Код: Выделить всё
/interface bridge
add name=Clietns
add name=Home
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/ip pool
add name=Home_pool ranges=192.168.88.2-192.168.88.254
add name=PPPOE_Isolated ranges=172.16.16.2-172.16.16.254
add name=dhcp_pool2 ranges=172.16.16.2-172.16.16.254
add name=PPPoe_autorized ranges=172.16.3.10-172.16.3.100
/ip dhcp-server
add address-pool=Home_pool disabled=no interface=Home lease-time=1d name=Home
add address-pool=dhcp_pool2 disabled=no interface=Clietns lease-time=1d name=\
dhcp1
/queue simple
add burst-limit=70M/70M burst-threshold=60M/60M burst-time=10s/10s max-limit=\
50M/50M name=PPPOEConnection target=172.0.0.0/8
add burst-limit=35M/35M burst-threshold=31M/31M burst-time=5s/5s max-limit=\
30M/30M name=queue1 target=192.168.88.0/24
/ppp profile
add change-tcp-mss=yes dns-server=172.16.16.1 local-address=172.16.16.1 name=\
1MBPS only-one=no parent-queue=PPPOEConnection rate-limit=1M/1M \
remote-address=PPPOE_Isolated use-compression=no use-encryption=yes \
use-mpls=no
add dns-server=172.16.16.1 local-address=172.16.3.1 name=8MBPS only-one=no \
parent-queue=PPPOEConnection rate-limit=8M/8M remote-address=\
PPPoe_autorized session-timeout=0s use-compression=no use-encryption=yes \
use-mpls=no
/interface bridge port
add bridge=Home interface=wlan1
add bridge=Home interface=ether5
add bridge=Clietns interface=ether4
add bridge=Clietns interface=ether3
/interface pppoe-server server
add default-profile=8MBPS disabled=no interface=Clietns service-name=\
PPPoE-Server
/ip address
add address=192.168.88.1/24 interface=Home network=192.168.88.0
add address=172.16.16.1/24 interface=Clietns network=172.16.16.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=WAN1
add dhcp-options=hostname,clientid disabled=no interface=WAN2
/ip dhcp-server network
add address=172.16.16.0/24 gateway=172.16.16.1
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.88.0/24 list=admin
add address=172.16.16.16 list=admin
/ip firewall filter
add action=accept chain=input comment="Established / Related" connection-state=\
established,related
add action=accept chain=forward comment=Forward connection-state=\
established,related
add action=drop chain=input comment=Invalid connection-state=invalid \
in-interface-list=WAN
add action=drop chain=forward connection-state=invalid in-interface-list=WAN
add action=accept chain=input comment="Winbox External" dst-port=8291 \
in-interface-list=WAN log=yes protocol=tcp
add action=accept chain=input comment=ICMP icmp-options=0:8 in-interface-list=\
WAN ipv4-options=strict-source-routing packet-size=100 protocol=icmp \
tcp-flags="" ttl=equal:0
add action=drop chain=input comment=Drop in-interface-list=WAN
add action=drop chain=forward connection-nat-state=!dstnat in-interface-list=\
WAN
add action=drop chain=forward src-address=172.16.16.0/24
add action=drop chain=forward dst-address=192.168.88.0/24 src-address=\
172.16.16.0/24
/ip firewall mangle
add action=accept chain=prerouting comment=ISP50_HOME dst-address=\
192.168.50.0/24 in-interface=Home
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=in-ISP50 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=Home new-connection-mark=in-ISP50 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=in-ISP50 in-interface=\
Home new-routing-mark=ISP50 passthrough=yes
add action=mark-routing chain=output connection-mark=in-ISP50 new-routing-mark=\
ISP50 passthrough=yes
add action=accept chain=prerouting comment=ISP60_CLIENT dst-address=\
192.168.60.0/24 in-interface=Clietns
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=in-ISP60 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=Clietns new-connection-mark=in-ISP60 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-routing chain=prerouting connection-mark=in-ISP60 in-interface=\
Clietns new-routing-mark=ISP60 passthrough=yes
add action=mark-routing chain=output connection-mark=in-ISP60 new-routing-mark=\
ISP60 passthrough=yes
add action=accept chain=prerouting comment=ISP20_CLIENT dst-address=\
192.168.20.0/24 in-interface=Clietns
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=lte3 new-connection-mark=in-ISP20 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=Clietns new-connection-mark=in-ISP20 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=in-ISP20 in-interface=\
Clietns new-routing-mark=ISP20 passthrough=yes
add action=mark-routing chain=output connection-mark=in-ISP20 new-routing-mark=\
ISP20 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface=lte3
add action=masquerade chain=srcnat comment=PPPoE src-address=172.16.16.0/24
/ip route
add check-gateway=ping comment="ROUTE_HOME ISP50" distance=1 gateway=\
192.168.50.1 routing-mark=ISP50
add check-gateway=ping comment="ROUTE_CLIENT ISP60" distance=1 gateway=\
192.168.60.1 routing-mark=ISP60
add check-gateway=ping comment="ROUTE_CLIENT ISP20" distance=1 gateway=\
192.168.20.1 routing-mark=ISP20
add check-gateway=ping comment="INET_CLIENT ISP60" distance=1 gateway=\
192.168.60.1
add check-gateway=ping comment="INET_HOME ISP50" distance=1 gateway=\
192.168.50.1
add check-gateway=ping comment="INET_CLIENT ISP20" distance=1 gateway=\
192.168.20.1
/ip route rule
add src-address=192.168.50.1/32 table=to-ISP50
add src-address=192.168.60.1/32 table=to-ISP60
add dst-address=192.168.88.0/24 table=main
add routing-mark=ISP50 table=to-ISP50
add routing-mark=ISP20 table=to-ISP20
add src-address=192.168.20.1/32 table=to-ISP20
add routing-mark=ISP60 table=to-ISP60
add dst-address=172.16.3.0/24 table=main
/ppp secret
add name=test1 password=12345 profile=8MBPS service=pppoe