Проблем с lan ip и избор от кой WAN да ползва

[tukanov]

Здравейте,

имам следния проблем

 

ether1 - blizoo gateway 89.215.223.193

ether2 - vivacom 192.168.1.1 ADSL gateway

ether3 - vivacom 192.168.2.1 ADSL gateway

 

ether4 - LAN 192.168.140.1/24 workgroup

ether4 - LAN 192.168.150.1/24 dhcp pool1

ether4 - LAN 192.168.151.1/24 dhcp pool2

ether4 - LAN 192.168.152.1/24 dhcp pool3

ether4 - LAN 192.168.153.1/24 dhcp pool4

ether4 - LAN 192.168.154.1/24 dhcp pool5

ether4 - LAN 192.168.155.1/24 dhcp AP`s and dvr`s

 

chain=srcnat action=masquerade src-address=192.168.154.111 out-interface=ether1 log=no log-prefix="" 

това правило на иска да работи 

мисля, че така IP 192.168.154.111 трябва да ползва винаги ether1 - blizoo gateway 89.215.223.193 Интернет от близу, но не се получава

 

 

Принт на маркирането

1    chain=input action=mark-connection new-connection-mark=ether1_co
      passthrough=yes in-interface=ether1 log=no log-prefix="" 


 2    chain=input action=mark-connection new-connection-mark=ether2_co
      passthrough=yes in-interface=ether2 log=no log-prefix="" 


 3    chain=prerouting action=accept dst-address=89.215.223.192/26 
      in-interface=LAN log=no log-prefix="" 


 4    chain=prerouting action=accept dst-address=192.168.1.0/24 in-int
      log=no log-prefix="" 


 5    chain=prerouting action=mark-connection new-connection-mark=ethe
      passthrough=yes dst-address-type=!local in-interface=LAN 
      connection-mark=no-mark 
      per-connection-classifier=both-addresses-and-ports:2/0 log=no 
      log-prefix="" 


 6    chain=prerouting action=mark-connection new-connection-mark=ethe
      passthrough=yes dst-address-type=!local in-interface=LAN 
      connection-mark=no-mark 
      per-connection-classifier=both-addresses-and-ports:2/1 log=no 
      log-prefix="" 


 7    chain=prerouting action=mark-routing new-routing-mark=to_ether1 
      passthrough=yes in-interface=LAN connection-mark=ether1_conn log=no 
      log-prefix="" 


 8    chain=prerouting action=mark-routing new-routing-mark=to_ether2 
      passthrough=yes in-interface=LAN connection-mark=ether2_conn log=no 
      log-prefix="" 


 9    chain=output action=mark-routing new-routing-mark=to_ether1 passthrough=ye>
      connection-mark=ether1_conn log=no log-prefix="" 

 

 

Благодаря предварително.

[111111]

Сега кажи и каква точно трябва да е идеята.

 

Ползвай export вместо print, дава по ясно разбираема информация.

 

Не си споменал рутирането, каква е идеята на толкова много пулове,

че и толкова голями вместо един с /18.

[tukanov]

/ip firewall mangle
add action=mark-routing chain=output connection-mark=ether2_conn new-routing-mark=to_ether2
add action=mark-connection chain=input in-interface=ether1 new-connection-mark=ether1_conn
add action=mark-connection chain=input in-interface=ether2 new-connection-mark=ether2_conn
add chain=prerouting dst-address=89.215.223.192/26 in-interface=LAN
add chain=prerouting dst-address=192.168.1.0/24 in-interface=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=ether2_conn per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=ether1_conn per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ether1_conn in-interface=LAN new-routing-mark=to_ether1
add action=mark-routing chain=prerouting connection-mark=ether2_conn in-interface=LAN new-routing-mark=to_ether2
add action=mark-routing chain=output connection-mark=ether1_conn new-routing-mark=to_ether1
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether2 src-address=192.168.140.0/24
add action=masquerade chain=srcnat disabled=yes
add chain=dstnat comment=goran disabled=yes dst-port=80 protocol=tcp src-address=192.168.154.111 to-ports=8080
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.154.111
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.14 to-ports=8080
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.1 to-ports=8080
add chain=dstnat comment=elena dst-port=80 protocol=tcp src-address=192.168.140.15 to-ports=8080
add chain=dstnat comment=topalova dst-port=80 protocol=tcp src-address=192.168.140.115 to-ports=8080
add chain=dstnat comment=tanya dst-port=80 protocol=tcp src-address=192.168.140.13 to-ports=8080
add chain=dstnat comment=elena dst-port=80 protocol=tcp src-address=192.168.140.36 to-ports=8080
add action=dst-nat chain=dstnat dst-address=89.215.223.x dst-port=8585 protocol=tcp to-addresses=192.168.140.235 to-ports=8585
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.32 to-ports=8080
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.12 to-ports=8080
add chain=dstnat comment=ceca dst-port=80 protocol=tcp src-address=192.168.140.11 to-ports=8080
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.23 to-ports=8080
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.86 to-ports=8080
add chain=dstnat comment=stoicev dst-port=80 protocol=tcp src-address=192.168.140.54 to-ports=8080
add chain=dstnat comment=stoicev dst-port=80 protocol=tcp src-address=192.168.140.73 to-ports=8080
add chain=dstnat dst-port=80 protocol=tcp src-address=192.168.140.6 to-ports=8080
add chain=dstnat comment=goran dst-port=80 protocol=tcp src-address=192.168.140.115 to-ports=8080
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=192.168.140.0/24 to-addresses=0.0.0.0 to-ports=8080

 

/ip route
add check-gateway=ping disabled=yes distance=1 gateway=89.215.223.193 routing-mark=to_ether1
add check-gateway=ping distance=1 dst-address=192.168.1.0/24 gateway=192.168.1.1 routing-mark=to_ether2
add distance=1 dst-address=79.124.76.55/32 gateway=192.168.1.1
add distance=1 dst-address=89.215.223.193/32 gateway=ether1
add distance=1 dst-address=194.153.145.104/32 gateway=192.168.1.1

 

идеята е IP 192.168.154.111 да използва само интернет от Blizoo или определени IP адреси да ползват един WAN други адреси да са с друг WAN

[111111]

разглеай правилото за маскарадиране 

/ip firewall mangle
add action=mark-routing chain=prerouting comment=cameri disabled=yes in-interface=ether3-cam new-routing-mark=CAM

/ip firewall nat
add action=masquerade chain=srcnat comment=cam out-interface=ether1-multiWAN routing-mark=CAM

/ip route
add distance=1 gateway=77.85.х.у pref-src=77.85.х.у routing-mark=CAM

в твоя случай трябва вместо да маркираш от интерфейс от ип адрес

[krustanovs]

add action=src-nat chain=srcnat src-address=89.215.223.193
 to-addresses=192.168.154.111  (192.168.154.1/24)

[111111]

add action=src-nat chain=srcnat src-address=89.215.223.193 to-addresses=192.168.154.111  (192.168.154.1/24)

да нямаш предвид 192,168,154,0/24

[krustanovs]

моя грешка точно 192.168.154.0/24 имах в предвид

[tukanov]

е няма ли възможност не цялата мрежа, искам само едно определено IP от мрежата да е с wan1 следващото да е с wan2 и друго с wan3 

по голяма свобода за избор на WAN, никъде не виждам подобен пример.

и това при мен не се получава add action=src-nat chain=srcnat src-address=89.215.223.193 to-addresses=192.168.154.0/24

[111111]

маркираш точно това ип да излиза с точно определен рутинг маркер