Scribd
Upload
55 views2 pages

Balanceo Nat Mikrotik

The document provides instructions for configuring network address translation (NAT) load balancing on a router. It involves 4 steps: 1) Create an address list for private RFC1918 IP ranges, 2) Define public IP addresses on the ethernet interface, 3) Add firewall filter rules to classify incoming traffic and add source IPs to address lists, 4) Add source NAT rules to translate source IPs according to the address lists. This would distribute incoming client traffic from the private network across the available public IP addresses for load balancing purposes.

Uploaded by

FTTH ISP
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views2 pages

Balanceo Nat Mikrotik

The document provides instructions for configuring network address translation (NAT) load balancing on a router. It involves 4 steps: 1) Create an address list for private RFC1918 IP ranges, 2) Define public IP addresses on the ethernet interface, 3) Add firewall filter rules to classify incoming traffic and add source IPs to address lists, 4) Add source NAT rules to translate source IPs according to the address lists. This would distribute incoming client traffic from the private network across the available public IP addresses for load balancing purposes.

Uploaded by

FTTH ISP
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

1.

Primer paso: address list RFC1918


Es necesario crear una address list para los rangos privados definidos por la norma RFC1918. Le
recomendamos utilizar estos segmentos de red para los CPE:
/ip firewall address-list add address=10.0.0.0/8 list=RFC1918
/ip firewall address-list add address=172.16.0.0/12 list=RFC1918
/ip firewall address-list add address=192.168.0.0/16 list=RFC1918

2. Segundo paso: definir IP públicas en interfaces


Dentro de IP >Address, deberá definir todas las IP que se utilizarán en el balanceo NAT dentro de la
interfaz correspondiente.
En el ejemplo se hará uso de la ether1:
/ip address add address=190.220.45.2/29 comment="nat_balance" interface=ether1
/ip address add address=190.220.45.3/29 comment="nat_balance" interface=ether1
/ip address add address=190.220.45.4/29 comment="nat_balance" interface=ether1
/ip address add address=190.220.45.5/29 comment="nat_balance" interface=ether1
/ip address add address=190.220.45.6/29 comment="nat_balance" interface=ether1

3. Tercer paso: filter


Ingrese a IP >FIlter y desde allí cree la siguiente regla en la chain FORWARD. A continuación se
brinda una explicación de la regla:
/ip firewall filter add action=add-src-to-address-list address-list="Clientes
Nateados con 190.220.45.2" address-list-timeout=1d chain=forward connection-
state=new dst-address-type=!local in-interface=!ether1 per-connection-
classifier=src-address:5/0 src-address-list=RFC1918

/ip firewall filter add action=add-src-to-address-list address-list="Clientes


Nateados con 190.220.45.3" address-list-timeout=1d chain=forward connection-
state=new dst-address-type=!local in-interface=!ether1 per-connection-
classifier=src-address:5/1 src-address-list=RFC1918

/ip firewall filter add action=add-src-to-address-list address-list="Clientes


Nateados con 190.220.45.4" address-list-timeout=1d chain=forward connection-
state=new dst-address-type=!local in-interface=!ether1 per-connection-
classifier=src-address:5/2 src-address-list=RFC1918

/ip firewall filter add action=add-src-to-address-list address-list="Clientes


Nateados con 190.220.45.5" address-list-timeout=1d chain=forward connection-
state=new dst-address-type=!local in-interface=!ether1 per-connection-
classifier=src-address:5/3 src-address-list=RFC1918

/ip firewall filter add action=add-src-to-address-list address-list="Clientes


Nateados con 190.220.45.6" address-list-timeout=1d chain=forward connection-
state=new dst-address-type=!local in-interface=!ether1 per-connection-
classifier=src-address:5/4 src-address-list=RFC1918

Esta regla hará match con las nuevas conexiones de los segmentos definidos en “RFC1918” (primer
paso de la guía) en FORWARD que no hayan ingresado por la interfaz “ether1” y que no tengan
como destino el propio router. Luego, las IP de origen de estos paquetes serán almacenadas en una
address list y se les aplicará un algoritmo de hashing cada 1 día, para evitar que el balanceo sea más
dinámico.
Es posible observar que en el campo “per-connection-classifier=src-address” se utiliza como
denominador la cantidad total de IP por balancear. En el ejemplo, como se utilizarán de la IP
190.220.45.2 a la 190.220.45.6, serán 5 IP en total. El numerador comienza siempre en 0.

4. Cuarto paso: NAT


Por último, dentro de IP > Firewall >NAT, agregue reglas de src-nat con la interfaz de salida
correspondiente por cada una de las IP definidas en el segundo paso y la address list del tercer paso.
/ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-
address-list="Clientes Nateados con 190.220.45.2" to-addresses=190.220.45.2”

/ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-


address-list="Clientes Nateados con 190.220.45.3" to-addresses=190.220.45.3”

/ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-


address-list="Clientes Nateados con 190.220.45.4" to-addresses=190.220.45.4”

/ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-


address-list="Clientes Nateados con 190.220.45.5" to-addresses=190.220.45.5”

/ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-


address-list="Clientes Nateados con 190.220.45.6" to-addresses=190.220.45.6”

Una vez finalizada esta configuración, cuando se dirija a IP > Firewall > Address Lists, le será
posible seleccionar “Clientes Nateados con 190.220.45.2” y observar las IP de los clientes que se
encuentran allí. Lo mismo ocurrirá para el resto de las address lists.

You might also like