Добрый день, коллеги.
Прошу помочь в решении задачи. Не могу правильно настроить маршрутизатор, чтобы пакеты FTP передавались только через 3 WAN. Чтобы пользователей из локальной сети, которые через FileZilla заходят на FTP, выходили только через один WAN, например 3 WAN.
Настройки Router OS.
[admin@MikroTik] > export
# mar/23/2016 19:18:34 by RouterOS 6.34.3
# software id = ULLH-YS5A
#
/interface ethernet
set [ find default-name=ether1 ] name=eth1-WAN1
set [ find default-name=ether2 ] name=eth2-WAN2
set [ find default-name=ether3 ] name=eth3-WAN3
set [ find default-name=ether5 ] name=eth5-LAN
set [ find default-name=ether4 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=eth1-WAN1 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=XXX use-peer-dns=yes user=mega2633042
add add-default-route=yes disabled=no interface=eth2-WAN2 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out2 password=XXX use-peer-dns=yes user=mega2620526
add add-default-route=yes disabled=no interface=eth3-WAN3 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out3 password=XXX use-peer-dns=yes user=mega2620822
/ip neighbor discovery
set eth1-WAN1 discover=no
set eth2-WAN2 discover=no
set eth3-WAN3 discover=no
set ether4 discover=no
set wlan1 discover=no
set pppoe-out1 discover=no
set pppoe-out2 discover=no
set pppoe-out3 discover=no
/ip pool
add name="Pool 192.168.5.100-200" ranges=192.168.5.100-192.168.5.200
/ip dhcp-server
add address-pool="Pool 192.168.5.100-200" disabled=no interface=eth5-LAN lease-time=11h name="DHCP Server"
/ip address
add address=192.168.5.1/24 interface=eth5-LAN network=192.168.5.0
/ip dhcp-server network
add address=192.168.5.0/24 dns-server=95.56.237.24,212.154.163.162,8.8.8.8 gateway=192.168.5.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1
add chain=prerouting in-interface=pppoe-out2
add chain=prerouting in-interface=pppoe-out3
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:3/0 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:3/1 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn per-connection-classifier=both-addresses-and-ports:3/2 src-address=192.168.5.0/24
add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 src-address=192.168.5.0/24
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 src-address=192.168.5.0/24
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 src-address=192.168.5.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=192.168.5.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=192.168.5.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out3 src-address=192.168.5.0/24
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=pppoe-out2 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=pppoe-out3 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=pppoe-out1
add check-gateway=ping distance=1 gateway=pppoe-out2
add check-gateway=ping distance=1 gateway=pppoe-out3
/system clock
set time-zone-name=Asia/Almaty
/system leds
set 5 interface=wlan1
/system routerboard settings
set protected-routerboot=disabled
[admin@MikroTik] >
Сложный
Сложный
Простой
