Всем доброе, а напомните мне, пожалуйста, правило для выпуска клиентов за микротиком по опретелённой таблице маршрутов.
А то с самого микротика - пакеты уходят правильно, а вот клиенты, ЗА микротиком, уходят на дефолт
Таблица маршрутизации для клиентов [РЕШЕНО]
-
- Сообщения: 562
- Зарегистрирован: 14 апр 2018, 15:21
- Откуда: СССР
Таблица маршрутизации для клиентов [РЕШЕНО]
Последний раз редактировалось Sir_Prikol 13 ноя 2021, 18:11, всего редактировалось 1 раз.
Дома: CCR2004 (7-ISP(GPON)белый IP)
-
- Сообщения: 4086
- Зарегистрирован: 29 фев 2016, 15:26
- Откуда: Минск
Re: Таблица маршрутизации для клиентов
Доброго.
Так ведь только Mangle Prerouting и IP Route Rules на это могут влиять.
Так ведь только Mangle Prerouting и IP Route Rules на это могут влиять.
-
- Сообщения: 562
- Зарегистрирован: 14 апр 2018, 15:21
- Откуда: СССР
Re: Таблица маршрутизации для клиентов
mangle prerouting.
В IP ro ru я не лез. Что-то в перутингах накосячил. Причём достаточно давно, так как внимания не обращал При v6 особо не заметно было А тут озадачился, почему супруга попадает на залоченный сайт только когда я её принудительно манглом закидываю в VPN, а шз хоста сайта есть в другой таблице маршрутов
В IP ro ru я не лез. Что-то в перутингах накосячил. Причём достаточно давно, так как внимания не обращал При v6 особо не заметно было А тут озадачился, почему супруга попадает на залоченный сайт только когда я её принудительно манглом закидываю в VPN, а шз хоста сайта есть в другой таблице маршрутов
Дома: CCR2004 (7-ISP(GPON)белый IP)
-
- Сообщения: 562
- Зарегистрирован: 14 апр 2018, 15:21
- Откуда: СССР
Re: Таблица маршрутизации для клиентов
Да и правила вроде стоят
Код: Выделить всё
add action=accept chain=prerouting dst-address-list=my-network in-interface-list=Unblock
add action=accept chain=output dst-address-list=my-network
add action=accept chain=prerouting dst-address-list=my-network dst-address-type=!local
Дома: CCR2004 (7-ISP(GPON)белый IP)
-
- Сообщения: 562
- Зарегистрирован: 14 апр 2018, 15:21
- Откуда: СССР
Re: Таблица маршрутизации для клиентов
Вообще ничего киминального не вижу, просто не хочет и всё
Код: Выделить всё
/ip firewall mangle
add action=change-mss chain=forward in-interface-list=iNET new-mss=1400 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=1400 out-interface-list=iNET passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-routing chain=output dst-port=53 new-routing-mark=unblock passthrough=yes protocol=udp
add action=mark-routing chain=output dst-port=53 new-routing-mark=unblock passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting dst-port=53 log-prefix=dns new-routing-mark=unblock passthrough=yes protocol=udp
add action=mark-routing chain=prerouting dst-port=53 log-prefix=dns new-routing-mark=unblock passthrough=yes protocol=tcp
add action=set-priority chain=postrouting disabled=yes new-priority=from-dscp-high-3-bits passthrough=yes
add action=set-priority chain=postrouting disabled=yes new-priority=from-ingress passthrough=yes
add action=log chain=prerouting disabled=yes fragment=yes log-prefix=mangle-pre-fragment
add action=change-ttl chain=prerouting disabled=yes new-ttl=increment:1 passthrough=yes
add action=accept chain=prerouting dst-address-list=my-network in-interface-list=Unblock
add action=accept chain=output dst-address-list=my-network
add action=accept chain=prerouting dst-address-list=my-network dst-address-type=!local
add action=mark-routing chain=prerouting dst-address-list=ddosed new-routing-mark=ddoser-route-mark passthrough=no src-address-list=ddoser
add action=mark-routing chain=prerouting dst-address-list=zz_NET_unblock new-routing-mark=unblock passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=route_isp_02 passthrough=no src-address-list=sip_server
add action=mark-routing chain=prerouting new-routing-mark=route_isp_02 passthrough=no src-address=100.100.100.253
add action=mark-routing chain=prerouting dst-port=25 in-interface=Br-Local new-routing-mark=route_isp_01 passthrough=no protocol=tcp
