Muito obrigado Dimix, vou testar hoje mesmo!
Abraço!
Versão Imprimível
Muito obrigado Dimix, vou testar hoje mesmo!
Abraço!
Pessoal, estou com uma dúvida quanto ao código gerado pelo programa. Eu ainda não coloquei o mesmo para rodar, porque tenho que fazer isso de madrugada e acaba que eu não tenho como ter uma resposta correta, porque o mais ideal é com os clientes conectados, mas para isso preciso evitar erros com o Balance, senão a coisa complica.
**Minha estrutura para Balance é (Dedicado e ADSL):
saida = 172.16.0.1
dedicado = 189.89.189.190 (exemplo)
adsl_1, adsl_2 e adsl_3 (todos em bridge, com usuário e senha)
**Fiz um teste com a seguinte estrutura (Somente ADSL):
saida = 172.16.0.1
adsl_1, adsl_2 e adsl_3 (todos em bridge, com usuário e senha)
A única diferença entre as duas estruturas é que uma possui Link Dedicado e a outra não.
A diferença e minha dúvida nos códigos gerado é:
_____________________________
**Com Link Dedicado gerou a seguinte regra em IP Firewall Filter:
/ip firewall filter add action=accept chain=input disabled=no in-interface=!dedicado src-address=172.16.0.1/24
"Também foi gerada a regra de Bloqueio de DNS Reverso"
**Sem o Link Dedicado não foi gerado nenhuma regra à mais além do Bloqueio do DNS Reverso.
_____________________________
**E no Mangle também é gerado uma regra a mais quando acrescento o Link Dedicado no programa, que é:
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=189.89.189.190/29 in-interface=saida
_____________________________
Esse código e entradas que são gerados a mais quando utilizo o Link Dedicado no programa PCC são necessários mesmo, estão corretos, ou está ocorrendo algum erro na geração do código?
Fico no aguardo da ajuda de vocês e agradeço a atenção.
Até mais.
boa noite dimix!
sim, está correto as regras a mais quando usado link dedicado, para tanto, vc pode entrar neste endereço oficial da MK e ver a documentação e confirmar o que falo..
link:Manual:PCC - MikroTik Wiki
Att.: Scan
Bom dia Scan...
Agradeço a ajuda no esclarecimento das dúvidas... Sou novato no Mikrotik e em balanceamento PCC e só tenho a agradecer a sua iniciativa, que logo vai completar 1 ano. Obrigado.
Hoje de madrugada fui fazer uns testes no Balanceamento, tenho 1 Dedicado e 3 ADSL e no momento do testes estava usando 1 Dedicado e 2 ADSL, porque o 3º ADSL estava rodando no servidor, e está ocorrendo o seguinte problema:
Os 2 ADSL se conectam normalmente, e o Dedicado sobe também, só que a Internet não é liberada, mesmo eu pingando do Balance para a Internet, mas quando eu desabilito a interface do Dedicado, ele pinga e libera a Internet normalmente, e se eu habilito o Dedicado, ele até pinga a Internet, mas não navega nos sites, e uma coisa que eu achei estranho é que ele não estava pingando o roteador também (gateway do dedicado), e eu conferi os IP's e estava tudo certo.
Depois que desabilito o Dedicado e a navegação é liberada, fiz o teste de desabilitar o "Bloqueio do DNS Reverso" e entrei no site: Meu ip - Qual , para ver se eu atualizando a página, ia alternar entre as conexões, mas sempre só mostrava o IP do 1º ADSL que eu cadastrei (que foi cadastrado depois do Dedicado), porque na ordem da configuração dos Links, eu fiz, foi: ether2 = Dedicado, ether3 = ADSL1, ether4 = ADSL2 (não estava conectado no momento, porque estava no servidor MK), ether5 = ADSL3, e na ether1 = saida (para o servidor MK).
Estou mandando abaixo o código gerado pelo programa.
Você poderia dar uma analisada no mesmo e me falar se tem algum problema?
Desde já agradeço a ajuda disponibilizada desde o início do tópico.
Até mais.
# ip address --------------------------
/ip address add address=172.16.0.1/24 interface=saida
/ip address add address=188.94.134.212/29 interface=dedicado
# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_1 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_1 password=senha1 profile=default service-name="" use-peer-dns=no [email protected]
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_2 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_2 password=senha2 profile=default service-name="" use-peer-dns=no [email protected]
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=adsl_3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_adsl_3 password=senha3 profile=default service-name="" use-peer-dns=no [email protected]
# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes
# ip dns statico------------------------
/ip dns static add address=172.16.0.1 disabled=no name=172.16.0.1.provedor.com.br ttl=1d
# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=dsl.telesp.net.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!dedicado src-address=172.16.0.1/24
# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=dedicado
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_1
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_adsl_3
# ip firewall mangle------------------------
# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=saida new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=saida new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_adsl_1 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=saida new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=saida new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=adsl_adsl_2 routing-mark=Rota2
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------
Continuação:
/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=saida
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=saida
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=dedicado new-connection-mark=dedicado_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_1 new-connection-mark=adsl_adsl_1_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_2 new-connection-mark=adsl_adsl_2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_adsl_3 new-connection-mark=adsl_adsl_3_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=dedicado_conn disabled=no new-routing-mark=to_dedicado passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_1_conn disabled=no new-routing-mark=to_adsl_adsl_1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_2_conn disabled=no new-routing-mark=to_adsl_adsl_2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_adsl_3_conn disabled=no new-routing-mark=to_adsl_adsl_3 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=188.94.134.209/29 in-interface=saida
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=dedicado_conn passthrough=yes per-connection-classifier=both-addresses:6/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_1_conn passthrough=yes per-connection-classifier=both-addresses:6/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_1_conn passthrough=yes per-connection-classifier=both-addresses:6/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_2_conn passthrough=yes per-connection-classifier=both-addresses:6/3
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_2_conn passthrough=yes per-connection-classifier=both-addresses:6/4
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=saida new-connection-mark=adsl_adsl_3_conn passthrough=yes per-connection-classifier=both-addresses:6/5
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=dedicado_conn disabled=no in-interface=saida new-routing-mark=to_dedicado passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_1_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_2_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_adsl_3_conn disabled=no in-interface=saida new-routing-mark=to_adsl_adsl_3 passthrough=yes
# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.94.134.211 routing-mark=to_dedicado comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_1 routing-mark=to_adsl_adsl_1 comment="Link1"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_2 routing-mark=to_adsl_adsl_2 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_adsl_3 routing-mark=to_adsl_adsl_3 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.94.134.211 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_adsl_1 scope=30 target-scope=10
/ip route add comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=adsl_adsl_2 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_adsl_3 scope=30 target-scope=10
# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback
# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link3\"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link3\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link3\"] disabled=no;\r\ \n/ip route set [find comment=\"Link3\"] disabled=no;"