configuracion de mikrotik

[rolinopp]

hola amigos del foro me gustaría que le echen un vistosa a mi configuración del mikrotik  balanceo  ether 1 y 2. salida al raptor cache ether 4  y salida  para las maquinas que se van a conectar a internet  ether 5. quiero saber si voy por un buen camino


paso1

/ip address
add address=192.168.1.2/24 interface=ether1
add address=192.168.2.2/24 interface=ether2
add address=192.168.15.1/24 interface=ether4
add address=192.168.5.1/24 interface=ether5

paso2

/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade

add chain=srcnat out-interface=ether2 action=masquerade

paso 3

/ip route
add gateway=192.168.1.1 check-gateway=ping distance=1

add gateway=192.168.2.1 check-gateway=ping distance=2

paso 4

/ip firewall mangle
add chain=prerouting in-interface=ether1 connection-state=new new-connection-mark=ether1_conn action=mark-connection passthrough=yes
add chain=prerouting in-interface=ether2 connection-state=new new-connection-mark=ether2_conn action=mark-connection passthrough=yes

add chain=output connection-mark=ether1_conn new-routing-mark=to_ether1 action=mark-routing passthrough=yes
add chain=output connection-mark=ether2_conn new-routing-mark=to_ether2 action=mark-routing passthrough=yes

paso5

/ip firewall mangle
#Parte A
add chain=prerouting in-interface=ether5 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting in-interface=ether5 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes

add chain=prerouting in-interface=ether4 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting in-interface=ether4 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes

#Parte B
add chain=prerouting in-interface=ether5 connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1 passthrough=yes
add chain=prerouting in-interface=ether5 connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2 passthrough=yes

add chain=prerouting in-interface=ether4 connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1 passthrough=yes
add chain=prerouting in-interface=ether4 connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2 passthrough=yes

paso 6

/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24  action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.2.0/24  action=accept in-interface=ether5

add chain=prerouting dst-address=192.168.1.0/24  action=accept in-interface=ether4
add chain=prerouting dst-address=192.168.2.0/24  action=accept in-interface=ether4

paso7

/ip route
add gateway=192.168.1.1 routing-mark=to_ether1 check-gateway=ping
add gateway=192.168.2.1 routing-mark=to_ether2 check-gateway=ping

[freedarwuin]

No se ve nada mal te falan los failower algo asi se llaman


/system script
add name=MC_F_WAN1 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local in\
    ter (\"WAN1\")\r\
    \n:local ipPing (\"208.67.222.220\")\r\
    \n:global oldGatewayETHER1WAN1\r\
    \n:global totalrunETHER1WAN1\r\
    \n:global infoETHER1WAN1\r\
    \n:global statsETHER1WAN1\r\
    \n\r\
    \n:if ([:len [\$totalrunETHER1WAN1]] = 0) do={\r\
    \n\t:set totalrunETHER1WAN1 \"1\"\r\
    \n} else={\r\
    \n\t:set totalrunETHER1WAN1 (\$totalrunETHER1WAN1+1)\r\
    \n}\r\
    \n\r\
    \n:if ([:len [\$statsETHER1WAN1]] = 0) do={\r\
    \n\t:set statsETHER1WAN1 \"x\"\r\
    \n} else={\r\
    \n\t:set statsETHER1WAN1 (\"\$infoETHER1WAN1 / \$totalrunETHER1WAN1\")\r\
    \n}\r\
    \n\r\
    \n:if ([:len [\$oldGatewayETHER1WAN1]] < 3) do={\r\
    \n\t:set oldGatewayETHER1WAN1 \"0.0.0.0\"\r\
    \n}\r\
    \n:log info (\"\$inter: \$inter\" . \": PARTE 1\")\r\
    \n/ip dhcp-client enable [find interface=\$inter]\r\
    \n:delay 10s\r\
    \n:local pingip\r\
    \n:local cGateway [/ip dhcp-client get [find interface=\$inter] gateway]\r\
    \n:log info (\"\$inter: cGateway --> \$cGateway\")\r\
    \n/ip route {\r\
    \n\t:foreach i in=[find comment=(\"ping_\$inter\")] do={\r\
    \n\t\t:log info (\"\$inter: ping_\$inter\")\r\
    \n\t\t/ip route remove \$i\r\
    \n\t}\r\
    \n}\r\
    \n/ip route add distance=1 dst-address=\$ipPing gateway=(\"\$cGateway%\$inte\
    r\") comment=(\"ping_\$inter\")\r\
    \n:set pingip [/ping \$ipPing count=10]\r\
    \n:log info (\"\$inter --> begin pinging\")\r\
    \n:if (\$pingip = 0) do={\r\
    \n\t:set infoETHER1WAN1 (\$infoETHER1WAN1+1)\r\
    \n\t:log info (\"\$inter --> pinging: \$pingip\")\r\
    \n\t/ip dhcp-client disable [find interface=\$inter]\r\
    \n\t/ip route disable [find comment=\$inter]\r\
    \n\t/ip firewall mangle disable [find comment=\$inter]\r\
    \n} else={\r\
    \n\t/ip route enable [find comment=\$inter]\r\
    \n\t/ip firewall mangle enable [find comment=\$inter]\r\
    \n}\r\
    \n:log info (\"\$inter --> end pinging\")\r\
    \n:log info (\"\$inter: \$inter\" . \": PARTE 2\")\r\
    \n:local j\r\
    \n:local cGateway [/ip dhcp-client get [find interface=\$inter] gateway]\r\
    \n:local cWlan (\$inter . \"-\" . \$cGateway)\r\
    \n:local fWlan (\$inter . \"-\" . \$oldGatewayETHER1WAN1)\r\
    \n:log info (\"\$inter: Gateway in file: \" . \$oldGatewayETHER1WAN1)\r\
    \n:log info (\"\$inter: Actual Gateway: \" . \$cGateway)\r\
    \n:log info (\"\$inter: \$cGateway%\$inter\")\r\
    \n:if (\$oldGatewayETHER1WAN1 != \$cGateway) do={\r\
    \n\t:set oldGatewayETHER1WAN1 \"0.0.0.0\"\r\
    \n\t/ip route {\r\
    \n\t\t:foreach i in=[find comment=\$inter] do={\r\
    \n\t\t\t:log info (\"\$inter: \$inter\")\r\
    \n\t\t\t/ip route remove \$i\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\t/ip route add distance=1 dst-address=0.0.0.0/0 gateway=(\"\$cGateway%\$i\
    nter\") routing-mark=(\"to_\$inter\") comment=\$inter\r\
    \n\t/ip route add distance=1 dst-address=0.0.0.0/0 gateway=(\"\$cGateway%\$i\
    nter\") comment=\$inter\r\
    \n\t:set oldGatewayETHER1WAN1 \$cGateway\r\
    \n}\r\
    \n:local getdate [/system clock get date]\r\
    \n:local gettime [/system clock get time]\r\
    \n:global timeETHER1WAN1 \"\$getdate - \$gettime\""

