Página 1 de 2 12 ÚltimoÚltimo
+ Responder ao Tópico

  1. galera estou a mais de um mês quebrado a cabeça com essa configuração tenho 3 linhas vdsl todas de 50 megas da vivo em uma RB850gx2 a 800 metro da central
    eu fiz 3 vlans na linhas para o concentrador (que disca pppoe para os clientes) onde já tem um link dedicado de 50 megas mais quando faço o balance dentro do concentrador fica só uma das linhas funcionando
    e as outras só passa kbps.


    então qualquer dica dos mestre vai me ajuda muito.

    Lembrando que eu tenho Thundercahe e Mk-auth


    em baixo as configurações do balance:

    # ip address --------------------------
    /ip address add address=172.19.2.0/30 interface=Clientes (Bridger)
    /ip address add address=17x.xxx.xxx.162/30 interface=Dedicado


    # interface pppoe-client ---------------
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl1 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl2 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
    /interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl3 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet


    # ip dns --------------------------------
    /ip dns set primary-dns=8.8.8.8
    /ip dns set secondary-dns=8.8.4.4
    /ip dns set allow-remote-requests=yes




    # ip firewall Filter------------------------
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
    /ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
    /ip firewall filter add action=accept chain=input disabled=no in-interface=!Dedicado src-address=172.19.2.0/30


    # ip firewall nat--------------------------
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=Dedicado
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl1
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl2
    /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl3


    # ip firewall mangle------------------------


    # LoopBack por link-------------------------
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=Clientes new-connection-mark=Sites0 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=Clientes new-routing-mark=Rota0 passthrough=no
    / ip route add gateway=17x.xxx.xxx.161 routing-mark=Rota0
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=Clientes new-connection-mark=Sites1 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=Clientes new-routing-mark=Rota1 passthrough=no
    / ip route add gateway=adsl_vlan_vdsl1 routing-mark=Rota1
    / ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=Clientes new-connection-mark=Sites2 passthrough=yes
    / ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=Clientes new-routing-mark=Rota2 passthrough=no
    / ip route add gateway=adsl_vlan_vdsl2 routing-mark=Rota2


    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
    /ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
    # Fim LoopBack por link----------------------


    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes
    /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=Clientes
    /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=Dedicado new-connection-mark=Dedicado_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl1 new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl2 new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl3 new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=Dedicado_conn disabled=no new-routing-mark=to_Dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl1_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl2_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl3_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=17x.xxx.xxx.160/30 in-interface=Clientes
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=Dedicado_conn passthrough=yes per-connection-classifier=both-addresses:4/0
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes per-connection-classifier=both-addresses:4/1
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes per-connection-classifier=both-addresses:4/2
    /ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes per-connection-classifier=both-addresses:4/3
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=Dedicado_conn disabled=no in-interface=Clientes new-routing-mark=to_Dedicado passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl1_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl2_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
    /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl3_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes


    # ip route----------------------------------
    /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 routing-mark=to_Dedicado comment="Link0"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 routing-mark=to_adsl_vlan_vdsl1 comment="Link1"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 routing-mark=to_adsl_vlan_vdsl2 comment="Link2"
    /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 routing-mark=to_adsl_vlan_vdsl3 comment="Link3"
    /ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 scope=30 target-scope=10
    /ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 scope=30 target-scope=10
    /ip route add comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 scope=30 target-scope=10
    /ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 scope=30 target-scope=10


    # ip firewall address-list-----------------------------
    /ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
    /ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
    /ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
    /ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
    /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
    /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
    /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback


    # /system script--------------------------------------
    /system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
    /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
    /system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
    /system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link3\"] disabled=yes;"
    /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
    /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
    /system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
    /system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=no;\r\ \n/ip route set [find comment=\"Link3\"] disabled=no;"


  2.    Publicidade


  3. Alguém... ajuda

  4. Deve ser por causa dessa regra

    [CODE]
    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

    Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?

  5. Citação Postado originalmente por berghetti Ver Post
    Deve ser por causa dessa regra

    [CODE]
    /ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

    Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?
    foi amigo ,agora tirei a regra mais ainda só sai por um link.

  6. aconselho procurar outro balance, como disse, esse esta desatualizado.




Visite: BR-Linux ·  VivaOLinux ·  Dicas-L