Kolik-an Posted September 24, 2014 (edited) · Report post Задача токая есть 3 канала от одного провайдера расстояние 10 километров и нас 23 человека сейчас выглядит вот так надеюсь схему поймете Каму интересны такие головоломки прошу помочь мне дали советы 1. Завести все каналы напрямую в микротик 2. КАЖДЫЙ канал прокинуть до 433 по L2 - это позволит значительно разгрузить и без того слабенький 750й 3. На 433 поднять внутренюю сеть с одним ДХЦП 4. Прописать в ДХЦП статику для ваших клиентов 5. Распределить по каналам ваших клиентов средствами Микротик немогу разобраться в них Edited September 24, 2014 by Kolik-an Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Artur-t Posted September 24, 2014 (edited) · Report post Я бы сделал следующим образом, причем на 750. #пул DHCP вместо 192.168.0.0/16 прописать свой /ip firewall address-list add list=loacal address=192.168.0.0/16 #правила балансировки по адресу отправления /ip firewall mangle add action=add-src-to-address-list address-list=wan1 chain="mark new unseen" nth=3,1 add action=add-src-to-address-list address-list=wan2 chain="mark new unseen" nth=3,2 add action=add-src-to-address-list address-list=wan3 chain="mark new unseen" nth=3,3 add action=add-src-to-address-list address-list=all chain="mark new unseen" add action=mark-routing chain=prerouting new-routing-mark=WAN1 passthrough=no src-address-list=wan1 add action=mark-routing chain=prerouting new-routing-mark=WAN2 passthrough=no src-address-list=wan2 add action=mark-routing chain=prerouting new-routing-mark=WAN3 passthrough=no src-address-list=wan3 add action=jump chain="mark new unseen-check" jump-target="mark new unseen" src-address-list=!all add action=jump chain=prerouting comment=NEW-Connection-and-IP connection-state=new jump-target="mark new unseen-check" src-address-list=local #nat /ip firewall nat add action=masquerade chain=srcnat src-address-list=loacal #Предположим у нас 3 выхода в интернет #1.1.1.1=WAN1 #2.2.2.2=WAN2 #3.3.3.3=WAN3 #Рекурсивная маршрутизация для проверки работы канала /ip route add distance=1 dst-address=8.8.4.4/32 gateway=1.1.1.1 scope=10 target-scope=20 add distance=1 dst-address=8.8.8.8/32 gateway=2.2.2.2 scope=10 target-scope=20 add distance=1 dst-address=77.88.8.8/32 gateway=3.3.3.3 scope=10 target-scope=20 add check-gateway=ping distance=1 dst-address=127.1.1.0/32 gateway=8.8.8.8 scope=10 target-scope=20 add check-gateway=ping distance=1 dst-address=127.1.1.1/32 gateway=8.8.4.4 scope=10 target-scope=20 add check-gateway=ping distance=1 dst-address=127.1.1.2/32 gateway=77.88.8.8 scope=10 target-scope=20 add distance=10 gateway=127.1.1.0 routing-mark=WAN1 scope=50 add distance=20 gateway=127.1.1.1 routing-mark=WAN1 scope=50 add distance=30 gateway=127.1.1.2 routing-mark=WAN1 scope=50 add distance=30 gateway=127.1.1.0 routing-mark=WAN2 scope=50 add distance=10 gateway=127.1.1.1 routing-mark=WAN2 scope=50 add distance=20 gateway=127.1.1.2 routing-mark=WAN2 scope=50 add distance=20 gateway=127.1.1.0 routing-mark=WAN3 scope=50 add distance=30 gateway=127.1.1.1 routing-mark=WAN3 scope=50 add distance=10 gateway=127.1.1.2 routing-mark=WAN3 scope=50 Edited September 24, 2014 by Artur-t Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Kolik-an Posted September 25, 2014 · Report post спасибо за участие!!! Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Kolik-an Posted September 25, 2014 (edited) · Report post используя eoip-tunnel вывел все на 433 ниже привел конфигурацию 2-х Mikrotik что думаете по настройке!!! конфигурация Mikrotik 433 /interface bridge add disabled=yes mtu=1596 name=bridge1 add l2mtu=1526 name=bridge3 add l2mtu=1524 name=bridge4 /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ band=2ghz-onlyg basic-rates-b="" default-authentication=no dfs-mode=\ no-radar-detect disabled=no frequency=auto guard-interval=long \ ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-\ 9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" hw-protection-mode=rts-cts \ hw-retries=4 l2mtu=1600 mode=ap-bridge mtu=1900 rate-set=configured \ rx-chains=0,1 scan-list=2300-2735 ssid="Home network" supported-rates-b="" \ tx-chains=0,1 tx-power=18 tx-power-mode=all-rates-fixed wds-default-bridge=\ bridge4 wds-mode=dynamic wireless-protocol=802.11 set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \ antenna-gain=20 band=5ghz-a/n basic-rates-b="" channel-width=20/40mhz-Ce \ disabled=no frequency=auto frequency-mode=superchannel guard-interval=long \ hw-protection-mode=rts-cts hw-retries=15 l2mtu=1600 mode=station-wds mtu=\ 1800 nv2-preshared-key=123456789 nv2-security=enabled rx-chains=0,1 \ scan-list=5200-6100 ssid=Kol-Mik supported-rates-b="" tx-chains=0,1 \ tx-power=20 tx-power-mode=all-rates-fixed wds-default-bridge=bridge4 \ wds-mode=static wireless-protocol=nv2 wmm-support=enabled /interface wireless nstreme set wlan1 disable-csma=yes enable-nstreme=yes framer-policy=dynamic-size set wlan2 enable-nstreme=yes /interface eoip add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:46 mtu=\ 1700 name=eoip-tunnel1 remote-address=1.1.1.1 tunnel-id=10 add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:4D:5D:95:7C:47 mtu=\ 1600 name=eoip-tunnel2 remote-address=1.1.1.1 tunnel-id=20 add clamp-tcp-mss=yes local-address=1.1.1.2 mac-address=02:DF:9A:2E:D0:45 mtu=\ 1500 name=eoip-tunnel3 remote-address=1.1.1.1 tunnel-id=30 /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \ group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \ wpa-pre-shared-key=666qwerty666 /ip pool add name=dhcp_pool1 ranges=192.168.100.100-192.168.100.132 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=bridge4 lease-time=1d name=\ dhcp1 /queue simple add disabled=yes max-limit=8M/8M name=queue33 target=192.168.100.0/24 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue0 target=192.168.100.100/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CA\E0\F0\EF\FE\EA" max-limit=4M/4M name=queue1 target=192.168.100.101/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CB\F3\EF\EF\EE\E2" max-limit=4M/4M name=queue2 target=192.168.100.102/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CE\F0\F1\E8\F7" max-limit=4M/4M name=queue3 target=192.168.100.103/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue4 target=\ 192.168.100.104/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue5 target=\ 192.168.100.105/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue6 target=\ 192.168.100.106/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CC\FB\EB\EE\E2" max-limit=4M/4M name=queue7 target=192.168.100.107/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue8 target=192.168.100.108/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C2\EE\EB\E3\F3\F8\EA\E8\ED" max-limit=4M/4M name=queue9 target=\ 192.168.100.109/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue10 target=192.168.100.110/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\D7\F3\E4\E0\EA\EE\E2" max-limit=4M/4M name=queue11 target=\ 192.168.100.111/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\D7\E5\F0\E4\E0\ED\F6\E5\E2" max-limit=4M/4M name=queue12 target=\ 