Variado
Páginas: 5 (1215 palabras)
Publicado: 16 de octubre de 2012
Introducción
Este ejemplo es una versión mejorada (diferente) del ejemplo de balanceo de carga round-robin. Le agrega sesiones persistente al usuario, por ejemplo un usuario particular le gustaría usar la misma dirección IP origen para todas sus conecciones salientes. Considerar el siguiente diagrama de red:
[pic]
[edit]
Guía rápida para impacientes
Configuración exportada del routergateway:
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connectionnew-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even
add chain=preroutingin-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no
add chain=preroutingin-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no
/ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10routing-mark=even
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
[edit]
Explicación
Primero mostramos el código y luego explicamos que es lo que hace.
[edit]
Dirección IP
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
addaddress=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
El router tiene los interfaces de subidas (wan) con la dirección IP 10.111.0.2/24 y 10.112.0.2/24.
La interface LAN tiene el nombre "Local" y la dirección ip 192.168.0.1/24.
[edit]
Mangle
/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection \new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
new-routing-mark=odd
Todo el tráfico de los usuarios que tienen sus direcciones IP puesta previamente en la "address list" "impar" son instantaneamente marcados con la marca de conección y routing "impar". Luego el tráfico es excluido del proceso susesivo del mangle en el chainprerouting.
/ ip firewall mangle
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
new-routing-mark=even
Igual que arriba, solo que los usuarios tiene sus direcciones IP puesta previamente en la address list "par".
/ ip firewall mangle...
Este ejemplo es una versión mejorada (diferente) del ejemplo de balanceo de carga round-robin. Le agrega sesiones persistente al usuario, por ejemplo un usuario particular le gustaría usar la misma dirección IP origen para todas sus conecciones salientes. Considerar el siguiente diagrama de red:
[pic]
[edit]
Guía rápida para impacientes
Configuración exportada del routergateway:
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connectionnew-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even
add chain=preroutingin-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no
add chain=preroutingin-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no
/ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10routing-mark=even
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
[edit]
Explicación
Primero mostramos el código y luego explicamos que es lo que hace.
[edit]
Dirección IP
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
addaddress=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
El router tiene los interfaces de subidas (wan) con la dirección IP 10.111.0.2/24 y 10.112.0.2/24.
La interface LAN tiene el nombre "Local" y la dirección ip 192.168.0.1/24.
[edit]
Mangle
/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection \new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
new-routing-mark=odd
Todo el tráfico de los usuarios que tienen sus direcciones IP puesta previamente en la "address list" "impar" son instantaneamente marcados con la marca de conección y routing "impar". Luego el tráfico es excluido del proceso susesivo del mangle en el chainprerouting.
/ ip firewall mangle
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
new-routing-mark=even
Igual que arriba, solo que los usuarios tiene sus direcciones IP puesta previamente en la address list "par".
/ ip firewall mangle...
Leer documento completo
Regístrate para leer el documento completo.