Oreska - Užice

WWW.UZICE.NET - Užičani, hajde da se družimo => Mikrotik => Temu započeo: faraon83 28.03.2013. 20:41:35


Naslov: 2 WAN-a i 2 LAN-a bez load balancinga
Poruka od: faraon83 28.03.2013. 20:41:35
Poštovani,

Potrebna mi je pomoc oko konfigurisanja MT rutera.

Naime, imam dva ADSL prikljucka. Oba linka su po 16384/1024 Kb/s. To trebam da raspodelim u objektu koji ima promenljivi broj korisnika. Oko 300.
Korsinici bi se povezivali preko AP-a koji se nalaze u hodnicima. AP-i nemaju nikakav security, odnosno može bilo ko da se konektuje. Imam mogucnost da sve AP-e spojim u jednu mrežu ili da ih podelim u dve odvojene mreže. Tako da konfiguracija može da bude 2 wan 2 lan ili 2 wan 1 lan.

Vec sam konfigurisao MT 2 wan 1 lan. Za sad to nekako funkcioniše, ali imam neke nedoumice i poteškoce.

Trenutno load balancing na downloadu radi, medutim i pored velikog broja korisnika mreža je retko kad opterecena preko 10Mb/s i stalno varira zauzece. Od par kb/s do 10Mb/s a na raspolaganju imam 32Mb/s.
Load balancing radi skoro uvek 2 prema 1 u korist jednog wan-a. Retko kad su oba linka podjednako zauzeta. Upload takode ne prelazi 1Mb/s. Postavicu podešavanja za load balancing
Da li je bolje da zbog uploada razdvojim mreže i napravim 2 lan-a koji ce biti potpuno nezavisni? Ako jeste tu bi mi trebala pomoc oko podešavanja. Pokušavao sam, ali kako god da podesim ili nema interneta ili sve ide preko wan-a.

Takode imam problema sa torrentima. Postavio sam neka podešavanja koja su radila, ali mi se cinilo da se kompletan ostali saobracaj dodatno usporio, tako da sam ta podešavanja onemogucio. Trenutno mi radi simple queue za sve moguce adrese koje DHCP može da dodeli.

Al se ja raspisah...  :)

Interesuje me mišljenje profesionalaca kako bi bilo najbolje postaviti celu mrežu? Da li je ovaj koncept dobar ili bi trebalo nešto promeniti?
Bilo bi lepo ako bi dobio linkove ka primerima za podešavanja ...

Ukoliko su Vam potrebne dodatne informacije o podešavanjima slobodno recite

ip firewall mangle

chain=input action=mark-connection new-connection-mark=ISP1_conn passthrough=yes in-interface=ISP1
chain=input action=mark-connection new-connection-mark=ISP2_conn passthrough=yes in-interface=ISP2
chain=output action=mark-routing new-routing-mark=to_ISP1 passthrough=yes connection-mark=ISP1_conn
chain=output action=mark-routing new-routing-mark=to_ISP2 passthrough=yes connection-mark=ISP2_conn
chain=prerouting action=accept dst-address=192.168.1.0/24 in-interface=LAN
chain=prerouting action=accept dst-address=192.168.2.0/24 in-interface=LAN
chain=prerouting action=mark-connection new-connection-mark=ISP1_conn passthrough=yes dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0
chain=prerouting action=mark-connection new-connection-mark=ISP2_conn passthrough=yes dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1
chain=prerouting action=mark-routing new-routing-mark=to_ISP1 passthrough=yes in-interface=LAN connection-mark=ISP1_conn
chain=prerouting action=mark-routing new-routing-mark=to_ISP2 passthrough=yes in-interface=LAN connection-mark=ISP2_conn

route list
A S  0.0.0.0/0 192.168.1.1               routing mark to_isp1
A S  0.0.0.0/0 192.168.2.1
A S  0.0.0.0/0 192.168.1.1
S     0.0.0.0/0 192.168.2.1               routing mark to_isp2
ADC  192.168.1.0/24    192.168.1.2    ISP1  0
ADC  192.168.2.0/24    192.168.2.2    ISP2  0
ADC  192.168.10.0/23    192.168.10.1    LAN   0

filter rule

chain=forward action=drop src-address=192.168.10.0/23 layer7-protocol=(bittorent)
chain=forward action=drop protocol=udp src-address=192.168.10.0/23 layer7-protocol=( bittorent) dst-port=53
chain=forward action=accept connection-mark=sip
chain=forward action=drop protocol=udp src-port=1024-65535 dst-port=3544
chain=forward action=drop connection-mark=p2p
chain=forward action=drop connection-mark=other-udp
chain=forward action=drop connection-mark=other-tcp
chain=forward action=drop src-address-list=p2p-users dst-address-list=p2p-users-ext
chain=forward action=drop src-address-list=p2p-users-ext dst-address-list=p2p-users
chain=forward action=accept connection-state=established
chain=forward action=accept connection-state=related
chain=forward action=drop connection-state=invalid

