Сделал по вашей рекомендации.Chupaka писал(а): ↑13 ноя 2019, 15:58 А вы не хотите просто per-connection-classifier=both-addresses-and-ports сменить на per-connection-classifier=src-address? Если не хотите - то сделайте два набора правил:
1) порты 80/tcp,443/tcp - per-connection-classifier=src-address
2) всё остальное - per-connection-classifier=both-addresses-and-ports
Проблема возникает потому, что несколько соединений даже к одному IP могут пойти через разные каналы.
Гляньте своим профессиональным глазом, так правильно будет?
И где правильно поставить passthrough=yes или no
Код: Выделить всё
/ip firewall mangle
add action=mark-connection chain=input comment="Input Mark connection" in-interface=ether1-wan1 new-connection-mark=ISP3-WAN1-connection passthrough=yes
add action=mark-connection chain=input in-interface=ether2-wan2 new-connection-mark=ISP3-WAN2-connection passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out1_ByFly new-connection-mark=ISP3-WAN3-connection passthrough=yes
add action=mark-connection chain=prerouting comment="Per Connection Classifier HTTPS HTTP" connection-state=new disabled=yes dst-port=80,443 new-connection-mark=ISP1-WAN1-80-443 passthrough=yes per-connection-classifier=src-address:3/0 protocol=\tcp
add action=mark-connection chain=prerouting connection-state=new disabled=yes dst-port=80,443 new-connection-mark=ISP2-WAN2-80-443 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=yes dst-port=80,443 new-connection-mark=ISP3-WAN3-80-443 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=ISP1-WAN1-80-443 disabled=yes new-routing-mark=80_443-ISP1-WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2-WAN2-80-443 disabled=yes new-routing-mark=80_443-ISP2-WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP3-WAN3-80-443 disabled=yes new-routing-mark=80_443-ISP3-WAN3 passthrough=yes
add action=mark-connection chain=prerouting comment="Per Connection Classifier" connection-state=new new-connection-mark=ISP3-WAN1-connection passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=ISP3-WAN2-connection passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=ISP3-WAN3-connection passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=ISP3-WAN1-connection new-routing-mark=ISP1-WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP3-WAN2-connection new-routing-mark=ISP2-WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP3-WAN3-connection new-routing-mark=ISP3-WAN3 passthrough=yes
add action=mark-routing chain=output comment="Output Mark Routing" connection-mark=ISP3-WAN1-connection new-routing-mark=ISP1-WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP3-WAN2-connection new-routing-mark=ISP2-WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP3-WAN3-connection new-routing-mark=ISP3-WAN3 passthrough=yes
Код: Выделить всё
/ip route
add distance=1 gateway=pppoe-out1_ByFly routing-mark=ISP3-WAN3
add distance=1 gateway=82.1.1.125 routing-mark=ISP1-WAN1
add distance=1 gateway=82.2.2.117 routing-mark=ISP2-WAN2
add comment=lan-out-80_443-ISP1-WAN1 disabled=yes distance=1 gateway=82.1.1.125 routing-mark=80_443-ISP1-WAN1
add disabled=yes distance=1 gateway=82.2.2.117 routing-mark=80_443-ISP2-WAN2
add disabled=yes distance=1 gateway=pppoe-out1_ByFly routing-mark=80_443-ISP3-WAN3