For example, if PC 192.168.150.30 try to ping the 192.168.50.5 the connection gets to mark by PPC to_starnet/to_videon and it's routed out.
ISP1 starnet : 10.27.104.234/30
ISP2 videon: 192.168.0.52/24
|
ROUTER (192.168.50.1 ; 192.168.150.1 etc)
|
Subnets:
192.168.50.0/24
192.168.150.0/24 - VLAN 150
192.168.70.0/24 - VLAN 70
My mangle:
Code: Select all
/ip firewall mangle
add action=accept chain=prerouting comment="LB - standard route to starnet" \
dst-address=10.27.104.232/30
add action=accept chain=prerouting comment="LB - standard route to videon" \
dst-address=192.168.0.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.50.0/24 \
src-address=192.168.150.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.150.0/24 \
src-address=192.168.50.0/24
add action=mark-connection chain=prerouting comment="LB - in connection starnet" \
connection-mark=no-mark in-interface=combo1-wan-starnet new-connection-mark=\
starnet_conn passthrough=yes
add action=mark-connection chain=prerouting comment="LB - in connection videon" \
connection-mark=no-mark in-interface=ether7-wan-videon new-connection-mark=\
videon_conn passthrough=yes
add action=mark-connection chain=prerouting comment="LB - half to starnet" \
connection-mark=no-mark dst-address-type=!local in-interface=bridge_main \
new-connection-mark=starnet_conn passthrough=yes per-connection-classifier=\
both-addresses:2/0
add action=mark-connection chain=prerouting comment="LB - half to starnet" \
connection-mark=no-mark dst-address-type=!local in-interface=bridge_main \
new-connection-mark=videon_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1
add action=mark-routing chain=prerouting comment="LB - route to starnet" \
connection-mark=starnet_conn in-interface=bridge_main new-routing-mark=\
to_starnet passthrough=yes
add action=mark-routing chain=prerouting comment="LB - route to videon" \
connection-mark=videon_conn in-interface=bridge_main new-routing-mark=to_videon \
passthrough=yes
add action=mark-routing chain=output comment="LB - route to starnet" \
connection-mark=starnet_conn new-routing-mark=to_starnet passthrough=yes
add action=mark-routing chain=output comment="LB - route to videon" \
connection-mark=videon_conn new-routing-mark=to_videon passthrough=yes
Code: Select all
add action=accept chain=prerouting comment="LB - " dst-address=192.168.50.0/24 \
src-address=192.168.150.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.150.0/24 \
src-address=192.168.50.0/24
Any solution? How exclude (accept) connection between subnets? I try to use extra -> dst. address type local but it does not match. (I think it mutch just IP assigned to router interfaces)
Thanks, guys