Jump to content
Калькуляторы

Для пытливых умов (помогите довести дело до конца) Mikrotik

Задача токая

есть 3 канала от одного провайдера

расстояние 10 километров

и нас 23 человека

сейчас выглядит вот так надеюсь схему поймете

 

 

Каму интересны такие головоломки прошу помочь

мне дали советы

1. Завести все каналы напрямую в микротик

2. КАЖДЫЙ канал прокинуть до 433 по L2 - это позволит значительно разгрузить и без того слабенький 750й

3. На 433 поднять внутренюю сеть с одним ДХЦП

4. Прописать в ДХЦП статику для ваших клиентов

5. Распределить по каналам ваших клиентов средствами Микротик

немогу разобраться в них

post-106930-099003200 1411517068_thumb.jpg

Edited by Kolik-an

Share this post


Link to post
Share on other sites

Я бы сделал следующим образом, причем на 750.

 

 

#пул DHCP вместо 192.168.0.0/16 прописать свой

/ip firewall address-list add list=loacal address=192.168.0.0/16

 

#правила балансировки по адресу отправления

/ip firewall mangle

add action=add-src-to-address-list address-list=wan1 chain="mark new unseen" nth=3,1

add action=add-src-to-address-list address-list=wan2 chain="mark new unseen" nth=3,2

add action=add-src-to-address-list address-list=wan3 chain="mark new unseen" nth=3,3

add action=add-src-to-address-list address-list=all chain="mark new unseen"

add action=mark-routing chain=prerouting new-routing-mark=WAN1 passthrough=no src-address-list=wan1

add action=mark-routing chain=prerouting new-routing-mark=WAN2 passthrough=no src-address-list=wan2

add action=mark-routing chain=prerouting new-routing-mark=WAN3 passthrough=no src-address-list=wan3

add action=jump chain="mark new unseen-check" jump-target="mark new unseen" src-address-list=!all

add action=jump chain=prerouting comment=NEW-Connection-and-IP connection-state=new jump-target="mark new unseen-check" src-address-list=local

 

#nat

/ip firewall nat add action=masquerade chain=srcnat src-address-list=loacal

 

#Предположим у нас 3 выхода в интернет

#1.1.1.1=WAN1

#2.2.2.2=WAN2

#3.3.3.3=WAN3

 

#Рекурсивная маршрутизация для проверки работы канала

/ip route

add distance=1 dst-address=8.8.4.4/32 gateway=1.1.1.1 scope=10 target-scope=20

add distance=1 dst-address=8.8.8.8/32 gateway=2.2.2.2 scope=10 target-scope=20

add distance=1 dst-address=77.88.8.8/32 gateway=3.3.3.3 scope=10 target-scope=20

 

add check-gateway=ping distance=1 dst-address=127.1.1.0/32 gateway=8.8.8.8 scope=10 target-scope=20

add check-gateway=ping distance=1 dst-address=127.1.1.1/32 gateway=8.8.4.4 scope=10 target-scope=20

add check-gateway=ping distance=1 dst-address=127.1.1.2/32 gateway=77.88.8.8 scope=10 target-scope=20

 

add distance=10 gateway=127.1.1.0 routing-mark=WAN1 scope=50

add distance=20 gateway=127.1.1.1 routing-mark=WAN1 scope=50

add distance=30 gateway=127.1.1.2 routing-mark=WAN1 scope=50

 

add distance=30 gateway=127.1.1.0 routing-mark=WAN2 scope=50

add distance=10 gateway=127.1.1.1 routing-mark=WAN2 scope=50

add distance=20 gateway=127.1.1.2 routing-mark=WAN2 scope=50

 

add distance=20 gateway=127.1.1.0 routing-mark=WAN3 scope=50

add distance=30 gateway=127.1.1.1 routing-mark=WAN3 scope=50

add distance=10 gateway=127.1.1.2 routing-mark=WAN3 scope=50

Edited by Artur-t

Share this post


Link to post
Share on other sites

используя eoip-tunnel вывел все на 433

 

ниже привел конфигурацию 2-х Mikrotik

 

что думаете по настройке!!!

