Last modified by Jean Franco on 2023/06/28 17:52
<
From version < 3.1 >
edited by Jean Franco
on 2023/06/28 17:33
To version < 4.1 >
edited by Jean Franco
on 2023/06/28 17:49
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -91,3 +91,84 @@
91 91  add gateway=1.1.1.1 routing-mark=ISP1_Route distance=1
92 92  add gateway=2.2.2.1 routing-mark=ISP2_Route distance=1
93 93  {{/code}}
94 +
95 +Adicionamos ambos os gateways, com pesos diferentes e também criamos distâncias diferentes para o failover.
96 +
97 +{{code language="none"}}
98 +/ip firewall address-list
99 +add address=1.1.1.0/24 list=Conectado
100 +add address=2.2.2.0/24 list=Conectado
101 +add address=192.168.22.0/24 list=Conectado
102 +add address=192.168.22.0/24 list=LAN
103 +{{/code}}
104 +
105 +Para evitar a perda de contato entre as redes, precisamos criar listas de conexões. Criamos portanto a lista Conectado
106 +
107 +{{code language="none"}}
108 +/ip firewall mangle
109 +add chain=prerouting src-address-list=Conectado
110 +dst-address-list=Connected action=accept
111 +{{/code}}
112 +
113 +Deste modo temos a conexão do roteador para fora, a conexão da WAN para LAN e da LAN para WAN.
114 +
115 +Quando a conexão vier da WAN precisamos certificar de que o pacote irá sair pela mesma interface que entrou.
116 +
117 +Vamos marcar os pacotes:
118 +
119 +{{code language="none"}}
120 +/ip firewall mangle
121 +add chain=input connection-mark=no-mark in-interface=ISP_1
122 +action=mark-connection new-connection-mark=ISP_1-LAN
123 +add chain=input connection-mark=no-mark in-interface=ISP_2
124 +action=mark-connection new-connection-mark=ISP2-LAN
125 +{{/code}}
126 +
127 +Agora adicionamos na tabela:
128 +
129 +{{code language="none"}}
130 +add chain=output connection-mark=ISP_1-LAN
131 +action=mark-routing new-routing-mark=ISP1_Route
132 +add chain=output connection-mark=ISP_2-LAN
133 +action=mark-routing new-routing-mark=ISP2_Route
134 +{{/code}}
135 +
136 +O mesmo para a LAN:
137 +
138 +{{code language="none"}}
139 +/ip firewall mangle
140 +add chain=forward connection-mark=no-mark in-interface=ISP_1
141 +action=mark-connection new-connection-mark=WAN1->LANs
142 +add chain=forward connection-mark=no-mark in-interface=ISP_2
143 +action=mark-connection new-connection-mark=WAN2->LANs
144 +add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN
145 +action=mark-routing new-routing-mark=ISP1_Route
146 +add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN
147 +action=mark-routing new-routing-mark=ISP2_Route
148 +{{/code}}
149 +
150 +Entrada pronta, agora a parte da LAN.
151 +
152 +{{code language="none"}}
153 +/ip firewall mangle
154 +add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-addresslist=!Conectado dst-address-type=!local action=mark-connection
155 +new-connection-mark=LAN->WAN
156 +add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN
157 +action=mark-routing new-routing-mark=ISP1_Route
158 +comment="Load-Balance"
159 +{{/code}}
160 +
161 +Precisamos desta regra pois quando trocarmos de link, vai trocar também por onde saem os links.
162 +
163 +{{code language="none"}}
164 +add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route
165 +action=mark-connection new-connection-mark=Sticky_ISP1
166 +add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route
167 +action=mark-connection new-connection-mark=Sticky_ISP2
168 +add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN
169 +action=mark-routing new-routing-mark=ISP1_Route
170 +add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN
171 +action=mark-routing new-routing-mark=ISP2_Route
172 +{{/code}}
173 +
174 +Estas regras resolvem o problema de iniciar a conexão por um provedor e tentar usar outro provedor depois, muito importante especialmente para acesso a bancos.
Maila Networks