ok iv got a pcc topology configured on my rb750gl ether1-lan and ether5-wan1 and ether4-wan2 and they have static ipadress assinged by our isp but one of our pc's on-site cought a virus and sended spam and caused havoc now i am batteling to get that ip unlisted so i want to setup my secondary ip and keep my previos one still active for my clients incoming connections wich is hardcoded into the program and i want only my mail to go out via that other one ip/interface so here is my mangel print output hope someone can help!
MANGEL:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-mweb-connect
1 chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether2-is
2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
connection-mark=wan1_conn
3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
connection-mark=wan2_conn
4 chain=prerouting action=accept dst-address=196.100.100.0/28
in-interface=lan-bridge
5 chain=prerouting action=accept dst-address=41.100.110.0/28
in-interface=lan-bridge
6 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
7 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
8 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
9 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect dst-port=143,110
10 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
11 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=143,110
12 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=no dst-address=192.168.88.2 in-interface=lan-bridge
13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=no dst-address=192.168.88.2 in-interface=lan-bridge
14 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address-type=!local in-interface=lan-bridge
connection-mark=no-mark per-connection-classifier=both-addresses:2/0
15 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address-type=!local in-interface=lan-bridge
connection-mark=no-mark per-connection-classifier=both-addresses:2/1
16 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=yes in-interface=lan-bridge connection-mark=wan1_conn
17 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=yes in-interface=lan-bridge connection-mark=wan2_conn
and firewall:
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Internet on mweb
chain=srcnat action=masquerade out-interface=ether1-mweb-connect
1 ;;; Internet on IS
chain=srcnat action=masquerade out-interface=ether2-is
2 ;;; Loop Back
chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.2
3 ;;; FTP-SSH
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=196.100.100.148 dst-port=20-25
4 ;;; FTP-SSH
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=41.100.110.10 dst-port=20-25
5 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=196.100.100.148 dst-port=80-81
6 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=41.100.110.10 dst-port=80-81
7 ;;; HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=196.100.100.148 dst-port=443
8 ;;; HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=41.100.110.10 dst-port=443
9 ;;; lftp
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=196.100.100.148 dst-port=2040-2050
10 ;;; lftp
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=41.100.110.10 dst-port=2040-2050
11 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=196.100.100.148 dst-port=3203-3206
12 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=41.100.110.10 dst-port=3203-3206
13 ;;; VNC
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=196.100.100.148 dst-port=5900-5935
14 ;;; VNC
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=41.100.110.10 dst-port=5900-5935
15 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=196.100.100.148 dst-port=6000-6020
16 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=41.100.110.10 dst-port=6000-6020
17 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=196.100.100.148 dst-port=6080
18 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.100.110.10 dst-port=6080
19 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=196.100.100.148 dst-port=7000
20 ;;; ECS-COMMUNICATOR
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=196.100.100.148 dst-port=8080-8082
21 ;;; ECS-COMMUNICATOR
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=41.100.110.10 dst-port=8080-8082
22 ;;; Kode Program
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=196.100.100.148 dst-port=9091
23 ;;; Kode Program
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.100.110.10 dst-port=9091
24 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=41.100.110.10 dst-port=7000
25 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=196.100.100.148 dst-port=7000
26 ;;; EAP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=196.100.100.148 dst-port=8061
27 ;;; EAP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=41.100.110.10 dst-port=8061
28 ;;; Gerrit Web Service
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6500-6501 protocol=tcp dst-address=196.100.100.148 dst-port=6500-6501
29 ;;; Gerrit Web Service
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6500-6501 protocol=tcp dst-address=41.100.110.10 dst-port=6500-6501
30 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=88-89 protocol=tcp dst-address=196.100.100.148 dst-port=88-89
31 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=88-89 protocol=tcp dst-address=41.100.110.10 dst-port=88-89
32 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=881 protocol=tcp dst-address=196.100.100.148 dst-port=881
33 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3000 protocol=tcp dst-address=196.100.100.148 dst-port=3000
34 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=143 protocol=tcp dst-address=196.100.100.148 dst-port=143
35 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=110 protocol=tcp dst-address=196.100.100.148 dst-port=110
36 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=881 protocol=tcp dst-address=41.100.110.10 dst-port=881
37 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=110 protocol=tcp dst-address=41.100.110.10 dst-port=110
38 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3000 protocol=tcp dst-address=41.100.110.10 dst-port=3000
39 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=143 protocol=tcp dst-address=41.100.110.10 dst-port=143
and routing output:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.100.110.9 2
1 A S 0.0.0.0/0 196.100.100.145 2
2 A S 0.0.0.0/0 196.100.100.145 2
3 S 0.0.0.0/0 41.100.110.9 3
4 ADC 41.100.110.0/28 41.100.110.10 ether1-mweb-con... 0
5 ADC 192.168.88.0/24 192.168.88.1 lan-bridge 0
6 ADC 196.100.100.144/28 196.100.100.148 ether2-is 0
thanx aney help will be apreciated!