 

конфигурация Mikrotik 433

/interface bridge

add disabled=yes mtu=1596 name=bridge1

add l2mtu=1526 name=bridge3

add l2mtu=1524 name=bridge4

/interface wireless

set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \

band=2ghz-onlyg basic-rates-b="" default-authentication=no dfs-mode=\

no-radar-detect disabled=no frequency=auto guard-interval=long \

ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-\

9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" hw-protection-mode=rts-cts \

hw-retries=4 l2mtu=1600 mode=ap-bridge mtu=1900 rate-set=configured \

rx-chains=0,1 scan-list=2300-2735 ssid="Home network" supported-rates-b="" \

tx-chains=0,1 tx-power=18 tx-power-mode=all-rates-fixed wds-default-bridge=\

bridge4 wds-mode=dynamic wireless-protocol=802.11

set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \

antenna-gain=20 band=5ghz-a/n basic-rates-b="" channel-width=20/40mhz-Ce \

disabled=no frequency=auto frequency-mode=superchannel guard-interval=long \

hw-protection-mode=rts-cts hw-retries=15 l2mtu=1600 mode=station-wds mtu=\

1800 nv2-preshared-key=123456789 nv2-security=enabled rx-chains=0,1 \

scan-list=5200-6100 ssid=Kol-Mik supported-rates-b="" tx-chains=0,1 \

tx-power=20 tx-power-mode=all-rates-fixed wds-default-bridge=bridge4 \

wds-mode=static wireless-protocol=nv2 wmm-support=enabled

/interface wireless nstreme

set wlan1 disable-csma=yes enable-nstreme=yes framer-policy=dynamic-size

set wlan2 enable-nstreme=yes

/interface eoip

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:46 mtu=\

1700 name=eoip-tunnel1 remote-address=1.1.1.1 tunnel-id=10

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:47 mtu=\

1600 name=eoip-tunnel2 remote-address=1.1.1.1 tunnel-id=20

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:DF:9A:2E:D0:45 mtu=\

1500 name=eoip-tunnel3 remote-address=1.1.1.1 tunnel-id=30

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \

group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \

wpa-pre-shared-key=666qwerty666

/ip pool

add name=dhcp_pool1 ranges=192.168.100.100-192.168.100.132

/ip dhcp-server

add address-pool=dhcp_pool1 disabled=no interface=bridge4 lease-time=1d name=\

dhcp1

/queue simple

add disabled=yes max-limit=8M/8M name=queue33 target=192.168.100.0/24

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue0 target=192.168.100.100/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\E0\F0\EF\FE\EA" max-limit=4M/4M name=queue1 target=192.168.100.101/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CB\F3\EF\EF\EE\E2" max-limit=4M/4M name=queue2 target=192.168.100.102/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CE\F0\F1\E8\F7" max-limit=4M/4M name=queue3 target=192.168.100.103/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue4 target=\

192.168.100.104/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue5 target=\

192.168.100.105/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue6 target=\

192.168.100.106/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\FB\EB\EE\E2" max-limit=4M/4M name=queue7 target=192.168.100.107/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue8 target=192.168.100.108/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C2\EE\EB\E3\F3\F8\EA\E8\ED" max-limit=4M/4M name=queue9 target=\

192.168.100.109/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue10 target=192.168.100.110/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D7\F3\E4\E0\EA\EE\E2" max-limit=4M/4M name=queue11 target=\

192.168.100.111/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D7\E5\F0\E4\E0\ED\F6\E5\E2" max-limit=4M/4M name=queue12 target=\

192.168.100.112/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CF\EE\E7\E4\E5\E5\E2\FB" max-limit=4M/4M name=queue13 target=\

192.168.100.113/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C1\E5\E4\EE\F0\E5\E2\FB" max-limit=4M/4M name=queue14 target=\

192.168.100.114/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue15 target=192.168.100.115/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue16 target=192.168.100.116/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue18 target=192.168.100.118/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\F0\F2\E5\EC\E5\ED\EA\EE" max-limit=4M/4M name=queue19 target=\

192.168.100.119/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue20 target=\

192.168.100.120/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D1\E0\EC\EE\EB\E5\ED\EA\EE" max-limit=4M/4M name=queue21 target=\

