+ Responder ao Tópico



  1. Boa tarde, estou fazendo um balanceamento com 3 links e gostaria de saber como fazer para redirecionar todo trafego de determinada porta para um unico link, por exemplo porta 443 que sao usadas em sites bancarios, estou usando o seguinte esquema para os balanceamentos:


    / ip address

    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether1 comment="" \
    disabled=no

    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 \
    comment="" disabled=no

    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether3 \
    comment="" disabled=no

    add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=ether4 \
    comment="" disabled=no



    / ip firewall mangle

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,0 \
    action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=odd action=mark-routing \
    new-routing-mark=odd passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,1 \
    action=mark-connection new-connection-mark=even passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=even action=mark-routing \
    new-routing-mark=even passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,2 \
    action=mark-connection new-connection-mark=ode passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=ode action=mark-routing \
    new-routing-mark=ode passthrough=no comment="" disabled=no


    / ip firewall nat

    add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
    to-ports=0-65535 comment="" disabled=no

    add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
    to-ports=0-65535 comment="" disabled=no

    add chain=srcnat connection-mark=ode action=src-nat to-addresses=
    10.113.0.2 \
    to-ports=0-65535 comment="" disabled=no



    / ip route

    add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=ode \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 comment="" \
    disabled=no

  2. olá amigo ai vai a regra !

    IP > Firewall > Mangle

    General Chain=prerouting Src.Address=0.0.0.0 ou ip de entrada do seu servidor ex:192.168.0.254 Protocol=TCP Dst.Port=443

    Acetion Acetion=mark coonection New Connection Mark=odd

    Marque a caixa ( Passthrough )

    Isso deve resolver !!!

    Qualquer coisa posta ai !






Tópicos Similares

  1. Respostas: 11
    Último Post: 11-07-2012, 20:58
  2. Respostas: 1
    Último Post: 13-10-2007, 14:45
  3. porta 443 (listen)
    Por thiagog no fórum Servidores de Rede
    Respostas: 3
    Último Post: 10-08-2006, 07:00
  4. Navegando pela porta 443
    Por CEP no fórum Servidores de Rede
    Respostas: 3
    Último Post: 05-07-2006, 15:04
  5. porta 443 aberta! pq?
    Por Lincoln no fórum Servidores de Rede
    Respostas: 2
    Último Post: 05-01-2006, 14:23

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L