Jump to content
Калькуляторы

Для пытливых умов (помогите довести дело до конца) Mikrotik

Задача токая

есть 3 канала от одного провайдера

расстояние 10 километров

и нас 23 человека

сейчас выглядит вот так надеюсь схему поймете

 

 

Каму интересны такие головоломки прошу помочь

мне дали советы

1. Завести все каналы напрямую в микротик

2. КАЖДЫЙ канал прокинуть до 433 по L2 - это позволит значительно разгрузить и без того слабенький 750й

3. На 433 поднять внутренюю сеть с одним ДХЦП

4. Прописать в ДХЦП статику для ваших клиентов

5. Распределить по каналам ваших клиентов средствами Микротик

немогу разобраться в них

post-106930-099003200 1411517068_thumb.jpg

Edited by Kolik-an

Share this post


Link to post
Share on other sites

Я бы сделал следующим образом, причем на 750.

 

 

#пул DHCP вместо 192.168.0.0/16 прописать свой

/ip firewall address-list add list=loacal address=192.168.0.0/16

 

#правила балансировки по адресу отправления

/ip firewall mangle

add action=add-src-to-address-list address-list=wan1 chain="mark new unseen" nth=3,1

add action=add-src-to-address-list address-list=wan2 chain="mark new unseen" nth=3,2

add action=add-src-to-address-list address-list=wan3 chain="mark new unseen" nth=3,3

add action=add-src-to-address-list address-list=all chain="mark new unseen"

add action=mark-routing chain=prerouting new-routing-mark=WAN1 passthrough=no src-address-list=wan1

add action=mark-routing chain=prerouting new-routing-mark=WAN2 passthrough=no src-address-list=wan2

add action=mark-routing chain=prerouting new-routing-mark=WAN3 passthrough=no src-address-list=wan3

add action=jump chain="mark new unseen-check" jump-target="mark new unseen" src-address-list=!all

add action=jump chain=prerouting comment=NEW-Connection-and-IP connection-state=new jump-target="mark new unseen-check" src-address-list=local

 

#nat

/ip firewall nat add action=masquerade chain=srcnat src-address-list=loacal

 

#Предположим у нас 3 выхода в интернет

#1.1.1.1=WAN1

#2.2.2.2=WAN2

#3.3.3.3=WAN3

 

#Рекурсивная маршрутизация для проверки работы канала

/ip route

add distance=1 dst-address=8.8.4.4/32 gateway=1.1.1.1 scope=10 target-scope=20

add distance=1 dst-address=8.8.8.8/32 gateway=2.2.2.2 scope=10 target-scope=20

add distance=1 dst-address=77.88.8.8/32 gateway=3.3.3.3 scope=10 target-scope=20

 

add check-gateway=ping distance=1 dst-address=127.1.1.0/32 gateway=8.8.8.8 scope=10 target-scope=20

add check-gateway=ping distance=1 dst-address=127.1.1.1/32 gateway=8.8.4.4 scope=10 target-scope=20

add check-gateway=ping distance=1 dst-address=127.1.1.2/32 gateway=77.88.8.8 scope=10 target-scope=20

 

add distance=10 gateway=127.1.1.0 routing-mark=WAN1 scope=50

add distance=20 gateway=127.1.1.1 routing-mark=WAN1 scope=50

add distance=30 gateway=127.1.1.2 routing-mark=WAN1 scope=50

 

add distance=30 gateway=127.1.1.0 routing-mark=WAN2 scope=50

add distance=10 gateway=127.1.1.1 routing-mark=WAN2 scope=50

add distance=20 gateway=127.1.1.2 routing-mark=WAN2 scope=50

 

add distance=20 gateway=127.1.1.0 routing-mark=WAN3 scope=50

add distance=30 gateway=127.1.1.1 routing-mark=WAN3 scope=50

add distance=10 gateway=127.1.1.2 routing-mark=WAN3 scope=50

Edited by Artur-t

Share this post


Link to post
Share on other sites

используя eoip-tunnel вывел все на 433

 

ниже привел конфигурацию 2-х Mikrotik

 

что думаете по настройке!!!

