esta descobrindo agora o siguinificado de LOADBALACED :D
Versão Imprimível
Pessoal, resolvi colocar uma Rb 433ah para balancear 2 links um de 1 mega e um de 4 megas, estou usando o PCC, apos essa Rb tem um linux (debian) rodando para fazer o gerenciamento dos meus clientes (pppoe-server, radius, mysql, apache2, bind9 e etc).
Alem desses dois sistemas (mk com load balance PCC + Debian pppoe-server e radius...) tenho mais um linux debian rodando apenas com proxy squid.
O meu problema acontece quando eu ativo o redirecionamento do primeiro debian citado (pppoe-server) para usar o proxy squid em paralelo, a navegação continua exceto a pagina do hotmail e o windows live email.
eu já reinstalei o debian proxy, eu já coloquei um mikrotik no lugar do debian pppoe-server, em fim o único que não foi substituído foi a rb 433ah que esta fazendo o balanceamento e antes de colocar essa rb com PCC funcionava perfeitamente o cache so que apenas com um link, quanto ao balanço de carga esta perfeito, só que estou sem cache e os clientes sentiram isso por causa do cache full, só mais uma observação, os meus modem´s estão em bridge com a rb 433ah autenticando.
Segue abaixo as regras do mk e o squid.conf
Rb 433 ah Fazendo Load Balance PCC com 2 Links (1M + 4M)
Como vocês podem perceber estou marcando um pacote para um link e dois pacotes para o outro link, isso foi feito proposital.
Citação:
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=1M-pppoe-client new-connection-mark=wlan1_conn \
passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=4M-pppoe-client new-connection-mark=wlan2_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=wlan1_conn disabled=no new-routing-mark=to_wlan1 \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=wlan2_conn disabled=no new-routing-mark=to_wlan2 \
passthrough=yes
add action=accept chain=prerouting comment="" disabled=no dst-address=10.1.1.0/24 in-interface=ether1
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.254.0/24 in-interface=ether1
add action=mark-connection chain=prerouting comment="Balan\E7o dos Links" disabled=no dst-address-type=!local \
in-interface=ether1 new-connection-mark=wlan1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 \
new-connection-mark=wlan2_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=ether1 \
new-connection-mark=wlan2_conn passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting comment="Fim Balan\E7o dos Links" connection-mark=wlan1_conn disabled=no \
in-interface=ether1 new-routing-mark=to_wlan1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=wlan2_conn disabled=no in-interface=ether1 \
new-routing-mark=to_wlan2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=1M-pppoe-client
add action=masquerade chain=srcnat comment="" disabled=no out-interface=4M-pppoe-client
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=4M-pppoe-client routing-mark=\
to_wlan2
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1M-pppoe-client
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1M-pppoe-client routing-mark=\
to_wlan1
add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=4M-pppoe-client
Squid.conf (Debian Proxy)
Espero por uma Luz, só recorri por postar aqui no fórum porque eu já procurei em vários locais e por vários dias e não conseguir encontrar alguem com o mesmo problema.Citação:
http_port 3128 transparent
visible_hostname SERVER-PROXY
cache_mem 80 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 30 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 512 KB
acl apache rep_header Server ^Apache
#acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
#broken_vary_encoding allow apache
cache deny QUERY
cache_dir aufs /cache2/c1 10000 16 256
cache_dir aufs /cache2/c2 10000 16 256
hierarchy_stoplist cgi-bin ?
error_directory /usr/share/squid/errors/Portuguese/
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
half_closed_clients off
relaxed_header_parser on
#mime_table /usr/share/squid/mime.conf
#mantendo por mais tempo os arquivos em cache
refresh_pattern ^http: 30 40% 20160
refresh_pattern ^ftp: 30 50% 20160
refresh_pattern ^gopher: 30 40% 20160
refresh_pattern . 1440 100% 1440 ignore-reload override-lastmod override-expire reload-into-ims
# Imagens
refresh_pattern .gif 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .jpg 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .jpeg 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .png 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .bmp 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .tif 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .tiff 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .xbm 2880 150% 28800 override-expire reload-into-ims
refresh_pattern .ico 2880 150% 28800 override-expire reload-into-ims
detect_broken_pconn on
pipeline_prefetch on
cache_effective_user proxy
#ACLs padroes
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/255.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 21 80 8080 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
#padroes
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
header_access Accept-Encoding deny all
#rede de controle
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
# Marca Penalty HIT
zph_mode tos
zph_local 0x60
zph_option 136
zph_parent 0
pid_filename /var/run/squid.pid
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log squid
cache_store_log none
acl sitesnocache url_regex -i "/etc/squid/acls/nocache"
no_cache deny sitesnocache
Dez de já eu agradeço!!!
Abraço a todos.
Ninguem? Nao tem nada de errado nas minhas regras do Microtik?