192.168.100.121/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue22 target=192.168.100.122/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\ED\F2\EE\ED\EE\E2" max-limit=4M/4M name=queue23 target=\

192.168.100.123/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D6\E0\F0\E5\E2" max-limit=4M/4M name=queue24 target=192.168.100.124/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\E0\EB\E8\ED\E5\ED" max-limit=4M/4M name=queue25 target=\

192.168.100.125/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D0\F3\EF\EF\E5\EB\FC" max-limit=4M/4M name=queue26 target=\

192.168.100.126/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue27 target=\

192.168.100.127/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" max-limit=4M/4M name=\

queue28 target=192.168.100.128/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue29 target=192.168.100.129/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CB\EE\E6\E0\F2\ED\E5\EA\EE\E2\E0" max-limit=4M/4M name=queue30 target=\

192.168.100.130/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue31 target=192.168.100.131/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\EB\E5\EA\F1\E5\E5\E2" max-limit=4M/4M name=queue32 target=\

192.168.100.132/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue17 target=\

192.168.100.117/32

/queue type

set 1 pfifo-limit=500

set 2 kind=pfifo pfifo-limit=500

set 9 pfifo-limit=100

/queue tree

add disabled=yes max-limit=50M name=Global-A parent=global queue=default

add disabled=yes name=Down-A parent=Global-A queue=default

add disabled=yes max-limit=10M name=Up-A parent=Global-A queue=default

add disabled=yes max-limit=20M name=Grypa-A packet-mark=GrypaA-down parent=\

Down-A priority=5

add burst-time=1m disabled=yes max-limit=5M name=Grypa-A-up packet-mark=\

GrypaA-up parent=Up-A priority=6

add disabled=yes max-limit=20M name=Grypa-B packet-mark=GrypaB-down parent=\

Down-A priority=5

add burst-time=1m disabled=yes max-limit=5M name=Grypa-B-up packet-mark=\

GrypaB-up parent=Up-A priority=6

/interface bridge port

add bridge=bridge4 interface=wlan1

add bridge=bridge4 interface=wlan2

add bridge=bridge4 interface=ether2

add bridge=bridge3 interface=ether1

add bridge=bridge3 interface=eoip-tunnel3

/interface wireless access-list

add disabled=yes

add comment="\C2\EE\EB\E3\F3\F8\EA\E8\ED" interface=wlan1 mac-address=\

00:27:22:7C:01:C5

add comment="\C0\EB\E5\EA\F1\E5\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:E8:48

add comment="\CE\F0\F1\E8\F7" interface=wlan1 mac-address=00:27:22:C0:D0:76

add comment="\CA\F3\ED\E3\F3\F0\F6\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:E8:52

add comment="\CA\E0\EB\E8\ED\E8\ED" interface=wlan1 mac-address=\

D4:CA:6D:9E:59:33

add comment="\CA\E0\F0\EF\FE\EA" interface=wlan1 mac-address=00:15:6D:A8:2A:2A

add comment="\C1\E5\E4\E0\F0\E5\E2\E0" interface=wlan1 mac-address=\

DC:9F:DB:08:68:AB

add comment="\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" interface=wlan1 \

