RouterOS dual-Line Load Balancing

Article Title: RouterOS dual-line load balancing. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

How to install routeros-ros dual-Line Load Balancing

Experiences in installing routeros

After studying ROUTEROS for a while, I found that he is indeed a good soft route. Next, let's talk about my installation and setup experiences.

Let's talk about my network environment first.
The two limited connections are dynamic IP addresses for load balancing.
Intranet ip segment 192.168.0.1-192.168.0.200
Fully open the host 192.168.0.168 (just like the dmz host in the route)


Machine configuration
Sai Yang 1. 1G 64 M 3 3com Nic

1. Select all the available optical disk versions for installation (the floppy disk version requires additional plug-ins)
Note that the registration code is in uppercase.
First, insert a network card so that it can be used as the network card to connect to the Intranet.
2. Log On with the admin user. The password is blank.
3. Set the ip address of the first Nic
Enter setup and prompt you to set ether1 (the first network adapter is connected to the Intranet). Enter the IP address (192.168.0.1) Subnet Mask (255.255.255.0) gateway: 192.168.0.254 and press Enter.
4. Insert the remaining two NICs into the computer
5. On a windows Server, set the ip address to 192.168.0.x and enter 192.168.0.1 In the ie Address Bar.
The welcome screen of routeos is displayed. Click to download winbox and save
6. Enter 192.168.0.1 username admin password in winbox and select connection. The routing management interface is displayed.
7. Activate the newly inserted two NICs: Click interface, click the second card, select the check box, and enable the previous switch from x to R
8. Set the two network card addresses for the Internet, select ip in winbox-> dhcp-client in the window, check enabled interface and select et22. (the second network card) check "add default route", select hostname, and add "wan1" to indicate the first Internet Nic. Then, apply. If you get the ip address, you will see the ip address in "ip-> address ".
Now the third network card is set. Now there is a problem with routeros. Only one dhcp client can be added to routeros. Therefore, if you use the above method to obtain the ip address, then the previous ip address will disappear, so here we can only look at it, because the limited ip address generally does not change the ip address as long as the connection is made, so there is an online ip address as a static ip address, write down the ip address first, and then enter the ip address such as 219.233.23.23/24 in the ip-> address field by the plus sign. Note that if the ip address is a fixed ip address, set it here, however, if one of your two ip addresses is 219.233.23.23 and the other is 219.233.23.147 in the same CIDR block, you need to separate the two ip addresses with the mask after /.
For example, 219.233.23.23/25 219.233.23.147/24.
9. Now you should be able to ping the Internet, but the firewall has not been set. In ip-> firewall, select source nat and add the rule by the plus sign. In the rule, select action-> action and select masquerade.
Now you can access the Internet on the LAN.
10. Set up Server Load balancer now
Enter
Ip route add gat = Internet address 1, Internet address 2
You can.
Is it easy?
11. Port ing
Easy port ing
In the Console
Ip firewall dst-nat> add action = nat protocol = tcp
^
This is the protocol. You can select all.
Dst-address = Internet address/32: 80 to-dst-address = Intranet IP address
^
Here is the port you want to map.

Example 1: direct all requests from port 80 on the Internet to port 168.
Ip firewall dst-nat> add action = nat protocol = tcp
Dst-address = 319.23.23.23/32: 80 to-dst-address = 192.168.0.168
Example 2: 192.168.0.168 is fully open
Ip firewall dst-nat> add action = nat protocol = tcp
Dst-address = 319.23.23.23/32 to-dst-address = 192.168.0.168


12. Let's take a look at the routeros firewall. It works well.
For example, the popular shock wave and shock wave ports are 134-139.
In winbox
Ip> firewall> filter rules: set input first (optional on the right)
Select and add
General
Select udp or tcp as The protocl (in fact, both of them must be set up, as long as they are repeated)
Enter 134-139 on the src. port hook.
Fill in 134-139 on the dst. port hook.
Action
Select drop discard or reject in action.
OK
Select forward and output as shown above, so that computer viruses on the Internet or Intranet will not affect other users.
In fact, ip filter rules can be configured with many rules and can be used as a very good firewall. However, pay attention to the settings of input, forward, and output based on different situations.

In addition, in fact, in Port ing, the circulation (that is, the Intranet can also use the Internet address to access the Intranet host) function naturally implements [p: 1].