forum.lan.md

[Sats]

Доброе время суток!
Есть микротик (2,9,27), подключил 2-ой канал, настроил по примеру:

Код: Выделить всё

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local 
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1

/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection \
  new-connection-mark=odd passthrough=yes 
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
  new-routing-mark=odd passthrough=no
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
  new-connection-mark=even passthrough=yes 
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
  new-routing-mark=even passthrough=no
add chain=prerouting in-interface=Local connection-state=new nth=2,1 \ 
    action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
  address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes 
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \ 
    new-routing-mark=odd passthrough=no
add chain=prerouting in-interface=Local connection-state=new nth=2,2 \ 
    action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
  address-list=even address-list-timeout=1d connection-mark=even passthrough=yes 
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \ 
    new-routing-mark=even passthrough=no

/ ip firewall nat 
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade

/ ip route 
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even 
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 

Но возникла такая проблема, при добавление правил для разделения молдавского и внешнего трафика,

Код: Выделить всё

/ ip firewall address-list 
add list=Latvia address=159.148.0.0/16 comment="" disabled=no 
add list=Latvia address=193.41.195.0/24 comment="" disabled=no 
add list=Latvia address=193.41.33.0/24 comment="" disabled=no 
add list=Latvia address=193.41.45.0/24 comment="" disabled=no 
add list=Latvia address=193.68.64.0/19 comment="" disabled=no 
add list=Latvia address=193.108.29.0/24 comment="" disabled=no 
add list=Latvia address=193.108.144.0/22 comment="" disabled=no 
add list=Latvia address=193.108.185.0/24 comment="" disabled=no 
add list=Latvia address=193.109.211.0/24 comment="" disabled=no 
add list=Latvia address=193.109.85.0/24 comment="" disabled=no 
add list=Latvia address=193.110.8.0/23 comment="" disabled=no 
add list=Latvia address=193.110.164.0/23 comment="" disabled=no 
...
add list=Latvia address=193.111.244.0/22 comment="" disabled=no 

/ ip firewall mangle 
add chain=prerouting src-address=192.168.100.0/24 action=mark-connection \
    new-connection-mark="Con Entire Traffic" passthrough=yes \
    comment="Mark-connection All Traffic" disabled=no 
add chain=prerouting src-address=192.168.100.0/24 connection-mark="Con Entire \
    Traffic" dst-address-list=!Latvia action=mark-connection \
    new-connection-mark="Con Oversea" passthrough=yes comment="Mark-connection \
    Oversea Traffic" disabled=no 
add chain=prerouting connection-mark="Con Oversea" action=mark-packet \
    new-packet-mark="Oversea traffic" passthrough=no comment="Mark-packet \
    Oversea Traffic" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark="Local Country Traffic" \
    passthrough=no comment="Mark-packet Local Country Traffic" disabled=no 

/ queue simple
add name="Oversea" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Oversea traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=256000/256000 total-queue=default-small disabled=no 
add name="Local Country" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Local Country Traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=1024000/1024000 total-queue=default-small disabled=no

прежние маркеры не работают, почему ? как можно это исправить?

А вот собственно и мой Mangle

Код: Выделить всё

[kotob@MikroTik] ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic 
 0 X ;;;                                                                                                                                     pomeceaem vse soedi
n
   eniea
     chain=prerouting src-address=192.168.1.0/24 action=mark-connection new-connection-mark=ALL connections passthrough=yes 

 1 X ;;;                                                                                                                                     VSE ISHODE6IE SOEDI
N
   ENIEA
     chain=prerouting src-address=192.168.1.0/24 connection-mark=ALL connections dst-address-list=!Moldova action=mark-connection new-connection-mark=OUT 
     passthrough=yes 

 2 X ;;;                                                                                                                                     ISHODEA6II TRAFIK 
     chain=prerouting connection-mark=OUT action=mark-packet new-packet-mark=OUT_trafik passthrough=no 

 3 X ;;;                                                                                                                                      MOLDOVA_trafik    
 
                                                             
     chain=prerouting action=mark-packet new-packet-mark=MD_trafik passthrough=no 

 4   chain=prerouting in-interface=LAN src-address-list=odd action=mark-connection new-connection-mark=odd passthrough=yes 

 5   chain=prerouting in-interface=LAN src-address-list=odd action=mark-routing new-routing-mark=odd passthrough=no 

 6   chain=prerouting in-interface=LAN src-address-list=even action=mark-connection new-connection-mark=even passthrough=yes 

 7   chain=prerouting in-interface=LAN src-address-list=even action=mark-routing new-routing-mark=even passthrough=no 

 8   chain=prerouting in-interface=LAN connection-state=new nth=2,1,0 action=mark-connection new-connection-mark=odd passthrough=yes 

 9   chain=prerouting in-interface=LAN connection-mark=odd action=add-src-to-address-list address-list=odd address-list-timeout=1d 

10   chain=prerouting in-interface=LAN connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no 

11   chain=prerouting in-interface=LAN connection-state=new nth=2,2,0 action=mark-connection new-connection-mark=even passthrough=yes 

12   chain=prerouting in-interface=LAN connection-mark=even action=add-src-to-address-list address-list=even address-list-timeout=1d 

13   chain=prerouting in-interface=LAN connection-mark=even action=mark-routing new-routing-mark=even passthrough=no 

Вот картинка IP firewall mangle

[Igoras]

А что ты собственно хотел увидеть когда у тебя пасстру=но, все получается промаркировать, пакеты б доходили

[Sats]

Огромное СПАСИБО!