 

конфигурация Mikrotik 433

/interface bridge

add disabled=yes mtu=1596 name=bridge1

add l2mtu=1526 name=bridge3

add l2mtu=1524 name=bridge4

/interface wireless

set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \

band=2ghz-onlyg basic-rates-b="" default-authentication=no dfs-mode=\

no-radar-detect disabled=no frequency=auto guard-interval=long \

ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-\

9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" hw-protection-mode=rts-cts \

hw-retries=4 l2mtu=1600 mode=ap-bridge mtu=1900 rate-set=configured \

rx-chains=0,1 scan-list=2300-2735 ssid="Home network" supported-rates-b="" \

tx-chains=0,1 tx-power=18 tx-power-mode=all-rates-fixed wds-default-bridge=\

bridge4 wds-mode=dynamic wireless-protocol=802.11

set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \

antenna-gain=20 band=5ghz-a/n basic-rates-b="" channel-width=20/40mhz-Ce \

disabled=no frequency=auto frequency-mode=superchannel guard-interval=long \

hw-protection-mode=rts-cts hw-retries=15 l2mtu=1600 mode=station-wds mtu=\

1800 nv2-preshared-key=123456789 nv2-security=enabled rx-chains=0,1 \

scan-list=5200-6100 ssid=Kol-Mik supported-rates-b="" tx-chains=0,1 \

tx-power=20 tx-power-mode=all-rates-fixed wds-default-bridge=bridge4 \

wds-mode=static wireless-protocol=nv2 wmm-support=enabled

/interface wireless nstreme

set wlan1 disable-csma=yes enable-nstreme=yes framer-policy=dynamic-size

set wlan2 enable-nstreme=yes

/interface eoip

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:46 mtu=\

1700 name=eoip-tunnel1 remote-address=1.1.1.1 tunnel-id=10

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:47 mtu=\

1600 name=eoip-tunnel2 remote-address=1.1.1.1 tunnel-id=20

add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:DF:9A:2E:D0:45 mtu=\

1500 name=eoip-tunnel3 remote-address=1.1.1.1 tunnel-id=30

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \

group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \

wpa-pre-shared-key=666qwerty666

/ip pool

add name=dhcp_pool1 ranges=192.168.100.100-192.168.100.132

/ip dhcp-server

add address-pool=dhcp_pool1 disabled=no interface=bridge4 lease-time=1d name=\

dhcp1

/queue simple

add disabled=yes max-limit=8M/8M name=queue33 target=192.168.100.0/24

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue0 target=192.168.100.100/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\E0\F0\EF\FE\EA" max-limit=4M/4M name=queue1 target=192.168.100.101/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CB\F3\EF\EF\EE\E2" max-limit=4M/4M name=queue2 target=192.168.100.102/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CE\F0\F1\E8\F7" max-limit=4M/4M name=queue3 target=192.168.100.103/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue4 target=\

192.168.100.104/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue5 target=\

192.168.100.105/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue6 target=\

192.168.100.106/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\FB\EB\EE\E2" max-limit=4M/4M name=queue7 target=192.168.100.107/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue8 target=192.168.100.108/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C2\EE\EB\E3\F3\F8\EA\E8\ED" max-limit=4M/4M name=queue9 target=\

192.168.100.109/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue10 target=192.168.100.110/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D7\F3\E4\E0\EA\EE\E2" max-limit=4M/4M name=queue11 target=\

192.168.100.111/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D7\E5\F0\E4\E0\ED\F6\E5\E2" max-limit=4M/4M name=queue12 target=\

192.168.100.112/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CF\EE\E7\E4\E5\E5\E2\FB" max-limit=4M/4M name=queue13 target=\

192.168.100.113/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C1\E5\E4\EE\F0\E5\E2\FB" max-limit=4M/4M name=queue14 target=\

192.168.100.114/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue15 target=192.168.100.115/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue16 target=192.168.100.116/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue18 target=192.168.100.118/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\F0\F2\E5\EC\E5\ED\EA\EE" max-limit=4M/4M name=queue19 target=\

192.168.100.119/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue20 target=\

192.168.100.120/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D1\E0\EC\EE\EB\E5\ED\EA\EE" max-limit=4M/4M name=queue21 target=\