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP01 new-connection-mark=conn_isp_01 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP02 new-connection-mark=conn_isp_02 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP03 new-connection-mark=conn_isp_03 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP04 new-connection-mark=conn_isp_04 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP05 new-connection-mark=conn_isp_05 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP06 new-connection-mark=conn_isp_06 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=00.pppoe-ISP07 new-connection-mark=conn_isp_07 passthrough=yes
add action=mark-connection chain=input comment=BACKUP connection-state=new disabled=yes in-interface=sfp-sfpplus10 new-connection-mark=conn_backup passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP01 new-connection-mark=conn_isp_01 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP02 new-connection-mark=conn_isp_02 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP03 new-connection-mark=conn_isp_03 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP04 new-connection-mark=conn_isp_04 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP05 new-connection-mark=conn_isp_05 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP06 new-connection-mark=conn_isp_06 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=00.pppoe-ISP07 new-connection-mark=conn_isp_07 passthrough=yes
add action=mark-connection chain=prerouting comment=BACKUP connection-state=new disabled=yes in-interface=sfp-sfpplus10 new-connection-mark=conn_backup passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_01 new-routing-mark=route_isp_01 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_02 new-routing-mark=route_isp_02 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_03 new-routing-mark=route_isp_03 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_04 new-routing-mark=route_isp_04 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_05 new-routing-mark=route_isp_05 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_06 new-routing-mark=route_isp_06 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_isp_07 new-routing-mark=route_isp_07 passthrough=yes
add action=mark-routing chain=output comment=BACKUP connection-mark=conn_backup disabled=yes new-routing-mark=route_backup passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=conn_isp_01 passthrough=yes per-connection-classifier=both-addresses:4/0 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=conn_isp_02 passthrough=yes per-connection-classifier=both-addresses:4/1 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=conn_isp_03 passthrough=yes per-connection-classifier=both-addresses:4/2 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=conn_isp_04 passthrough=yes per-connection-classifier=both-addresses:4/3 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local new-connection-mark=conn_isp_05 passthrough=yes per-connection-classifier=both-addresses:5/4 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local new-connection-mark=conn_isp_06 passthrough=yes per-connection-classifier=both-addresses:8/5 src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local new-connection-mark=conn_isp_07 passthrough=yes per-connection-classifier=both-addresses:8/6 src-address-list=BOGONS
add action=mark-connection chain=prerouting comment=BACKUP connection-mark=no-mark disabled=yes dst-address-type=!local new-connection-mark=conn_backup passthrough=yes per-connection-classifier=both-addresses:8/7 src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_01 dst-address-type=!local new-routing-mark=route_isp_01 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_02 dst-address-type=!local new-routing-mark=route_isp_02 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_03 dst-address-type=!local new-routing-mark=route_isp_03 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_04 dst-address-type=!local new-routing-mark=route_isp_04 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_05 dst-address-type=!local new-routing-mark=route_isp_05 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_06 dst-address-type=!local new-routing-mark=route_isp_06 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting connection-mark=conn_isp_07 dst-address-type=!local new-routing-mark=route_isp_07 passthrough=yes src-address-list=BOGONS