192.168.100.112/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CF\EE\E7\E4\E5\E5\E2\FB" max-limit=4M/4M name=queue13 target=\ 192.168.100.113/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C1\E5\E4\EE\F0\E5\E2\FB" max-limit=4M/4M name=queue14 target=\ 192.168.100.114/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue15 target=192.168.100.115/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue16 target=192.168.100.116/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue18 target=192.168.100.118/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C0\F0\F2\E5\EC\E5\ED\EA\EE" max-limit=4M/4M name=queue19 target=\ 192.168.100.119/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CC\E8\F5\E0\EB\E5\E2\E0" max-limit=4M/4M name=queue20 target=\ 192.168.100.120/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\D1\E0\EC\EE\EB\E5\ED\EA\EE" max-limit=4M/4M name=queue21 target=\ 192.168.100.121/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue22 target=192.168.100.122/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C0\ED\F2\EE\ED\EE\E2" max-limit=4M/4M name=queue23 target=\ 192.168.100.123/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\D6\E0\F0\E5\E2" max-limit=4M/4M name=queue24 target=192.168.100.124/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CA\E0\EB\E8\ED\E5\ED" max-limit=4M/4M name=queue25 target=\ 192.168.100.125/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\D0\F3\EF\EF\E5\EB\FC" max-limit=4M/4M name=queue26 target=\ 192.168.100.126/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C4\F3\EF\EB\E8\F8\E5\E2" max-limit=4M/4M name=queue27 target=\ 192.168.100.127/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" max-limit=4M/4M name=\ queue28 target=192.168.100.128/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue29 target=192.168.100.129/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CB\EE\E6\E0\F2\ED\E5\EA\EE\E2\E0" max-limit=4M/4M name=queue30 target=\ 192.168.100.130/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s max-limit=4M/4M \ name=queue31 target=192.168.100.131/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\C0\EB\E5\EA\F1\E5\E5\E2" max-limit=4M/4M name=queue32 target=\ 192.168.100.132/32 add burst-limit=4M/4M burst-threshold=3M/3M burst-time=1s/1s comment=\ "\CA\F3\ED\E3\F3\F0\F6\E5\E2" max-limit=4M/4M name=queue17 target=\ 192.168.100.117/32 /queue type set 1 pfifo-limit=500 set 2 kind=pfifo pfifo-limit=500 set 9 pfifo-limit=100 /queue tree add disabled=yes max-limit=50M name=Global-A parent=global queue=default add disabled=yes name=Down-A parent=Global-A queue=default add disabled=yes max-limit=10M name=Up-A parent=Global-A queue=default add disabled=yes max-limit=20M name=Grypa-A packet-mark=GrypaA-down parent=\ Down-A priority=5 add burst-time=1m disabled=yes max-limit=5M name=Grypa-A-up packet-mark=\ GrypaA-up parent=Up-A priority=6 add disabled=yes max-limit=20M name=Grypa-B packet-mark=GrypaB-down parent=\ Down-A priority=5 add burst-time=1m disabled=yes max-limit=5M name=Grypa-B-up packet-mark=\ GrypaB-up parent=Up-A priority=6 /interface bridge port add bridge=bridge4 interface=wlan1 add bridge=bridge4 interface=wlan2 add bridge=bridge4 interface=ether2 add bridge=bridge3 interface=ether1 add bridge=bridge3 interface=eoip-tunnel3 /interface wireless access-list add disabled=yes add comment="\C2\EE\EB\E3\F3\F8\EA\E8\ED" interface=wlan1 mac-address=\ 00:27:22:7C:01:C5 add comment="\C0\EB\E5\EA\F1\E5\E5\E2" interface=wlan1 mac-address=\ 00:15:6D:A6:E8:48 add comment="\CE\F0\F1\E8\F7" interface=wlan1 mac-address=00:27:22:C0:D0:76 