Community discussions

MUM Europe 2020
 
glaurutis
just joined
Topic Author
Posts: 21
Joined: Tue Jan 31, 2006 5:34 pm

Policy routing problem

Wed Jun 27, 2007 6:42 am

Well i used this configuration for testing the new isp connection in my routerboard. I set up an internal lan for test this.... 192.168.88.0/24 but i see with this rule that the download come from the new isp2 but the upload for the first isp1.
I want to set that people who has the mark isp2 use only this gateway for upload/download. What i need to change?? This is the configuration at now:

/ip route
add gateway=10.10.11.1 routing-mark=isp2
add gateway=10.10.10.1 routing-mark=isp1
add gateway=10.10.10.1

/ip route rule
add dst-address=192.168.1.0/24 action=lookup table=main
add dst-address=192.168.88.0/24 action=lookup table=main
add dst-address=10.10.10.0/30 action=lookup table=main
add dst-address=10.10.11.0/30 action=lookup table=main


/ip firewall mangle
add chain=prerouting src-address=192.168.1.0/24 action=mark-routing \
new-routing-mark=isp1 passtrough=no

add chain=prerouting src-address=192.168.88.0/24 action=mark-routing \
new-routing-mark=isp2 passtrough=no


Any can help my?

Thanks

Gustavo
 
glaurutis
just joined
Topic Author
Posts: 21
Joined: Tue Jan 31, 2006 5:34 pm

Re: Policy routing problem

Wed Jun 27, 2007 9:45 pm

Please any can help?

In need user with mark ISP2 upload/download this isp. At this time with the configuration upload from ISP1 and download from ISP2....... my connection upload in ISP1 is full at the moment.

Thanks

Gustavo
 
bawolek
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Thu Mar 29, 2007 3:33 pm
Location: Poland/Wroclaw

Re: Policy routing problem

Wed Jun 27, 2007 11:26 pm

try disable routing rules
 
glaurutis
just joined
Topic Author
Posts: 21
Joined: Tue Jan 31, 2006 5:34 pm

Re: Policy routing problem

Thu Jun 28, 2007 4:14 am

thanks for the answer. But dont work. The problem is that at this moment I am not using marks for first isp since they using default gateway that is the first configuration i make in the mikrotik. Now i add second isp and applies the marks to the user´s but I have the problem to route upload/download for this and it does not work well, using the previous example. I dont know how to make the route tables for the second isp and that users respect this isp. Any can can help me. thanks
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Re: Policy routing problem

Thu Jun 28, 2007 10:32 am

post the following:

/ip route print
/ip route export
/ip firewall mangle export
/ip firewall nat export
 
glaurutis
just joined
Topic Author
Posts: 21
Joined: Tue Jan 31, 2006 5:34 pm

Re: Policy routing problem

Thu Jun 28, 2007 3:36 pm

This is the data :) is very long....... in 1 one month i put another mikrotik in other location winth newer isp and run only one in this with basic configuration. But now i need to implement two isp in this routerboard.

Thanks for all :lol:

/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.10.10.0/24 10.10.10.1 DMZ
1 ADC 10.10.102.0/24 10.10.102.1 Wireless
2 ADC 190.12.98.16/29 190.12.98.20 bridge1
3 ADC 192.168.1.0/24 192.168.1.1 LAN
4 ADC 192.168.11.0/24 192.168.11.1 Switch 1
5 ADC 192.168.12.0/28 192.168.12.1 bridge1
6 ADC 192.168.13.0/24 192.168.13.1 Switch 1
7 ADC 192.168.14.0/25 192.168.14.1 Switch 1
8 ADC 192.168.15.0/30 192.168.15.1 bridge1
9 ADC 192.168.19.0/24 192.168.19.1 Switch 1
10 ADC 192.168.20.0/24 192.168.20.1 bridge1
11 ADC 192.168.22.0/24 192.168.22.1 Switch 1
12 ADC 192.168.27.0/24 192.168.27.1 bridge1
13 ADC 192.168.28.0/30 192.168.28.1 bridge1
14 ADC 192.168.52.0/24 192.168.52.1 bridge1
15 ADC 192.168.60.0/24 192.168.60.1 Switch 1
16 ADC 192.168.61.0/24 192.168.61.1 Switch 1
17 ADC 192.168.88.0/24 192.168.88.1 Switch 1
18 ADC 192.192.168.0/30 192.192.168.1 bridge1
19 ADC 200.49.88.0/25 200.49.88.69 PUBLICA
20 ADC 200.49.88.176/29 200.49.88.177 bridge1
21 ADC 200.49.88.196/30 200.49.88.197 bridge1
22 ADC 200.49.88.208/29 200.49.88.209 Switch 1
23 ADC 200.49.88.216/30 200.49.88.217 Wireless
24 ADC 200.49.88.220/30 200.49.88.221 bridge1
25 ADC 200.49.88.228/30 200.49.88.229 Switch 1
26 ADC 200.49.88.232/29 200.49.88.233 Switch 1
27 ADC 200.49.88.240/29 200.49.88.241 bridge1
28 A S 0.0.0.0/0 r 190.12.98.17 bridge1
29 A S 0.0.0.0/0 r 200.49.88.1 PUBLICA
30 S 0.0.0.0/0 r 200.49.88.1 PUBLICA