add action=mark-routing chain=prerouting comment=BACKUP connection-mark=conn_backup disabled=yes new-routing-mark=route_backup passthrough=yes src-address-list=BOGONS
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=oTher passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=route_isp_06 passthrough=no src-address-list=Billing_Local
add action=mark-routing chain=prerouting new-routing-mark=route_isp_01 passthrough=no src-address-list=Panel_Local
add action=mark-routing chain=prerouting new-routing-mark=unblock passthrough=no src-address=100.64.1.2
add action=mark-routing chain=prerouting new-routing-mark=route_isp_01 passthrough=no src-address-list=tv_pristavka
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=route_isp_01 passthrough=no src-address-list=client_bras
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=route_isp_01 passthrough=no src-address=100.64.1.1
add action=add-src-to-address-list address-list=routers address-list-timeout=30s chain=prerouting disabled=yes in-interface=Br-Local ttl=equal:63
add action=add-src-to-address-list address-list=routers address-list-timeout=30s chain=prerouting disabled=yes in-interface=Br-Local ttl=equal:127
Код: Выделить всё
/ip route
add check-gateway=ping comment=BYPASS_LV distance=1 gateway=198.18.24.1 pref-src=198.18.24.2 routing-mark=unblock
add distance=1 routing-mark=ddoser-route-mark type=blackhole
add check-gateway=ping distance=1 gateway=00.pppoe-ISP02 routing-mark=route_isp_02
add check-gateway=ping distance=2 gateway=00.pppoe-ISP03 routing-mark=route_isp_02
add check-gateway=ping distance=3 gateway=00.pppoe-ISP04 routing-mark=route_isp_02
add check-gateway=ping distance=4 gateway=00.pppoe-ISP05 routing-mark=route_isp_02
add check-gateway=ping distance=5 gateway=00.pppoe-ISP06 routing-mark=route_isp_02
add check-gateway=ping distance=6 gateway=00.pppoe-ISP07 routing-mark=route_isp_02
add check-gateway=ping distance=7 gateway=00.pppoe-ISP01 routing-mark=route_isp_02
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_02
add check-gateway=ping distance=1 gateway=00.pppoe-ISP01 routing-mark=route_isp_01
add check-gateway=ping distance=2 gateway=00.pppoe-ISP02 routing-mark=route_isp_01
add check-gateway=ping distance=3 gateway=00.pppoe-ISP03 routing-mark=route_isp_01
add check-gateway=ping distance=4 gateway=00.pppoe-ISP04 routing-mark=route_isp_01
add check-gateway=ping distance=5 gateway=00.pppoe-ISP05 routing-mark=route_isp_01
add check-gateway=ping distance=6 gateway=00.pppoe-ISP06 routing-mark=route_isp_01
add check-gateway=ping distance=7 gateway=00.pppoe-ISP07 routing-mark=route_isp_01
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_01
add check-gateway=ping distance=1 gateway=00.pppoe-ISP03 routing-mark=route_isp_03
add check-gateway=ping distance=2 gateway=00.pppoe-ISP04 routing-mark=route_isp_03
add check-gateway=ping distance=3 gateway=00.pppoe-ISP05 routing-mark=route_isp_03
add check-gateway=ping distance=4 gateway=00.pppoe-ISP06 routing-mark=route_isp_03
add check-gateway=ping distance=5 gateway=00.pppoe-ISP07 routing-mark=route_isp_03
add check-gateway=ping distance=6 gateway=00.pppoe-ISP01 routing-mark=route_isp_03
add check-gateway=ping distance=7 gateway=00.pppoe-ISP02 routing-mark=route_isp_03
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_03
add check-gateway=ping distance=1 gateway=00.pppoe-ISP04 routing-mark=route_isp_04
add check-gateway=ping distance=2 gateway=00.pppoe-ISP05 routing-mark=route_isp_04
add check-gateway=ping distance=3 gateway=00.pppoe-ISP06 routing-mark=route_isp_04
add check-gateway=ping distance=4 gateway=00.pppoe-ISP07 routing-mark=route_isp_04
add check-gateway=ping distance=5 gateway=00.pppoe-ISP01 routing-mark=route_isp_04