mac-address=DC:9F:DB:3E:1C:F4

add comment="\C4\F3\EF\EB\E8\F8\E5\E2 0" interface=wlan1 mac-address=\

F8:D1:11:89:F6:D3

add comment="\D7\E5\F0\E4\E0\ED\F7\E5\E2" interface=wlan1 mac-address=\

DC:9F:DB:3E:6D:47

add comment="SONY \CC\EE\E9" interface=wlan1 mac-address=90:C1:15:ED:80:C0

add comment="\CB\EE\E6\E0\F2\ED\E8\EA\EE\E2\E0" interface=wlan1 mac-address=\

00:15:6D:65:82:C8

add comment="\D6\E0\F0\E5\E2" interface=wlan1 mac-address=DC:9F:DB:3C:93:45

add comment="\C0\F0\F2\E5\EC\E5\ED\EA\EE" interface=wlan1 mac-address=\

00:15:6D:AF:91:12

add comment="\CF\EE\E7\E4\E5\E5\E2" interface=wlan1 mac-address=\

DC:9F:DB:08:69:7C

add comment="\D0\F3\EF\EF\E5\EB\FC" interface=wlan1 mac-address=\

F8:D1:11:B5:B1:C5

add comment="\CB\F3\EF\EF\EE\E2" interface=wlan1 mac-address=00:27:22:7C:03:A2

add comment="\CC\E8\F5\EE\EB\E5\E2" interface=wlan1 mac-address=\

00:15:6D:AF:8D:DA

add comment="\C0\ED\F2\EE\ED\EE\E2" disabled=yes interface=wlan1 mac-address=\

00:15:6D:AF:90:9E

add comment="\D1\E0\EC\EE\EB\E5\ED\EA\EE" interface=wlan1 mac-address=\

00:15:6D:40:3A:92

add comment="\D8\E0\EB\F3\E4\E8\ED" disabled=yes interface=wlan1 mac-address=\

90:F6:52:A6:FF:3F

add comment=Elena-PK interface=wlan1 mac-address=D0:DF:9A:D2:96:58

add comment="\D7\F3\E4\EE\EA\EE\E2" interface=wlan1 mac-address=\

F8:D1:11:91:2F:DD

add comment=11111 interface=wlan1 mac-address=00:0C:42:43:EA:66

add comment="\CD\EE\E2\E8\EA\EE\E2" interface=wlan1 mac-address=\

00:16:44:7C:57:BF

add comment="\C4\F3\EF\EB\E8\F8\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:FF:36

