Mikrotik маркировка трафика

Как разобраться с маркировкой трафика в RouterOS (Mikrotik)?

Здравствуйте,
Помогите, пожалуйста, разобраться с маркировкой и маршрутизацией трафика в RouterOS.
Дано: Mikrotik 750GL (RouterOS 5.26), два провайдера (isp1,2) и 3 подсети (Network1,2,3).
порт1: port1 — 1.1.1.1 (isp1)
порт2: port2 — 2.2.2.2 (isp2)
порт3: port3 — 192.168.1.0/24 (network1)
порт4: port4 — 192.168.2.0/24 (network2)
порт5: port5 — 192.168.3.0/24 (network3)
Задача:
1) Настроить маркировку вх./исх. трафика (цепочки input/output) для роутера, чтобы трафик ходил на тот же интерфейс с которого пришел. (Для корректной работы VPN-pptp и т.д) для isp1, isp2.
2)Настроить маркировку проходящего трафика (цепочки forward/prerouting) для сетей Network1/2/3. Для того чтобы трафик уходил на тот же интерфейс с которого пришел и для настройки резервирования(см п.3)
3)Нужно настроить резервирование:
Сеть1: isp1->isp2
Сеть2: isp2->isp1
Сеть3: isp1->isp2
Мой конфиг:
/ip firewall mangle

01 add action=mark-routing chain=output disabled=no new-routing-mark=isp1 out-interface=port1 passthrough=no 02 add action=mark-routing chain=output disabled=no new-routing-mark=isp2 out-interface=port2 passthrough=no 03 add action=mark-connection chain=input disabled=no dst-address=1.1.1.1 in-interface=port1 new-connection-mark=port1_c_input passthrough=yes 04 add action=mark-routing chain=output connection-mark=port1_c_input disabled=no new-routing-mark=port1_r_input passthrough=no 05 add action=mark-connection chain=input disabled=no dst-address=2.2.2.2 in-interface=port2 new-connection-mark=port2_c_input passthrough=yes 06 add action=mark-routing chain=output connection-mark=port2_c_input disabled=no new-routing-mark=port2_r_input passthrough=no 07 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network1 passthrough=no src-address=192.168.1.0/24 08 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network2 passthrough=no src-address=192.168.2.0/24 09 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network3 passthrough=no src-address=192.168.3.0/24 10 add action=mark-connection chain=forward disabled=no dst-address=192.168.1.0/24 in-interface=port1 new-connection-mark=port1-network1 passthrough=no 11 add action=mark-routing chain=prerouting connection-mark=port1-network1 disabled=no new-routing-mark=port1_network1 passthrough=no src-address=192.168.1.0/24 12 add action=mark-connection chain=forward disabled=no dst-address=192.168.1.0/24 in-interface=port2 new-connection-mark=port2-network1 passthrough=no 13 add action=mark-routing chain=prerouting connection-mark=port2-network1 disabled=no new-routing-mark=port2_network1 passthrough=no src-address=192.168.1.0/24 14 add action=mark-connection chain=forward disabled=no dst-address=192.168.2.0/24 in-interface=port1 new-connection-mark=port1-network2 passthrough=no 15 add action=mark-routing chain=prerouting connection-mark=port1-network2 disabled=no new-routing-mark=port1_network2 passthrough=no src-address=192.168.2.0/24 16 add action=mark-connection chain=forward disabled=no dst-address=192.168.2.0/24 in-interface=port2 new-connection-mark=port2-network2 passthrough=no 17 add action=mark-routing chain=prerouting connection-mark=port2-network2 disabled=no new-routing-mark=port2_network2 passthrough=no src-address=192.168.2.0/24 18 add action=mark-connection chain=forward disabled=no dst-address=192.168.3.0/24 in-interface=port1 new-connection-mark=port1-network3 passthrough=no 19 add action=mark-routing chain=prerouting connection-mark=port1-network3 disabled=no new-routing-mark=port1_network3 passthrough=no src-address=192.168.3.0/24 20 add action=mark-connection chain=forward disabled=no dst-address=192.168.3.0/24 in-interface=port2 new-connection-mark=port2-network3 passthrough=no 21 add action=mark-routing chain=prerouting connection-mark=port2-network3 disabled=no new-routing-mark=port2_network3 passthrough=no src-address=192.168.3.0/24
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=isp1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=isp2 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_r_input scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_r_input scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network1 scope=30 target-scope=10 add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network2 scope=30 target-scope=10 add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network2 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network3 scope=30 target-scope=10 add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network3 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network2 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network2 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network3 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network3 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10,2.2.2.20,2.2.2.20 scope=30 target-scope=10
Все ли правильно?
Всех с наступающим!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *