Code: Select all
/ip address
add address=192.168.1.60/24 disabled=no interface=outside1
add address=192.168.3.60/24 disabled=no interface=outside2
add address=192.168.2.1/24 disabled=no interface=hotspot
/ip firewall address-list
add address=192.168.2.0/24 disabled=no list=Local_NAT_Networks
/ip firewall mangle
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting disabled=no dst-address=192.168.3.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_outside1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_outside2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10