/ip route export
# jun/28/2007 09:12:57 by RouterOS 2.9.43
# software id = P2DR-3TT
#
/ ip route
add dst-address=0.0.0.0/0 gateway=190.12.98.17 scope=255 target-scope=10 routing-mark=Metrotel comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.49.88.1 scope=255 target-scope=10 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=200.49.88.1 scope=255 target-scope=10 routing-mark=Telmex comment="" disabled=no
/ ip route rule
add dst-address=192.168.12.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.12.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.13.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.13.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.15.0/30 action=lookup table=main comment="" disabled=no
add src-address=192.168.15.0/30 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.27.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.27.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.52.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.52.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.61.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.61.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=192.168.88.0/24 action=lookup table=main comment="" disabled=no
add src-address=192.168.88.0/24 action=lookup table=Metrotel comment="" disabled=no
add dst-address=200.49.88.0/24 action=lookup table=main comment="" disabled=no
add dst-address=190.12.98.16/29 action=lookup table=main comment="" disabled=no
add dst-address=190.12.98.16/29 action=lookup table=Metrotel comment="" disabled=no

/ip firewall mangle export
# jun/28/2007 09:14:57 by RouterOS 2.9.43
# software id = P2DR-3TT
#
/ ip firewall mangle
add chain=forward src-address=10.10.10.11 protocol=!icmp action=mark-connection new-connection-mark=controller_con_down \
passthrough=yes comment="Controller DOWN" disabled=no
add chain=forward src-address=10.10.10.11 protocol=!icmp action=change-tos new-tos=max-throughput comment="" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=controller_con_down action=mark-packet \
new-packet-mark=controller_down passthrough=no comment="" disabled=no
add chain=prerouting src-address=200.49.88.71 dst-address-list=Backup action=mark-connection \
new-connection-mark=Backup_con passthrough=yes comment="Backup" disabled=no
add chain=prerouting dst-address=200.49.88.71 src-address-list=Backup action=mark-connection \
new-connection-mark=Backup_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=201.216.234.151 dst-address-list=Backup action=mark-connection \
new-connection-mark=Backup_con passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=201.216.234.151 src-address-list=Backup action=mark-connection \
new-connection-mark=Backup_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=Backup_con action=mark-packet new-packet-mark=Backup passthrough=no comment="" \
disabled=no
add chain=prerouting src-address=200.49.88.2 protocol=tcp src-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="DNS" disabled=no
add chain=prerouting src-address=200.49.88.2 protocol=udp src-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.3 protocol=tcp src-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.3 protocol=udp src-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.2 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.2 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.3 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.3 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_con \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=dns_con action=mark-packet new-packet-mark=dns passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp src-port=17000 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="VOIP" disabled=no
add chain=prerouting protocol=tcp dst-port=5060-5061 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp dst-port=5060-5061 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp dst-port=17000 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1720 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp dst-port=5004 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp src-port=5004 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=tcp src-port=5060-5061 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting protocol=udp src-port=5060-5061 action=mark-connection new-connection-mark=voipC passthrough=yes \
comment="" disabled=no
add chain=prerouting src-address=200.49.88.71 dst-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.97 dst-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.250 dst-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.71 src-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.97 src-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.250 src-address-list=!Controller action=mark-connection \
new-connection-mark=voipC passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=voipC action=change-tos new-tos=min-delay comment="" disabled=no
add chain=prerouting connection-mark=voipC action=mark-packet new-packet-mark=voip passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.1.0/24 p2p=all-p2p action=mark-connection new-connection-mark=p2p_lan \
passthrough=yes comment="P2P Lan" disabled=no
add chain=prerouting p2p=all-p2p dst-address-list=Backup action=mark-connection new-connection-mark=p2p_lan \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=p2p_lan action=mark-packet new-packet-mark=p2p-lan passthrough=no comment="" \
disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2pC passthrough=yes comment="P2P" disabled=no
add chain=prerouting connection-mark=p2pC action=mark-packet new-packet-mark=p2p passthrough=no comment="" disabled=no
add chain=prerouting dst-address=200.49.88.9 protocol=tcp src-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="MAIL" disabled=no
add chain=prerouting dst-address=200.49.88.20 protocol=tcp dst-port=25 src-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.20 protocol=tcp dst-port=80 src-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=200.49.88.20 protocol=tcp dst-port=110 src-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.9 protocol=tcp dst-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.20 protocol=tcp src-port=25 dst-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.20 protocol=tcp src-port=80 dst-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.20 protocol=tcp src-port=110 dst-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=mail_con action=mark-packet new-packet-mark=mail passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.11 protocol=!icmp action=mark-connection \
new-connection-mark=controller_con_up passthrough=yes comment="Controller" disabled=no
add chain=prerouting src-address=10.10.10.11 protocol=!icmp connection-mark=controller_con_up action=change-tos \
new-tos=max-throughput comment="" disabled=no
add chain=prerouting in-interface=DMZ protocol=!icmp connection-mark=controller_con_up action=mark-packet \
new-packet-mark=controller_up passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/16 dst-address=200.49.88.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="Local" disabled=no
add chain=prerouting src-address=200.49.88.0/24 dst-address=192.168.0.0/16 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/16 dst-address=10.10.10.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=10.10.10.0/24 dst-address=192.168.0.0/16 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=200.49.88.0/24 dst-address=200.49.88.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=local_con action=mark-packet new-packet-mark=local passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.88.0/24 action=mark-connection \
new-connection-mark=Gustavo passthrough=yes comment="Prueba Gustavo" disabled=yes
add chain=prerouting in-interface="Switch 1" src-address=192.168.88.0/24 action=mark-packet new-packet-mark=Gustavo_prueba \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.88.0/24 action=mark-routing new-routing-mark=Metrotel passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.12.0/24 action=mark-connection \
new-connection-mark=proyin_metro passthrough=yes comment="Proyectos Industriales" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.12.0/24 action=mark-packet new-packet-mark=proyin_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface="Switch 2" connection-mark=proyin_metro action=mark-routing new-routing-mark=Metrotel \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.13.0/24 action=mark-connection \
new-connection-mark=produtalia_metro passthrough=yes comment="Produtalia" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.13.0/24 action=mark-packet new-packet-mark=produtalia_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface="Switch 1" connection-mark=produtalia_metro action=mark-routing \
new-routing-mark=Metrotel passthrough=no comment="" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.15.0/30 action=mark-connection \
new-connection-mark=efl_metro passthrough=yes comment="EFL Ingenieria" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.15.0/30 action=mark-packet new-packet-mark=efl_up \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=efl_metro action=mark-routing new-routing-mark=Metrotel passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.27.0/24 action=mark-connection \
new-connection-mark=pampa_metro passthrough=yes comment="Pampa Alta" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.27.0/24 action=mark-packet new-packet-mark=pampa_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface="Switch 2" connection-mark=pampa_metro action=mark-routing new-routing-mark=Metrotel \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.52.0/24 action=mark-connection \
new-connection-mark=global_metro passthrough=yes comment="Global trade Metro" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.52.0/24 action=mark-packet new-packet-mark=global_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface="Switch 2" connection-mark=global_metro action=mark-routing new-routing-mark=Metrotel \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.61.0/24 action=mark-connection \
new-connection-mark=plaza_metro passthrough=yes comment="Plaza Fan Metrotel" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.61.0/24 action=mark-packet new-packet-mark="plaza up" \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface="Switch 1" connection-mark=plaza_metro action=mark-routing new-routing-mark=Metrotel \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface=bridge1 src-address=190.12.98.16/29 action=mark-packet new-packet-mark=wilson_up \
passthrough=yes comment="Wilson" disabled=no
add chain=prerouting src-address=190.12.98.16/29 action=mark-routing new-routing-mark=Metrotel passthrough=no comment="" \
