Changes for page Balanceamento de Mikrotik com failover
Last modified by Jean Franco on 2023/06/28 17:52
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -68,8 +68,107 @@ 68 68 69 69 Roteador 70 70 71 -<code> 71 +{{code language="none"}} 72 +/interface ethernet 73 +set 0 name=LAN 74 +set 3 name=ISP_1 set 4 name=ISP_2 75 +/ip address add address=192.168.22.1/24 interface=LAN 76 +add address=1.1.1.2/24 interface=ISP_1 77 +add address=2.2.2.3/24 interface=ISP_2 78 +/ip firewall nat 79 +add action=masquerade chain=srcnat out-interface=ISP_1 80 +add action=masquerade chain=srcnat out-interface=ISP_2 81 +{{/code}} 72 72 73 - /interfaceethernetset0 name=LANset3name=ISP_1set4 name=ISP_2/ipaddressadd address=192.168.22.1/24 interface=LAN add address=1.1.1.32/24interface=ISP_1add address=2.2.2.65/24interface=ISP_2 /ip firewallnat addaction=masqueradechain=srcnat out-interface=ISP_1addaction=masquerade chain=srcnatout-interface=ISP_283 +Neste exemplo, estamos configurando o ISP_1 e ISP_2 com IPs estáticos. Criamos as regras de mascaramento de cada um. 74 74 75 -</code> 85 +Agora para a parte de Roteamento: 86 + 87 +{{code language="none"}} 88 +/ip route 89 +add gateway=1.1.1.1 distance=1 90 +add gateway=2.2.2.1 distance=2 91 +add gateway=1.1.1.1 routing-mark=ISP1_Route distance=1 92 +add gateway=2.2.2.1 routing-mark=ISP2_Route distance=1 93 +{{/code}} 94 + 95 +Adicionamos ambos os gateways, com pesos diferentes e também criamos distâncias diferentes para o failover. 96 + 97 +{{code language="none"}} 98 +/ip firewall address-list 99 +add address=1.1.1.0/24 list=Conectado 100 +add address=2.2.2.0/24 list=Conectado 101 +add address=192.168.22.0/24 list=Conectado 102 +add address=192.168.22.0/24 list=LAN 103 +{{/code}} 104 + 105 +Para evitar a perda de contato entre as redes, precisamos criar listas de conexões. Criamos portanto a lista Conectado 106 + 107 +{{code language="none"}} 108 +/ip firewall mangle 109 +add chain=prerouting src-address-list=Conectado 110 +dst-address-list=Connected action=accept 111 +{{/code}} 112 + 113 +Deste modo temos a conexão do roteador para fora, a conexão da WAN para LAN e da LAN para WAN. 114 + 115 +Quando a conexão vier da WAN precisamos certificar de que o pacote irá sair pela mesma interface que entrou. 116 + 117 +Vamos marcar os pacotes: 118 + 119 +{{code language="none"}} 120 +/ip firewall mangle 121 +add chain=input connection-mark=no-mark in-interface=ISP_1 122 +action=mark-connection new-connection-mark=ISP_1-LAN 123 +add chain=input connection-mark=no-mark in-interface=ISP_2 124 +action=mark-connection new-connection-mark=ISP2-LAN 125 +{{/code}} 126 + 127 +Agora adicionamos na tabela: 128 + 129 +{{code language="none"}} 130 +add chain=output connection-mark=ISP_1-LAN 131 +action=mark-routing new-routing-mark=ISP1_Route 132 +add chain=output connection-mark=ISP_2-LAN 133 +action=mark-routing new-routing-mark=ISP2_Route 134 +{{/code}} 135 + 136 +O mesmo para a LAN: 137 + 138 +{{code language="none"}} 139 +/ip firewall mangle 140 +add chain=forward connection-mark=no-mark in-interface=ISP_1 141 +action=mark-connection new-connection-mark=WAN1->LANs 142 +add chain=forward connection-mark=no-mark in-interface=ISP_2 143 +action=mark-connection new-connection-mark=WAN2->LANs 144 +add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN 145 +action=mark-routing new-routing-mark=ISP1_Route 146 +add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN 147 +action=mark-routing new-routing-mark=ISP2_Route 148 +{{/code}} 149 + 150 +Entrada pronta, agora a parte da LAN. 151 + 152 +{{code language="none"}} 153 +/ip firewall mangle 154 +add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-addresslist=!Conectado dst-address-type=!local action=mark-connection 155 +new-connection-mark=LAN->WAN 156 +add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN 157 +action=mark-routing new-routing-mark=ISP1_Route 158 +comment="Load-Balance" 159 +{{/code}} 160 + 161 +Precisamos desta regra pois quando trocarmos de link, vai trocar também por onde saem os links. 162 + 163 +{{code language="none"}} 164 +add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route 165 +action=mark-connection new-connection-mark=Sticky_ISP1 166 +add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route 167 +action=mark-connection new-connection-mark=Sticky_ISP2 168 +add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN 169 +action=mark-routing new-routing-mark=ISP1_Route 170 +add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN 171 +action=mark-routing new-routing-mark=ISP2_Route 172 +{{/code}} 173 + 174 +Estas regras resolvem o problema de iniciar a conexão por um provedor e tentar usar outro provedor depois, muito importante especialmente para acesso a bancos.