Jump to content

Помощ с рутиране

turbo

От turbo
в Общи мрежови въпроси

 Сподели

Recommended Posts

turbo Новак

turbo

Публикувано
Публикувано

Имам проблем със рутирането на следния сетъп:

2 ISP 2 bridge

Искам да го настроя така, че през 2те ISP със лоад баланс да минава 1ния бридж, а другия бридж да минава само през 1то ISP.

В момента със със следните настройки, но не работи както трябва: 

/interface bridge
add name=TV-only
add name=WiFi+LAN
/interface ethernet
set [ find default-name=ether1 ] mac-address=  name=\
    ether1-ISP1
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full \
    disabled=yes name=ether2-ISP2
set [ find default-name=ether3 ] name=ether3-TV
set [ find default-name=ether4 ] name=ether4-TV
set [ find default-name=ether5 ] name=ether5-LAN
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp_pool2 ranges=10.10.20.2-10.10.20.254
add name=dhcp_pool_TV-bridge ranges=10.10.80.2-10.10.80.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=WiFi+LAN name=dhcp1
add address-pool=dhcp_pool_TV-bridge interface=TV-only name=dhcp2
/routing table
add disabled=no fib name=to-ISP1
add disabled=no fib name=to-ISP2
add disabled=no fib name=TV_only
/interface bridge port
add bridge=TV-only interface=ether3-TV
add bridge=TV-only interface=ether4-TV
add bridge=WiFi+LAN interface=wifi2
add bridge=WiFi+LAN interface=ether5-LAN
add bridge=WiFi+LAN interface=wifi1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1-ISP1 list=WAN
add interface=WiFi+LAN list=LAN
add interface=ether2-ISP2 list=WAN
/ip address
add address=10.10.20.1/24 interface=WiFi+LAN network=10.10.20.0
add address=10.10.80.1/24 interface=TV-only network=10.10.80.0
/ip dhcp-client
add add-default-route=no interface=ether1-ISP1 use-peer-dns=no use-peer-ntp=\
    no
add add-default-route=no interface=ether2-ISP2 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.80.0/24 gateway=10.10.80.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
add action=drop chain=forward connection-state=invalid
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=23 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=2000 protocol=tcp src-address-list=\
    management
add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\
    management
add action=reject chain=input dst-port=21 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=8728 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=8291 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=2000 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=443 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=80 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=23 protocol=tcp reject-with=tcp-reset
add action=reject chain=input dst-port=22 protocol=tcp reject-with=tcp-reset
add action=drop chain=input dst-port=53 in-interface=ether1-ISP1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether2-ISP2 protocol=udp
add action=drop chain=output out-interface=ether2-ISP2 routing-mark=TV_only
/ip firewall mangle
add action=accept chain=prerouting comment=Accept dst-address=91.148.152.0/24
add action=accept chain=prerouting dst-address=10.10.20.0/24
add action=accept chain=prerouting dst-address=10.10.80.0/24
add action=accept chain=prerouting dst-address=85.130.112.0/24
add action=mark-connection chain=input comment=Input in-interface=ether1-ISP1 \
    new-connection-mark=ISP1 passthrough=yes
add action=mark-connection chain=input in-interface=ether2-ISP2 \
    new-connection-mark=ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment=Mark in-interface=\
    ether1-ISP1 new-connection-mark=ISP1 passthrough=yes
add action=mark-connection chain=prerouting in-interface=ether2-ISP2 \
    new-connection-mark=ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC dst-address-type=local \
    in-interface=WiFi+LAN new-connection-mark=ISP1 passthrough=yes \
    per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=local \
    in-interface=WiFi+LAN new-connection-mark=ISP2 passthrough=yes \
    per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting dst-address-type=local \
    in-interface=TV-only new-connection-mark=ISP1 passthrough=yes \
    per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=output comment=Output connection-mark=ISP1 \
    new-routing-mark=to-ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=to-ISP2 \
    passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\
    TV_only passthrough=yes
add action=mark-routing chain=prerouting comment=Mark-route connection-mark=\
    ISP1 in-interface=WiFi+LAN new-routing-mark=to-ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=\
    WiFi+LAN new-routing-mark=to-ISP2 passthrough=yes
add action=mark-routing chain=prerouting comment=TV-route connection-mark=\
    ISP1 in-interface=TV-only new-routing-mark=to-ISP1 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface=ether1-ISP1
add action=masquerade chain=srcnat out-interface=ether2-ISP2
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\
    "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2 pref-src=\
    "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\
    "" routing-table=to-ISP1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2 pref-src=\
    "" routing-table=to-ISP2 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\
    "" routing-table=TV_only scope=30 suppress-hw-offload=no target-scope=10
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=WiFi+LAN type=internal
add interface=ether1-ISP1 type=external

/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 

Адрес на коментара
Сподели в други сайтове
  • Администратор
JohnTRIVOLTA Изгряваща звезда

JohnTRIVOLTA

Отговорено
  • Администратор
Отговорено
Преди 8 часа, turbo написа:

Не, ТВ да минава през едната, а лана и уайфи да минава през двете балансирано 

Премахваш всички правила с които си маркирал трафика на TV мрежата, така че само другата мрежа да се балансира!

Добавяш правило в рут таблицата: 

routing/rule/add  src-address=10.10.80.0/24 action=lookup table=to-ISP2
Адрес на коментара
Сподели в други сайтове

Създайте нов акаунт или се впишете, за да коментирате

За да коментирате, трябва да имате регистрация

Създайте акаунт

Присъединете се към нашата общност. Регистрацията става бързо!

Регистрация на нов акаунт

Вход

Имате акаунт? Впишете се оттук.

Вписване
 Сподели
Върнете се назад

  • Потребители разглеждащи страницата   0 потребители

    • No registered users viewing this page.
×
×
  • Създай нов...

Important Information

By using this site, you agree to our Terms of Use.

  I accept