Discuz! Board

找回密碼
立即註冊
搜索
熱搜: 活動 交友 discuz
發新帖

807

積分

好友

主題
發表於 2021-4-11 23:20:09 | 查看: 1027| 回復: 0
上敘兩種方法 NTH 及 PCC,會發現 NTH 並不適合作 Web Load Balancer,這樣會造成 session 異常,所以必須採用 PCC 方式,以下就採用 PCC 進行設定。

下圖為範例結構:

WAN:1.1.1.1

MikroTik RouterOS LAN:192.168.1.1

Web Server1:192.168.1.2

Web Server2:192.168.1.3
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/ip firewall mangle

add action=mark-connection chain=prerouting comment=Web1 dst-address=1.1.1.1 dst-port=80 new-connection-mark=Web1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp

add action=mark-connection chain=prerouting comment=Web2 dst-address=1.1.1.1 dst-port=80 new-connection-mark=Web2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp

/ip firewall nat

add action=dst-nat chain=dstnat comment=Web1 connection-mark=Web1 dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.2 to-ports=80
add action=dst-nat chain=dstnat comment=Web2 connection-mark=Web2 dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.3 to-ports=80

add action=dst-nat chain=dstnat comment="Web1 Default" dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.2 to-ports=80
add action=dst-nat chain=dstnat comment="Web2 Default" dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.3 to-ports=80

/tool netwatch
add comment=Web1 down-script="/ip firewall nat disable [find comment=\"Web1\"]\
    ;\r\
    \n/ip firewall nat disable [find comment=\"Web1 Default\"];" host=192.168.1.2 \
    interval=5s timeout=5s up-script="/ip firewall nat enable [find comment=\"\
    Web1\"];\r\
    \n/ip firewall nat enable [find comment=\"Web1 Default\"];"
add comment=Web2 down-script="/ip firewall nat disable [find comment=\"Web2\"]\
    ;\r\
    \n/ip firewall nat disable [find comment=\"Web2 Default\"];" host=192.168.1.3 \
    interval=5s timeout=5s up-script="/ip firewall nat enable [find comment=\"\
    Web2\"];\r\
    \n/ip firewall nat enable [find comment=\"Web2 Default\"];"
您需要登錄後才可以回帖 登錄 | 立即註冊

Archiver|手機版|小黑屋|維護技術論壇 SMEITO

GMT+8, 2024-12-4 01:38 , Processed in 0.218636 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回復 返回頂部 返回列表