Bom dia pessoal, já procurei bastante e achei até alguns casos que mostram como fazer funcional o balance pcc com proxy.
Mas infelizmente aqui não consegui colocar para rodar os 2 juntos.
equipamento RB450G
2 links dedicados 4 e 1 Mega.
uso o proxy apenas para controle de acesso a sites, pois esse rb esta em uma empresa.
bom aqui estão as minhas regras atuais do mangle, rout e do nat se alguém poder me dar uma dica onde estou errando.
logo depois vou colocar imagnes para facilitar a visualização das regras já que algumas estão desativadas.
da forma atual funciona o proxy mas o balance não, algumas estão ativas e outras não se precisarem de mais informação só pedir!
Citação:
/ip firewall mangle
add action=mark-connection chain=output comment="SEM BALACE CACHE FULL" \
content="X-Cache: HIT" disabled=yes new-connection-mark=conn_squid-up \
protocol=tcp src-port=3128
add action=mark-packet chain=output connection-mark=conn_squid-up disabled=\
yes new-packet-mark=pacotes_squid-up
add action=mark-connection chain=prerouting disabled=yes dst-port=3128 \
new-connection-mark=conn_squid-down protocol=tcp
add action=mark-packet chain=prerouting connection-mark=conn_squid-down \
disabled=yes new-packet-mark=pacotes_squid-down
add chain=prerouting comment="FORA DO BALANCE" dst-address-list=sembalance \
dst-port=443 in-interface=local protocol=tcp
add chain=prerouting comment="ACEITAR TRAFEGO DA REDE INTERNA" dst-address=\
192.168.1.0/24 src-address=192.186.1.0/24
add action=mark-connection chain=prerouting comment=\
"MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark in-interface=\
link1 new-connection-mark=conn_link1 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=link2 new-connection-mark=conn_link2
add action=mark-connection chain=prerouting comment=\
"PROXY MARCAR CONE\C7\D5ES LINKS 1 E 2" connection-mark=no-mark disabled=\
yes dst-port=3128 in-interface=link1 new-connection-mark=conn_link1 \
protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-port=3128 in-interface=link2 new-connection-mark=conn_link2 \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=local new-connection-mark=conn_link1 \
per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=prerouting comment=\
"PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK OI 4M" connection-mark=no-mark \
dst-address-type=!local dst-port=3128 in-interface=local \
new-connection-mark=conn_link1 per-connection-classifier=\
both-addresses-and-ports:5/0 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local dst-port=3128 in-interface=local \
new-connection-mark=conn_link1 per-connection-classifier=\
both-addresses-and-ports:5/1 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local dst-port=3128 in-interface=local \
new-connection-mark=conn_link1 per-connection-classifier=\
both-addresses-and-ports:5/2 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local dst-port=3128 in-interface=local \
new-connection-mark=conn_link1 per-connection-classifier=\
both-addresses-and-ports:5/3 protocol=tcp
add action=mark-connection chain=prerouting comment=\
"MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=no-mark \
dst-address-type=!local in-interface=local new-connection-mark=conn_link2 \
per-connection-classifier=both-addresses-and-ports:5/4
add action=mark-connection chain=prerouting comment=\
"PROXY MARCA\C7\C3O DE DIVIS\C3O DO LINK EMBRATEL 1M" connection-mark=\
no-mark dst-address-type=!local dst-port=3128 in-interface=local \
new-connection-mark=conn_link2 per-connection-classifier=\
both-addresses-and-ports:5/4 protocol=tcp
add action=mark-routing chain=prerouting comment=\
"MARCA\C7\C3O DE ROTA PARA LINKS" connection-mark=conn_link1 \
in-interface=local new-routing-mark=rota_link1
add action=mark-routing chain=prerouting connection-mark=conn_link2 \
in-interface=local new-routing-mark=rota_link2
add action=mark-routing chain=output comment=\
"MARCANDO ROTA DE SAIDA PARA LINK" connection-mark=conn_link1 \
new-routing-mark=rota_link1
add action=mark-routing chain=output connection-mark=conn_link2 \
new-routing-mark=rota_link2
add action=mark-packet chain=postrouting connection-mark=thunder-c \
new-packet-mark=thunder-P passthrough=no
Citação:
/ip firewall nat
add chain=dstnat comment=\
"\"\"\"\"\"\"SERVI\C7OS NOBRES FORA DO PROXY\"\"\"\"\"\"" \
dst-address-list=nobalance dst-port=80 protocol=tcp
add action=redirect chain=dstnat comment="REDIRECIONAMENTO PROXY" dst-port=80 \
in-interface=local protocol=tcp to-ports=3128
add action=masquerade chain=srcnat comment="NAVEGA\C7\C3O" out-interface=\
link1
add action=masquerade chain=srcnat out-interface=link2
add action=masquerade chain=srcnat out-interface=CLIENTES
Anexo 53698Citação:
as rotas estão com ips ficticios validos mas que não são os meus :)
/ip route
add check-gateway=ping disabled=yes distance=1 gateway=199.199.1.1 \
routing-mark=rota_link1
add check-gateway=ping disabled=yes distance=1 gateway=188.188.2.2 \
routing-mark=rota_link2
add distance=1 gateway=199.199.1.1
add distance=2 gateway=188.188.2.2