firewall para balance em rb 493 !

[lednet]

to com um balance em uma rb493 tem 4 ads de 10mb ativos e outro para ser configurado, como podem ver ta muito pobre de configuração toda a rede é baseada no link 1 o acesso a bancos ta ficando cada vez mais lento gostaria de uma ajuda em relação a isso, não sei talvez bancos saindo por qualquer link e oque mais vcs poderem fazer por mim desde já agradeço.

[lednet]

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=10h \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=\
5s tcp-syn-sent-timeout=5s tcp-syncookie=yes tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment=PC.INVALID connection-state=invalid \
disabled=no
add action=drop chain=input comment=PC.INVALID disabled=no dst-port=\
8080,8090,53 in-interface=!ether1-lan protocol=tcp
add action=add-src-to-address-list address-list=sem-balance \
address-list-timeout=1h10s chain=input comment=PC.WB disabled=no \
in-interface=!ether1-lan port=18299,8282,220,8291 protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting comment=sem-balance disabled=no \
dst-address-list=sem-balance in-interface=ether1-lan
add action=mark-connection chain=input comment=balance-nova_conexao-link1 \
connection-state=new disabled=no in-interface=pppoe-link1 \
new-connection-mark=balance-nova-link1 passthrough=yes
add action=mark-connection chain=input comment=balance-nova_conexao-link2 \
connection-state=new disabled=no in-interface=pppoe-link2 \
new-connection-mark=balance-nova-link2 passthrough=yes
add action=mark-connection chain=input comment=balance-nova_conexao-link3 \
connection-state=new disabled=no in-interface=pppoe-link3 \
new-connection-mark=balance-nova-link3 passthrough=yes
add action=mark-connection chain=input comment=balance-nova_conexao-link4 \
connection-state=new disabled=no in-interface=pppoe-link4 \
new-connection-mark=balance-nova-link4 passthrough=yes
add action=mark-routing chain=output comment=balance-route-link1 \
connection-mark=balance-nova-link1 disabled=no dst-address-list=!intranet \
new-routing-mark=balance-route-link1 passthrough=no
add action=mark-routing chain=output comment=balance-route-link2 \
connection-mark=balance-nova-link2 disabled=no dst-address-list=!intranet \
new-routing-mark=balance-route-link2 passthrough=no
add action=mark-routing chain=output comment=balance-route-link3 \
connection-mark=balance-nova-link3 disabled=no dst-address-list=!intranet \
new-routing-mark=balance-route-link3 passthrough=no
add action=mark-routing chain=output comment=balance-route-link4 \
connection-mark=balance-nova-link4 disabled=no dst-address-list=!intranet \
new-routing-mark=balance-route-link4 passthrough=no
add action=mark-connection chain=prerouting comment=balance-conexao-link1 \
disabled=no dst-address-list=!intranet dst-address-type=!local \
in-interface=ether1-lan new-connection-mark=balance-conexao-link1 \
passthrough=yes
add action=mark-connection chain=prerouting comment=balance-conexao-link2 \
disabled=no dst-address-list=!intranet dst-address-type=!local \
in-interface=ether1-lan new-connection-mark=balance-conexao-link2 \
passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting comment=balance-conexao-link3 \
disabled=no dst-address-list=!intranet dst-address-type=!local \
in-interface=ether1-lan new-connection-mark=balance-conexao-link3 \
passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting comment=balance-conexao-link4 \
disabled=no dst-address-list=!intranet dst-address-type=!local \
in-interface=ether1-lan new-connection-mark=balance-conexao-link4 \
passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting comment=balance-para-link1 \
connection-mark=balance-conexao-link1 disabled=no in-interface=ether1-lan \
new-routing-mark=balance-para-link1 passthrough=yes
add action=mark-routing chain=prerouting comment=balance-para-link2 \
connection-mark=balance-conexao-link2 disabled=no in-interface=ether1-lan \
new-routing-mark=balance-para-link2 passthrough=yes
add action=mark-routing chain=prerouting comment=balance-para-link3 \
connection-mark=balance-conexao-link3 disabled=no in-interface=ether1-lan \
new-routing-mark=balance-para-link3 passthrough=yes
add action=mark-routing chain=prerouting comment=balance-para-link4 \
connection-mark=balance-conexao-link4 disabled=no in-interface=ether1-lan \
new-routing-mark=balance-para-link4 passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment=PC.CRUSHER disabled=no dst-port=18299 \
in-interface=!ether1-lan protocol=tcp to-addresses=10.30.30.2 to-ports=8291
add action=masquerade chain=srcnat comment=balance-masquerade-link1 disabled=no \
out-interface=pppoe-link1
add action=masquerade chain=srcnat comment=balance-masquerade-link2 disabled=no \
out-interface=pppoe-link2
add action=masquerade chain=srcnat comment=balance-masquerade-link3 disabled=no \
out-interface=pppoe-link3
add action=masquerade chain=srcnat comment=balance-masquerade-link4 disabled=no \
out-interface=pppoe-link4

