Из-за того, что шлюз у провайдера 1 на обоих каналах один - никак не могу добиться, чтобы каждая подсеть (3 и 2) выходила в интернет по "своему IP". Сейчас устройства на обеих подсетях (3 и 2) при попытке зайти на ресурсы в интернет показывают внешний IP 1 кабеля 1 провайдера.
Вторая проблема - переключение на резервный канал (с 1 провайдера (оба кабеля) на 2 провайдера), но без решения первой проблемы приступать не стал.
2. Проштудирован FAQ, Manual (особенно Manual:Load_balancing_multiple_same_subnet_links, Manual:PCC), перегуглено/через яндекс все доступное по тематике. Наверное я что-то упустил.
3.
# sep/26/2014 00:29:26 by RouterOS 6.19
#
/interface bridge
add arp=proxy-arp l2mtu=1598 name=bridge_e1_18.1_and_18.3_e6_wan_inet1
add arp=proxy-arp l2mtu=1598 name=bridge_e2_18.2_e7_wan_inet2
add arp=proxy-arp l2mtu=1598 name=bridge_e3_18.4_e8_wan_inet3
/interface ethernet
set [ find default-name=ether1 ] name=e1_lan_18.1_and_18.3_inet1
set [ find default-name=ether2 ] name=e2_lan_18.2_inet2
set [ find default-name=ether3 ] name=e3_lan_18.4
set [ find default-name=ether6 ] name=e6_wan_inet1
set [ find default-name=ether7 ] name=e7_wan_inet2
set [ find default-name=ether8 ] name=e8_wan_inet3
/ip pool
add name=dhcp_pool_18.4_inet3 ranges=172.18.4.2-172.18.4.254
add name=dhcp_pool_18.2_inet2 ranges=172.18.2.2-172.18.2.254
add name=dhcp_pool_18.3_inet1 ranges=172.18.3.2-172.18.3.254
/ip dhcp-server
add address-pool=dhcp_pool_18.4_inet3 disabled=no interface=\
bridge_e3_18.4_e8_wan_inet3 name=dhcp_18.4_inet3
add address-pool=dhcp_pool_18.2_inet2 disabled=no interface=\
bridge_e2_18.2_e7_wan_inet2 name=dhcp_18.2_inet2
add address-pool=dhcp_pool_18.3_inet1 disabled=no interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 name=dhcp_18.1_and_18.3_inet1
/interface bridge port
add bridge=bridge_e3_18.4_e8_wan_inet3 interface=e3_lan_18.4
add bridge=bridge_e2_18.2_e7_wan_inet2 interface=e2_lan_18.2_inet2
add bridge=bridge_e1_18.1_and_18.3_e6_wan_inet1 interface=\
e1_lan_18.1_and_18.3_inet1
/ip address
add address=100.101.20.9/26 comment="inet2 100.101.20.9 gw ip connection" \
interface=e7_wan_inet2 network=100.101.20.0
add address=100.101.20.47/26 comment="inet1 93.192.20.47 gw ip connection" \
interface=e6_wan_inet1 network=100.101.20.0
add address=102.102.101.182/30 comment=\
"inet3 102.102.101.182 gw ip connection" interface=e8_wan_inet3 \
network=102.102.101.180
add address=172.18.4.1/24 comment="lan 18.4 for inet3 direct connection" \
interface=bridge_e3_18.4_e8_wan_inet3 network=172.18.4.0
add address=172.18.2.1/24 comment="lan 18.2 for inet2 connection" interface=\
bridge_e2_18.2_e7_wan_inet2 network=172.18.2.0
add address=172.18.3.1/24 comment="lan 18.3 for inet1 connection" interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 network=172.18.3.0
add address=172.18.1.1/24 comment="lan 18.1 for inet1 connection" interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 network=172.18.1.0
/ip dhcp-server network
add address=172.18.1.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.1.1
add address=172.18.2.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.2.1
add address=172.18.3.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.3.1
add address=172.18.4.0/24 dns-server=\
212.44.130.6,194.85.128.10,77.88.8.8,77.88.8.1 gateway=172.18.4.1
/ip firewall address-list
add address=172.18.0.0/16 list=LocalNet18.0
/ip firewall filter
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid protocol=tcp
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e7_wan_inet2
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e6_wan_inet1
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e8_wan_inet3
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=bridge_e2_18.2_e7_wan_inet2 \
new-connection-mark=inet2_inc passthrough=no per-connection-classifier=\