add comment="\CA\F3\ED\E3\F3\F0\F6\E5\E2" interface=wlan1 mac-address=\ 00:15:6D:A6:E8:52 add comment="\CA\E0\EB\E8\ED\E8\ED" interface=wlan1 mac-address=\ D4:CA:6D:9E:59:33 add comment="\CA\E0\F0\EF\FE\EA" interface=wlan1 mac-address=00:15:6D:A8:2A:2A add comment="\C1\E5\E4\E0\F0\E5\E2\E0" interface=wlan1 mac-address=\ DC:9F:DB:08:68:AB add comment="\C0\F1\F2\E0\F5\EE\E2 \CD\E8\EA\EE\EB\E0\E5\E2" interface=wlan1 \ mac-address=DC:9F:DB:3E:1C:F4 add comment="\C4\F3\EF\EB\E8\F8\E5\E2 0" interface=wlan1 mac-address=\ F8:D1:11:89:F6:D3 add comment="\D7\E5\F0\E4\E0\ED\F7\E5\E2" interface=wlan1 mac-address=\ DC:9F:DB:3E:6D:47 add comment="SONY \CC\EE\E9" interface=wlan1 mac-address=90:C1:15:ED:80:C0 add comment="\CB\EE\E6\E0\F2\ED\E8\EA\EE\E2\E0" interface=wlan1 mac-address=\ 00:15:6D:65:82:C8 add comment="\D6\E0\F0\E5\E2" interface=wlan1 mac-address=DC:9F:DB:3C:93:45 add comment="\C0\F0\F2\E5\EC\E5\ED\EA\EE" interface=wlan1 mac-address=\ 00:15:6D:AF:91:12 add comment="\CF\EE\E7\E4\E5\E5\E2" interface=wlan1 mac-address=\ DC:9F:DB:08:69:7C add comment="\D0\F3\EF\EF\E5\EB\FC" interface=wlan1 mac-address=\ F8:D1:11:B5:B1:C5 add comment="\CB\F3\EF\EF\EE\E2" interface=wlan1 mac-address=00:27:22:7C:03:A2 add comment="\CC\E8\F5\EE\EB\E5\E2" interface=wlan1 mac-address=\ 00:15:6D:AF:8D:DA add comment="\C0\ED\F2\EE\ED\EE\E2" disabled=yes interface=wlan1 mac-address=\ 00:15:6D:AF:90:9E add comment="\D1\E0\EC\EE\EB\E5\ED\EA\EE" interface=wlan1 mac-address=\ 00:15:6D:40:3A:92 add comment="\D8\E0\EB\F3\E4\E8\ED" disabled=yes interface=wlan1 mac-address=\ 90:F6:52:A6:FF:3F add comment=Elena-PK interface=wlan1 mac-address=D0:DF:9A:D2:96:58 add comment="\D7\F3\E4\EE\EA\EE\E2" interface=wlan1 mac-address=\ F8:D1:11:91:2F:DD add comment=11111 interface=wlan1 mac-address=00:0C:42:43:EA:66 add comment="\CD\EE\E2\E8\EA\EE\E2" interface=wlan1 mac-address=\ 00:16:44:7C:57:BF add comment="\C4\F3\EF\EB\E8\F8\E5\E2" interface=wlan1 mac-address=\ 00:15:6D:A6:FF:36 add comment="\CB\E5\ED\E0 \D2\E5\EB\E5\F4\EE\ED" interface=wlan1 mac-address=\ 00:08:22:40:28:07 add comment="\CC\FB\EB\EE\E2" interface=wlan1 mac-address=00:27:22:E4:FE:3F /ip address add address=192.168.100.1/24 interface=bridge4 network=192.168.100.0 add address=1.1.1.2/24 interface=wlan2 network=1.1.1.0 add address=3.3.3.2/24 disabled=yes network=3.3.3.0 add address=2.2.2.2/24 disabled=yes network=2.2.2.0 /ip dhcp-client add default-route-distance=0 dhcp-options=clientid,clientid,hostname,clientid add default-route-distance=0 dhcp-options=hostname,clientid interface=bridge1 add default-route-distance=2 dhcp-options=hostname,clientid interface=bridge3 add dhcp-options=hostname,clientid disabled=no interface=eoip-tunnel2 add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=eoip-tunnel1 /ip dhcp-server lease add address=192.168.100.132 client-id=1:8:9e:1:9d:62:7e mac-address=\ 08:9E:01:9D:62:7E server=dhcp1 add address=192.168.100.124 always-broadcast=yes client-id=1:bc:5f:f4:61:45:dd \ mac-address=BC:5F:F4:61:45:DD server=dhcp1 add address=192.168.100.111 always-broadcast=yes client-id=1:f8:d1:11:91:2f:dd \ mac-address=F8:D1:11:91:2F:DD server=dhcp1 add address=192.168.100.125 client-id=1:54:4:a6:6d:bb:e5 mac-address=\ 54:04:A6:6D:BB:E5 server=dhcp1 add address=192.168.100.114 always-broadcast=yes client-id=1:b8:a3:86:14:a6:b9 \ mac-address=B8:A3:86:14:A6:B9 server=dhcp1 add address=192.168.100.126 client-id=1:f8:d1:11:b5:b1:c5 mac-address=\ F8:D1:11:B5:B1:C5 server=dhcp1 add address=192.168.100.112 always-broadcast=yes client-id=1:90:f6:52:65:a9:ab \ mac-address=90:F6:52:65:A9:AB server=dhcp1 add address=192.168.100.130 client-id=1:0:1d:72:d6:4:b2 mac-address=\ 00:1D:72:D6:04:B2 server=dhcp1 add address=192.168.100.101 always-broadcast=yes client-id=1:0:1b:b9:b2:41:41 \ mac-address=00:1B:B9:B2:41:41 server=dhcp1 add address=192.168.100.109 always-broadcast=yes client-id=1:6c:f0:49:78:b1:f6 \ mac-address=6C:F0:49:78:B1:F6 server=dhcp1 add address=192.168.100.128 client-id=1:dc:9f:db:3e:1c:f4 mac-address=\ DC:9F:DB:3E:1C:F4 server=dhcp1 add address=192.168.100.127 always-broadcast=yes client-id=1:0:22:15:c6:0:30 \ mac-address=00:22:15:C6:00:30 server=dhcp1 add address=192.168.100.110 mac-address=00:08:22:40:28:07 server=dhcp1 add address=192.168.100.116 mac-address=90:C1:15:ED:80:C0 server=dhcp1 add address=192.168.100.103 client-id=1:94:de:80:d0:be:74 mac-address=\ 94:DE:80:D0:BE:74 server=dhcp1 add address=192.168.100.106 always-broadcast=yes client-id=1:0:22:15:c6:c:5 \ mac-address=00:22:15:C6:0C:05 server=dhcp1 add address=192.168.100.121 always-broadcast=yes client-id=1:0:15:6d:40:3a:92 \ mac-address=00:15:6D:40:3A:92 server=dhcp1 add address=192.168.100.107 client-id=1:0:19:66:e1:3c:87 mac-address=\ 00:19:66:E1:3C:87 server=dhcp1 add address=192.168.100.104 client-id=1:90:2b:34:99:4:1b mac-address=\ 90:2B:34:99:04:1B server=dhcp1 add address=192.168.100.113 client-id=1:50:46:5d:4d:3f:d3 mac-address=\ 50:46:5D:4D:3F:D3 server=dhcp1 add address=192.168.100.108 client-id=1:0:27:22:e4:fe:3f mac-address=\ 00:27:22:E4:FE:3F server=dhcp1 add address=192.168.100.100 client-id=1:d4:ca:6d:df:b4:1e mac-address=\ D4:CA:6D:DF:B4:1E server=dhcp1 /ip dhcp-server network add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1 /ip dns set allow-remote-requests=yes /ip firewall address-list add address=192.168.100.100-192.168.100.115 list=GrypaA add address=192.168.100.116-192.168.100.132 list=GrypaB /ip firewall mangle add action=mark-connection chain=forward in-interface=eoip-tunnel1 \ new-connection-mark=GrypaA-conn add action=mark-connection chain=forward in-interface=eoip-tunnel2 \ new-connection-mark=GrypaB-conn add action=mark-routing chain=prerouting connection-mark=GrypaA-conn \ new-routing-mark=GrypaA-rt src-address=192.168.100.100-192.168.100.115 add action=mark-routing chain=prerouting connection-mark=GrypaB-conn \ new-routing-mark=GrypaB-rt src-address=192.168.100.116-192.168.100.132 add action=mark-routing chain=prerouting new-routing-mark=GrypaA-rt \ src-address=192.168.100.100-192.168.100.115 add action=mark-routing chain=prerouting new-routing-mark=GrypaB-rt \ src-address=192.168.100.116-192.168.100.132 /ip firewall nat add action=masquerade chain=srcnat out-interface=eoip-tunnel1 src-address=\ 192.168.100.100-192.168.100.115 add action=masquerade chain=srcnat out-interface=eoip-tunnel2 src-address=\ 192.168.100.116-192.168.100.132 add action=dst-nat chain=dstnat dst-address=192.168.3.101 dst-port=1011 \ protocol=tcp to-addresses=192.168.100.100 to-ports=1011 /ip route add distance=1 gateway=192.168.3.1 routing-mark=GrypaA-rt add distance=1 gateway=192.168.140.1 routing-mark=GrypaB-rt конфигурация Mikrotik 750 /interface bridge add comment=Bridge l2mtu=1598 name=Bridge1 add l2mtu=1698 mtu=1594 name=Bridge2 add l2mtu=1598 name=Bridge3 /interface ethernet set [ find default-name=ether4 ] comment=Ether name=Ether1 set [ find default-name=ether5 ] name=Ether2 set [ find default-name=ether1 ] comment=Wan1 l2mtu=1798 mtu=1700 name=Wan1 set [ find default-name=ether2 ] l2mtu=1698 mac-address=D4:CA:6D:4B:36:C2 \ mtu=1600 name=Wan2 set [ find