2 провайдера Mangle проблемы
Добавлено: 18 апр 2013, 12:47
Есть 2 провайдера Интернета, разрулил через Mangle хождение трафика через нужных провайдеров все работает как надо. Проблема не могу получить доступ из интернета на ВНЕШНИЙ интерфейс второго провайдера. Как я понимаю 4 правило должно выпускать ответ по нужному интерфейсу, но к сожалению не работает. Считаю, что проблема именно в маркировке, но вот где....
[admin@MikroTik-MAIN-CORE] /ip firewall mangle> print
0 chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=sy>
protocol=tcp in-interface=INTERNET-Gateway TTK random=50
tcp-mss=1460-65535
1 chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=sy>
protocol=tcp out-interface=INTERNET-Gateway TTK tcp-mss=1460-65535
2 ;;; ER-TELEKOM-GATEWAY
chain=forward action=mark-connection new-connection-mark=ertel
passthrough=yes in-interface=Er-telecom
3 chain=forward action=mark-connection new-connection-mark=ertel
passthrough=yes out-interface=Er-telecom
4 chain=output action=mark-routing new-routing-mark=ertel passthrough=yes
connection-state=new dst-address=внешний ip 2 провайдера
5 ;;; Public Wi-Fi
chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes src-address=192.168.13.0/24 connection-mark=ertel
6 chain=output action=mark-routing new-routing-mark=ertel passthrough=no
connection-state=new dst-address=192.168.13.0/24
7 chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes connection-state=new src-address=192.168.13.0/24
dst-address=!внешний ip 2 провайдера
8 ;;; DERMAKAF
chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes src-address=192.168.15.0/24 connection-mark=ertel
9 chain=output action=mark-routing new-routing-mark=ertel passthrough=no
connection-state=new dst-address=192.168.15.0/24
10 chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes connection-state=new src-address=192.168.15.0/24
dst-address=!внешний ip 2 провайдера
[admin@MikroTik-MAIN-CORE] /ip firewall mangle> print
0 chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=sy>
protocol=tcp in-interface=INTERNET-Gateway TTK random=50
tcp-mss=1460-65535
1 chain=forward action=change-mss new-mss=1440 passthrough=yes tcp-flags=sy>
protocol=tcp out-interface=INTERNET-Gateway TTK tcp-mss=1460-65535
2 ;;; ER-TELEKOM-GATEWAY
chain=forward action=mark-connection new-connection-mark=ertel
passthrough=yes in-interface=Er-telecom
3 chain=forward action=mark-connection new-connection-mark=ertel
passthrough=yes out-interface=Er-telecom
4 chain=output action=mark-routing new-routing-mark=ertel passthrough=yes
connection-state=new dst-address=внешний ip 2 провайдера
5 ;;; Public Wi-Fi
chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes src-address=192.168.13.0/24 connection-mark=ertel
6 chain=output action=mark-routing new-routing-mark=ertel passthrough=no
connection-state=new dst-address=192.168.13.0/24
7 chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes connection-state=new src-address=192.168.13.0/24
dst-address=!внешний ip 2 провайдера
8 ;;; DERMAKAF
chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes src-address=192.168.15.0/24 connection-mark=ertel
9 chain=output action=mark-routing new-routing-mark=ertel passthrough=no
connection-state=new dst-address=192.168.15.0/24
10 chain=prerouting action=mark-routing new-routing-mark=ertel
passthrough=yes connection-state=new src-address=192.168.15.0/24
dst-address=!внешний ip 2 провайдера