disabled=no
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmpC passthrough=yes comment="ICMP" \
disabled=no
add chain=prerouting connection-mark=icmpC action=change-tos new-tos=min-delay comment="" disabled=no
add chain=prerouting connection-mark=icmpC action=mark-packet new-packet-mark=icmp passthrough=no comment="" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.21 action=mark-connection new-connection-mark=webserver_con_up \
passthrough=yes comment="Aginet Webserver UP" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.23 action=mark-connection new-connection-mark=webserver_con_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.24 action=mark-connection new-connection-mark=webserver_con_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.43 action=mark-connection new-connection-mark=webserver_con_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.60 action=mark-connection new-connection-mark=webserver_con_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=DMZ connection-mark=webserver_con_up action=mark-packet new-packet-mark=webserver_up \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.36 action=mark-connection new-connection-mark=bardi_con_up \
passthrough=yes comment="Bardi UP" disabled=no
add chain=prerouting in-interface=DMZ src-address=10.10.10.37 action=mark-connection new-connection-mark=bardi_con_up \
passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=DMZ connection-mark=bardi_con_up action=mark-packet new-packet-mark=bardi_up \
passthrough=no comment="" disabled=no
add chain=prerouting in-interface=LAN src-address=192.168.1.0/24 action=mark-packet new-packet-mark=lan_up passthrough=no \
comment="Lan UP" disabled=no
add chain=prerouting src-address=192.168.11.0/24 protocol=tcp dst-port=80 src-address-list="" action=mark-connection \
new-connection-mark=cpark_con passthrough=yes comment="Central Park" disabled=no
add chain=prerouting src-address=192.168.11.0/24 protocol=tcp dst-port=443 src-address-list="" action=mark-connection \
new-connection-mark=cpark_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=cpark_con action=mark-packet new-packet-mark=cpark-http passthrough=no comment="" \
disabled=no
add chain=prerouting src-address=192.168.11.0/24 src-address-list="" action=mark-connection new-connection-mark=cpark_cono \
passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=192.168.11.0/24 src-address-list="" action=mark-connection new-connection-mark=cpark_cono \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=cpark_cono action=mark-packet new-packet-mark=cpark-other passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface="Switch 1" src-address=192.168.14.0/25 action=mark-packet new-packet-mark=omega_up \
passthrough=yes comment="Omega UP" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=192.168.20.0/24 action=mark-packet new-packet-mark=focus_up \
passthrough=yes comment="Focus UP" disabled=no
add chain=prerouting src-address=192.168.19.0/24 protocol=tcp dst-port=80 src-address-list="" action=mark-connection \
new-connection-mark=marcade_con passthrough=yes comment="Marcade" disabled=no
add chain=prerouting src-address=192.168.19.0/24 protocol=tcp dst-port=443 src-address-list="" action=mark-connection \
new-connection-mark=marcade_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=marcade_con action=mark-packet new-packet-mark=marcade-http passthrough=no comment="" \
disabled=no
add chain=prerouting src-address=192.168.19.0/24 src-address-list="" action=mark-connection \
new-connection-mark=marcade_cono passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=192.168.19.0/24 src-address-list="" action=mark-connection \
new-connection-mark=marcade_cono passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=marcade_cono action=mark-packet new-packet-mark=marcade-other passthrough=no \
comment="" disabled=no
add chain=prerouting src-address=192.168.22.0/24 protocol=tcp dst-port=80 src-address-list="" action=mark-connection \
new-connection-mark="data online_con" passthrough=yes comment="Data Online" disabled=no
add chain=prerouting src-address=192.168.22.0/24 protocol=tcp dst-port=443 src-address-list="" action=mark-connection \
new-connection-mark="data online_con" passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark="data online_con" action=mark-packet new-packet-mark=data-http passthrough=no \
comment="" disabled=no
add chain=prerouting src-address=192.168.22.0/24 src-address-list="" action=mark-connection new-connection-mark="data \
online_cono" passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=192.168.22.0/24 src-address-list="" action=mark-connection new-connection-mark="data \
online_cono" passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark="data online_cono" action=mark-packet new-packet-mark=data-other passthrough=no \
comment="" disabled=no
add chain=prerouting src-address=192.168.60.0/24 protocol=tcp dst-port=80 src-address-list="" action=mark-connection \
new-connection-mark="wifi cpark_con" passthrough=yes comment="Wifi Cpark" disabled=no
add chain=prerouting src-address=192.168.60.0/24 protocol=tcp dst-port=443 src-address-list="" action=mark-connection \
new-connection-mark="wifi cpark_con" passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark="wifi cpark_con" action=mark-packet new-packet-mark=wifi-http passthrough=no \
comment="" disabled=no