192.168.100.121/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue22 target=192.168.100.122/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\ED\F2\EE\ED\EE\E2" max-limit=4M/4M name=queue23 target=\

192.168.100.123/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D6\E0\F0\E5\E2" max-limit=4M/4M name=queue24 target=192.168.100.124/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\E0\EB\E8\ED\E5\ED" max-limit=4M/4M name=queue25 target=\

192.168.100.125/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\D0\F3\EF\EF\E5\EB\FC" max-limit=4M/4M name=queue26 target=\

192.168.100.126/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue27 target=\

192.168.100.127/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" max-limit=4M/4M name=\

queue28 target=192.168.100.128/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue29 target=192.168.100.129/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CB\EE\E6\E0\F2\ED\E5\EA\EE\E2\E0" max-limit=4M/4M name=queue30 target=\

192.168.100.130/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \

name=queue31 target=192.168.100.131/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\C0\EB\E5\EA\F1\E5\E5\E2" max-limit=4M/4M name=queue32 target=\

192.168.100.132/32

add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\

"\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue17 target=\

192.168.100.117/32

/queue type

set 1 pfifo-limit=500

set 2 kind=pfifo pfifo-limit=500

set 9 pfifo-limit=100

/queue tree

add disabled=yes max-limit=50M name=Global-A parent=global queue=default

add disabled=yes name=Down-A parent=Global-A queue=default

add disabled=yes max-limit=10M name=Up-A parent=Global-A queue=default

add disabled=yes max-limit=20M name=Grypa-A packet-mark=GrypaA-down parent=\

Down-A priority=5

add burst-time=1m disabled=yes max-limit=5M name=Grypa-A-up packet-mark=\

GrypaA-up parent=Up-A priority=6

add disabled=yes max-limit=20M name=Grypa-B packet-mark=GrypaB-down parent=\

Down-A priority=5

add burst-time=1m disabled=yes max-limit=5M name=Grypa-B-up packet-mark=\

GrypaB-up parent=Up-A priority=6

/interface bridge port

add bridge=bridge4 interface=wlan1

add bridge=bridge4 interface=wlan2

add bridge=bridge4 interface=ether2

add bridge=bridge3 interface=ether1

add bridge=bridge3 interface=eoip-tunnel3

/interface wireless access-list

add disabled=yes

add comment="\C2\EE\EB\E3\F3\F8\EA\E8\ED" interface=wlan1 mac-address=\

00:27:22:7C:01:C5

add comment="\C0\EB\E5\EA\F1\E5\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:E8:48

add comment="\CE\F0\F1\E8\F7" interface=wlan1 mac-address=00:27:22:C0:D0:76

add comment="\CA\F3\ED\E3\F3\F0\F6\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:E8:52

add comment="\CA\E0\EB\E8\ED\E8\ED" interface=wlan1 mac-address=\

D4:CA:6D:9E:59:33

add comment="\CA\E0\F0\EF\FE\EA" interface=wlan1 mac-address=00:15:6D:A8:2A:2A

add comment="\C1\E5\E4\E0\F0\E5\E2\E0" interface=wlan1 mac-address=\

DC:9F:DB:08:68:AB

add comment="\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" interface=wlan1 \