Ovo je za torrente
Mangle

chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-externt
chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-externt layer7-protocol=BITTORRENT
chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-externt layer7-protocol=DIRECTCONNECT
chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-externt layer7-protocol=GNUTELLA
chain=prerouting action=add-dst-to-address-list protocol=udp src-address-list=p2p-users dst-address-list=!dns-externt address-list=p2p-users-ext address-list-timeout=10m src-port=!53 dst-port=1024-65535 packet-size=62-500
chain=prerouting action=add-src-to-address-list protocol=udp src-address-list=!dns-externt dst-address-list=p2p-users address-list=p2p-users-ext address-list-timeout=10m src-port=!53 dst-port=1024-65535 packet-size=62-500
chain=prerouting action=add-dst-to-address-list tcp-flags=psh,ack protocol=tcp src-address-list=p2p-users dst-address-list=!dns-externt address-list=p2p-users-ext address-list-timeout=10m src-port=1024-65535 dst-port=1024-65535 connection-type=!ftp packet-size=100-500
chain=prerouting action=add-src-to-address-list tcp-flags=psh,ack protocol=tcp src-address-list=!dns-externt dst-address-list=p2p-users address-list=p2p-users-ext address-list-timeout=10m src-port=1024-65535 dst-port=1024-65535 connection-type=!ftp packet-size=100-500
chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443  
chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp dst-address-list=!dns-externt layer7-protocol=HTTPS dst-port=!443
chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp
chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
chain=prerouting action=jump jump-target=other-services connection-state=new
chain=p2p-service action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=2m
chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no
chain=tcp-services action=mark-connection new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535 dst-port=20-21
chain=tcp-services action=mark-connection new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535 dst-port=22
chain=tcp-services action=mark-connection new-connection-mark=telnet passthrough=no protocol=tcp src-port=1024-65535 dst-port=23
chain=tcp-services action=mark-connection new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535 dst-port=25
chain=tcp-services action=mark-connection new-connection-mark=dns passthrough=no protocol=tcp src-port=53 dst-port=53
chain=tcp-services action=mark-connection new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535 dst-port=53
chain=tcp-services action=mark-connection new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535 dst-port=80
chain=tcp-services action=mark-connection new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535 dst-port=110
chain=tcp-services action=mark-connection new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535 dst-port=113
chain=tcp-services action=mark-connection new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535 dst-port=119
chain=tcp-services action=mark-connection new-connection-mark=netbios passthrough=no protocol=tcp src-port=1024-65535 dst-port=137-139
chain=tcp-services action=mark-connection new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535 dst-port=143
chain=tcp-services action=mark-connection new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535 dst-port=161-162
chain=tcp-services action=mark-connection new-connection-mark=spotify passthrough=no protocol=tcp dst-address-list=spotify src-port=1024-65535 dst-port=443
chain=tcp-services action=mark-connection new-connection-mark=https passthrough=no protocol=tcp dst-address-list=!spotify src-port=1024-65535 dst-port=443
chain=tcp-services action=mark-connection new-connection-mark=ms-ds passthrough=no protocol=tcp src-port=1024-65535 dst-port=445
chain=tcp-services action=mark-connection new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535 dst-port=465
chain=tcp-services action=mark-connection new-connection-mark=ftps passthrough=no protocol=tcp src-port=1024-65535 dst-port=990
chain=tcp-services action=mark-connection new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535 dst-port=993
chain=tcp-services action=mark-connection new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535 dst-port=995
chain=tcp-services action=mark-connection new-connection-mark=socks passthrough=no protocol=tcp src-port=1024-65535 dst-port=1080
chain=tcp-services action=mark-connection new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535 dst-port=1723
chain=tcp-services action=mark-connection new-connection-mark=msn passthrough=no protocol=tcp src-port=1024-65535 dst-port=1863
chain=tcp-services action=mark-connection new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535 dst-port=2379
chain=tcp-services action=mark-connection new-connection-mark=squid-proxy passthrough=no protocol=tcp src-port=1024-65535 dst-port=3128
chain=tcp-services action=mark-connection new-connection-mark=win-ts passthrough=no protocol=tcp src-port=1024-65535 dst-port=3389
chain=tcp-services action=mark-connection new-connection-mark=smartpass passthrough=no protocol=tcp src-port=1024-65535 dst-port=3845
chain=tcp-services action=mark-connection new-connection-mark=spotify passthrough=no protocol=tcp src-port=1024-65535 dst-port=4070
chain=tcp-services action=mark-connection new-connection-mark=bwtest passthrough=no protocol=tcp src-port=1024-65535 dst-port=2000-3000
chain=tcp-services action=mark-connection new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535 dst-port=4242-4243
chain=tcp-services action=mark-connection new-connection-mark=overnet passthrough=no protocol=tcp src-port=4661-4662 dst-port=1024-65535
chain=tcp-services action=mark-connection new-connection-mark=emule passthrough=no protocol=tcp src-port=4711 dst-port=1024-65535
chain=tcp-services action=mark-connection new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535 dst-port=5900-5901
chain=tcp-services action=mark-connection new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535 dst-port=6667-6669
chain=tcp-services action=mark-connection new-connection-mark=http-proxy passthrough=no protocol=tcp src-port=1024-65535 dst-port=8080
chain=tcp-services action=mark-connection new-connection-mark=winbox passthrough=no protocol=tcp src-port=1024-65535 dst-port=8291
chain=tcp-services action=mark-connection new-connection-mark=voddler passthrough=no protocol=tcp src-port=1024-65535 dst-port=42041-42052
chain=tcp-services action=mark-connection new-connection-mark=ftp-passive passthrough=no protocol=tcp src-port=1024-65535 dst-port=55536-55663
chain=tcp-services action=mark-connection new-connection-mark=other-tcp passthrough=no protocol=tcp
chain=udp-services action=mark-connection new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535 dst-port=53
chain=udp-services action=mark-connection new-connection-mark=dhcp passthrough=no protocol=udp src-port=67-68 dst-port=67
chain=udp-services action=mark-connection new-connection-mark=ntp passthrough=no protocol=udp src-port=123 dst-port=123
chain=udp-services action=mark-connection new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535 dst-port=123
chain=udp-services action=mark-connection new-connection-mark=netbios passthrough=no protocol=udp src-port=1024-65535 dst-port=137-139
chain=udp-services action=mark-connection new-connection-mark=snmp passthrough=no protocol=udp src-port=1024-65535 dst-port=161-162
chain=udp-services action=mark-connection new-connection-mark=syslog passthrough=no protocol=udp src-port=1024-65535 dst-port=514
chain=udp-services action=mark-connection new-connection-mark=l2tp passthrough=no protocol=udp src-port=1024-65535 dst-port=1701
chain=udp-services action=mark-connection new-connection-mark=ms-ipv6 passthrough=no protocol=udp src-port=1024-65535 dst-port=3544
chain=udp-services action=mark-connection new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535 dst-port=4665
chain=udp-services action=mark-connection new-connection-mark=sip passthrough=no protocol=udp src-port=1024-65535 dst-port=5060
chain=udp-services action=mark-connection new-connection-mark=bwtest passthrough=no protocol=udp src-port=1024-65535 dst-port=2000-3000
chain=udp-services action=mark-connection new-connection-mark=emule passthrough=no protocol=udp src-port=4672 dst-port=1024-65535
chain=udp-services action=mark-connection new-connection-mark=overnet passthrough=no protocol=udp src-port=1024-65535 dst-port=12053
chain=udp-services action=mark-connection new-connection-mark=mac-winbox passthrough=no protocol=udp src-port=1024-65535 dst-port=20561
chain=udp-services action=mark-connection new-connection-mark=voddler passthrough=no protocol=udp src-port=1024-65535 dst-port=42041-42052
chain=udp-services action=mark-connection new-connection-mark=overnet passthrough=no protocol=udp src-port=12053 dst-port=1024-65535
chain=udp-services action=mark-connection new-connection-mark=skype passthrough=no protocol=udp src-port=36725 dst-port=1024-65535
chain=udp-services action=mark-connection new-connection-mark=other-udp passthrough=no protocol=udp
chain=other-services action=mark-connection new-connection-mark=ping passthrough=no protocol=icmp icmp-options=8:0-255
chain=other-services action=mark-connection new-connection-mark=gre passthrough=no protocol=gre
chain=other-services action=mark-connection new-connection-mark=other passthrough=no