add chain=prerouting src-address=192.168.60.0/24 src-address-list="" action=mark-connection new-connection-mark="wifi \
cpark_cono" passthrough=yes comment="" disabled=no
add chain=prerouting dst-address=192.168.60.0/24 src-address-list="" action=mark-connection new-connection-mark="wifi \
cpark_cono" passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark="wifi cpark_cono" action=mark-packet new-packet-mark=wifi-other passthrough=no \
comment="" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=200.49.88.176/29 action=mark-packet new-packet-mark=incotel_up \
passthrough=no comment="Incotel UP" disabled=no
add chain=prerouting src-address=200.49.88.196/30 protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=siscor_con passthrough=yes comment="Siscor" disabled=no
add chain=prerouting src-address=200.49.88.196/30 protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=siscor_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=siscor_con action=mark-packet new-packet-mark=siscor_http passthrough=no comment="" \
disabled=no
add chain=prerouting src-address=200.49.88.196/30 action=mark-connection new-connection-mark=siscor_cono passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=200.49.88.196/30 action=mark-connection new-connection-mark=siscor_cono passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=siscor_cono action=mark-packet new-packet-mark=siscor_other passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Wireless src-address=200.49.88.216/30 action=mark-packet new-packet-mark=ofidirect_up \
passthrough=no comment="Ofidirect" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=200.49.88.220/30 action=mark-packet new-packet-mark=syntronic_up \
passthrough=no comment="Syntronic UP" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=200.49.88.228/30 action=mark-packet new-packet-mark=marken_up \
passthrough=no comment="Marken UP" disabled=no
add chain=prerouting in-interface="Switch 1" src-address=200.49.88.232/29 action=mark-packet new-packet-mark=promoglas_up \
passthrough=no comment="Promoglas UP" disabled=no
add chain=prerouting in-interface="Switch 2" src-address=200.49.88.240/29 action=mark-packet new-packet-mark=syconline_up \
passthrough=no comment="Syconline UP" disabled=no
add chain=postrouting protocol=icmp action=mark-connection new-connection-mark=icmpC passthrough=yes comment="ICMP" \
disabled=yes
add chain=postrouting connection-mark=icmpC action=change-tos new-tos=min-delay comment="" disabled=yes
add chain=postrouting connection-mark=icmpC action=mark-packet new-packet-mark=icmp passthrough=no comment="" disabled=yes
add chain=postrouting dst-address=200.49.88.9 protocol=tcp src-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="MAIL" disabled=no
add chain=postrouting dst-address=200.49.88.20 protocol=tcp dst-port=25 src-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting dst-address=200.49.88.20 protocol=tcp dst-port=80 src-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting dst-address=200.49.88.20 protocol=tcp dst-port=110 src-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting src-address=200.49.88.9 protocol=tcp dst-address-list=!Controller action=mark-connection \
new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting src-address=200.49.88.20 protocol=tcp src-port=25 dst-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting src-address=200.49.88.20 protocol=tcp src-port=80 dst-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting src-address=200.49.88.20 protocol=tcp src-port=110 dst-address-list=!Controller \
action=mark-connection new-connection-mark=mail_con passthrough=yes comment="" disabled=no
add chain=postrouting connection-mark=mail_con action=mark-packet new-packet-mark=mail passthrough=no comment="" \
disabled=no
add chain=forward src-address=192.168.0.0/16 dst-address=200.49.88.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="Local" disabled=no
add chain=forward src-address=200.49.88.0/24 dst-address=192.168.0.0/16 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=forward src-address=192.168.0.0/16 dst-address=10.10.10.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=forward src-address=10.10.10.0/24 dst-address=192.168.0.0/16 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=forward src-address=200.49.88.0/24 dst-address=200.49.88.0/24 protocol=!icmp action=mark-connection \
new-connection-mark=local_con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=local_con action=mark-packet new-packet-mark=local passthrough=no comment="" disabled=no
add chain=forward src-address=10.10.10.21 action=mark-connection new-connection-mark=webserver_con_down passthrough=yes \
comment="Aginet Webserver DOWN" disabled=no
add chain=forward src-address=10.10.10.23 action=mark-connection new-connection-mark=webserver_con_down passthrough=yes \
comment="" disabled=no
add chain=forward src-address=10.10.10.24 action=mark-connection new-connection-mark=webserver_con_down passthrough=yes \
comment="" disabled=no
add chain=forward src-address=10.10.10.43 action=mark-connection new-connection-mark=webserver_con_down passthrough=yes \
comment="" disabled=no
add chain=forward src-address=10.10.10.60 action=mark-connection new-connection-mark=webserver_con_down passthrough=yes \
comment="" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=webserver_con_down action=mark-packet \
