Postado originalmente por
gunthermb
Olá pessoal do forum, estou com um problemão para resolver.
Vou tentar explicar o que pretendo fazer, hoje tenho um link dedicado de 2MB utilizo cache full, + ou - 250 Clientes, o que garante o bom funcionamento é o cache.
Preciso adicionar algumas adsls a alguns grupos de clientes para aliviar minha rede até que venha a ampliação de link, como sempre demorada.
Em "ip address" eu tenho várias faixas de ip, a cada 10 ou 15 clientes eu utilizo uma faixa diferente de ips, desta forma pretendo fazer balanceamento por grupo, fica fácil mudar um grupo de cliente para um link x. vou postar a baixo todas as configurações do meu servidor:
ether1 link
ether2 rede
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 200.203.128.112/24 200.203.128.0 200.203.128.255 ether2
1 189.30.30.228/23 189.30.30.0 189.30.30.255 ether1
2 200.203.129.112/24 200.203.129.0 200.203.129.255 ether2
3 189.30.30.229/23 189.30.30.0 189.30.30.255 ether1
4 200.203.127.112/24 200.203.127.0 200.203.127.255 ether2
5 200.203.130.112/24 200.203.130.0 200.203.130.255 ether2
6 200.203.131.112/24 200.203.131.0 200.203.131.255 ether2
7 200.203.132.112/24 200.203.132.0 200.203.132.255 ether2
8 200.203.136.112/24 200.203.136.0 200.203.136.255 ether2
9 200.203.133.112/24 200.203.133.0 200.203.133.255 ether2
10 200.203.134.112/24 200.203.134.0 200.203.134.255 ether2
11 200.203.135.112/24 200.203.135.0 200.203.135.255 ether2
12 200.203.137.112/24 200.203.137.0 200.203.137.255 ether2
13 200.203.138.112/24 200.203.138.0 200.203.138.255 ether2
14 189.30.30.227/23 189.30.30.0 189.30.30.255 ether1
15 200.203.139.112/24 200.203.139.0 200.203.139.255 ether2
16 200.203.140.112/24 200.203.140.0 200.203.140.255 ether2
17 192.168.254.200/24 192.168.254.0 192.168.255.255 ether1
[admin@MikroTik] ip address>
REPAREM QUE UTILIZO VARIAS FAIXAS DE IP DE SAIDA.
[admin@MikroTik] ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 189.30.30.0/23 189.30.30.227 ether1
1 ADC 192.168.254.0/24 192.168.254.200 ether1
2 ADC 200.203.127.0/24 200.203.127.112 ether2
3 ADC 200.203.128.0/24 200.203.128.112 ether2
4 ADC 200.203.129.0/24 200.203.129.112 ether2
5 ADC 200.203.130.0/24 200.203.130.112 ether2
6 ADC 200.203.131.0/24 200.203.131.112 ether2
7 ADC 200.203.132.0/24 200.203.132.112 ether2
8 ADC 200.203.133.0/24 200.203.133.112 ether2
9 ADC 200.203.134.0/24 200.203.134.112 ether2
10 ADC 200.203.135.0/24 200.203.135.112 ether2
11 ADC 200.203.136.0/24 200.203.136.112 ether2
12 ADC 200.203.137.0/24 200.203.137.112 ether2
13 ADC 200.203.138.0/24 200.203.138.112 ether2
14 ADC 200.203.139.0/24 200.203.139.112 ether2
15 ADC 200.203.140.0/24 200.203.140.112 ether2
16 A S 0.0.0.0/0 r 189.30.30.225 ether1
17 A S ;;; ADSL
0.0.0.0/0 r 192.168.254.254 ether1
18 A S 0.0.0.0/0 r 189.30.30.225 ether1
19 A S 0.0.0.0/0 r 189.30.30.225 ether1
20 A S ;;; ADSL
0.0.0.0/0 r 192.168.254.254 ether1
21 A S 0.0.0.0/0 r 189.30.30.225 ether1
22 A S ;;; ADSL
0.0.0.0/0 r 192.168.254.254 ether1
23 A S 0.0.0.0/0 r 189.30.30.225 ether1
24 A S 0.0.0.0/0 r 189.30.30.225 ether1
25 A S 0.0.0.0/0 r 189.30.30.225 ether1
26 A S 0.0.0.0/0 r 189.30.30.225 ether1
27 X S 0.0.0.0/0 r 192.168.254.254 ether1
28 A S 0.0.0.0/0 r 189.30.30.225 ether1
29 A S 0.0.0.0/0 r 189.30.30.225 ether1
30 A S 0.0.0.0/0 r 189.30.30.225 ether1
31 A S ;;; ADSL
0.0.0.0/0 r 192.168.254.254 ether1
[admin@MikroTik] ip route>
AQUI SEGUE AS REGRAS DO MEU CAHCE FULL, CONTROLE P2P E OS GRUPOS PARA AS VARIAS FAIXAS DE IP QUE TENHO.
