Estou com o mesmo problema do rogeriodj. Depois que instalei o pcc não consigo acessar umas páginas internas para visualização dos clientes. O voip também não está funcionando. Alguém pode ajudar?
Versão Imprimível
Estou com o mesmo problema do rogeriodj. Depois que instalei o pcc não consigo acessar umas páginas internas para visualização dos clientes. O voip também não está funcionando. Alguém pode ajudar?
Minha rota padrão é exatamente a qual tem o ip fixo que recebe as requisições externas.
Minhas regras no MK Load
Código :
Parte do nat onde faço o redirecionamento para o MK onde se conecta o servidor web /ip firewall nat add action=masquerade chain=srcnat comment=MASCARA disabled=no out-interface=\ NET-1 add action=masquerade chain=srcnat comment="" disabled=no out-interface=NET-2 add action=masquerade chain=srcnat comment="" disabled=no out-interface=NET-3 add action=dst-nat chain=dstnat comment=Redirect_Site disabled=no dst-port=80 \ in-interface=NET-1 protocol=tcp to-addresses=172.168.0.2 to-ports=80
Código :
Mangle . [B]OBS. no address-list eu coloquei o ip da interface, como o MK esta discando, o ip real esta no MK[/B] /ip firewall mangle add action=accept chain=prerouting comment="IP Site passar fora do load" disabled=no src-address-list=\ fora_load add action=mark-packet chain=prerouting comment="Paginas Dinamicas" disabled=\ no dst-port=443 new-packet-mark=Paginas_Dinamicas passthrough=yes \ protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=1863 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=25 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=\ 6891-6901 new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=\ 6891-6901 new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=5190 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=1503 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=7001 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=tcp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=9 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=7001 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment="" disabled=no dst-port=1025 \ new-packet-mark=Paginas_Dinamicas passthrough=yes protocol=udp add action=mark-routing chain=prerouting comment="" disabled=no \ new-routing-mark=https packet-mark=Paginas_Dinamicas passthrough=no add action=mark-connection chain=input comment=LOAD-PCC connection-state=new \ disabled=no in-interface=NET-1 new-connection-mark=ether1_conn \ passthrough=yes add action=mark-connection chain=input comment="" connection-state=new \ disabled=no in-interface=NET-2 new-connection-mark=ether2_conn \ passthrough=yes add action=mark-connection chain=input comment="" connection-state=new \ disabled=no in-interface=NET-3 new-connection-mark=ether3_conn \ passthrough=yes add action=mark-routing chain=output comment="" connection-mark=ether1_conn \ connection-state=new disabled=no new-routing-mark=to_ether1 passthrough=\ no add action=mark-routing chain=output comment="" connection-mark=ether2_conn \ connection-state=new disabled=no new-routing-mark=to_ether2 passthrough=\ no add action=mark-routing chain=output comment="" connection-mark=ether3_conn \ connection-state=new disabled=no new-routing-mark=to_ether3 passthrough=\ no add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether1_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/0 add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether3_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/1 add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether3_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/2 add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether2_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/3 add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether2_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/4 add action=mark-connection chain=prerouting comment="" disabled=no \ dst-address-type=!local in-interface=OUT new-connection-mark=ether2_conn \ passthrough=yes per-connection-classifier=both-addresses-and-ports:6/5 add action=mark-routing chain=prerouting comment="" connection-mark=\ ether1_conn disabled=no in-interface=OUT new-routing-mark=to_ether1 \ passthrough=no add action=mark-routing chain=prerouting comment="" connection-mark=\ ether2_conn disabled=no in-interface=OUT new-routing-mark=to_ether2 \ passthrough=no add action=mark-routing chain=prerouting comment="" connection-mark=\ ether3_conn disabled=no in-interface=OUT new-routing-mark=to_ether3 \ passthrough=no
Regra que recebe a net do MK-Balance e passar pro servidor web
Código :
add action=masquerade chain=srcnat comment=Mascara disabled=no out-interface=\ LINK add action=masquerade chain=srcnat comment=Mascara_Ubuntu disabled=yes \ src-address=172.31.255.0/30 add action=dst-nat chain=dstnat comment="Redirect_Site " disabled=no \ dst-port=80 in-interface=LINK protocol=tcp to-addresses=172.31.255.2 \ to-ports=80
Faz o seguinte:
coloca seu servidor web para usar a internet diretamente do loadbalaced pcc.
vamos imagina o seguinte cenario:
SERVIDOR_WEB IP: 10.1.1.2
SERVIDOR_PCC IP: 10.1.1.1
em /ip firewall mangle vamos forçar a seu servidor WEB a utilzar a internet apenas do seu link com IP VALIDO "dedicado", e não passar pelo loadbalced.
Não esqueça de colocar esta regra do mangle acima de todas.
regra:
/ip fiewall mangle
add action=mark-routing chain=prerouting comment="SERVIDOR WEB" disabled=no new-routing-mark=SERVIDOR_WEB passthrough=no src-address=10.1.1.2
logo vamos utilzar esta marcação na tebale de roteamento.
regra:
/ip route
add comment="SERVIDOR WEB" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=SEU_GW_DO_IP_VALIDO routing-mark=SERVIDOR_WEB scope=30 target-scope=10
tinha esquecido de colocar o redirecionamento
/ip firewall nat
add action=dst-nat chain=dstnat comment="SERVIDOR WEB" disabled=no dst-address=SEU_IP_VALIDO dst-port=80 protocol=tcp to-addresses=\
10.1.1.2 to-ports=80
com isso, vc esta forçando seu servidor web a utilzar apenas o link dedicao, vc pode ir em queue simples e coloca um controle de banda neste servidor cajo queira.
Teste e nos comunique como que ficou.
abraços