Хотелось бы чтобы почта работала по второму(не активному каналу)
Ну или чтобы у почты был приоритет по сравнению с другими протоколами.
вот список команд, которые были задействованы
Код: Выделить всё
interface set ether1 name="LAN"
interface set ether2 name="ALSI"
interface set ether3 name="CTC"
ip address add address=192.168.1.1/24 interface=LAN
ip address add address=X.X.X.X/30 interface=ALSI
ip address add address=X.X.X.X/29 interface=CTC
ip route add dst-address=0.0.0.0/0 gateway=X.X.X.X
ip route add dst-address=0.0.0.0/0 gateway=X.X.X.X
ip address remove 0
ip dhcp-server setup
ip dhcp-server network set number=0 domain=tnsintec.kz
ip dns set servers=192.168.1.2,8.8.8.8
ip firewall nat add chain=srcnat action=masquerade out-interface=!LAN
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 src-address-list=BLOCK_LIST
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=80 action=dst-nat to-address=WEB to-port=80
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=25 action=dst-nat to-address=MAIL to-port=25
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=110 action=dst-nat to-address=MAIL to-port=110
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=88 action=dst-nat to-address=DC to-port=88
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=88 action=dst-nat to-address=DC to-port=88
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=135 action=dst-nat to-address=DC to-port=135
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=123 action=dst-nat to-address=DC to-port=123
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=137 action=dst-nat to-address=DC to-port=137
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=138 action=dst-nat to-address=DC to-port=138
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=139 action=dst-nat to-address=DC to-port=139
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=9389 action=dst-nat to-address=DC to-port=9389
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=139 action=dst-nat to-address=DC to-port=139
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=138 action=dst-nat to-address=DC to-port=138
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=389 action=dst-nat to-address=DC to-port=389
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=389 action=dst-nat to-address=DC to-port=389
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=445 action=dst-nat to-address=DC to-port=445
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=445 action=dst-nat to-address=DC to-port=445
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=464 action=dst-nat to-address=DC to-port=464
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=464 action=dst-nat to-address=DC to-port=464
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=3268 action=dst-nat to-address=DC to-port=3268
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=3269 action=dst-nat to-address=DC to-port=3269
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=636 action=dst-nat to-address=DC to-port=636
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=6 dst-port=53 action=dst-nat to-address=DC to-port=53
ip firewall nat add chain=dstnat dst-address=X.X.X.X protocol=17 dst-port=53 action=dst-nat to-address=DC to-port=53
ip firewall mangle add chain=prerouting src-address=web.tnsintec.kz protocol=6 src-port=80 action=mark-routing new-routing-mark=to-ctc
ip firewall mangle add action=change-dscp chain=forward new-dscp=7 port=25 protocol=tcp src-address-list="SMTP"
ip firewall filter add chain=forward dst-address=192.168.1.0/24 action=accept
ip firewall filter add chain=forward src-address=192.168.1.0/24 action=accept
ip firewall filter add chain=forward connection-state=invalid action=drop
ip firewall filter add chain=forward connection-state=established action=accept
ip firewall filter add chain=forward connection-state=related action=accept
ip firewall filter add chain=forward protocol=17 action=accept
ip firewall filter add chain=forward protocol=icmp action=accept
ip firewall filter add chain=forward dst-address=DC protocol=6 src-port=3389 action=accept
ip firewall filter add chain=forward src-address=DC protocol=6 dst-port=3389 action=accept
ip firewall filter add chain=forward dst-address=192.168.1.0/24 protocol=6 src-port=5190 action=accept
ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=6 src-port=5190 action=accept
ip firewall filter add chain=forward dst-address=192.168.1.0/24 protocol=6 src-port=80 action=accept
ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=6 dst-port=80 action=accept
ip firewall filter add chain=forward dst-address=192.168.1.0/24 protocol=6 src-port=443 action=accept
ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=6 dst-port=443 action=accept
ip firewall filter add chain=forward dst-address=192.168.1.0/24 protocol=6 src-port=21 action=accept
ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=6 dst-port=21 action=accept
ip firewall filter add chain=input src-address=0.0.0.0/0 protocol=6 dst-port=1723 action=accept
ip firewall filter add chain=forward action=drop
ip firewall address-list add list=Block_List address=192.168.1.20-192.168.1.254
ip route add gateway=X.X.X.X routing-mark=to-ctc
ip route add gateway=X.X.X.X routing-mark=to-alsi
ip proxy set port=8080 enabled=yes
ip proxy access add dst-host=*vk.com* action=deny
ip proxy access add dst-host=*mail.ru* action=deny
ip proxy access add dst-host=*odnoklassniki.ru* action=deny
ip proxy access add dst-host=*kino* action=deny
ip proxy access add dst-host=*film* action=deny
ip proxy access add dst-host=*serial* action=deny
ip proxy access add dst-host=*torr* action=deny
ip proxy access add dst-host=*track* action=deny
system reboot