new-packet-mark=webserver_down passthrough=no comment="" disabled=no
add chain=forward src-address=10.10.10.36 action=mark-connection new-connection-mark=bardi_con_down passthrough=yes \
comment="Bardi DOWN" disabled=no
add chain=forward src-address=10.10.10.37 action=mark-connection new-connection-mark=bardi_con_down passthrough=yes \
comment="" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=bardi_con_down action=mark-packet new-packet-mark=bardi_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.1.0/24 action=mark-connection new-connection-mark=lan_con_down passthrough=yes \
comment="LanDOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=lan_con_down action=mark-packet new-packet-mark=lan_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.20.0/24 action=mark-connection new-connection-mark=focus_con_down passthrough=yes \
comment="Focus Media DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=focus_con_down action=mark-packet new-packet-mark=focus_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.176/29 action=mark-connection new-connection-mark=incotel_con_down passthrough=yes \
comment="Incotel DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=incotel_con_down action=mark-packet new-packet-mark=incotel_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.216/30 action=mark-connection new-connection-mark=ofidirect_con_down \
passthrough=yes comment="Ofidirect DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=ofidirect_con_down action=mark-packet \
new-packet-mark=ofidirect_down passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.228/30 action=mark-connection new-connection-mark=marken_con_down passthrough=yes \
comment="Marken DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=marken_con_down action=mark-packet new-packet-mark=marken_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.232/29 action=mark-connection new-connection-mark=promoglas_con_down \
passthrough=yes comment="Promoglas DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=promoglas_con_down action=mark-packet \
new-packet-mark=promoglas_down passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.220/30 action=mark-connection new-connection-mark=syntronic_con_down \
passthrough=yes comment="Syntronic DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=syntronic_con_down action=mark-packet \
new-packet-mark=syntronic_down passthrough=no comment="" disabled=no
add chain=forward src-address=200.49.88.240/29 action=mark-connection new-connection-mark=syconline_con_down \
passthrough=yes comment="Syconline DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=syconline_con_down action=mark-packet \
new-packet-mark=syconline_down passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.14.0/25 action=mark-connection new-connection-mark=omega_con_down passthrough=yes \
comment="Omega DOWN" disabled=no
add chain=forward in-interface=PUBLICA connection-mark=omega_con_down action=mark-packet new-packet-mark=omega_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.12.0/24 action=mark-connection new-connection-mark=proyin_con_down passthrough=yes \
comment="Proyin DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=proyin_con_down action=mark-packet new-packet-mark=proyin_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.13.0/24 action=mark-connection new-connection-mark=produtalia_con_down \
passthrough=yes comment="Produtalia DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=produtalia_con_down action=mark-packet \
new-packet-mark=produtalia_down passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.15.0/30 action=mark-connection new-connection-mark=efl_con_down passthrough=yes \
comment="EFL Ingenieria DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=efl_con_down action=mark-packet new-packet-mark=efl_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.27.0/24 action=mark-connection new-connection-mark=pampa_con_down passthrough=yes \
comment="Pampa Alta DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=pampa_con_down action=mark-packet new-packet-mark=pampa_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.61.0/24 action=mark-connection new-connection-mark=plazafan_con_down passthrough=yes \
comment="Plaza Fan DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=plazafan_con_down action=mark-packet new-packet-mark=plazafan_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.52.0/24 action=mark-connection new-connection-mark=global_con_down passthrough=yes \
comment="Global Trade DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=global_con_down action=mark-packet new-packet-mark=global_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=190.12.98.16/29 routing-mark=Metro action=mark-connection \
new-connection-mark=wilson_con_down passthrough=yes comment="Wilson DOWN" disabled=no
add chain=prerouting action=log log-prefix="" comment="" disabled=yes
add chain=forward in-interface=Metrotel connection-mark=wilson_con_down action=mark-packet new-packet-mark=wilson_down \
passthrough=no comment="" disabled=no
add chain=forward src-address=192.168.88.0/24 action=mark-connection new-connection-mark=gustavo_con_down passthrough=yes \
comment="Gustavo DOWN" disabled=no
add chain=forward in-interface=Metrotel connection-mark=gustavo_con_down action=mark-packet new-packet-mark=gustavo_down \
passthrough=yes comment="" disabled=no

