Balance no Concentrador problemas só sai por um link

[Paulo José da Silva]

galera estou a mais de um mês quebrado a cabeça com essa configuração tenho 3 linhas vdsl todas de 50 megas da vivo em uma RB850gx2 a 800 metro da central
eu fiz 3 vlans na linhas para o concentrador (que disca pppoe para os clientes) onde já tem um link dedicado de 50 megas mais quando faço o balance dentro do concentrador fica só uma das linhas funcionando
e as outras só passa kbps.


então qualquer dica dos mestre vai me ajuda muito.

Lembrando que eu tenho Thundercahe e Mk-auth


em baixo as configurações do balance:

# ip address --------------------------
/ip address add address=172.19.2.0/30 interface=Clientes (Bridger)
/ip address add address=17x.xxx.xxx.162/30 interface=Dedicado


# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl1 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl2 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan_vdsl3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_vlan_vdsl3 password=gvt25 profile=default service-name="" use-peer-dns=no user=turbonet@turbonet


# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes




# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!Dedicado src-address=172.19.2.0/30


# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=Dedicado
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl1
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_vlan_vdsl3


# ip firewall mangle------------------------


# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=Clientes new-connection-mark=Sites0 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=Clientes new-routing-mark=Rota0 passthrough=no
/ ip route add gateway=17x.xxx.xxx.161 routing-mark=Rota0
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=Clientes new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=Clientes new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_vlan_vdsl1 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=Clientes new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=Clientes new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=adsl_vlan_vdsl2 routing-mark=Rota2


/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
/ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------


/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=Clientes
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=Dedicado new-connection-mark=Dedicado_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl1 new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl2 new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_vlan_vdsl3 new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=Dedicado_conn disabled=no new-routing-mark=to_Dedicado passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl1_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl2_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_vlan_vdsl3_conn disabled=no new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=17x.xxx.xxx.160/30 in-interface=Clientes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=Dedicado_conn passthrough=yes per-connection-classifier=both-addresses:4/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl1_conn passthrough=yes per-connection-classifier=both-addresses:4/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl2_conn passthrough=yes per-connection-classifier=both-addresses:4/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=Clientes new-connection-mark=adsl_vlan_vdsl3_conn passthrough=yes per-connection-classifier=both-addresses:4/3
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=Dedicado_conn disabled=no in-interface=Clientes new-routing-mark=to_Dedicado passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl1_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl2_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_vlan_vdsl3_conn disabled=no in-interface=Clientes new-routing-mark=to_adsl_vlan_vdsl3 passthrough=yes


# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 routing-mark=to_Dedicado comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 routing-mark=to_adsl_vlan_vdsl1 comment="Link1"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 routing-mark=to_adsl_vlan_vdsl2 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 routing-mark=to_adsl_vlan_vdsl3 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=17x.xxx.xxx.161 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl1 scope=30 target-scope=10
/ip route add comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl2 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_vlan_vdsl3 scope=30 target-scope=10


# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback


# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link3\"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=no;\r\ \n/ip route set [find comment=\"Link3\"] disabled=no;"

[Paulo José da Silva]

Alguém... ajuda

[berghetti]

Deve ser por causa dessa regra

[CODE]
/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?

[Paulo José da Silva]

Deve ser por causa dessa regra

[CODE]
/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=Clientes[CODE]

Como quase tudo é https vai usar mais um link mesmo, esse balance acho que ta desatualizado, voce fez usando aquele programa que gera o script automaticamente?

foi amigo ,agora tirei a regra mais ainda só sai por um link.

[berghetti]

aconselho procurar outro balance, como disse, esse esta desatualizado.

[SanchezMT]

amigo Paulo, dê uma olhada nesse balance que postei logo abaixo, fiz o meu com 3 links velox, com poucas regras no firewall e concentrador tudo na mesma rb. ficou bacana o meu!!

[deson00]

So tem um coisa errada pelo q parece ao definir a interface q vc define in-interface=Cliente se vc tiver autenticando os cliente em pppoe ou hotspot nao vai funcionar mas se for por ip mac vai funcionar certinho, mas caso seja autentica pppoe acrecente um ! Exceto na frente de Cliente e mude a interface para a interface de entrada de link para cada um de sua referencia.

Enviado via LG-E612f usando UnderLinux App

[magnorm]

Boa noite,
Veja se já tem disponível ipv6 visto que maioria usa facebook,gmail,youtube, netflix e todos esses sites ja tem ativo o ipv6. Ai vai depender do seu conhecimento em redes e ipv6 para ativar e ve como funciona bem. Ja tenho em um cliente e é super tranquilo.
Vamos nos atualizar gente chega de sofrimento 😉

Enviado via LG-V480 usando UnderLinux App