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; PROXI FULL
chain=output protocol=tcp src-port=3128 action=mark-connection new-connection-mark=proxifull passthrough=yes
1 chain=output connection-mark=proxifull action=mark-packet new-packet-mark=proxifull passthrough=yes
2 chain=output connection-mark=proxifull action=return
3 ;;; CONTROLE P2P
chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes
4 chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes
5 ;;; MARCA PACOTES VOIP
chain=forward connection-mark=voip_conn action=mark-packet new-packet-mark=voip passthrough=yes
6 chain=postrouting connection-mark=voip_conn action=change-tos new-tos=min-delay
7 chain=forward dst-address=201.33.209.6 action=mark-connection new-connection-mark=voip_conn passthrough=yes
8 ;;; GRUPOA
chain=prerouting src-address=200.203.140.0/24 action=mark-routing new-routing-mark=GRUPOA passthrough=no
9 ;;; GRUPOB
chain=prerouting src-address=200.203.127.0/24 action=mark-routing new-routing-mark=GRUPOB passthrough=no
10 ;;; GRUPOC
chain=prerouting src-address=200.203.128.0/24 action=mark-routing new-routing-mark=GRUPOC passthrough=no
11 ;;; GRUPOD
chain=prerouting src-address=200.203.129.0/24 action=mark-routing new-routing-mark=GRUPOD passthrough=no
12 ;;; GRUPOE
chain=prerouting src-address=200.203.130.0/24 action=mark-routing new-routing-mark=GRUPOE passthrough=no
13 ;;; GRUPOF
chain=prerouting src-address=200.203.131.0/24 action=mark-routing new-routing-mark=GRUPOF passthrough=no
14 ;;; GRUPOG
chain=prerouting src-address=200.203.132.0/24 action=mark-routing new-routing-mark=GRUPOG passthrough=no
15 ;;; GRUPOH
chain=prerouting src-address=200.203.133.0/24 action=mark-routing new-routing-mark=GRUPOH passthrough=no
16 ;;; GRUPOI
chain=prerouting src-address=200.203.134.0/24 action=mark-routing new-routing-mark=GRUPOI passthrough=no
17 ;;; GRUPOJ
chain=prerouting src-address=200.203.135.0/24 action=mark-routing new-routing-mark=GRUPOJ passthrough=no
18 ;;; GRUPOL
chain=prerouting src-address=200.203.136.0/24 action=mark-routing new-routing-mark=GRUPOL passthrough=no
19 ;;; GRUPOM
chain=prerouting src-address=200.203.137.0/24 action=mark-routing new-routing-mark=GRUPOM passthrough=no
20 ;;; GRUPON
chain=prerouting src-address=200.203.138.0/24 action=mark-routing new-routing-mark=GRUPON passthrough=no
21 ;;; GRUPOO
chain=prerouting src-address=200.203.139.0/24 action=mark-routing new-routing-mark=GRUPOO passthrough=no
-- [Q quit|D dump|up]
AQUI SEGUE AS REGRAS DO NAT:
REPAREM QUE AQUI EU FIZ UM MASQUERADE PARA CADA GURPO.
SEGUE TAMBÉM A REGRA DO REDIRECIONAMENTO DO PROXI.
[admin@MikroTik] ip firewall> nat
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X chain=srcnat out-interface=ether1 action=masquerade
1 chain=dstnat in-interface=ether2 protocol=tcp dst-port=80 action=redirect to-ports=3128
2 ;;; GUNTHER
chain=dstnat dst-address=189.30.30.X protocol=tcp dst-port=3389 action=dst-nat to-addresses=200.203.128.28 to-ports=3389
3 X ;;; GUNTHER
chain=dstnat dst-address=189.30.30.X protocol=tcp dst-port=8291 action=dst-nat to-addresses=200.203.128.252 to-ports=8291
4 ;;; MAURICIO
chain=dstnat dst-address=189.30.30.X protocol=tcp dst-port=3389 action=dst-nat to-addresses=200.203.128.200 to-ports=3389
5 ;;; MAURICIO
chain=dstnat dst-address=189.30.30.X protocol=tcp dst-port=5900 action=dst-nat to-addresses=200.203.136.28 to-ports=5900
6 ;;; NAT BALANCEMANENTO GRUPO A
chain=srcnat out-interface=ether1 src-address=200.203.140.0/24 action=masquerade
7 ;;; NAT BALANCEMANENTO GRUPO B
chain=srcnat out-interface=ether1 src-address=200.203.127.0/24 action=masquerade
8 ;;; NAT BALANCEMANENTO GRUPO C
chain=srcnat out-interface=ether1 src-address=200.203.128.0/24 action=masquerade
9 ;;; NAT BALANCEMANENTO GRUPO D
chain=srcnat out-interface=ether1 src-address=200.203.129.0/24 action=masquerade
10 ;;; NAT BALANCEMANENTO GRUPO E
chain=srcnat out-interface=ether1 src-address=200.203.130.0/24 action=masquerade
11 ;;; NAT BALANCEMANENTO GRUPO F
chain=srcnat out-interface=ether1 src-address=200.203.131.0/24 action=masquerade
12 ;;; NAT BALANCEMANENTO GRUPO G
chain=srcnat out-interface=ether1 src-address=200.203.132.0/24 action=masquerade
13 ;;; NAT BALANCEMANENTO GRUPO H
chain=srcnat out-interface=ether1 src-address=200.203.133.0/24 action=masquerade
14 ;;; NAT BALANCEMANENTO GRUPO I
chain=srcnat out-interface=ether1 src-address=200.203.134.0/24 action=masquerade
15 ;;; NAT BALANCEMANENTO GRUPO J
chain=srcnat out-interface=ether1 src-address=200.203.135.0/24 action=masquerade
16 ;;; NAT BALANCEMANENTO GRUPO L
chain=srcnat out-interface=ether1 src-address=200.203.136.0/24 action=masquerade
17 ;;; NAT BALANCEMANENTO GRUPO M
chain=srcnat out-interface=ether1 src-address=200.203.137.0/24 action=masquerade
18 ;;; NAT BALANCEMANENTO GRUPO N
chain=srcnat out-interface=ether1 src-address=200.203.138.0/24 action=masquerade
19 ;;; NAT BALANCEMANENTO GRUPO O
Bom, agora que já temos todas as regras, vou explicar melhor o problema, quando eu executo o balancemento ele só funciona quando eu desabilito o proxi, existe alguma forma de eu habilitar o balanceamento juntamente com o cache?
Att. Günther
Balanceamento de rede com cache link dedicado 2mb + adsl
Citação