+ Responder ao Tópico



  1. #1

    Padrão LoadBalance e porta 443 (https)

    Boa tarde, estou fazendo um balanceamento com 3 links e gostaria de saber como fazer para redirecionar todo trafego de determinada porta para um unico link, por exemplo porta 443 que sao usadas em sites bancarios, estou usando o seguinte esquema para os balanceamentos:


    / ip address

    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether1 comment="" \
    disabled=no

    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 \
    comment="" disabled=no

    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether3 \
    comment="" disabled=no

    add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=ether4 \
    comment="" disabled=no



    / ip firewall mangle

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,0 \
    action=mark-connection new-connection-mark=odd passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=odd action=mark-routing \
    new-routing-mark=odd passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,1 \
    action=mark-connection new-connection-mark=even passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=even action=mark-routing \
    new-routing-mark=even passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=ether1 connection-state=new nth=2,1,2 \
    action=mark-connection new-connection-mark=ode passthrough=yes comment="" \
    disabled=no

    add chain=prerouting in-interface=ether1 connection-mark=ode action=mark-routing \
    new-routing-mark=ode passthrough=no comment="" disabled=no


    / ip firewall nat

    add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
    to-ports=0-65535 comment="" disabled=no

    add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
    to-ports=0-65535 comment="" disabled=no

    add chain=srcnat connection-mark=ode action=src-nat to-addresses=
    10.113.0.2 \
    to-ports=0-65535 comment="" disabled=no



    / ip route

    add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=ode \
    comment="" disabled=no

    add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 comment="" \
    disabled=no

  2. #2

    Thumbs up

    olá amigo ai vai a regra !

    IP > Firewall > Mangle

    General Chain=prerouting Src.Address=0.0.0.0 ou ip de entrada do seu servidor ex:192.168.0.254 Protocol=TCP Dst.Port=443

    Acetion Acetion=mark coonection New Connection Mark=odd

    Marque a caixa ( Passthrough )

    Isso deve resolver !!!

    Qualquer coisa posta ai !