LOAD BALANCING FAIL OVER
merubah ether eth1=wan1 eth2=wan2 eth3=lan
set ip, misal: wan1=10.10.10.5/29 wan2=10.10.11.5/29 lan=192.168.10.1/28
set ip, misal: wan1=192.168.2.1/30 wan2=192.168.3.1 lan=192.168.100.1/24
/ip address add
set gateway
/ip route add gateway=192.168.2.1
/ip route add gateway=192.168.3.1
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target=10 routing-mark=odd comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target=10 routing-mark=even comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target=10 comment=”…”disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=10,1 action=mark-connection new-connection-mark=odd passthrough=yes comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new=routing-mark=odd passthrough=no comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=11,1 action=mark-connection new-connection-mark=even passthrough=yes comment=”..” disabled=no
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.100.1
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.101.1
/ip firewall nat add chain=src-nat to-address=192.168.2.2 to-ports=0-65535 protocol=tcp connection-mark=even
/ip firewall nat add chain=src-nat to-address=192.168.2.2 to-ports=0-65535 protocol=tcp connection-mark=odd
/ip firewall nat add chain=src-nat out-interface=192.168.2.2 action=masquerade
/ip firewall filter add chain=input action=drop protocol=tcp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=input action=drop protocol=udp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=forward action=drop protocol=tcp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop protocol=udp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop p2p=bit-torrent
/ip firewall filter add chain=forward action=accept connection-state=established
/ip firewall filter add chain=forward action=accept connection-state=related
/ip firewall filter add chain=forward action=drop connection-state=invalid
merubah ether eth1=wan1 eth2=wan2 eth3=lan
set ip, misal: wan1=10.10.10.5/29 wan2=10.10.11.5/29 lan=192.168.10.1/28
set ip, misal: wan1=192.168.2.1/30 wan2=192.168.3.1 lan=192.168.100.1/24
/ip address add
set gateway
/ip route add gateway=192.168.2.1
/ip route add gateway=192.168.3.1
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target=10 routing-mark=odd comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target=10 routing-mark=even comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target=10 comment=”…”disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=10,1 action=mark-connection new-connection-mark=odd passthrough=yes comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new=routing-mark=odd passthrough=no comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=11,1 action=mark-connection new-connection-mark=even passthrough=yes comment=”..” disabled=no
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.100.1
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.101.1
/ip firewall nat add chain=src-nat to-address=192.168.2.2 to-ports=0-65535 protocol=tcp connection-mark=even
/ip firewall nat add chain=src-nat to-address=192.168.2.2 to-ports=0-65535 protocol=tcp connection-mark=odd
/ip firewall nat add chain=src-nat out-interface=192.168.2.2 action=masquerade
/ip firewall filter add chain=input action=drop protocol=tcp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=input action=drop protocol=udp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=forward action=drop protocol=tcp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop protocol=udp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop p2p=bit-torrent
/ip firewall filter add chain=forward action=accept connection-state=established
/ip firewall filter add chain=forward action=accept connection-state=related
/ip firewall filter add chain=forward action=drop connection-state=invalid
Tidak ada komentar:
Posting Komentar