both-addresses:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=bridge_e3_18.4_e8_wan_inet3 \
new-connection-mark=inet3_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 new-connection-mark=inet1_inc \
passthrough=no per-connection-classifier=both-addresses:2/0
add chain=prerouting dst-address=100.101.20.47 in-interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1
add chain=prerouting dst-address=102.102.101.182 in-interface=\
bridge_e3_18.4_e8_wan_inet3
add chain=prerouting dst-address=100.101.20.9 in-interface=\
bridge_e2_18.2_e7_wan_inet2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e8_wan_inet3 \
new-connection-mark=inet3_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e7_wan_inet2 \
new-connection-mark=inet2_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e6_wan_inet1 \
new-connection-mark=inet1_inc passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet3_inc \
in-interface=bridge_e3_18.4_e8_wan_inet3 new-routing-mark=inet3 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet2_inc \
in-interface=bridge_e2_18.2_e7_wan_inet2 new-routing-mark=inet2 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet1_inc \
in-interface=bridge_e1_18.1_and_18.3_e6_wan_inet1 new-routing-mark=inet1 \
passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=e10_wan_dhcp
add action=masquerade chain=srcnat out-interface=e9_wan_yota
add action=masquerade chain=srcnat out-interface=e8_wan_inet3
add action=masquerade chain=srcnat out-interface=e7_wan_inet2
add action=masquerade chain=srcnat out-interface=e6_wan_inet1
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=100.101.20.1%e6_wan_inet1 routing-mark=inet1
add distance=1 gateway=100.101.20.1%e7_wan_inet2 routing-mark=inet2
add distance=1 gateway=102.102.101.181 routing-mark=inet3
add distance=1 gateway=100.101.20.1
add distance=1 gateway=102.102.101.181
/ip service
/routing filter
add chain=dynamic-in pref-src=100.101.20.9 routing-mark=inet2
add chain=dynamic-in pref-src=100.101.20.47 routing-mark=inet1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=11-22
/system ntp client
set enabled=yes primary-ntp=62.183.87.110 secondary-ntp=89.221.207.113
#
/interface bridge
add arp=proxy-arp l2mtu=1598 name=bridge_e1_18.1_and_18.3_e6_wan_inet1
add arp=proxy-arp l2mtu=1598 name=bridge_e2_18.2_e7_wan_inet2
add arp=proxy-arp l2mtu=1598 name=bridge_e3_18.4_e8_wan_inet3
/interface ethernet
set [ find default-name=ether1 ] name=e1_lan_18.1_and_18.3_inet1
set [ find default-name=ether2 ] name=e2_lan_18.2_inet2
set [ find default-name=ether3 ] name=e3_lan_18.4
set [ find default-name=ether6 ] name=e6_wan_inet1
set [ find default-name=ether7 ] name=e7_wan_inet2
set [ find default-name=ether8 ] name=e8_wan_inet3
/ip pool
add name=dhcp_pool_18.4_inet3 ranges=172.18.4.2-172.18.4.254
add name=dhcp_pool_18.2_inet2 ranges=172.18.2.2-172.18.2.254
add name=dhcp_pool_18.3_inet1 ranges=172.18.3.2-172.18.3.254
/ip dhcp-server
add address-pool=dhcp_pool_18.4_inet3 disabled=no interface=\
bridge_e3_18.4_e8_wan_inet3 name=dhcp_18.4_inet3
add address-pool=dhcp_pool_18.2_inet2 disabled=no interface=\
bridge_e2_18.2_e7_wan_inet2 name=dhcp_18.2_inet2
add address-pool=dhcp_pool_18.3_inet1 disabled=no interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 name=dhcp_18.1_and_18.3_inet1
/interface bridge port
add bridge=bridge_e3_18.4_e8_wan_inet3 interface=e3_lan_18.4
add bridge=bridge_e2_18.2_e7_wan_inet2 interface=e2_lan_18.2_inet2
add bridge=bridge_e1_18.1_and_18.3_e6_wan_inet1 interface=\
e1_lan_18.1_and_18.3_inet1
/ip address
add address=100.101.20.9/26 comment="inet2 100.101.20.9 gw ip connection" \
interface=e7_wan_inet2 network=100.101.20.0
add address=100.101.20.47/26 comment="inet1 93.192.20.47 gw ip connection" \
interface=e6_wan_inet1 network=100.101.20.0
