+ Responder ao Tópico



  1. galera estou a mais de um mês quebrado a cabeça com essa configuração tenho 3 linhas vdsl todas de 50 megas da vivo em uma RB850gx2 a 800 metro da central
    eu fiz 3 vlans na linhas para o concentrador (que disca pppoe para os clientes) onde já tem um link dedicado de 50 megas mais quando faço o balance dentro do concentrador fica só uma das linhas funcionando
    e as outras só passa kbps.


    então qualquer dica dos mestre vai me ajuda muito.

    Lembrando que eu tenho Thundercahe e Mk-auth


    em baixo as configurações do balance:

    # ip address --------------------------
    /ip address add address=172.19.2.0/30 interface=Clientes (Bridger)
    /ip address add address=17x.xxx.xxx.162/30 interface=Dedicado


    # interface pppoe-client ---------------
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl1 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl2 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl3 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet


    # ip dns --------------------------------
    /ip dns set primary-dns=8.8.8.8
    /ip dns set secondary-dns=8.8.4.4
    /ip dns set allow-remote-requests=yes




    # ip firewall Filter------------------------
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
    /ip firewall filter add action=accept chain=input disabled=no in-interface=!Dedicado src-address=172.19.2.0/30


    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=Dedicado
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl1
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl2
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl3


    # ip firewall mangle------------------------


    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=Clientes new-connection-mark=Sites0 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=Clientes new-routing-mark=Rota0 passthrough=no
    / ip route add gateway=17x.xxx.xxx.161 routing-mark=Rota0
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=Clientes new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=Clientes new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=adsl_vlan_vdsl1 routing-mark=Rota1
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=Clientes new-connection-mark=Sites2 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=Clientes new-routing-mark=Rota2 passthrough=no
    / ip route add gateway=adsl_vlan_vdsl2 routing-mark=Rota2


    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    # Fim LoopBack por link----------------------


    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=Clientes
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=Dedicado new-connection-mark=Dedicado_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl1 new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl2 new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl3 new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=Dedicado_conn disabled=no new-routing-mark=to_Dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl1_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl2_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl3_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=17x.xxx.xxx.160/30 in-interface=Clientes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=Dedicado_conn passthrough=yes per-connection-classifier=both-addresses:4/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes per-connection-classifier=both-addresses:4/1
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes per-connection-classifier=both-addresses:4/2
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes per-connection-classifier=both-addresses:4/3
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=Dedicado_conn disabled=no in-interface=Clientes new-routing-mark=to_Dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl1_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl2_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl3_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes


    # ip route----------------------------------
    /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 routing-mark=to_Dedicado comment="Link0"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 routing-mark=to_adsl_vlan_vdsl1 comment="Link1"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 routing-mark=to_adsl_vlan_vdsl2 comment="Link2"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 routing-mark=to_adsl_vlan_vdsl3 comment="Link3"
    /ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 scope=30 target-scope=10
    /ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 scope=30 target-scope=10
    /ip route add comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 scope=30 target-scope=10
    /ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 scope=30 target-scope=10


    # ip firewall address-list-----------------------------
    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback


    # /system script--------------------------------------
    /system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
    /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
    /system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
    /system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link3\"] disabled=yes;"
    /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
    /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
    /system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
    /system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=no;\r\ \n/ip route set [find comment=\"Link3\"] disabled=no;"

  2. Alguém... ajuda



  3. Deve ser por causa dessa regra

    [CODE]
    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

    Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?

  4. Citação Postado originalmente por berghetti Ver Post
    Deve ser por causa dessa regra

    [CODE]
    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

    Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?
    foi amigo ,agora tirei a regra mais ainda só sai por um link.



  5. aconselho procurar outro balance, como disse, esse esta desatualizado.

  6. amigo Paulo, dê uma olhada nesse balance que postei logo abaixo, fiz o meu com 3 links velox, com poucas regras no firewall e concentrador tudo na mesma rb. ficou bacana o meu!!



  7. So tem um coisa errada pelo q parece ao definir a interface q vc define in-interface=Cliente se vc tiver autenticando os cliente em pppoe ou hotspot nao vai funcionar mas se for por ip mac vai funcionar certinho, mas caso seja autentica pppoe acrecente um ! Exceto na frente de Cliente e mude a interface para a interface de entrada de link para cada um de sua referencia.

    Enviado via LG-E612f usando UnderLinux App

  8. Boa noite,
    Veja se já tem disponível ipv6 visto que maioria usa facebook,gmail,youtube, netflix e todos esses sites ja tem ativo o ipv6. Ai vai depender do seu conhecimento em redes e ipv6 para ativar e ve como funciona bem. Ja tenho em um cliente e é super tranquilo.
    Vamos nos atualizar gente chega de sofrimento 😉

    Enviado via LG-V480 usando UnderLinux App






Tópicos Similares

  1. Load Balance PCC passando apenas por um Link
    Por MarcosGabriel21 no fórum Redes
    Respostas: 5
    Último Post: 23-12-2013, 08:38
  2. Respostas: 1
    Último Post: 23-07-2013, 08:27
  3. Respostas: 27
    Último Post: 21-05-2009, 20:36
  4. Respostas: 0
    Último Post: 16-08-2007, 12:49
  5. iproute2 upload por um link e download por outro...
    Por ricleite no fórum Servidores de Rede
    Respostas: 9
    Último Post: 19-02-2005, 00:28

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L