Meus caros, tenho uma RB1100 rodando legal aqui e fazendo um loadbalance de 4 links dedicados, mas estava querendo implantar o MK-AUTH com hotspot, e me disseram que tenho que colocar outra RB. Isto procede? Pedro, me ajuda nessa ai...
Para adicionar comentários, você deve ser membro de MK-AUTH.
Respostas
Rogerio, estudei um pouco essa noite mas ainda não consegui resultados satisfatorios, essas regras que vou postar ainda não estão postas nos meu sistema, gostaria que desse uma olhada antes de eu subir:
local:
clientes=ether1 ate ether10
wans internet:
ether11=ISP1 + pppoe-out1
ether12=ISP2 + pppoe-out2
ether13=ISP3 + pppoe-out3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/ip address
add address=172.16.1.1/24 disabled=no interface=ether1 network=172.16.1.0
add address=172.16.2.1/24 disabled=no interface=ether2 network=172.16.2.0
add address=172.16.3.1/24 disabled=no interface=ether3 network=172.16.3.0
add address=172.16.4.1/24 disabled=no interface=ether4 network=172.16.4.0
add address=172.16.5.1/24 disabled=no interface=ether5 network=172.16.5.0
add address=172.16.6.1/24 disabled=no interface=ether6 network=172.16.6.0
add address=172.16.7.1/24 disabled=no interface=ether7 network=172.16.7.0
add address=172.16.8.1/24 disabled=no interface=ether8 network=172.16.8.0
add address=172.16.9.1/24 disabled=no interface=ether9 network=172.16.9.0
add address=172.16.10.1/24 disabled=no interface=ether10 network=172.16.10.0
add address=200.xxx.xxx.x/29 comment="WAN 4 5M" disabled=no interface=ISP-3 network=200.xxx.xxx.x
/interface pppoe-client
add add-default-route=no allow=chap,mschap1,mschap2 comment="WAN 1 " dial-on-demand=no disabled=no interface=ether11 max-mru=1480 max-mtu=1480 name=ISP-1 password=12345 profile=default use-peer-dns=yes user=PPPOE-1
add add-default-route=no allow=chap,mschap1,mschap2 comment="WAN 2 " dial-on-demand=no disabled=no interface=ether12 max-mru=1480 max-mtu=1480 name=ISP-2 password=12345 profile=default use-peer-dns=yes user=PPPOE-2
add add-default-route=no allow=chap,mschap1,mschap2 comment="WAN 3 " dial-on-demand=no disabled=no interface=ether13 max-mru=1480 max-mtu=1480 name=ISP-3 password=12345 profile=default use-peer-dns=yes user=PPPOE-3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ CRIAR UM HOTSPOT PARA CADA LAN @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=hotspot.xxx.net hotspot-address=172.16.1.1 html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot
add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=admin password=12345 profile=default
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/ip firewall mangle
add action=accept chain=prerouting comment="Permite destino sem LB" disabled=no dst-address-list=sembalance
comment="Entra por X sai por X" INPUT
add action=mark-connection chain=input connection-state=new disabled=no in-interface=pppoe-out1 new-connection-mark=isp1_conn passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=pppoe-out2 new-connection-mark=isp2_conn passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=pppoe-out3 new-connection-mark=isp3_conn passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=ether13 new-connection-mark=isp4_conn passthrough=yes
comment="Previne remarcacao PCC por outro gateway" OUTPUT
add action=mark-connection chain=output connection-state=new disabled=no new-connection-mark=isp1_conn out-interface=pppoe-out1 passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=output connection-state=new disabled=no new-connection-mark=isp2_conn out-interface=pppoe-out2 passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=output connection-state=new disabled=no new-connection-mark=isp3_conn out-interface=pppoe-out3 passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=output connection-state=new disabled=no new-connection-mark=isp4_conn out-interface=ISP-3 passthrough=yes per-connection-classifier=both-addresses:4/3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.1.0/24 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.1.0/24 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.1.0/24 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.1.0/24 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.2.0/24 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.2.0/24 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.2.0/24 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.2.0/24 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether3 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.3.0/24 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.3.0/24 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.3.0/24 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.3.0/24 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether4 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.4.0/24 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.4.0/24 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.4.0/24 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=output connection-state=new disabled=no dst-address=!172.16.4.0/24 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
comment="ISPx to ISPx"
add action=mark-routing chain=output connection-mark=isp1_conn disabled=no new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=output connection-mark=isp2_conn disabled=no new-routing-mark=to_isp2 passthrough=yes
add action=mark-routing chain=output connection-mark=isp3_conn disabled=no new-routing-mark=to_isp3 passthrough=yes