[lednet]

/ip firewall address-list
add address=200.198.182.152 comment=F2b disabled=no list=sem-balance
add address=74.201.74.0/24 comment=Logmein disabled=no list=sem-balance
add address=200.155.0.0/24 comment=HIPERCARD disabled=no list=sem-balance
add address=200.155.0.0/16 comment=Bradesco disabled=no list=sem-balance
add address=200.201.0.0/16 comment=Cef disabled=no list=sem-balance
add address=170.66.0.0/16 comment=BB disabled=no list=sem-balance
add address=200.220.0.0/16 comment=Santander disabled=no list=sem-balance
add address=200.196.0.0/16 comment=Itau disabled=no list=sem-balance
add address=189.56.0.0/16 comment=NCNB disabled=no list=sem-balance
add address=161.113.0.0/24 comment=HSBC disabled=no list=sem-balance
add address=200.201.0.0/16 comment="Conectividade Social" disabled=no list=\
sem-balance
add address=200.238.0.0/16 comment=e-FiscoPE disabled=no list=sem-balance
add address=200.178.0.0/16 comment=Condutor disabled=no list=sem-balance
add address=200.157.0.0/16 comment="Receita Federal - Site e Receitanet" \
disabled=no list=sem-balance
add address=161.148.0.0/16 disabled=no list=sem-balance
add address=189.111.6.37 disabled=no list=sem-balance
add address=201.7.176.0/20 comment=Globo disabled=no list=sem-balance
add address=200.174.72.154 comment=Consul disabled=no list=sem-balance
add address=201.7.178.0/27 comment=Globo disabled=no list=sem-balance
add address=186.192.80.0/20 comment=Globo disabled=no list=sem-balance
add address=200.130.0.0/16 comment=";;;Sisu Aluno" disabled=no list=sem-balance
add address=201.7.180.0/24 comment=Globo disabled=no list=sem-balance
add address=64.151.87.25 comment=Globo disabled=no list=sem-balance
add address=200.147.0.0/16 comment="Videos uol" disabled=no list=sem-balance
add address=65.54.85.0/24 comment="MSN Videos" disabled=no list=sem-balance
add address=200.221.0.0/16 disabled=no list=sem-balance
add address=8.23.224.0/24 comment="no-ip - renato" disabled=no list=sem-balance
add address=187.86.8.0/24 comment="REDE LENILSON" disabled=no list=sem-balance
add address=192.167.0.0/16 disabled=no list=intranet
add address=10.40.0.0/16 disabled=no list=intranet
add address=192.168.10.0/24 disabled=no list=intranet
add address=10.50.0.0/16 disabled=no list=intranet
add address=10.30.30.2 disabled=no list=intranet
add address=187.6.18.61 disabled=no list=sem-balance
add address=187.6.100.115 disabled=no list=sem-balance
add address=216.224.178.11 comment=THUNDER disabled=no list=sem-balance

[wagnersn]

Esse seu balance é modelo antigo, tenho um que não precisa mais adiciona essa regras de sites de banco nem https.

Ele aqui roda normal sem nenhuma problema.

[lednet]

Esse seu balance é modelo antigo, tenho um que não precisa mais adiciona essa regras de sites de banco nem https.

Ele aqui roda normal sem nenhuma problema.

envia ai então.

[wagnersn]

envia ai então.

é o mesmo da wiki mikrotik

hoje em dia não se usa mais marcações.

http://wiki.mikrotik.com/wiki/Manual:PCC