add address=102.102.101.182/30 comment=\
"inet3 102.102.101.182 gw ip connection" interface=e8_wan_inet3 \
network=102.102.101.180
add address=172.18.4.1/24 comment="lan 18.4 for inet3 direct connection" \
interface=bridge_e3_18.4_e8_wan_inet3 network=172.18.4.0
add address=172.18.2.1/24 comment="lan 18.2 for inet2 connection" interface=\
bridge_e2_18.2_e7_wan_inet2 network=172.18.2.0
add address=172.18.3.1/24 comment="lan 18.3 for inet1 connection" interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 network=172.18.3.0
add address=172.18.1.1/24 comment="lan 18.1 for inet1 connection" interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 network=172.18.1.0
/ip dhcp-server network
add address=172.18.1.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.1.1
add address=172.18.2.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.2.1
add address=172.18.3.0/24 dns-server=\
103.200.05.98,103.200.03.42,77.88.8.8,77.88.8.1 gateway=172.18.3.1
add address=172.18.4.0/24 dns-server=\
212.44.130.6,194.85.128.10,77.88.8.8,77.88.8.1 gateway=172.18.4.1
/ip firewall address-list
add address=172.18.0.0/16 list=LocalNet18.0
/ip firewall filter
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid protocol=tcp
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e7_wan_inet2
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e6_wan_inet1
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=e8_wan_inet3
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=bridge_e2_18.2_e7_wan_inet2 \
new-connection-mark=inet2_inc passthrough=no per-connection-classifier=\
both-addresses:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=bridge_e3_18.4_e8_wan_inet3 \
new-connection-mark=inet3_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1 new-connection-mark=inet1_inc \
passthrough=no per-connection-classifier=both-addresses:2/0
add chain=prerouting dst-address=100.101.20.47 in-interface=\
bridge_e1_18.1_and_18.3_e6_wan_inet1
add chain=prerouting dst-address=102.102.101.182 in-interface=\
bridge_e3_18.4_e8_wan_inet3
add chain=prerouting dst-address=100.101.20.9 in-interface=\
bridge_e2_18.2_e7_wan_inet2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e8_wan_inet3 \
new-connection-mark=inet3_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e7_wan_inet2 \
new-connection-mark=inet2_inc passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LocalNet18.0 in-interface=e6_wan_inet1 \
new-connection-mark=inet1_inc passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet3_inc \
in-interface=bridge_e3_18.4_e8_wan_inet3 new-routing-mark=inet3 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet2_inc \
in-interface=bridge_e2_18.2_e7_wan_inet2 new-routing-mark=inet2 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=inet1_inc \
in-interface=bridge_e1_18.1_and_18.3_e6_wan_inet1 new-routing-mark=inet1 \
passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=e10_wan_dhcp
add action=masquerade chain=srcnat out-interface=e9_wan_yota
add action=masquerade chain=srcnat out-interface=e8_wan_inet3
add action=masquerade chain=srcnat out-interface=e7_wan_inet2
add action=masquerade chain=srcnat out-interface=e6_wan_inet1
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=100.101.20.1%e6_wan_inet1 routing-mark=inet1
add distance=1 gateway=100.101.20.1%e7_wan_inet2 routing-mark=inet2
add distance=1 gateway=102.102.101.181 routing-mark=inet3
add distance=1 gateway=100.101.20.1
add distance=1 gateway=102.102.101.181
/ip service
/routing filter
add chain=dynamic-in pref-src=100.101.20.9 routing-mark=inet2
add chain=dynamic-in pref-src=100.101.20.47 routing-mark=inet1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=11-22
/system ntp client
set enabled=yes primary-ntp=62.183.87.110 secondary-ntp=89.221.207.113
4. Да