Naslov: Odg: 2 WAN-a i 2 LAN-a bez load balancinga
Poruka od: Pedja 01.04.2013. 05:40:03
Podesavanje dva wan na lan je prilicno komplikovano i podlozno problemima zbog sitnica. Najbolje je da resetujes ruter i sve podesis iz pocetka dobro pazeci sta radis.

Kombinacijau 2 lan - 2 wan zaboravi. To ce tek da te smori dok namestis ako uopste namestis i tek to ce prestajati da radi zbog najmanjih sitnica u promeni konfiguracije.

Ako hoces daimas dva lan imas dve mofucnosti:

1. Uzmi dva ruitera, jedan korsiti ya jedan lan i jedan wan a drugi za drugi lan i drugi wan

2. Uzmi dva rutera, jedan podesi da ima dva wan i jedan lan a drugi podesi daima jedan wan koji ces zajaciti na lan prvog rutera, pa onda dva lan. Tako ces na svakom ruteru moci lakse da kontrolises konekcije.

Ako hoces da imas dva lan-a ne moras praviti dve paralelne mreze. Ako uzmes upravljivi svic ond amozes korisititi VLAN opciju koju podrzava i mikrotik tako da virutelno napravis dva lana.



Powered by SMF 1.1 RC3 | SMF © 2001-2006, Lewis Media | Imprint