mac-address=DC:9F:DB:3E:1C:F4

add comment="\C4\F3\EF\EB\E8\F8\E5\E2 0" interface=wlan1 mac-address=\

F8:D1:11:89:F6:D3

add comment="\D7\E5\F0\E4\E0\ED\F7\E5\E2" interface=wlan1 mac-address=\

DC:9F:DB:3E:6D:47

add comment="SONY \CC\EE\E9" interface=wlan1 mac-address=90:C1:15:ED:80:C0

add comment="\CB\EE\E6\E0\F2\ED\E8\EA\EE\E2\E0" interface=wlan1 mac-address=\

00:15:6D:65:82:C8

add comment="\D6\E0\F0\E5\E2" interface=wlan1 mac-address=DC:9F:DB:3C:93:45

add comment="\C0\F0\F2\E5\EC\E5\ED\EA\EE" interface=wlan1 mac-address=\

00:15:6D:AF:91:12

add comment="\CF\EE\E7\E4\E5\E5\E2" interface=wlan1 mac-address=\

DC:9F:DB:08:69:7C

add comment="\D0\F3\EF\EF\E5\EB\FC" interface=wlan1 mac-address=\

F8:D1:11:B5:B1:C5

add comment="\CB\F3\EF\EF\EE\E2" interface=wlan1 mac-address=00:27:22:7C:03:A2

add comment="\CC\E8\F5\EE\EB\E5\E2" interface=wlan1 mac-address=\

00:15:6D:AF:8D:DA

add comment="\C0\ED\F2\EE\ED\EE\E2" disabled=yes interface=wlan1 mac-address=\

00:15:6D:AF:90:9E

add comment="\D1\E0\EC\EE\EB\E5\ED\EA\EE" interface=wlan1 mac-address=\

00:15:6D:40:3A:92

add comment="\D8\E0\EB\F3\E4\E8\ED" disabled=yes interface=wlan1 mac-address=\

90:F6:52:A6:FF:3F

add comment=Elena-PK interface=wlan1 mac-address=D0:DF:9A:D2:96:58

add comment="\D7\F3\E4\EE\EA\EE\E2" interface=wlan1 mac-address=\

F8:D1:11:91:2F:DD

add comment=11111 interface=wlan1 mac-address=00:0C:42:43:EA:66

add comment="\CD\EE\E2\E8\EA\EE\E2" interface=wlan1 mac-address=\

00:16:44:7C:57:BF

add comment="\C4\F3\EF\EB\E8\F8\E5\E2" interface=wlan1 mac-address=\

00:15:6D:A6:FF:36

add comment="\CB\E5\ED\E0 \D2\E5\EB\E5\F4\EE\ED" interface=wlan1 mac-address=\

00:08:22:40:28:07

add comment="\CC\FB\EB\EE\E2" interface=wlan1 mac-address=00:27:22:E4:FE:3F

/ip address

add address=192.168.100.1/24 interface=bridge4 network=192.168.100.0

add address=1.1.1.2/24 interface=wlan2 network=1.1.1.0

add address=3.3.3.2/24 disabled=yes network=3.3.3.0

add address=2.2.2.2/24 disabled=yes network=2.2.2.0

/ip dhcp-client

add default-route-distance=0 dhcp-options=clientid,clientid,hostname,clientid

add default-route-distance=0 dhcp-options=hostname,clientid interface=bridge1

add default-route-distance=2 dhcp-options=hostname,clientid interface=bridge3

add dhcp-options=hostname,clientid disabled=no interface=eoip-tunnel2

add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \

interface=eoip-tunnel1

/ip dhcp-server lease

add address=192.168.100.132 client-id=1:8:9e:1:9d:62:7e mac-address=\

08:9E:01:9D:62:7E server=dhcp1

add address=192.168.100.124 always-broadcast=yes client-id=1:bc:5f:f4:61:45:dd \

mac-address=BC:5F:F4:61:45:DD server=dhcp1

add address=192.168.100.111 always-broadcast=yes client-id=1:f8:d1:11:91:2f:dd \

mac-address=F8:D1:11:91:2F:DD server=dhcp1

add address=192.168.100.125 client-id=1:54:4:a6:6d:bb:e5 mac-address=\

54:04:A6:6D:BB:E5 server=dhcp1

add address=192.168.100.114 always-broadcast=yes client-id=1:b8:a3:86:14:a6:b9 \

mac-address=B8:A3:86:14:A6:B9 server=dhcp1

add address=192.168.100.126 client-id=1:f8:d1:11:b5:b1:c5 mac-address=\

F8:D1:11:B5:B1:C5 server=dhcp1

add address=192.168.100.112 always-broadcast=yes client-id=1:90:f6:52:65:a9:ab \

