Last modified by Jean Franco on 2023/06/28 17:52
<
From version < 4.1 >
edited by Jean Franco
on 2023/06/28 17:49
To version < 3.1 >
edited by Jean Franco
on 2023/06/28 17:33
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -91,84 +91,3 @@
91 91  add gateway=1.1.1.1 routing-mark=ISP1_Route distance=1
92 92  add gateway=2.2.2.1 routing-mark=ISP2_Route distance=1
93 93  {{/code}}
94 -
95 -Adicionamos ambos os gateways, com pesos diferentes e também criamos distâncias diferentes para o failover.
96 -
97 -{{code language="none"}}
98 -/ip firewall address-list
99 -add address=1.1.1.0/24 list=Conectado
100 -add address=2.2.2.0/24 list=Conectado
101 -add address=192.168.22.0/24 list=Conectado
102 -add address=192.168.22.0/24 list=LAN
103 -{{/code}}
104 -
105 -Para evitar a perda de contato entre as redes, precisamos criar listas de conexões. Criamos portanto a lista Conectado
106 -
107 -{{code language="none"}}
108 -/ip firewall mangle
109 -add chain=prerouting src-address-list=Conectado
110 -dst-address-list=Connected action=accept
111 -{{/code}}
112 -
113 -Deste modo temos a conexão do roteador para fora, a conexão da WAN para LAN e da LAN para WAN.
114 -
115 -Quando a conexão vier da WAN precisamos certificar de que o pacote irá sair pela mesma interface que entrou.
116 -
117 -Vamos marcar os pacotes:
118 -
119 -{{code language="none"}}
120 -/ip firewall mangle
121 -add chain=input connection-mark=no-mark in-interface=ISP_1
122 -action=mark-connection new-connection-mark=ISP_1-LAN
123 -add chain=input connection-mark=no-mark in-interface=ISP_2
124 -action=mark-connection new-connection-mark=ISP2-LAN
125 -{{/code}}
126 -
127 -Agora adicionamos na tabela:
128 -
129 -{{code language="none"}}
130 -add chain=output connection-mark=ISP_1-LAN
131 -action=mark-routing new-routing-mark=ISP1_Route
132 -add chain=output connection-mark=ISP_2-LAN
133 -action=mark-routing new-routing-mark=ISP2_Route
134 -{{/code}}
135 -
136 -O mesmo para a LAN:
137 -
138 -{{code language="none"}}
139 -/ip firewall mangle
140 -add chain=forward connection-mark=no-mark in-interface=ISP_1
141 -action=mark-connection new-connection-mark=WAN1->LANs
142 -add chain=forward connection-mark=no-mark in-interface=ISP_2
143 -action=mark-connection new-connection-mark=WAN2->LANs
144 -add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN
145 -action=mark-routing new-routing-mark=ISP1_Route
146 -add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN
147 -action=mark-routing new-routing-mark=ISP2_Route
148 -{{/code}}
149 -
150 -Entrada pronta, agora a parte da LAN.
151 -
152 -{{code language="none"}}
153 -/ip firewall mangle
154 -add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-addresslist=!Conectado dst-address-type=!local action=mark-connection
155 -new-connection-mark=LAN->WAN
156 -add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN
157 -action=mark-routing new-routing-mark=ISP1_Route
158 -comment="Load-Balance"
159 -{{/code}}
160 -
161 -Precisamos desta regra pois quando trocarmos de link, vai trocar também por onde saem os links.
162 -
163 -{{code language="none"}}
164 -add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route
165 -action=mark-connection new-connection-mark=Sticky_ISP1
166 -add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route
167 -action=mark-connection new-connection-mark=Sticky_ISP2
168 -add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN
169 -action=mark-routing new-routing-mark=ISP1_Route
170 -add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN
171 -action=mark-routing new-routing-mark=ISP2_Route
172 -{{/code}}
173 -
174 -Estas regras resolvem o problema de iniciar a conexão por um provedor e tentar usar outro provedor depois, muito importante especialmente para acesso a bancos.
Maila Networks