turbo Posted June 28, 2023 Report Share Posted June 28, 2023 Имам проблем със рутирането на следния сетъп: 2 ISP 2 bridge Искам да го настроя така, че през 2те ISP със лоад баланс да минава 1ния бридж, а другия бридж да минава само през 1то ISP. В момента със със следните настройки, но не работи както трябва: /interface bridge add name=TV-only add name=WiFi+LAN /interface ethernet set [ find default-name=ether1 ] mac-address= name=\ ether1-ISP1 set [ find default-name=ether2 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full \ disabled=yes name=ether2-ISP2 set [ find default-name=ether3 ] name=ether3-TV set [ find default-name=ether4 ] name=ether4-TV set [ find default-name=ether5 ] name=ether5-LAN /interface list add name=WAN add name=LAN /ip pool add name=dhcp_pool2 ranges=10.10.20.2-10.10.20.254 add name=dhcp_pool_TV-bridge ranges=10.10.80.2-10.10.80.254 /ip dhcp-server add address-pool=dhcp_pool2 interface=WiFi+LAN name=dhcp1 add address-pool=dhcp_pool_TV-bridge interface=TV-only name=dhcp2 /routing table add disabled=no fib name=to-ISP1 add disabled=no fib name=to-ISP2 add disabled=no fib name=TV_only /interface bridge port add bridge=TV-only interface=ether3-TV add bridge=TV-only interface=ether4-TV add bridge=WiFi+LAN interface=wifi2 add bridge=WiFi+LAN interface=ether5-LAN add bridge=WiFi+LAN interface=wifi1 /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface list member add interface=ether1-ISP1 list=WAN add interface=WiFi+LAN list=LAN add interface=ether2-ISP2 list=WAN /ip address add address=10.10.20.1/24 interface=WiFi+LAN network=10.10.20.0 add address=10.10.80.1/24 interface=TV-only network=10.10.80.0 /ip dhcp-client add add-default-route=no interface=ether1-ISP1 use-peer-dns=no use-peer-ntp=\ no add add-default-route=no interface=ether2-ISP2 use-peer-dns=no use-peer-ntp=no /ip dhcp-server network add address=10.10.20.0/24 gateway=10.10.20.1 add address=10.10.80.0/24 gateway=10.10.80.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip firewall filter add action=fasttrack-connection chain=forward connection-state=\ established,related hw-offload=yes add action=accept chain=input protocol=icmp add action=accept chain=input connection-state=established add action=accept chain=input connection-state=related add action=drop chain=input in-interface-list=!LAN add action=drop chain=forward connection-state=invalid add action=accept chain=input dst-port=22 protocol=tcp src-address-list=\ management add action=accept chain=input dst-port=23 protocol=tcp src-address-list=\ management add action=accept chain=input dst-port=2000 protocol=tcp src-address-list=\ management add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\ management add action=reject chain=input dst-port=21 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=8728 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=8291 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=2000 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=443 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=80 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=23 protocol=tcp reject-with=tcp-reset add action=reject chain=input dst-port=22 protocol=tcp reject-with=tcp-reset add action=drop chain=input dst-port=53 in-interface=ether1-ISP1 protocol=udp add action=drop chain=input dst-port=53 in-interface=ether2-ISP2 protocol=udp add action=drop chain=output out-interface=ether2-ISP2 routing-mark=TV_only /ip firewall mangle add action=accept chain=prerouting comment=Accept dst-address=91.148.152.0/24 add action=accept chain=prerouting dst-address=10.10.20.0/24 add action=accept chain=prerouting dst-address=10.10.80.0/24 add action=accept chain=prerouting dst-address=85.130.112.0/24 add action=mark-connection chain=input comment=Input in-interface=ether1-ISP1 \ new-connection-mark=ISP1 passthrough=yes add action=mark-connection chain=input in-interface=ether2-ISP2 \ new-connection-mark=ISP2 passthrough=yes add action=mark-connection chain=prerouting comment=Mark in-interface=\ ether1-ISP1 new-connection-mark=ISP1 passthrough=yes add action=mark-connection chain=prerouting in-interface=ether2-ISP2 \ new-connection-mark=ISP2 passthrough=yes add action=mark-connection chain=prerouting comment=PCC dst-address-type=local \ in-interface=WiFi+LAN new-connection-mark=ISP1 passthrough=yes \ per-connection-classifier=both-addresses:2/0 add action=mark-connection chain=prerouting dst-address-type=local \ in-interface=WiFi+LAN new-connection-mark=ISP2 passthrough=yes \ per-connection-classifier=both-addresses:2/1 add action=mark-connection chain=prerouting dst-address-type=local \ in-interface=TV-only new-connection-mark=ISP1 passthrough=yes \ per-connection-classifier=both-addresses:2/1 add action=mark-routing chain=output comment=Output connection-mark=ISP1 \ new-routing-mark=to-ISP1 passthrough=yes add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=to-ISP2 \ passthrough=yes add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\ TV_only passthrough=yes add action=mark-routing chain=prerouting comment=Mark-route connection-mark=\ ISP1 in-interface=WiFi+LAN new-routing-mark=to-ISP1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=\ WiFi+LAN new-routing-mark=to-ISP2 passthrough=yes add action=mark-routing chain=prerouting comment=TV-route connection-mark=\ ISP1 in-interface=TV-only new-routing-mark=to-ISP1 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat add action=masquerade chain=srcnat out-interface=ether1-ISP1 add action=masquerade chain=srcnat out-interface=ether2-ISP2 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\ "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2 pref-src=\ "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\ "" routing-table=to-ISP1 scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2 pref-src=\ "" routing-table=to-ISP2 scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 pref-src=\ "" routing-table=TV_only scope=30 suppress-hw-offload=no target-scope=10 /ip upnp set enabled=yes /ip upnp interfaces add interface=WiFi+LAN type=internal add interface=ether1-ISP1 type=external /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN Link to comment Share on other sites More sharing options...
Administrator JohnTRIVOLTA Posted June 28, 2023 Administrator Report Share Posted June 28, 2023 Искаш едната мрежа да излиза през ISP1 , а другата мрежа през ISP2 ? Link to comment Share on other sites More sharing options...
turbo Posted June 28, 2023 Author Report Share Posted June 28, 2023 Не, ТВ да минава през едната, а лана и уайфи да минава през двете балансирано Link to comment Share on other sites More sharing options...
Administrator JohnTRIVOLTA Posted June 29, 2023 Administrator Report Share Posted June 29, 2023 Преди 8 часа, turbo написа: Не, ТВ да минава през едната, а лана и уайфи да минава през двете балансирано Премахваш всички правила с които си маркирал трафика на TV мрежата, така че само другата мрежа да се балансира! Добавяш правило в рут таблицата: routing/rule/add src-address=10.10.80.0/24 action=lookup table=to-ISP2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now