/ip firewall nat export
# jun/28/2007 09:26:03 by RouterOS 2.9.43
# software id = P2DR-3TT
#
/ ip firewall nat
add chain=dstnat dst-address=200.49.88.10 protocol=udp dst-port=514 action=dst-nat to-addresses=10.10.10.11 to-ports=514 \
comment="Syslog" disabled=no
add chain=dstnat dst-address=200.49.88.10 protocol=tcp dst-port=5631 action=dst-nat to-addresses=10.10.10.11 to-ports=5631 \
comment=" " disabled=no
add chain=dstnat dst-address=200.49.88.10 protocol=udp dst-port=5632 action=dst-nat to-addresses=10.10.10.11 to-ports=5632 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.10 protocol=tcp dst-port=8080 action=dst-nat to-addresses=10.10.10.11 to-ports=8080 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.10 protocol=tcp dst-port=8081 action=dst-nat to-addresses=10.10.10.11 to-ports=8081 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.21 protocol=tcp dst-port=21 action=dst-nat to-addresses=10.10.10.21 to-ports=21 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.21 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.21 to-ports=80 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.21 protocol=tcp dst-port=2433 action=dst-nat \
to-addresses=10.10.10.21 to-ports=2433 comment="" disabled=no
add chain=dstnat dst-address=200.49.88.23 protocol=tcp dst-port=21 action=dst-nat to-addresses=10.10.10.23 to-ports=21 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.23 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.23 to-ports=80 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.23 protocol=tcp dst-port=2433 action=dst-nat \
to-addresses=10.10.10.23 to-ports=2433 comment="" disabled=no
add chain=dstnat dst-address=200.49.88.24 protocol=tcp dst-port=21 action=dst-nat to-addresses=10.10.10.24 to-ports=21 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.24 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.24 to-ports=80 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.24 protocol=tcp dst-port=2433 action=dst-nat \
to-addresses=10.10.10.24 to-ports=2433 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA src-address=200.80.241.194 dst-address=200.49.88.24 protocol=tcp dst-port=3389 \
action=dst-nat to-addresses=10.10.10.24 to-ports=3389 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA src-address=200.80.241.196 dst-address=200.49.88.24 protocol=tcp dst-port=3389 \
action=dst-nat to-addresses=10.10.10.24 to-ports=3389 comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=21 action=dst-nat to-addresses=10.10.10.36 to-ports=21 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=25 action=dst-nat to-addresses=10.10.10.36 to-ports=25 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=udp dst-port=53 action=dst-nat to-addresses=10.10.10.36 to-ports=53 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=53 action=dst-nat to-addresses=10.10.10.36 to-ports=53 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.36 to-ports=80 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=110 action=dst-nat to-addresses=10.10.10.36 to-ports=110 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=143 action=dst-nat to-addresses=10.10.10.36 to-ports=143 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=993 action=dst-nat to-addresses=10.10.10.36 to-ports=993 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=1433 action=dst-nat to-addresses=10.10.10.36 to-ports=1433 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.36 protocol=tcp dst-port=2406 action=dst-nat to-addresses=10.10.10.36 to-ports=2406 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=21 action=dst-nat to-addresses=10.10.10.37 to-ports=21 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=25 action=dst-nat to-addresses=10.10.10.37 to-ports=25 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=udp dst-port=53 action=dst-nat to-addresses=10.10.10.37 to-ports=53 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=53 action=dst-nat to-addresses=10.10.10.37 to-ports=53 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.37 to-ports=80 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=110 action=dst-nat to-addresses=10.10.10.37 to-ports=110 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=143 action=dst-nat to-addresses=10.10.10.37 to-ports=143 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=993 action=dst-nat to-addresses=10.10.10.37 to-ports=993 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=1433 action=dst-nat to-addresses=10.10.10.37 to-ports=1433 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.37 protocol=tcp dst-port=2406 action=dst-nat to-addresses=10.10.10.37 to-ports=2406 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.43 protocol=tcp dst-port=21 action=dst-nat \
to-addresses=10.10.10.43 to-ports=21 comment="" disabled=no
add chain=dstnat dst-address=200.49.88.43 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.43 to-ports=80 \
comment="" disabled=no
add chain=dstnat dst-address=200.49.88.44 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.60 to-ports=80 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.66 action=dst-nat to-addresses=192.168.1.25 to-ports=0-65535 \
comment="" disabled=no
add chain=dstnat in-interface=Metrotel dst-address=190.12.98.21 action=dst-nat to-addresses=192.168.88.110 \
to-ports=0-65535 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.67 action=dst-nat to-addresses=192.168.1.110 to-ports=0-65535 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=icmp action=dst-nat to-addresses=192.168.1.4 \
to-ports=0-65535 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=tcp dst-port=2107 action=dst-nat \
to-addresses=192.168.1.4 to-ports=21 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=tcp dst-port=69 action=dst-nat \
to-addresses=192.168.1.4 to-ports=69 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=udp dst-port=69 action=dst-nat \
to-addresses=192.168.1.4 to-ports=69 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=tcp dst-port=2565 action=dst-nat \
to-addresses=192.168.1.4 to-ports=2565 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=tcp dst-port=5631 action=dst-nat \