default-name=ether3 ] name=Wan3 /interface eoip add local-address=1.1.1.1 mac-address=02:F7:DE:46:B1:1A mtu=1700 name=\ eoip-tunnel1 remote-address=1.1.1.2 tunnel-id=10 add local-address=1.1.1.1 mac-address=02:AC:88:AD:0F:01 mtu=1600 name=\ eoip-tunnel2 remote-address=1.1.1.2 tunnel-id=20 add local-address=1.1.1.1 mac-address=02:C9:5D:0A:C5:D7 name=eoip-tunnel3 \ remote-address=1.1.1.2 tunnel-id=30 /ip neighbor discovery set Ether1 comment=Ether set Wan1 comment=Wan1 set Bridge1 comment=Bridge /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \ mac-cookie-timeout=3d /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des /ip pool add name=dhcp_pool3 ranges=192.168.3.100-192.168.3.104 /ip dhcp-server add address-pool=dhcp_pool3 disabled=no interface=Bridge1 name=dhcp1 /queue type set 1 pfifo-limit=500 set 9 pfifo-limit=100 /system logging action set 0 memory-lines=1 set 1 disk-lines-per-file=100 /interface bridge port add bridge=Bridge1 disabled=yes interface=Ether1 add bridge=Bridge1 interface=Ether2 add bridge=Bridge2 interface=Wan2 add bridge=Bridge1 interface=eoip-tunnel1 add bridge=Bridge2 interface=eoip-tunnel2 add bridge=Bridge3 interface=Wan3 add bridge=Bridge3 interface=eoip-tunnel3 add bridge=Bridge3 interface=vlan3 add bridge=Bridge2 interface=vlan2 /ip address add address=192.168.3.1/24 interface=Bridge1 network=192.168.3.0 add address=1.1.1.1/24 interface=Ether1 network=1.1.1.0 add address=3.3.3.1/24 interface=vlan3 network=3.3.3.0 add address=2.2.2.1/30 interface=vlan2 network=2.2.2.0 /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=Wan1 add default-route-distance=2 dhcp-options=hostname,clientid interface=Wan2 add default-route-distance=3 dhcp-options=hostname,clientid interface=Wan3 /ip dhcp-server lease add address=192.168.3.101 client-id=1:2:4d:5d:95:7c:46 mac-address=\ 02:4D:5D:95:7C:46 server=dhcp1 /ip dhcp-server network add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1 /ip dns set allow-remote-requests=yes /ip firewall address-list add address=192.168.3.100-192.168.3.102 list=Grypa3 add address=192.168.3.105 list=Grypa2 add address=192.168.3.103-192.168.3.106 list=Grypa1 /ip firewall mangle add action=mark-connection chain=forward in-interface=Wan1 \ new-connection-mark=Grypa1-con add action=mark-routing chain=prerouting connection-mark=Grypa1-con \ new-routing-mark=Grypa1-rt src-address=192.168.3.100/31 add action=mark-routing chain=prerouting new-routing-mark=Grypa1-rt \ src-address=192.168.3.100/31 add chain=prerouting /ip firewall nat add action=masquerade chain=srcnat out-interface=Wan1 src-address=\ 192.168.3.0/24 add action=masquerade chain=srcnat disabled=yes out-interface=Wan2 \ src-address=192.168.3.0/24 add action=masquerade chain=srcnat disabled=yes out-interface=Wan3 \ src-address=192.168.3.0/24 add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=82 \ protocol=tcp to-addresses=192.168.3.100 to-ports=82 add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=83 \ protocol=tcp to-addresses=192.168.3.101 to-ports=83 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.140.11 \ dst-port=1012 protocol=tcp to-addresses=192.168.3.100 to-ports=1012 add action=dst-nat chain=dstnat dst-address=44.444.44.44 dst-port=1011 \ protocol=tcp to-addresses=192.168.3.101 to-ports=1011 add action=dst-nat chain=dstnat dst-address=46.241.89.97 dst-port=1012 \ protocol=tcp to-addresses=192.168.3.101 to-ports=1012 /ip route add distance=1 gateway=44.444.44.1 routing-mark=Grypa1-rt Edited September 25, 2014 by Kolik-an Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...