add comment="\CB\E5\ED\E0 \D2\E5\EB\E5\F4\EE\ED" interface=wlan1 mac-address=\

00:08:22:40:28:07

add comment="\CC\FB\EB\EE\E2" interface=wlan1 mac-address=00:27:22:E4:FE:3F

/ip address

add address=192.168.100.1/24 interface=bridge4 network=192.168.100.0

add address=1.1.1.2/24 interface=wlan2 network=1.1.1.0

add address=3.3.3.2/24 disabled=yes network=3.3.3.0

add address=2.2.2.2/24 disabled=yes network=2.2.2.0

/ip dhcp-client

add default-route-distance=0 dhcp-options=clientid,clientid,hostname,clientid

add default-route-distance=0 dhcp-options=hostname,clientid interface=bridge1

add default-route-distance=2 dhcp-options=hostname,clientid interface=bridge3

add dhcp-options=hostname,clientid disabled=no interface=eoip-tunnel2

add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \

interface=eoip-tunnel1

/ip dhcp-server lease

add address=192.168.100.132 client-id=1:8:9e:1:9d:62:7e mac-address=\

08:9E:01:9D:62:7E server=dhcp1

add address=192.168.100.124 always-broadcast=yes client-id=1:bc:5f:f4:61:45:dd \

mac-address=BC:5F:F4:61:45:DD server=dhcp1

add address=192.168.100.111 always-broadcast=yes client-id=1:f8:d1:11:91:2f:dd \

mac-address=F8:D1:11:91:2F:DD server=dhcp1

add address=192.168.100.125 client-id=1:54:4:a6:6d:bb:e5 mac-address=\

54:04:A6:6D:BB:E5 server=dhcp1

add address=192.168.100.114 always-broadcast=yes client-id=1:b8:a3:86:14:a6:b9 \

mac-address=B8:A3:86:14:A6:B9 server=dhcp1

add address=192.168.100.126 client-id=1:f8:d1:11:b5:b1:c5 mac-address=\

F8:D1:11:B5:B1:C5 server=dhcp1

add address=192.168.100.112 always-broadcast=yes client-id=1:90:f6:52:65:a9:ab \

mac-address=90:F6:52:65:A9:AB server=dhcp1

add address=192.168.100.130 client-id=1:0:1d:72:d6:4:b2 mac-address=\

00:1D:72:D6:04:B2 server=dhcp1

add address=192.168.100.101 always-broadcast=yes client-id=1:0:1b:b9:b2:41:41 \

mac-address=00:1B:B9:B2:41:41 server=dhcp1

add address=192.168.100.109 always-broadcast=yes client-id=1:6c:f0:49:78:b1:f6 \

mac-address=6C:F0:49:78:B1:F6 server=dhcp1

add address=192.168.100.128 client-id=1:dc:9f:db:3e:1c:f4 mac-address=\

DC:9F:DB:3E:1C:F4 server=dhcp1

add address=192.168.100.127 always-broadcast=yes client-id=1:0:22:15:c6:0:30 \

mac-address=00:22:15:C6:00:30 server=dhcp1

add address=192.168.100.110 mac-address=00:08:22:40:28:07 server=dhcp1

add address=192.168.100.116 mac-address=90:C1:15:ED:80:C0 server=dhcp1

add address=192.168.100.103 client-id=1:94:de:80:d0:be:74 mac-address=\

94:DE:80:D0:BE:74 server=dhcp1

add address=192.168.100.106 always-broadcast=yes client-id=1:0:22:15:c6:c:5 \

mac-address=00:22:15:C6:0C:05 server=dhcp1

add address=192.168.100.121 always-broadcast=yes client-id=1:0:15:6d:40:3a:92 \

mac-address=00:15:6D:40:3A:92 server=dhcp1

add address=192.168.100.107 client-id=1:0:19:66:e1:3c:87 mac-address=\

00:19:66:E1:3C:87 server=dhcp1

add address=192.168.100.104 client-id=1:90:2b:34:99:4:1b mac-address=\

90:2B:34:99:04:1B server=dhcp1

add address=192.168.100.113 client-id=1:50:46:5d:4d:3f:d3 mac-address=\

50:46:5D:4D:3F:D3 server=dhcp1

add address=192.168.100.108 client-id=1:0:27:22:e4:fe:3f mac-address=\

00:27:22:E4:FE:3F server=dhcp1

add address=192.168.100.100 client-id=1:d4:ca:6d:df:b4:1e mac-address=\

D4:CA:6D:DF:B4:1E server=dhcp1

/ip dhcp-server network

add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1

/ip dns

set allow-remote-requests=yes

/ip firewall address-list

add address=192.168.100.100-192.168.100.115 list=GrypaA

add address=192.168.100.116-192.168.100.132 list=GrypaB

/ip firewall mangle

add action=mark-connection chain=forward in-interface=eoip-tunnel1 \

new-connection-mark=GrypaA-conn

add action=mark-connection chain=forward in-interface=eoip-tunnel2 \

new-connection-mark=GrypaB-conn

add action=mark-routing chain=prerouting connection-mark=GrypaA-conn \

new-routing-mark=GrypaA-rt src-address=192.168.100.100-192.168.100.115

add action=mark-routing chain=prerouting connection-mark=GrypaB-conn \

new-routing-mark=GrypaB-rt src-address=192.168.100.116-192.168.100.132

add action=mark-routing chain=prerouting new-routing-mark=GrypaA-rt \

src-address=192.168.100.100-192.168.100.115

add action=mark-routing chain=prerouting new-routing-mark=GrypaB-rt \

src-address=192.168.100.116-192.168.100.132

/ip firewall nat

add action=masquerade chain=srcnat out-interface=eoip-tunnel1 src-address=\

192.168.100.100-192.168.100.115

add action=masquerade chain=srcnat out-interface=eoip-tunnel2 src-address=\

192.168.100.116-192.168.100.132

add action=dst-nat chain=dstnat dst-address=192.168.3.101 dst-port=1011 \

protocol=tcp to-addresses=192.168.100.100 to-ports=1011

/ip route

add distance=1 gateway=192.168.3.1 routing-mark=GrypaA-rt

add distance=1 gateway=192.168.140.1 routing-mark=GrypaB-rt

 

 

