+ Responder ao Tópico



  1. #1

    Padrão Balance PCC, problemas nas regras de aceitação de conexão

    Amigos, boa noite. Estou enfrentando um pequeno problema relacionado as regras do balance PCC. Estou usando um Dedicado mais 3 Vdsl no balance em uma CCR. O balance está funcionando, porém os VDSL estão em pppoe client cujo o Ip são dinamicos. Estou seguindo esse tutorial da Mikrotik: https://wiki.mikrotik.com/wiki/Manual:PCC

    Neste tutorial informa que em politicas de roteamento, devo adicionar a regra:
    Onde dst-address = ao ip da Wan. No caso do tutorial o ip é estático, no meu caso é dinâmico. Coloquei o Ip da Wan, mesmo dinâmico, e o balance rodou. Porém não tive como deixar devido as trocas de Ip que ocorrem devido a eles serem dinâmicos. Pesquisei no forum e ví que uma das soluções é deixar o modem em roteador, porém vi casos dos mesmos travarem. Antes de abrir, pesquisei porém não achei uma solução que eu conseguisse entender neste caso. Agradeceria muito a compreensão de todos e quem puder me ajudar, já agradeço! Boa noite.
    ip firewall mangle
    add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN

  2. #2

    Padrão Re: Balance PCC, problemas nas regras de aceitação de conexão

    Sugestao
    No lugar de dst-address q significa destino ao endereço vc usa o menu out-interface q significa saindo pela interface pppoe-out q seria a conexão pppoe do provedor.



  3. #3

    Padrão

    Citação Postado originalmente por deson00 Ver Post
    Sugestao
    No lugar de dst-address q significa destino ao endereço vc usa o menu out-interface q significa saindo pela interface pppoe-out q seria a conexão pppoe do provedor.
    Não permite:

    "outgoing interface matching not possible in input and prerouting chains"

  4. #4

    Padrão Re: Balance PCC, problemas nas regras de aceitação de conexão

    Buenas @csmattos12

    Posta um export do mangle e do nat, e das rotas pra gente ver.

    Código :
    /ip firewall nat export
    /ip firewall mangle export
    /ip route export



  5. #5

    Padrão Re: Balance PCC, problemas nas regras de aceitação de conexão

    Segue

    /ip firewall nat

    add action=masquerade chain=srcnat out-interface=combo
    add action=masquerade chain=srcnat out-interface="Vivo Fibra 1"
    add action=masquerade chain=srcnat out-interface="Vivo Fibra 3"
    add action=masquerade chain=srcnat out-interface="Vivo Fibra 2"

    ==============================================================

    /ip firewall mangle
    add action=mark-connection chain=prerouting comment=\
    "Marcacao Divisao Carga Link 4" connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link4 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/6
    add action=mark-connection chain=prerouting comment=\
    "Marcacao Divisao Carga Link 3" connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link3 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/5
    add action=mark-connection chain=prerouting comment=\
    "Aceitar Trafego Rede Interna" disabled=yes in-interface-list=all \
    new-connection-mark=conn_link1 passthrough=yes
    add action=accept chain=prerouting comment="Aceitar Trafego Rede Interna - 3" \
    dst-address=191.xx.xx.xx in-interface-list=all
    add action=accept chain=prerouting comment="Aceitar Trafego Rede Interna" \
    dst-address=191.xx.xx.xx in-interface-list=all
    add action=accept chain=prerouting comment="Aceitar Trafego Rede Interna - 1" \
    dst-address=179.xx.xx.xx in-interface-list=all
    add action=accept chain=prerouting comment="Aceitar Trafego Rede Interna - 2" \
    dst-address=177.xx.x.x in-interface-list=all
    add action=mark-connection chain=prerouting comment="Marcar Conex\F5es Link 1" \
    connection-mark=no-mark in-interface=combo new-connection-mark=conn_link1 \
    passthrough=yes
    add action=mark-connection chain=prerouting comment="Marcar Conex\F5es Link 2" \
    connection-mark=no-mark in-interface="Vivo Fibra 1" new-connection-mark=\
    conn_link2 passthrough=yes
    add action=mark-connection chain=prerouting comment="Marcar Conex\F5es Link 4" \
    connection-mark=no-mark in-interface="Vivo Fibra 2" new-connection-mark=\
    conn_link4 passthrough=yes
    add action=mark-connection chain=prerouting comment="Marcar Conex\F5es Link 3" \
    connection-mark=no-mark in-interface="Vivo Fibra 3" new-connection-mark=\
    conn_link3 passthrough=yes
    add action=mark-connection chain=prerouting comment=\
    "Marcacao Divisao de Carga Link 1" connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link1 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/0
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link1 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/1
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link1 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/3
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link1 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/2
    add action=mark-connection chain=prerouting comment=\
    "Marcacao Divisao de carga link 2" connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link2 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/4
    add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface-list=all new-connection-mark=\
    conn_link2 passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:7/6
    add action=mark-routing chain=prerouting comment="Marcar Rotas Para os Links" \
    connection-mark=conn_link1 in-interface-list=all new-routing-mark=\
    rota_link1 passthrough=yes
    add action=mark-routing chain=prerouting comment="Marcar Rotas Para os Links" \
    connection-mark=conn_link4 in-interface-list=all new-routing-mark=\
    rota_link4 passthrough=yes
    add action=mark-routing chain=prerouting comment="Marcar Rotas Para os Links" \
    connection-mark=conn_link3 in-interface-list=all new-routing-mark=\
    rota_link3 passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=conn_link2 \
    in-interface-list=all new-routing-mark=rota_link2 passthrough=yes
    add action=mark-routing chain=output comment="Marcando Rota de Saida Link 1" \
    connection-mark=conn_link1 new-routing-mark=rota_link1 passthrough=yes
    add action=mark-routing chain=output comment="Marcando Rota de saida Link 2" \
    connection-mark=conn_link2 new-routing-mark=rota_link2 passthrough=yes
    add action=jump chain=prerouting comment=\
    "POLITICA DE ENCAMINHAMENTO PERSONALIZADO" connection-mark=no-mark \
    in-interface-list=all jump-target=policy_router
    =================================================================================

    /ip route
    add check-gateway=ping distance=1 gateway=191.xx.xx.xx routing-mark=\
    rota_link1
    add check-gateway=ping distance=1 gateway="Vivo Fibra 1" routing-mark=\
    rota_link2
    add check-gateway=ping distance=1 gateway="Vivo Fibra 2" routing-mark=\
    rota_link3
    add check-gateway=ping comment=fibra3 distance=1 gateway="Vivo Fibra 3" \
    routing-mark=rota_link4
    add disabled=yes distance=1 gateway="Vivo Fibra 2" routing-mark=\
    sembalance_exclusivo
    add comment=principal distance=1 gateway=191.xx.xx.xx