Configuración mikrotik

Solo disponible en BuenasTareas
  • Páginas : 5 (1215 palabras )
  • Descarga(s) : 0
  • Publicado : 15 de febrero de 2012
Leer documento completo
Vista previa del texto
Introducción

Este ejemplo es una versión mejorada (diferente) del ejemplo de balanceo de carga round-robin. Le agrega sesiones persistente al usuario, por ejemplo un usuario particular le gustaría usar la misma dirección IP origen para todas sus conecciones salientes. Considerar el siguiente diagrama de red:
[pic]
[edit]

Guía rápida para impacientes

Configuración exportada del routergateway:
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1

/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection \new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
new-routing-mark=odd
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
new-routing-mark=even
addchain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=oddpassthrough=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \new-routing-mark=even passthrough=no

/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
[edit]

Explicación

Primero mostramos el código y luego explicamos que es lo que hace.
[edit]

Dirección IP

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
El router tiene los interfaces de subidas (wan) con la dirección IP 10.111.0.2/24 y 10.112.0.2/24.
La interface LAN tiene el nombre "Local" y la dirección ip 192.168.0.1/24.
[edit]

Mangle

/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Localaction=mark-connection \
new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
new-routing-mark=odd
Todo el tráfico de los usuarios que tienen sus direcciones IP puesta previamente en la "address list" "impar" son instantaneamente marcados con la marca de conección y routing "impar". Luego el tráfico es excluido del proceso susesivodel mangle en el chain prerouting.
/ ip firewall mangle
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
new-routing-mark=even
Igual que arriba, solo que los usuarios tiene sus direcciones IP puesta previamente en la address...
tracking img