Re: Microtik два провайдера разделение трафика
Добавлено: 06 май 2013, 09:10
а помоему dstnat
Я думаю стоит логи посмотреть в этих двух цепочках
Я думаю стоит логи посмотреть в этих двух цепочках
Форум поддержи и обмена опытом пользователей оборудования RouterBOARD и операционной системы RouterOS Латвийского производителя MikroTik
https://forummikrotik.ru/
/ip firewall filter
add chain=input src-address=95.*.*.*
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=forward comment="esli oshibka to ubivaem" connection-state=invalid
add chain=forward comment="esli normalno to puskaem" connection-state=established
add chain=forward comment="esli normalno to puskaem" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=beeline
add action=drop chain=input comment="default configuration" in-interface=megafon3g
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=megafon passthrough=no protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=212.*.*.*routing-mark=beeline scope=255
add check-gateway=ping distance=1 gateway=megafon3g routing-mark=megafon scope=255
add check-gateway=ping distance=10 gateway=212.*.*.*
add check-gateway=ping distance=11 gateway=megafon3g
Код: Выделить всё
[admin@internet-hub] > /ip firewall mangle export
# may/11/2013 20:12:47 by RouterOS 5.24
#
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no new-routing-mark=\
to_white passthrough=no protocol=icmp src-address=192.168.2.0/24
add action=mark-routing chain=prerouting disabled=no new-routing-mark=\
to_grey passthrough=no src-address=192.168.2.0/24
[admin@internet-hub] > ip firewall nat export
# may/11/2013 20:12:57 by RouterOS 5.24
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=\
ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no out-interface=vlan100 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no out-interface=\
gre-to-office to-addresses=0.0.0.0
[admin@internet-hub] > ip route export
# may/11/2013 20:13:58 by RouterOS 5.24
#
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.31.0.253 \
routing-mark=to_grey scope=255 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=91.238.12.254 \
routing-mark=to_white scope=255 target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=172.31.0.253 \
scope=0 target-scope=10
add check-gateway=ping disabled=no distance=11 dst-address=0.0.0.0/0 \
gateway=91.238.12.254 scope=0 target-scope=10