У меня RB951G-2HnD на RouteOS 6.9.
У меня есть 2 провайдера
ISP1:
my ip: 10.100.48.217
netmask: 255.255.224.0
gateway: 10.100.32.1
mac-address check: yes
ISP2:
my ip: 213.128.2.210
netmask: 255.255.255.128
gateway: 213.128.2.254
mac-address check: yes
У каждого провайдера есть свои локальные ресурсы, и выход в другие подсети, не доступные из вне.
Поэтому в моем конфиге будет представлена большая таблица маршрутов.
Когда я включаю uTorrent клиент, у меня через какой то интервал отваливается шлюз провайдера.
Я не могу его пропинговать даже с роутера (timeout).
Подскажите как быть?
Конфиг:
Код: Выделить всё
[SaintsinneR@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 ;;; Norcom GateWay
Wan1 ether 1500 1598 4074 00:23:54:45:85:CB
1 R ;;; MTC GateWay
Wan2 ether 1500 1598 4074 00:23:54:45:85:CB
2 RS ether3 ether 1500 1598 4074 D4:CA:6D:CC:36:1E
3 S ether4 ether 1500 1598 4074 D4:CA:6D:CC:36:1F
4 S ether5 ether 1500 1598 4074 D4:CA:6D:CC:36:20
5 XS wlan1 wlan 1500 2290 D4:CA:6D:CC:36:21
6 R LAN bridge 1500 1598 D4:CA:6D:CC:36:1E
[SaintsinneR@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="LAN" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:CC:36:1E protocol-mode=rstp priority=0x8000 auto-mac=no admin-mac=D4:CA:6D:CC:36:1E max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
[SaintsinneR@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; Norcom
10.100.48.217/19 10.100.32.0 Wan1
1 ;;; MTC
213.128.2.210/25 213.128.2.128 Wan2
2 ;;; Local
192.168.88.1/24 192.168.88.0 LAN
[SaintsinneR@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
2 S ;;; Norcom
0.0.0.0/0 10.100.32.1 1
3 A S ;;; MTC
0.0.0.0/0 213.128.2.254 2
4 S 10.0.0.0/16 10.100.32.1 1
5 S 10.6.0.0/16 10.100.32.1 1
6 S 10.10.0.0/16 10.100.32.1 1
7 S 10.11.0.0/16 10.100.32.1 1
8 S 10.100.0.0/16 10.100.32.1 1
9 DC 10.100.32.0/19 10.100.48.217 Wan1 255
10 S 10.101.0.0/16 10.100.32.1 1
11 S 10.102.0.0/16 10.100.32.1 1
12 S 10.103.0.0/16 10.100.32.1 1
13 A S 10.203.0.0/16 213.128.2.254 1
14 A S 10.204.0.0/16 213.128.2.254 1
15 S 10.252.0.0/16 10.100.32.1 1
16 S 10.253.9.0/24 10.100.32.1 1
17 S 10.253.10.0/24 10.100.32.1 1
18 S 10.254.127.0/24 10.100.32.1 1
19 S 80.67.208.0/20 10.100.32.1 1
20 A S 85.117.64.0/19 213.128.2.254 1
21 A S 91.186.96.0/19 213.128.2.254 1
22 A S 91.229.74.0/26 213.128.2.254 1
23 A S 95.129.144.0/21 213.128.2.254 1
24 S 172.22.0.0/16 10.100.32.1 1
25 ADC 192.168.88.0/24 192.168.88.1 LAN 0
26 A S 212.186.66.0/24 213.128.2.254 1
27 A S 213.128.0.0/19 213.128.2.254 1
28 ADC 213.128.2.128/25 213.128.2.210 Wan2 0
[SaintsinneR@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow established connections
chain=forward action=accept connection-state=established
1 ;;; Allow related connections
chain=forward action=accept connection-state=related
2 ;;; Allow UDP
chain=forward action=accept protocol=udp
3 ;;; Allow limited pings
chain=input action=accept protocol=icmp limit=50/5s,2
4 ;;; Access to internet from local network
chain=forward action=accept in-interface=LAN out-interface=Wan1
5 ;;; Access to internet from local network
chain=forward action=accept in-interface=LAN out-interface=Wan2
6 ;;; Drop excess pings
chain=input action=drop protocol=icmp
7 ;;; Drop invalid connection packets
chain=forward action=drop connection-state=invalid
[SaintsinneR@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Norcom
chain=srcnat action=masquerade out-interface=Wan1
1 ;;; MTC
chain=srcnat action=masquerade out-interface=Wan2
2 ;;; TS
chain=dstnat action=netmap to-addresses=192.168.88.2 to-ports=9987 protocol=udp dst-port=9987