Разделение двух провайдеров по шпаргалке. Нет pingA
Добавлено: 25 сен 2019, 12:20
andy98
Добрый день. Пытаюсь разделить выход локальных адресов по списку через разных провайдеров. Выход успешно меняется, а вот из локалки я не могу пропинговать адреса провайдеров на микротике 178.208.A.A и 178.208.B.B
Шлюзы 178.208.D.D и 178.208.С.С и другие внешние адреса нормально пингуются. Что я делаю не так?
Конфа здесь
Шлюзы 178.208.D.D и 178.208.С.С и другие внешние адреса нормально пингуются. Что я делаю не так?
Конфа здесь
# model = RouterBOARD 3011UiAS
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1-CAC
set [ find default-name=ether2 ] disabled=yes name=ether2-WAN2-CAC
set [ find default-name=ether3 ] name=ether3-WAN1-AQ
set [ find default-name=ether4 ] disabled=yes name=ether4-WAN2-AQ
set [ find default-name=ether5 ] name=ether5-LAN
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=WAN
add name=LAN
add name=ls1-WAN1
add name=ls2-WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1-WAN1-CAC list=WAN
add list=LAN
add interface=ether1-WAN1-CAC list=ls1-WAN1
add interface=ether3-WAN1-AQ list=ls2-WAN2
/ip address
add address=178.208.A.A/30 interface=ether1-WAN1-CAC network=\
178.208.A1.A1
add address=178.208.B.B/30 interface=ether3-WAN1-AQ network=178.208.B1.B1
add address=192.168.17.55/24 interface=ether5-LAN network=192.168.17.0
/ip dns
set servers=87.245.P1.P1,212.45.P2.P2,87.245.P3.P3
/ip firewall address-list
add address=192.168.17.30 list=to_CAC
add address=192.168.17.29 list=to_AQ
add address=192.168.17.0/24 list=LocalNet
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Mark-rout with mark-conn CAC_for to route via iface of CAC" \
connection-mark=CAC_for new-routing-mark=CAC_rout passthrough=no \
src-address-list=LocalNet
add action=mark-routing chain=prerouting comment=\
"Mark-rout with mark-conn AQ_for to route via iface of AQ" connection-mark=\
AQ_for new-routing-mark=AQ_rout passthrough=no src-address-list=LocalNet
add action=mark-routing chain=output comment=\
"Mark-rout with mark-conn CAC_in to route via iface CAC" connection-mark=\
CAC_in new-routing-mark=CAC_rout passthrough=no
add action=mark-routing chain=output comment=\
"Mark-rout with mark-conn AQ_in to route via iface AQ" connection-mark=\
AQ_in new-routing-mark=AQ_rout passthrough=no
add action=mark-routing chain=prerouting comment="GO-to-CAC (via AddrList)" \
connection-mark=no-mark dst-address-list=!LocalNet new-routing-mark=\
CAC_rout passthrough=no src-address-list=to_CAC
add action=mark-routing chain=prerouting comment="GO-to-AQ (via AddrList)" \
connection-mark=no-mark dst-address-list=!LocalNet new-routing-mark=AQ_rout \
passthrough=no src-address-list=to_AQ
add action=mark-connection chain=input comment="Mark-conn input on CAC_in" \
in-interface-list=ls1-WAN1 new-connection-mark=CAC_in passthrough=no
add action=mark-connection chain=input comment="Mark-conn input on AQ_in" \
in-interface-list=ls2-WAN2 new-connection-mark=AQ_in passthrough=no
add action=mark-connection chain=forward comment=\
"Mark-conn forward on CAC_in to new-mark CAC_for" in-interface-list=\
ls1-WAN1 new-connection-mark=CAC_for passthrough=no
add action=mark-connection chain=forward comment=\
"Mark-conn forward on AQ_in to new-mark AQ_for" in-interface-list=ls2-WAN2 \
new-connection-mark=AQ_for passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping comment="CAC_rout (1)" distance=1 gateway=\