[freedarwuin]

Tengo un balanceo de 4 lineas y una lan

[rolinopp]

una pregunta y para que es eso del failower ?

[freedarwuin]

Para levantar las lineas que rb tienes tu?

[rolinopp]

tengo el rb 750GL

[freedarwuin]

Tambien poseo uno identico contacta x skype para ayudarte

darwuin_2010

[ZonawifiSDP]

hola amigos del foro me gustaría que le echen un vistosa a mi configuración del mikrotik  balanceo  ether 1 y 2. salida al raptor cache ether 4  y salida  para las maquinas que se van a conectar a internet  ether 5. quiero saber si voy por un buen camino


paso1

/ip address
add address=192.168.1.2/24 interface=ether1
add address=192.168.2.2/24 interface=ether2
add address=192.168.15.1/24 interface=ether4
add address=192.168.5.1/24 interface=ether5

paso2

/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade

add chain=srcnat out-interface=ether2 action=masquerade

paso 3

/ip route
add gateway=192.168.1.1 check-gateway=ping distance=1

add gateway=192.168.2.1 check-gateway=ping distance=2

paso 4

/ip firewall mangle
add chain=prerouting in-interface=ether1 connection-state=new new-connection-mark=ether1_conn action=mark-connection passthrough=yes
add chain=prerouting in-interface=ether2 connection-state=new new-connection-mark=ether2_conn action=mark-connection passthrough=yes

add chain=output connection-mark=ether1_conn new-routing-mark=to_ether1 action=mark-routing passthrough=yes
add chain=output connection-mark=ether2_conn new-routing-mark=to_ether2 action=mark-routing passthrough=yes

paso5

/ip firewall mangle
#Parte A
add chain=prerouting in-interface=ether5 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting in-interface=ether5 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes

add chain=prerouting in-interface=ether4 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting in-interface=ether4 connection-state=new dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes

#Parte B
add chain=prerouting in-interface=ether5 connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1 passthrough=yes
add chain=prerouting in-interface=ether5 connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2 passthrough=yes

add chain=prerouting in-interface=ether4 connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1 passthrough=yes
add chain=prerouting in-interface=ether4 connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2 passthrough=yes

paso 6

/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24  action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.2.0/24  action=accept in-interface=ether5

add chain=prerouting dst-address=192.168.1.0/24  action=accept in-interface=ether4
add chain=prerouting dst-address=192.168.2.0/24  action=accept in-interface=ether4

paso7

/ip route
add gateway=192.168.1.1 routing-mark=to_ether1 check-gateway=ping
add gateway=192.168.2.1 routing-mark=to_ether2 check-gateway=ping

Amido, si vas a utilizar balanceo PCC, te recomiento que coloques asi el per-connection-classifier=src-address, ya qe tendras problemas con los bancos.

Sino, utiliza este que es para dos lineas:

/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1

add action=mark-routing chain=prerouting connection-mark=wan1_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan2 passthrough=yes




/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=190.38.0.1 routing-mark=wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=wan2 scope=30 target-
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=255.255.255.0 scope=30 target-scope=10


Solo cambia las gateways y el nombre de tus interfaces

[rolinopp]

solo cambiar el nombre luego todo esta bien??

[wiswilliam]

Amido, si vas a utilizar balanceo PCC, te recomiento que coloques asi el per-connection-classifier=src-address, ya qe tendras problemas con los bancos.

Sino, utiliza este que es para dos lineas:

/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1

add action=mark-routing chain=prerouting connection-mark=wan1_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan2 passthrough=yes




/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=190.38.0.1 routing-mark=wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=wan2 scope=30 target-
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=255.255.255.0 scope=30 target-scope=10


Solo cambia las gateways y el nombre de tus interfaces

Amigo pero aparte de eso, el NAT del raptor cache no interfiere con eso?.. osea lei que es otro problema, cambie lo que dices: per-connection-classifier=src-address y aun asi las web me abren mal, la conexion se corta cada cierto tiempo :S