Code: Select all
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=bridgeFTTH
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2
/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=bridgeFTTH
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=bridgeFTTH
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=bridgeFTTHH action=mark-routing \
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=bridgeFTTH action=mark-routing \
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade
For example I have the following ...
Code: Select all
add action=mark-connection chain=prerouting comment=\
"/////////////////////MARCADO DE PAQUETES//////////////////////" \
new-connection-mark=icmp_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment=ICMP connection-mark=\
icmp_conn new-packet-mark=icmp_pack passthrough=no
add action=mark-connection chain=prerouting comment="DNS - conexiones" \
new-connection-mark=dns_conn passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conn \
new-packet-mark=dns_pack passthrough=no
add action=mark-connection chain=prerouting comment=\
"HTTP - Paginas puerto 80" new-connection-mark=http_conn passthrough=yes \
port=80 protocol=tcp src-address-list=UCA_FTTH
add action=mark-packet chain=prerouting connection-mark=http_conn \
new-packet-mark=http_pack passthrough=no
add action=mark-connection chain=prerouting comment=\
"HTTPS - conexiones puerto seguro 443" new-connection-mark=https_conn \
passthrough=yes port=443 protocol=tcp src-address-list=UCA_FTTH
add action=mark-packet chain=prerouting connection-mark=https_conn \
new-packet-mark=https_pack passthrough=no
add action=mark-connection chain=prerouting comment="CORREO MAIL" \
new-connection-mark=mail_conn passthrough=yes port=25,110,143,465,587,995 \
protocol=tcp src-address-list=UCA_FTTH
add action=mark-packet chain=prerouting connection-mark=mail_conn \
new-packet-mark=mail_pack passthrough=no
add action=mark-connection chain=prerouting comment="Youtube - conexiones" \
content=youtube dst-port=80,443 new-connection-mark=conexion_youtube \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=youtube dst-port=80,443 \
new-connection-mark=conexion_youtube passthrough=yes protocol=udp
add action=mark-connection chain=prerouting content=googlevideo dst-port=\
80,443 new-connection-mark=conexion_youtube passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=googlevideo dst-port=\
80,443 new-connection-mark=conexion_youtube passthrough=yes protocol=udp
add action=mark-connection chain=prerouting content=youtu.be dst-port=80,443 \
new-connection-mark=conexion_youtube passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting content=youtu.be dst-port=80,443 \
new-connection-mark=conexion_youtube passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=conexion_youtube \
new-packet-mark=paquetes_youtube passthrough=no
add action=mark-connection chain=forward comment="Speed Test Server" \
layer7-protocol=SpeedTest new-connection-mark=SpeedTest_Con passthrough=\
yes
add action=mark-connection chain=prerouting new-connection-mark=SpeedTest_Con \
passthrough=yes protocol=tcp src-port=8080
add action=mark-packet chain=prerouting connection-mark=SpeedTest_Con \
new-packet-mark=SpeedTest_Packets passthrough=no
add action=mark-connection chain=postrouting dst-port=8080 \
new-connection-mark=SpeedTest_Con passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=SpeedTest_Con \
new-packet-mark=SpeedTest_Packets passthrough=no
add action=mark-packet chain=prerouting comment="Windows Update list dst" \
layer7-protocol=MicrosoftUpdates new-packet-mark=winupdate-mark \
passthrough=no
Thanks for you support !!