mac-address=90:F6:52:65:A9:AB server=dhcp1

add address=192.168.100.130 client-id=1:0:1d:72:d6:4:b2 mac-address=\

00:1D:72:D6:04:B2 server=dhcp1

add address=192.168.100.101 always-broadcast=yes client-id=1:0:1b:b9:b2:41:41 \

mac-address=00:1B:B9:B2:41:41 server=dhcp1

add address=192.168.100.109 always-broadcast=yes client-id=1:6c:f0:49:78:b1:f6 \

mac-address=6C:F0:49:78:B1:F6 server=dhcp1

add address=192.168.100.128 client-id=1:dc:9f:db:3e:1c:f4 mac-address=\

DC:9F:DB:3E:1C:F4 server=dhcp1

add address=192.168.100.127 always-broadcast=yes client-id=1:0:22:15:c6:0:30 \

mac-address=00:22:15:C6:00:30 server=dhcp1

add address=192.168.100.110 mac-address=00:08:22:40:28:07 server=dhcp1

add address=192.168.100.116 mac-address=90:C1:15:ED:80:C0 server=dhcp1

add address=192.168.100.103 client-id=1:94:de:80:d0:be:74 mac-address=\

94:DE:80:D0:BE:74 server=dhcp1

add address=192.168.100.106 always-broadcast=yes client-id=1:0:22:15:c6:c:5 \

mac-address=00:22:15:C6:0C:05 server=dhcp1

add address=192.168.100.121 always-broadcast=yes client-id=1:0:15:6d:40:3a:92 \

mac-address=00:15:6D:40:3A:92 server=dhcp1

add address=192.168.100.107 client-id=1:0:19:66:e1:3c:87 mac-address=\

00:19:66:E1:3C:87 server=dhcp1

add address=192.168.100.104 client-id=1:90:2b:34:99:4:1b mac-address=\

90:2B:34:99:04:1B server=dhcp1

add address=192.168.100.113 client-id=1:50:46:5d:4d:3f:d3 mac-address=\

50:46:5D:4D:3F:D3 server=dhcp1

add address=192.168.100.108 client-id=1:0:27:22:e4:fe:3f mac-address=\

00:27:22:E4:FE:3F server=dhcp1

add address=192.168.100.100 client-id=1:d4:ca:6d:df:b4:1e mac-address=\

D4:CA:6D:DF:B4:1E server=dhcp1

/ip dhcp-server network

add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1

/ip dns

set allow-remote-requests=yes

/ip firewall address-list

add address=192.168.100.100-192.168.100.115 list=GrypaA

add address=192.168.100.116-192.168.100.132 list=GrypaB

/ip firewall mangle

add action=mark-connection chain=forward in-interface=eoip-tunnel1 \

new-connection-mark=GrypaA-conn

add action=mark-connection chain=forward in-interface=eoip-tunnel2 \

new-connection-mark=GrypaB-conn

add action=mark-routing chain=prerouting connection-mark=GrypaA-conn \

new-routing-mark=GrypaA-rt src-address=192.168.100.100-192.168.100.115

add action=mark-routing chain=prerouting connection-mark=GrypaB-conn \

new-routing-mark=GrypaB-rt src-address=192.168.100.116-192.168.100.132

add action=mark-routing chain=prerouting new-routing-mark=GrypaA-rt \

src-address=192.168.100.100-192.168.100.115

add action=mark-routing chain=prerouting new-routing-mark=GrypaB-rt \

src-address=192.168.100.116-192.168.100.132

/ip firewall nat

add action=masquerade chain=srcnat out-interface=eoip-tunnel1 src-address=\

192.168.100.100-192.168.100.115

add action=masquerade chain=srcnat out-interface=eoip-tunnel2 src-address=\

192.168.100.116-192.168.100.132

add action=dst-nat chain=dstnat dst-address=192.168.3.101 dst-port=1011 \

protocol=tcp to-addresses=192.168.100.100 to-ports=1011

/ip route

add distance=1 gateway=192.168.3.1 routing-mark=GrypaA-rt

add distance=1 gateway=192.168.140.1 routing-mark=GrypaB-rt

 

 

