Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Balanceo PCC

    Hochgeladen von

    Julio Antonio Brenis LLaguento
    58 Ansichten3 Seiten
    Balanceo PCC Mikrotik versiones

    Originaltitel

    Balanceo Pcc

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Balanceo PCC Mikrotik versiones

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    58 Ansichten3 Seiten

    Balanceo PCC

    Hochgeladen von

    Julio Antonio Brenis LLaguento
    Balanceo PCC Mikrotik versiones

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    /ip firewall mangle

    add action=mark-connection chain=prerouting connection-state=new in-


    interface=pppoe-out1 new-connection-mark=ISP1_conn
    add action=mark-connection chain=prerouting connection-state=new in-
    interface=pppoe-out2 new-connection-mark=ISP2_conn

    add action=mark-connection chain=prerouting connection-state=new dst-address-type=!


    local in-interface=ether5 new-connection-mark=ISP1_conn per-connection-
    classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting connection-state=new dst-address-type=!
    local in-interface=ether5 new-connection-mark=ISP2_conn per-connection-
    classifier=both-addresses:2/1

    add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-


    interface=ether5 new-routing-mark=to_ISP1
    add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-
    interface=ether5 new-routing-mark=to_ISP2
    add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-
    mark=to_ISP1
    add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-
    mark=to_ISP2

    / ip route
    add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_ISP1 check-
    gateway=ping
    add dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_ISP2 check-
    gateway=ping
    add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=pppoe-out2 distance=2 check-gateway=ping

    / ip firewall nat
    add chain=srcnat out-interface=pppoe-out1 action=masquerade
    add chain=srcnat out-interface=pppoe-out2 action=masquerade

    ===================================================================================
    ==========================================
    script

    /ip address
    add address=192.168.1.2/24 comment="Wan 1" interface=ether1 network=192.168.1.0
    add address=192.168.9.2/24 comment="Wan 2" interface=ether2 network=192.168.9.0
    add address=10.10.10.1/24 comment=Lan interface=ether5 network=10.10.10.0

    /ip firewall nat


    add action=masquerade chain=srcnat comment="Wan 1" out-interface=ether1
    add action=masquerade chain=srcnat comment="Wan 2" out-interface=ether2

    /ip route
    add check-gateway=ping comment="Ruteo wan 1" distance=1 gateway=192.168.1.1
    routing-mark=to_ether1
    add check-gateway=ping comment="Ruteo wan 2" distance=1 gateway=192.168.9.1
    routing-mark=to_ether2
    add check-gateway=ping comment="Wan 1" distance=1 gateway=192.168.1.1
    add check-gateway=ping comment="Wan 2" distance=2 gateway=192.168.9.1

    /ip firewall mangle


    add action=mark-connection chain=prerouting comment="Marca de conexiones" in-
    interface=ether1 new-connection-mark=ether1_conn
    add action=mark-connection chain=prerouting in-interface=ether2 new-connection-
    mark=ether2_conn

    add action=mark-routing chain=output comment=Salida connection-mark=ether1_conn


    new-routing-mark=to_ether1
    add action=mark-routing chain=output connection-mark=ether2_conn new-routing-
    mark=to_ether2

    add action=mark-connection chain=prerouting comment="Wan (1) 10 megas" connection-


    mark=no-mark dst-address-type=!local in-interface=ether5 new-connection-
    mark=ether1_conn per-connection-classifier=both-addresses:4/0
    add action=mark-connection chain=prerouting comment="Wan (2) 30 megas" connection-
    mark=no-mark dst-address-type=!local in-interface=ether5 new-connection-
    mark=ether2_conn per-connection-classifier=both-addresses:4/1
    add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-
    type=!local in-interface=ether5 new-connection-mark=ether2_conn per-connection-
    classifier=both-addresses:4/2
    add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-
    type=!local in-interface=ether5 new-connection-mark=ether2_conn per-connection-
    classifier=both-addresses:4/3

    add action=mark-routing chain=prerouting connection-mark=ether1_conn in-


    interface=ether5 new-routing-mark=to_ether1
    add action=mark-routing chain=prerouting connection-mark=ether2_conn in-
    interface=ether5 new-routing-mark=to_ether2

    -----------------------------------------------------------------------------------
    ------------------------------------------
    Excluir a clientes del balanceo de carga

    Ahora bien en algunos casos se quiere excluir a un cliente del balanceo y hacer
    que salga por una linea wan espesifica, en caso una linea tenga mas prioridad o
    tenga alguna intermitencia por una por alguna razon , o se quiera digijir un
    segmento de red por una linea y otro segmento de red por la otra linea para esto
    nos dirijiremos ip/firewall/mangle

    simulando que la ip 192.168.80.239 es el cliente a trabajar, en caso sean algunas


    ips se trabajarian con Address List

    Script de la regla

    add action=mark-routing chain=prerouting disabled=yes dst-address-type=!local new-


    routing-mark=to_ether2 passthrough=yes src-address=192.168.80.239

    to_ether2 = indica la marca de ruteo que se puso en ip/route lo cual esta


    vinculado a una linea wan
    esta regla se coloca delante del balanceo para que el firewall machee primero esa
    regla y el trafico que tenga como origen esa ip no pase por el balanceo.

    ===================================================================================
    =============================================
    / ip address
    add address=192.168.37.1/24 network=192.168.37.0 broadcast=192.168.37.255
    interface=LAN
    add address=12.25.20.2/24 network=12.25.20.0 broadcast=12.25.20.255 interface=ADSL1
    add address=19.74.30.2/24 network=19.74.30.0 broadcast=19.74.30.255 interface=ADSL2
    / ip firewall mangle
    add chain=input in-interface=ADSL1 action=mark-connection new-connection-
    mark=ADSL1_conn
    add chain=input in-interface=ADSL2 action=mark-connection new-connection-
    mark=ADSL2_conn
    add chain=output connection-mark=ADSL1_conn action=mark-routing new-routing-
    mark=to_ADSL1
    add chain=output connection-mark=ADSL2_conn action=mark-routing new-routing-
    mark=to_ADSL2
    add chain=prerouting dst-address=12.25.20.0/24 action=accept in-interface=LAN
    add chain=prerouting dst-address=19.74.30.0/24 action=accept in-interface=LAN
    add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-
    classifier=both-addresses:2/0 \
    action=mark-connection new-connection-mark=ADSL1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-
    classifier=both-addresses:2/1 \
    action=mark-connection new-connection-mark=ADSL2_conn passthrough=yes
    add chain=prerouting connection-mark=ADSL1_conn in-interface=LAN action=mark-
    routing new-routing-mark=to_ADSL1
    add chain=prerouting connection-mark=ADSL2_conn in-interface=LAN action=mark-
    routing new-routing-mark=to_ADSL2

    / ip route
    add dst-address=0.0.0.0/0 gateway=12.25.20.1 routing-mark=to_ADSL1 check-
    gateway=ping
    add dst-address=0.0.0.0/0 gateway=19.74.30.1 routing-mark=to_ADSL2 check-
    gateway=ping
    add dst-address=0.0.0.0/0 gateway=12.25.20.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=19.74.30.1 distance=2 check-gateway=ping

    / ip firewall nat
    add chain=srcnat out-interface=ADSL1 action=masquerade
    add chain=srcnat out-interface=ADSL2 action=masquerade

    http://configurarmikrotikwireless.com/detalles

    Das könnte Ihnen auch gefallen