конфигурация Mikrotik 750

/interface bridge

add comment=Bridge l2mtu=1598 name=Bridge1

add l2mtu=1698 mtu=1594 name=Bridge2

add l2mtu=1598 name=Bridge3

/interface ethernet

set [ find default-name=ether4 ] comment=Ether name=Ether1

set [ find default-name=ether5 ] name=Ether2

set [ find default-name=ether1 ] comment=Wan1 l2mtu=1798 mtu=1700 name=Wan1

set [ find default-name=ether2 ] l2mtu=1698 mac-address=D4:CA:6D:4B:36:C2 \

mtu=1600 name=Wan2

set [ find default-name=ether3 ] name=Wan3

/interface eoip

add local-address=1.1.1.1 mac-address=02:F7:DE:46:B1:1A mtu=1700 name=\

eoip-tunnel1 remote-address=1.1.1.2 tunnel-id=10

add local-address=1.1.1.1 mac-address=02:AC:88:AD:0F:01 mtu=1600 name=\

eoip-tunnel2 remote-address=1.1.1.2 tunnel-id=20

add local-address=1.1.1.1 mac-address=02:C9:5D:0A:C5:D7 name=eoip-tunnel3 \

remote-address=1.1.1.2 tunnel-id=30

/ip neighbor discovery

set Ether1 comment=Ether

set Wan1 comment=Wan1

set Bridge1 comment=Bridge

/ip hotspot user profile

set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \

mac-cookie-timeout=3d

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=3des

/ip pool

add name=dhcp_pool3 ranges=192.168.3.100-192.168.3.104

/ip dhcp-server

add address-pool=dhcp_pool3 disabled=no interface=Bridge1 name=dhcp1

/queue type

set 1 pfifo-limit=500

set 9 pfifo-limit=100

/system logging action

set 0 memory-lines=1

set 1 disk-lines-per-file=100

/interface bridge port

add bridge=Bridge1 disabled=yes interface=Ether1

add bridge=Bridge1 interface=Ether2

add bridge=Bridge2 interface=Wan2

add bridge=Bridge1 interface=eoip-tunnel1

add bridge=Bridge2 interface=eoip-tunnel2

add bridge=Bridge3 interface=Wan3

add bridge=Bridge3 interface=eoip-tunnel3

add bridge=Bridge3 interface=vlan3

add bridge=Bridge2 interface=vlan2

/ip address

add address=192.168.3.1/24 interface=Bridge1 network=192.168.3.0

add address=1.1.1.1/24 interface=Ether1 network=1.1.1.0

add address=3.3.3.1/24 interface=vlan3 network=3.3.3.0

add address=2.2.2.1/30 interface=vlan2 network=2.2.2.0

/ip dhcp-client

add dhcp-options=hostname,clientid disabled=no interface=Wan1

add default-route-distance=2 dhcp-options=hostname,clientid interface=Wan2

add default-route-distance=3 dhcp-options=hostname,clientid interface=Wan3

/ip dhcp-server lease

add address=192.168.3.101 client-id=1:2:4d:5d:95:7c:46 mac-address=\

02:4D:5D:95:7C:46 server=dhcp1

/ip dhcp-server network

add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1

/ip dns

set allow-remote-requests=yes

/ip firewall address-list

add address=192.168.3.100-192.168.3.102 list=Grypa3

add address=192.168.3.105 list=Grypa2

add address=192.168.3.103-192.168.3.106 list=Grypa1

/ip firewall mangle

add action=mark-connection chain=forward in-interface=Wan1 \

new-connection-mark=Grypa1-con

add action=mark-routing chain=prerouting connection-mark=Grypa1-con \

new-routing-mark=Grypa1-rt src-address=192.168.3.100/31

add action=mark-routing chain=prerouting new-routing-mark=Grypa1-rt \

src-address=192.168.3.100/31

add chain=prerouting

/ip firewall nat

add action=masquerade chain=srcnat out-interface=Wan1 src-address=\

192.168.3.0/24

add action=masquerade chain=srcnat disabled=yes out-interface=Wan2 \

src-address=192.168.3.0/24

add action=masquerade chain=srcnat disabled=yes out-interface=Wan3 \

src-address=192.168.3.0/24

add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=82 \

protocol=tcp to-addresses=192.168.3.100 to-ports=82

add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=83 \

protocol=tcp to-addresses=192.168.3.101 to-ports=83

add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.140.11 \

dst-port=1012 protocol=tcp to-addresses=192.168.3.100 to-ports=1012

add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=1011 \

protocol=tcp to-addresses=192.168.3.101 to-ports=1011

add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=1012 \

protocol=tcp to-addresses=192.168.3.101 to-ports=1012

/ip route

add distance=1 gateway=44.444.44.1 routing-mark=Grypa1-rt

Edited by Kolik-an

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this