante e achei até alguns casos que mostram como fazer funcional o balance pcc com proxy.
    Mas infelizmente aqui não consegui colocar para rodar os 2 juntos.

    equipamento RB450G
    2 links dedicados 4 e 1 Mega.
    uso o proxy apenas para controle de acesso a sites, pois esse rb esta em uma empresa.

    bom aqui estão as minhas regras atuais do mangle, rout e do nat se alguém poder me dar uma dica onde estou errando.
    logo depois vou colocar imagnes para facilitar a visualização das regras já que algumas estão desativadas.

    da forma atual funciona o proxy mas o balance não, algumas estão ativas e outras não se precisarem de mais informação só pedir!



    /ip firewall mangle
    add action=mark-connection chain=output comment="SEM BALACE CACHE FULL" \
    content="X-Cache: HIT" disabled=yes new-connection-mark=conn_squid-up \
    protocol=tcp src-port=3128
    add action=mark-packet chain=output connection-mark=conn_squid-up disabled=\
    yes new-packet-mark=pacotes_squid-up
    add action=mark-connection chain=prerouting disabled=yes dst-port=3128 \
    new-connection-mark=conn_squid-down protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=conn_squid-down \
    disabled=yes new-packet-mark=pacotes_squid-down
    add chain=prerouting comment="FORA DO BALANCE" dst-address-list=sembalance \
    dst-port=443 in-interface=local protocol=tcp
    add chain=prerouting comment="ACEITAR TRAFEGO DA REDE INTERNA" dst-address=\
    192.168.1.0/24 src-address=192.186.1.0/24
    add action=mark-connection chain=prerouting comment=\
    "MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark in-interface=\
    link1 new-connection-mark=conn_link1 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=link2 new-connection-mark=conn_link2
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark disabled=\
    yes dst-port=3128 in-interface=link1 new-connection-mark=conn_link1 \
    protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-port=3128 in-interface=link2 new-connection-mark=conn_link2 \
    protocol=tcp
    add action=mark-connection chain=prerouting comment=\
    "MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/0
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/1
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/2
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
    per-connection-classifier=both-addresses-and-ports:5/3
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/0 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/1 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/2 protocol=tcp
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link1 per-connection-classifier=\
    both-addresses-and-ports:5/3 protocol=tcp
    add action=mark-connection chain=prerouting comment=\
    "MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=no-mark \
    dst-address-type=!local in-interface=local new-connection-mark=conn_link2 \
    per-connection-classifier=both-addresses-and-ports:5/4
    add action=mark-connection chain=prerouting comment=\
    "PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=\
    no-mark dst-address-type=!local dst-port=3128 in-interface=local \
    new-connection-mark=conn_link2 per-connection-classifier=\
    both-addresses-and-ports:5/4 protocol=tcp
    add action=mark-routing chain=prerouting comment=\
    "MARCA\C7\C3O DE ROTA PARA LINKS" connection-mark=conn_link1 \
    in-interface=local new-routing-mark=rota_link1
    add action=mark-routing chain=prerouting connection-mark=conn_link2 \
    in-interface=local new-routing-mark=rota_link2
    add action=mark-routing chain=output comment=\
    "MARCANDO ROTA DE SAIDA PARA LINK" connection-mark=conn_link1 \
    new-routing-mark=rota_link1
    add action=mark-routing chain=output connection-mark=conn_link2 \
    new-routing-mark=rota_link2
    add action=mark-packet chain=postrouting connection-mark=thunder-c \
    new-packet-mark=thunder-P passthrough=no
    /ip firewall nat
    add chain=dstnat comment=\
    "\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" \
    dst-address-list=nobalance dst-port=80 protocol=tcp
    add action=redirect chain=dstnat comment="REDIRECIONAMENTO PROXY" dst-port=80 \
    in-interface=local protocol=tcp to-ports=3128
    add action=masquerade chain=srcnat comment="NAVEGA\C7\C3O" out-interface=\
    link1
    add action=masquerade chain=srcnat out-interface=link2
    add action=masquerade chain=srcnat out-interface=CLIENTES
    as rotas estão com ips ficticios validos mas que não são os meus

    /ip route
    add check-gateway=ping disabled=yes distance=1 gateway=199.199.1.1 \
    routing-mark=rota_link1
    add check-gateway=ping disabled=yes distance=1 gateway=188.188.2.2 \
    routing-mark=rota_link2
    add distance=1 gateway=199.199.1.1
    add distance=2 gateway=188.188.2.2
    Clique na imagem para uma versão maior

Nome:	         mangle.png
Visualizações:	127
Tamanho: 	50,0 KB
ID:      	53698

  2. Que eu me lembre, webproxy numa rb ou pc rodando balance pcc não funciona.
    Terá que separar deixa uma rb com o balance e outra com o webproxy.



  3. Citação Postado originalmente por shuttner Ver Post
    Que eu me lembre, webproxy numa rb ou pc rodando balance pcc não funciona.
    Terá que separar deixa uma rb com o balance e outra com o webproxy.
    Eu também imaginava isso, porem lendo sobre isso vi pelo menos 2 pessoas que falaram que funcionava tentei fazer mas não deu.
    No youtube se pesquisar acha um cara mencionando e mostrando mas não da para fazer com o que ele deixou.






Tópicos Similares

  1. Ajuda com Web Proxy MK - Sem Proxy Externo
    Por thiagotgc no fórum Redes
    Respostas: 4
    Último Post: 26-03-2009, 09:02
  2. Respostas: 5
    Último Post: 15-12-2008, 00:49
  3. Web-Proxy - MK 3.xx vs MK 2.xx
    Por minelli no fórum Redes
    Respostas: 0
    Último Post: 19-03-2008, 08:01
  4. Web-Proxy MK
    Por pannorj no fórum Redes
    Respostas: 4
    Último Post: 29-02-2008, 11:16
  5. Squid PC + Web-Proxy MK?
    Por MorpheusX no fórum Redes
    Respostas: 3
    Último Post: 08-01-2008, 07:32

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L