add action=mark-routing chain=output connection-mark=isp4_conn disabled=no new-routing-mark=to_isp4 passthrough=yes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=accept chain=prerouting disabled=no dst-address=172.16.1.0/24 in-interface=ether1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether1 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether1 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether1 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether1 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no in-interface=ether1 new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no in-interface=ether1 new-routing-mark=to_isp2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp3_conn disabled=no in-interface=ether1 new-routing-mark=to_isp3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp4_conn disabled=no in-interface=ether1 new-routing-mark=to_isp4 passthrough=yes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=accept chain=prerouting disabled=no dst-address=172.16.2.0/24 in-interface=ether2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether2 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether2 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether2 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether2 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no in-interface=ether2 new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no in-interface=ether2 new-routing-mark=to_isp2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp3_conn disabled=no in-interface=ether2 new-routing-mark=to_isp3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp4_conn disabled=no in-interface=ether2 new-routing-mark=to_isp4 passthrough=yes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether3 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=accept chain=prerouting disabled=no dst-address=172.16.3.0/24 in-interface=ether3
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether3 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether3 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether3 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether3 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no in-interface=ether3 new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no in-interface=ether3 new-routing-mark=to_isp2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp3_conn disabled=no in-interface=ether3 new-routing-mark=to_isp3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp4_conn disabled=no in-interface=ether3 new-routing-mark=to_isp4 passthrough=yes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ repetir para cada rede local ether4 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
add action=accept chain=prerouting disabled=no dst-address=172.16.4.0/24 in-interface=ether4
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether4 new-connection-mark=isp1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether4 new-connection-mark=isp2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether4 new-connection-mark=isp3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=ether4 new-connection-mark=isp4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no in-interface=ether4 new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no in-interface=ether4 new-routing-mark=to_isp2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp3_conn disabled=no in-interface=ether4 new-routing-mark=to_isp3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp4_conn disabled=no in-interface=ether4 new-routing-mark=to_isp4 passthrough=yes
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/ip firewall nat
add action=masquerade chain=srcnat comment="MASQ ISP-1" disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="MASQ ISP-2" disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat comment="MASQ ISP-3" disabled=no out-interface=pppoe-out3
add action=masquerade chain=srcnat comment="MASQ ISP-4" disabled=no out-interface=ether13
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_isp3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=200.xxx.xxx.x routing-mark=to_isp4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=200.xxx.xxx.x scope=30 target-scope=10
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
fORA ISSO TEM TAMBÉM UM SERVIDOR PPPOE EM CADA LOCAL (ETHER1-ETHER10) QUE PRECISA DE REGRAS ESPECIFICAS PARA DIRECIONAR MAS AINDA NEM MEXI O QUE ACHA ROGERIO ?
@@@
sem cache, mas consegui resolver essa madrugada o problema do Hotspot, porem o balanceamento parou, é mole ? kkkkk Vou te mandar meus scripts em MP.
Rogerio Alves disse:
Se colocar cache junto com o balance so será usado 1 link, pois não tem como colocar mais de 1 gateway default para o cache, ele so buscara em 1 link!!
Fabio Internet disse:
Rogerio, preciso usar tudo na mesma rb, tenho redirecionamentos de um ip para alguns usuarios e de outro para outros, mas com hotspot nao ta indo, to usando o load com pcc, da uma força ?
Rogerio Alves disse:
Depende dos link pow. eu tenho amigos com 4 link de 10mb. filer rodando mas eu sempre indico logo a 450g. ai sim fica filer.
Rogerio Alves disse:
amigo se vc esta em busca de qualidade e benefícios os gastos seram inevitáveis pois todos os dias
novas tecnologias surgem no mercado!
Rodrigo Atanasio de Paula disse:
O certo é separar o balance em uma rb e o server em outra, mais no minimo uma 750g, 750 é muito fraquinha, não suporta nada não!!
Concordo com vc.
É que eu ja tive alguns gastos com servidores estes dias. Seria viável, para redução de custos, eu instalar em uma unica rb, e futuramente eu colocar outra?
Será que terei mais trabalho do que benefícios? Ocorrem erros com muita frequência, neste cenário?
Km.pc-net Provedor de Internet disse:
amigo pra vc nao ficar com duvida coloque duas rb's !
garanto a vc que vai ficar bem melhor que trabalhar só com uma pra fazer duas funções!
imagina vc ter que reparar 4 guris danados e mexer a panela no fogo!
Agradeço as respostas, mas agora fiquei com duvida, se devo colocar apenas uma rb ou duas.
Qual seria a melhor prática?
-
1
-
2
de 2 Próximo