to-addresses=192.168.1.4 to-ports=5631 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.68 protocol=udp dst-port=5632 action=dst-nat \
to-addresses=192.168.1.4 to-ports=5632 comment="" disabled=no
add chain=srcnat src-address=192.168.88.0/24 action=src-nat to-addresses=190.12.98.21 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.1.4 action=src-nat to-addresses=200.49.88.68 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.1.8 action=src-nat to-addresses=200.49.88.69 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.1.25 action=src-nat to-addresses=200.49.88.66 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.1.110 action=src-nat to-addresses=200.49.88.67 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.1.0/24 action=src-nat to-addresses=200.49.88.19 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.11.0/24 action=src-nat to-addresses=200.49.88.29 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat src-address=192.168.12.0/28 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat src-address=192.168.13.0/24 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.14.0/25 action=src-nat to-addresses=200.49.88.29 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat src-address=192.168.15.0/30 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.19.0/24 action=src-nat to-addresses=200.49.88.29 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.20.0/24 action=src-nat to-addresses=200.49.88.19 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.22.0/24 action=src-nat to-addresses=200.49.88.29 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat src-address=192.168.27.0/24 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.28.2 action=src-nat to-addresses=200.49.88.19 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat src-address=192.168.52.0/24 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=192.168.60.0/24 action=src-nat to-addresses=200.49.88.29 \
to-ports=0-65535 comment="" disabled=no
add chain=srcnat src-address=192.168.61.0/24 action=src-nat to-addresses=190.12.98.20 to-ports=0-65535 comment="" \
disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.11 action=src-nat to-addresses=200.49.88.10 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.21 action=src-nat to-addresses=200.49.88.21 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.23 action=src-nat to-addresses=200.49.88.23 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.24 action=src-nat to-addresses=200.49.88.24 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.36 action=src-nat to-addresses=200.49.88.36 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.37 action=src-nat to-addresses=200.49.88.37 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.43 action=src-nat to-addresses=200.49.88.43 to-ports=0-65535 \
comment="" disabled=no
add chain=srcnat out-interface=PUBLICA src-address=10.10.10.60 action=src-nat to-addresses=200.49.88.44 to-ports=0-65535 \
comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.69 protocol=tcp dst-port=2562 action=dst-nat \
to-addresses=192.168.1.8 to-ports=2562 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.211 protocol=tcp dst-port=48100-48103 action=dst-nat \
to-addresses=192.168.11.151 to-ports=48100-48103 comment="Central Park" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.211 protocol=tcp dst-port=5631 action=dst-nat \
to-addresses=192.168.11.151 to-ports=5631 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.211 protocol=udp dst-port=5632 action=dst-nat \
to-addresses=192.168.11.151 to-ports=5632 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.211 protocol=tcp dst-port=5000-5001 action=dst-nat \
to-addresses=192.168.11.151 to-ports=5000-5001 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.212 protocol=tcp dst-port=48100-48103 action=dst-nat \
to-addresses=192.168.11.150 to-ports=48100-48103 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.212 protocol=tcp dst-port=5631 action=dst-nat \
to-addresses=192.168.11.150 to-ports=5631 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.212 protocol=udp dst-port=5632 action=dst-nat \
to-addresses=192.168.11.150 to-ports=5632 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.212 protocol=tcp dst-port=5000-5001 action=dst-nat \
to-addresses=192.168.11.150 to-ports=5000-5001 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.210 protocol=tcp dst-port=5631 action=dst-nat \
to-addresses=192.168.11.121 to-ports=5631 comment="" disabled=no
add chain=dstnat in-interface=PUBLICA dst-address=200.49.88.210 protocol=udp dst-port=5632 action=dst-nat \
to-addresses=192.168.11.121 to-ports=5632 comment="" disabled=no
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: Policy routing problem

Thu Jun 28, 2007 4:08 pm

glaurutis -
At first glance it looks like you need to use routing rules and routing tables. Everything I see on here on what you have done shows any routing rule -> 'lookup' table main. The first rule in table main is always the default route - and guess what - everything matches the default route......
/ip route
add gateway=10.10.11.1 routing-mark=isp2
add gateway=10.10.10.1 routing-mark=isp1
add gateway=10.10.10.1

/ip route rule
add dst-address=192.168.1.0/24 action=lookup table=main
add dst-address=192.168.88.0/24 action=lookup table=main
add dst-address=10.10.10.0/30 action=lookup table=main
add dst-address=10.10.11.0/30 action=lookup table=main
Instead you should build routing tables. The use route rules to tell MT to lookup the routing table for the IP in question instead of table main.... In your case you should have three routing tables - main, ISP1 and ISP2....

Need more help - post your results back to the forum here - we'll help you out...

Thom
 
titius
Member
Member
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Policy routing problem

Sun Sep 30, 2007 10:52 am

Hi glauritus,

Can i see you have nice connection and packet marks, can you post your simple queue and queue tree rules if you have one?

Thanks

Who is online

Users browsing this forum: rbuserdl and 124 guests