Sim.
Versão Imprimível
Bom dia queridos, estou com a seguinte dúvida.
tenho 2 linhas adsl - pppoe
eth1 - link1
eth2 - link2
eth3 - saida hotspot
Fiz a configuração conforme o tutorial. O que acontece é o seguinte. Todo o trafego está saindo pelo link1 e o link2 só funciona quando desligo o link1.
Algum dos amigos pode dar uma ajuda?
Verifica se no mangle tem marcação em todas as regras, se tiver você passou batido em alguma etapa, ou nas rotas ou nas marcações, caso não descubra pela análise, reseta as configurações e começa do zero.
Queridos, segue o que fiz, caso alguem possa ajudar dá um toque
ether1 - link1 - 2mb adsl pppoe
ether2 - link2 - 2mb adsl pppoe
ether3 - link3 - 2mb adsl pppoe
ether4 - link4 - 2mb adsl pppoe
ether5 - link5 - 2mb adsl pppoe
ether6 - saida
Após passar o script, configurei o hotspot diretamente pelo winbox.
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether1 new-connection-mark=conn_na passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether2 new-connection-mark=conn_nb passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether3 new-connection-mark=conn_nc passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether4 new-connection-mark=conn_nd passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=ether5 new-connection-mark=conn_ne passthrough=yes
****cria as marcas (conn_na, conn_nb, conn_nc) para novas conexões em cada uma das interfaces (EthLinkA, EthLinkB, EthLinkC)****
add action=mark-routing chain=output comment="" connection-mark=conn_na disabled=no new-routing-mark=to_ra passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_nb disabled=no new-routing-mark=to_rb passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_nc disabled=no new-routing-mark=to_rc passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_nd disabled=no new-routing-mark=to_rd passthrough=no
add action=mark-routing chain=output comment="" connection-mark=conn_ne disabled=no new-routing-mark=to_re passthrough=no
****utiliza as marcações (conn_na, conn_nb, conn_nc) para criar as marcações das respectivas rotas *****
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=saida new-connection-mark=conn_ma0 passthrough=yes per-connection-classifier=both-addresses:5/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=saida new-connection-mark=conn_mb1 passthrough=yes per-connection-classifier=both-addresses:5/1
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=saida new-connection-mark=conn_mc2 passthrough=yes per-connection-classifier=both-addresses:5/2
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=saida new-connection-mark=conn_md3 passthrough=yes per-connection-classifier=both-addresses:5/3
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=saida new-connection-mark=conn_me4 passthrough=yes per-connection-classifier=both-addresses:5/4
****agora utilizando os classificadores (0,1,2 e portanto são 3) na interface de clientes criamos novas marcas de conexão (conn_ma0, conn_mb1, conn_mc2), notem que se tivessemos 4 links seria aquie que fariamos as
alterações para (0,1,2,3 e portanto são 4) ficando 4/0, 4/1, 4/2, 4/3*****
add action=mark-routing chain=prerouting comment="" connection-mark=conn_ma0 disabled=no in-interface=saida new-routing-mark=to_nra passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_mb1 disabled=no in-interface=saida new-routing-mark=to_nrb passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_mc2 disabled=no in-interface=saida new-routing-mark=to_nrc passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_md3 disabled=no in-interface=saida new-routing-mark=to_nrd passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=conn_me4 disabled=no in-interface=saida new-routing-mark=to_nre passthrough=no
*****utilizando das novas marcações (conn_ma0, conn_mb1, conn_mc2) criamos uma nova marcação de rota na interface de clientes como (to_nra, to_nrb, to_nrc)*****
Em nat
add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=ether1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether3
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether4
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether5
****vale resaltar que o mascaramento pode ser feito de várias formas, indicando por exempo o ip da interface em src-nat, pela range de ips dos clientes e pela interface do link como acima.****
ip routes
add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.2 scope=30 target-scope=10
add comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10
add comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.3.2 scope=30 target-scope=10
add comment="" disabled=no distance=5 dst-address=0.0.0.0/0 gateway=192.168.4.2 scope=30 target-scope=10
add comment="" disabled=no distance=6 dst-address=0.0.0.0/0 gateway=192.168.5.2 scope=30 target-scope=10
*****definimos 3 rotas padrão sendo que cada uma tem um custo diferente e portanto a primeira terá a preferencia, caso venha a faltar a segunda assume, em seguida a terceira****
Aqui em NAT você deve mascarar a interface do pppeo e não a interface física ok!
Exemplo:
Ta faltando rotas ai e também deve ser feita com gateway apontando para a interface pppeo exemplo:Código :
add action=masquerade chain=srcnat comment="MASCARAMENTO PCC" disabled=no out-interface=pppoe-out1 add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2 add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out3 add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out4 add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out5
Rotas com marcas que esta faltando:Código :
add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10 add comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10 add comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out3 scope=30 target-scope=10 add comment="" disabled=no distance=5 dst-address=0.0.0.0/0 gateway=pppoe-out4 scope=30 target-scope=10 add comment="" disabled=no distance=6 dst-address=0.0.0.0/0 gateway=pppoe-out5 scope=30 target-scope=10
Lembrando que essas regas que postas são para se trabalhar com modems em bridge,Código :
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway="pppoe-out1" routing-mark=to_nra scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway="pppoe-out2" routing-mark=to_nrb scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway="pppoe-out3" routing-mark=to_nrc scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway="pppoe-out4" routing-mark=to_nrd scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway="pppoe-out5" routing-mark=to_nre scope=30 target-scope=10
é melhor em bridge pois evita o modem de travar, pois ele não suporta uma contrack tão grande quando a do MK ^^.