178.208.D.D pref-src=178.208.A.A routing-mark=CAC_rout
add check-gateway=ping comment="AQ_rout (2)" distance=1 gateway=178.208.C.C \
pref-src=178.208.B.B routing-mark=AQ_rout
add check-gateway=ping comment="Default GW" distance=1 gateway=178.208.D.D \
pref-src=178.208.A.A
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1-CAC
set [ find default-name=ether2 ] disabled=yes name=ether2-WAN2-CAC
set [ find default-name=ether3 ] name=ether3-WAN1-AQ
set [ find default-name=ether4 ] disabled=yes name=ether4-WAN2-AQ
set [ find default-name=ether5 ] name=ether5-LAN
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=WAN
add name=LAN
add name=ls1-WAN1
add name=ls2-WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1-WAN1-CAC list=WAN
add list=LAN
add interface=ether1-WAN1-CAC list=ls1-WAN1
add interface=ether3-WAN1-AQ list=ls2-WAN2
/ip address
add address=178.208.A.A/30 interface=ether1-WAN1-CAC network=\
178.208.A1.A1
add address=178.208.B.B/30 interface=ether3-WAN1-AQ network=178.208.B1.B1
add address=192.168.17.55/24 interface=ether5-LAN network=192.168.17.0
/ip dns
set servers=87.245.P1.P1,212.45.P2.P2,87.245.P3.P3
/ip firewall address-list
add address=192.168.17.30 list=to_CAC
add address=192.168.17.29 list=to_AQ
add address=192.168.17.0/24 list=LocalNet
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Mark-rout with mark-conn CAC_for to route via iface of CAC" \
connection-mark=CAC_for new-routing-mark=CAC_rout passthrough=no \
src-address-list=LocalNet
add action=mark-routing chain=prerouting comment=\
"Mark-rout with mark-conn AQ_for to route via iface of AQ" connection-mark=\
AQ_for new-routing-mark=AQ_rout passthrough=no src-address-list=LocalNet
add action=mark-routing chain=output comment=\
"Mark-rout with mark-conn CAC_in to route via iface CAC" connection-mark=\
CAC_in new-routing-mark=CAC_rout passthrough=no
add action=mark-routing chain=output comment=\
"Mark-rout with mark-conn AQ_in to route via iface AQ" connection-mark=\
AQ_in new-routing-mark=AQ_rout passthrough=no
add action=mark-routing chain=prerouting comment="GO-to-CAC (via AddrList)" \
connection-mark=no-mark dst-address-list=!LocalNet new-routing-mark=\
CAC_rout passthrough=no src-address-list=to_CAC
add action=mark-routing chain=prerouting comment="GO-to-AQ (via AddrList)" \
connection-mark=no-mark dst-address-list=!LocalNet new-routing-mark=AQ_rout \
passthrough=no src-address-list=to_AQ
add action=mark-connection chain=input comment="Mark-conn input on CAC_in" \
in-interface-list=ls1-WAN1 new-connection-mark=CAC_in passthrough=no
add action=mark-connection chain=input comment="Mark-conn input on AQ_in" \
in-interface-list=ls2-WAN2 new-connection-mark=AQ_in passthrough=no
add action=mark-connection chain=forward comment=\
"Mark-conn forward on CAC_in to new-mark CAC_for" in-interface-list=\
ls1-WAN1 new-connection-mark=CAC_for passthrough=no
add action=mark-connection chain=forward comment=\
"Mark-conn forward on AQ_in to new-mark AQ_for" in-interface-list=ls2-WAN2 \
new-connection-mark=AQ_for passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping comment="CAC_rout (1)" distance=1 gateway=\
178.208.D.D pref-src=178.208.A.A routing-mark=CAC_rout
add check-gateway=ping comment="AQ_rout (2)" distance=1 gateway=178.208.C.C \
pref-src=178.208.B.B routing-mark=AQ_rout
add check-gateway=ping comment="Default GW" distance=1 gateway=178.208.D.D \
pref-src=178.208.A.A