add check-gateway=ping distance=6 gateway=00.pppoe-ISP02 routing-mark=route_isp_04
add check-gateway=ping distance=7 gateway=00.pppoe-ISP03 routing-mark=route_isp_04
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_04
add check-gateway=ping distance=1 gateway=00.pppoe-ISP05 routing-mark=route_isp_05
add check-gateway=ping distance=2 gateway=00.pppoe-ISP06 routing-mark=route_isp_05
add check-gateway=ping distance=3 gateway=00.pppoe-ISP07 routing-mark=route_isp_05
add check-gateway=ping distance=4 gateway=00.pppoe-ISP01 routing-mark=route_isp_05
add check-gateway=ping distance=5 gateway=00.pppoe-ISP02 routing-mark=route_isp_05
add check-gateway=ping distance=6 gateway=00.pppoe-ISP03 routing-mark=route_isp_05
add check-gateway=ping distance=7 gateway=00.pppoe-ISP04 routing-mark=route_isp_05
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_05
add check-gateway=ping distance=1 gateway=00.pppoe-ISP06 routing-mark=route_isp_06
add check-gateway=ping distance=2 gateway=00.pppoe-ISP07 routing-mark=route_isp_06
add check-gateway=ping distance=3 gateway=00.pppoe-ISP01 routing-mark=route_isp_06
add check-gateway=ping distance=4 gateway=00.pppoe-ISP02 routing-mark=route_isp_06
add check-gateway=ping distance=5 gateway=00.pppoe-ISP03 routing-mark=route_isp_06
add check-gateway=ping distance=6 gateway=00.pppoe-ISP04 routing-mark=route_isp_06
add check-gateway=ping distance=7 gateway=00.pppoe-ISP05 routing-mark=route_isp_06
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_06
add check-gateway=ping distance=1 gateway=00.pppoe-ISP07 routing-mark=route_isp_07
add check-gateway=ping distance=2 gateway=00.pppoe-ISP01 routing-mark=route_isp_07
add check-gateway=ping distance=3 gateway=00.pppoe-ISP02 routing-mark=route_isp_07
add check-gateway=ping distance=4 gateway=00.pppoe-ISP03 routing-mark=route_isp_07
add check-gateway=ping distance=5 gateway=00.pppoe-ISP04 routing-mark=route_isp_07
add check-gateway=ping distance=6 gateway=00.pppoe-ISP05 routing-mark=route_isp_07
add check-gateway=ping distance=7 gateway=00.pppoe-ISP06 routing-mark=route_isp_07
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10 routing-mark=route_isp_07
add check-gateway=ping comment=BACKUP disabled=yes distance=1 gateway=sfp-sfpplus10 routing-mark=route_backup
add check-gateway=ping distance=1 gateway=00.pppoe-ISP04
add check-gateway=ping distance=1 gateway=00.pppoe-ISP01
add check-gateway=ping distance=1 gateway=00.pppoe-ISP02
add check-gateway=ping distance=1 gateway=00.pppoe-ISP03
add check-gateway=ping distance=1 gateway=00.pppoe-ISP05
add check-gateway=ping distance=1 gateway=00.pppoe-ISP06
add check-gateway=ping distance=1 gateway=00.pppoe-ISP07
add check-gateway=ping comment=BACKUP disabled=yes distance=8 gateway=sfp-sfpplus10
add comment="VPS \F7\E5\F0\E5\E7 ISP 01" distance=1 dst-address=45.137.148.145/32 gateway=00.pppoe-ISP01
add check-gateway=ping comment="IPv6 to EU" distance=1 dst-address=62.205.157.173/32 gateway=00.pppoe-ISP06 pref-src=78.36.197.130
add comment="\D2\E5\EB\E5\E3\E0" distance=1 dst-address=91.108.4.0/22 gateway=198.18.24.1 pref-src=198.18.24.2
add comment="\D2\E5\EB\E5\E3\E0" distance=1 dst-address=149.154.167.0/24 gateway=198.18.24.1 pref-src=198.18.24.2
add check-gateway=ping comment="IPv6 to EU - 2" distance=1 dst-address=176.119.234.201/32 gateway=00.pppoe-ISP05 pref-src=78.36.197.130
add check-gateway=ping comment="IPv6 to HE" distance=1 dst-address=216.66.84.54/32 gateway=00.pppoe-ISP07 pref-src=78.36.196.29
/ip route rule table=BGP_Unblock
add action=lookup-only-in-table dst-address=91.108.4.0/22 interface=00.CLEAN_INET table=main
add action=lookup-only-in-table dst-address=149.154.167.0/24 interface=00.CLEAN_INET table=main
Дома: CCR2004 (7-ISP(GPON)белый IP)
-
- Сообщения: 562
- Зарегистрирован: 14 апр 2018, 15:21
- Откуда: СССР
Re: Таблица маршрутизации для клиентов [РЕШЕНО]
Нашёл косяк, с какого-то в фильтре BGP слетел рутинг марк BGP_unblock, из-за этого клиенты и не хотели ходить туда
Дома: CCR2004 (7-ISP(GPON)белый IP)