конфигурация Mikrotik 750

/interface bridge

add comment=Bridge l2mtu=1598 name=Bridge1

add l2mtu=1698 mtu=1594 name=Bridge2

add l2mtu=1598 name=Bridge3

/interface ethernet

set [ find default-name=ether4 ] comment=Ether name=Ether1

set [ find default-name=ether5 ] name=Ether2

set [ find default-name=ether1 ] comment=Wan1 l2mtu=1798 mtu=1700 name=Wan1

set [ find default-name=ether2 ] l2mtu=1698 mac-address=D4:CA:6D:4B:36:C2 \

mtu=1600 name=Wan2

set [ find default-name=ether3 ] name=Wan3

/interface eoip

add local-address=1.1.1.1 mac-address=02:F7:DE:46:B1:1A mtu=1700 name=\

eoip-tunnel1 remote-address=1.1.1.2 tunnel-id=10

add local-address=1.1.1.1 mac-address=02:AC:88:AD:0F:01 mtu=1600 name=\

eoip-tunnel2 remote-address=1.1.1.2 tunnel-id=20

add local-address=1.1.1.1 mac-address=02:C9:5D:0A:C5:D7 name=eoip-tunnel3 \

remote-address=1.1.1.2 tunnel-id=30

/ip neighbor discovery

set Ether1 comment=Ether

set Wan1 comment=Wan1

set Bridge1 comment=Bridge

/ip hotspot user profile

set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \

mac-cookie-timeout=3d

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=3des

/ip pool

add name=dhcp_pool3 ranges=192.168.3.100-192.168.3.104

/ip dhcp-server

add address-pool=dhcp_pool3 disabled=no interface=Bridge1 name=dhcp1

/queue type

set 1 pfifo-limit=500

set 9 pfifo-limit=100

/system logging action

set 0 memory-lines=1

set 1 disk-lines-per-file=100

/interface bridge port

add bridge=Bridge1 disabled=yes interface=Ether1

add bridge=Bridge1 interface=Ether2

add bridge=Bridge2 interface=Wan2

add bridge=Bridge1 interface=eoip-tunnel1

add bridge=Bridge2 interface=eoip-tunnel2

add bridge=Bridge3 interface=Wan3

add bridge=Bridge3 interface=eoip-tunnel3

add bridge=Bridge3 interface=vlan3

add bridge=Bridge2 interface=vlan2

/ip address

add address=192.168.3.1/24 interface=Bridge1 network=192.168.3.0

add address=1.1.1.1/24 interface=Ether1 network=1.1.1.0

add address=3.3.3.1/24 interface=vlan3 network=3.3.3.0

add address=2.2.2.1/30 interface=vlan2 network=2.2.2.0

/ip dhcp-client

add dhcp-options=hostname,clientid disabled=no interface=Wan1

add default-route-distance=2 dhcp-options=hostname,clientid interface=Wan2

add default-route-distance=3 dhcp-options=hostname,clientid interface=Wan3

/ip dhcp-server lease

add address=192.168.3.101 client-id=1:2:4d:5d:95:7c:46 mac-address=\

02:4D:5D:95:7C:46 server=dhcp1

/ip dhcp-server network

add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1

/ip dns

set allow-remote-requests=yes

/ip firewall address-list

add address=192.168.3.100-192.168.3.102 list=Grypa3

add address=192.168.3.105 list=Grypa2

add address=192.168.3.103-192.168.3.106 list=Grypa1

/ip firewall mangle

add action=mark-connection chain=forward in-interface=Wan1 \

new-connection-mark=Grypa1-con

add action=mark-routing chain=prerouting connection-mark=Grypa1-con \

new-routing-mark=Grypa1-rt src-address=192.168.3.100/31

add action=mark-routing chain=prerouting new-routing-mark=Grypa1-rt \

src-address=192.168.3.100/31

add chain=prerouting

/ip firewall nat

add action=masquerade chain=srcnat out-interface=Wan1 src-address=\

192.168.3.0/24

add action=masquerade chain=srcnat disabled=yes out-interface=Wan2 \

src-address=192.168.3.0/24

add action=masquerade chain=srcnat disabled=yes out-interface=Wan3 \

src-address=192.168.3.0/24

add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=82 \

protocol=tcp to-addresses=192.168.3.100 to-ports=82

add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=83 \

protocol=tcp to-addresses=192.168.3.101 to-ports=83

add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.140.11 \

dst-port=1012 protocol=tcp to-addresses=192.168.3.100 to-ports=1012

add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=1011 \

protocol=tcp to-addresses=192.168.3.101 to-ports=1011

add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=1012 \

protocol=tcp to-addresses=192.168.3.101 to-ports=1012

/ip route

add distance=1 gateway=44.444.44.1 routing-mark=Grypa1-rt

Edited by Kolik-an

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.