/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1-wan new-connection-mark=isp1-conn passthrough=yes
add action=mark-routing chain=output connection-mark=isp1-conn new-routing-mark=isp1-route passthrough=no
add action=mark-connection chain=forward in-interface=ether1-wan new-connection-mark=isp1-conn-f passthrough=no
add action=mark-routing chain=prerouting connection-mark=isp1-conn-f in-interface=bridge1 new-routing-mark=isp1-route passthrough=yes
add action=mark-connection chain=input in-interface=ether2-wan new-connection-mark=isp2-conn passthrough=yes
add action=mark-routing chain=output connection-mark=isp2-conn new-routing-mark=isp2-route passthrough=no
add action=mark-connection chain=forward in-interface=ether2-wan new-connection-mark=isp2-conn-f passthrough=no
add action=mark-routing chain=prerouting connection-mark=isp2-conn-f in-interface=bridge1 new-routing-mark=isp2-route passthrough=yes
Прописываем маршруты по умолчанию:
/ip route
add check-gateway=ping distance=1 gateway=192.168.0.1 routing-mark=isp1-route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=isp2-route
Создаём рекурсивную маршрутизацию:
/ip route
add check-gateway=ping distance=10 gateway=1.1.1.1
add check-gateway=ping distance=20 gateway=80.80.80.80
add check-gateway=ping distance=1 dst-address=1.1.1.1/32 gateway=192.168.0.1 scope=10
add check-gateway=ping distance=1 dst-address=80.80.80.80/32 gateway=192.168.1.1 scope=10
Сбрасываем подключения при смене маршрута:
/tool netwatch add down-script="/ip firewall connection remove [find tcp-state=\"established\"]\r\n/ip firewall connection remove [find protocol=\"udp\"]\r\n" host=1.1.1.1 up-script="/ip firewall connection remove [find tcp-state=\"established\"]\r\n/ip firewall connection remove [find protocol=\"udp\"]\r\n"
add action=mark-connection chain=input in-interface=ether1-wan new-connection-mark=isp1-conn passthrough=yes
add action=mark-routing chain=output connection-mark=isp1-conn new-routing-mark=isp1-route passthrough=no
add action=mark-connection chain=forward in-interface=ether1-wan new-connection-mark=isp1-conn-f passthrough=no
add action=mark-routing chain=prerouting connection-mark=isp1-conn-f in-interface=bridge1 new-routing-mark=isp1-route passthrough=yes
add action=mark-connection chain=input in-interface=ether2-wan new-connection-mark=isp2-conn passthrough=yes
add action=mark-routing chain=output connection-mark=isp2-conn new-routing-mark=isp2-route passthrough=no
add action=mark-connection chain=forward in-interface=ether2-wan new-connection-mark=isp2-conn-f passthrough=no
add action=mark-routing chain=prerouting connection-mark=isp2-conn-f in-interface=bridge1 new-routing-mark=isp2-route passthrough=yes
Прописываем маршруты по умолчанию:
/ip route
add check-gateway=ping distance=1 gateway=192.168.0.1 routing-mark=isp1-route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=isp2-route
Создаём рекурсивную маршрутизацию:
/ip route
add check-gateway=ping distance=10 gateway=1.1.1.1
add check-gateway=ping distance=20 gateway=80.80.80.80
add check-gateway=ping distance=1 dst-address=1.1.1.1/32 gateway=192.168.0.1 scope=10
add check-gateway=ping distance=1 dst-address=80.80.80.80/32 gateway=192.168.1.1 scope=10
Сбрасываем подключения при смене маршрута:
/tool netwatch add down-script="/ip firewall connection remove [find tcp-state=\"established\"]\r\n/ip firewall connection remove [find protocol=\"udp\"]\r\n" host=1.1.1.1 up-script="/ip firewall connection remove [find tcp-state=\"established\"]\r\n/ip firewall connection remove [find protocol=\"udp\"]\r\n"
Комментариев нет:
Отправить комментарий