PCC + REDIRECIONAMENTO DE PORTAS ???

Algo parecido com isso...

/ ip firewall address-list
add list="Allowed-Internet" address=192.168.0.0/24 comment="" disabled=no

/ ip firewall address-list
add list=wan1 address=10.1.1.1/32 comment="" disabled=no
add list=wan2 address=10.1.2.1/32 comment="" disabled=no

/ ip firewall nat
add chain=srcnat action=masquerade out-interface=wan1 src-address-list="Allowed-Internet" comment="Gateway link1" disabled=no
add chain=srcnat action=masquerade out-interface=wan2 src-address-list="Allowed-Internet" comment="Gateway link2" disabled=no

/ ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=wan1 src-address-list=wan1 passthrough=no comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=wan2 src-address-list=wan2 passthrough=no comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="HTTP traffic" passthrough=no dst-port=80 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="SSL traffic" passthrough=no dst-port=443 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="POP3 traffic" passthrough=no dst-port=110 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="SMTP traffic" passthrough=no dst-port=25 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="P2P traffic" passthrough=no p2p=all-p2p comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="Unknown traffic" passthrough=no comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark=wan1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark=wan2 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="HTTP traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="SSL traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="POP3 traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="SMTP traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="P2P traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="Unknown traffic" comment="" disabled=no

Felipe,
Bom dia, eu tentei fazer aqui no meu balance, alterando os ip's e as marcações para a minha rede, mas não funcionou. Não estou sabendo fazer, se voce puder me dê uma ajuda e me explique mais detalhadamente essas regras, por favor.
Veja como fiz:
- Em / ip firewall address-list
add list="Allowed-Internet" address=192.168.0.0/24 comment="" disabled=no
Coloquei o ip da minha rede local;
- Em / ip firewall address-list
add list=wan1 address=10.1.1.1/32 comment="" disabled=no
Coloquei o ip do meu roteador EMBRATEL (aqui tem uma resalva, não aceita o ip do roteador e sim da rede);
- No restante fui modificando de acordo com a marcação da minha rede, mesmo assim não deu certo comigo.

Fico no aguardo da sua preciosíssima ajuda.

Respostas

Felipe José Salata Julho 7, 2010 16:35

Algo parecido com isso...

/ ip firewall address-list
add list="Allowed-Internet" address=192.168.0.0/24 comment="" disabled=no

/ ip firewall address-list
add list=wan1 address=10.1.1.1/32 comment="" disabled=no
add list=wan2 address=10.1.2.1/32 comment="" disabled=no

/ ip firewall nat
add chain=srcnat action=masquerade out-interface=wan1 src-address-list="Allowed-Internet" comment="Gateway link1" disabled=no
add chain=srcnat action=masquerade out-interface=wan2 src-address-list="Allowed-Internet" comment="Gateway link2" disabled=no

/ ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=wan1 src-address-list=wan1 passthrough=no comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark=wan2 src-address-list=wan2 passthrough=no comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="HTTP traffic" passthrough=no dst-port=80 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="SSL traffic" passthrough=no dst-port=443 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="POP3 traffic" passthrough=no dst-port=110 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="SMTP traffic" passthrough=no dst-port=25 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="P2P traffic" passthrough=no p2p=all-p2p comment="" disabled=no
add chain=prerouting action=mark-routing new-routing-mark="Unknown traffic" passthrough=no comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark=wan1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark=wan2 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="HTTP traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="SSL traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan2 scope=255 target-scope=10 routing-mark="POP3 traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="SMTP traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="P2P traffic" comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=wan1 scope=255 target-scope=10 routing-mark="Unknown traffic" comment="" disabled=no
Fernando Fiorentin Julho 8, 2010 15:11

Perfeito!
ANGELO ARILSON DE LACERDA BARBOS Julho 8, 2010 15:15

Obrigado pela resposta, deu certinho aki. blz
Felipe José Salata Julho 8, 2010 17:52

Por nada...
JOSEMAR FERREIRA DE SOUZA Agosto 15, 2010 9:27

Felipe,
Bom dia, eu tentei fazer aqui no meu balance, alterando os ip's e as marcações para a minha rede, mas não funcionou. Não estou sabendo fazer, se voce puder me dê uma ajuda e me explique mais detalhadamente essas regras, por favor.
Veja como fiz:
- Em / ip firewall address-list
add list="Allowed-Internet" address=192.168.0.0/24 comment="" disabled=no
Coloquei o ip da minha rede local;
- Em / ip firewall address-list
add list=wan1 address=10.1.1.1/32 comment="" disabled=no
Coloquei o ip do meu roteador EMBRATEL (aqui tem uma resalva, não aceita o ip do roteador e sim da rede);
- No restante fui modificando de acordo com a marcação da minha rede, mesmo assim não deu certo comigo.

Fico no aguardo da sua preciosíssima ajuda.

This reply was deleted.