Как разобраться с маркировкой трафика в RouterOS (Mikrotik)?

Question

[Ninja5]

Здравствуйте,
Помогите, пожалуйста, разобраться с маркировкой и маршрутизацией трафика в RouterOS.

Дано: Mikrotik 750GL (RouterOS 5.26), два провайдера (isp1,2) и 3 подсети (Network1,2,3).
порт1: port1 - 1.1.1.1 (isp1)
порт2: port2 - 2.2.2.2 (isp2)
порт3: port3 - 192.168.1.0/24 (network1)
порт4: port4 - 192.168.2.0/24 (network2)
порт5: port5 - 192.168.3.0/24 (network3)
Задача:
1) Настроить маркировку вх./исх. трафика (цепочки input/output) для роутера, чтобы трафик ходил на тот же интерфейс с которого пришел. (Для корректной работы VPN-pptp и т.д) для isp1, isp2.
2)Настроить маркировку проходящего трафика (цепочки forward/prerouting) для сетей Network1/2/3. Для того чтобы трафик уходил на тот же интерфейс с которого пришел и для настройки резервирования(см п.3)
3)Нужно настроить резервирование:
Сеть1: isp1->isp2
Сеть2: isp2->isp1
Сеть3: isp1->isp2

Мой конфиг:
/ip firewall mangle

01 add action=mark-routing chain=output disabled=no new-routing-mark=isp1 out-interface=port1 passthrough=no
02 add action=mark-routing chain=output disabled=no new-routing-mark=isp2 out-interface=port2 passthrough=no
 
03 add action=mark-connection chain=input disabled=no dst-address=1.1.1.1 in-interface=port1 new-connection-mark=port1_c_input passthrough=yes
04 add action=mark-routing chain=output connection-mark=port1_c_input disabled=no new-routing-mark=port1_r_input passthrough=no
 
05 add action=mark-connection chain=input disabled=no dst-address=2.2.2.2 in-interface=port2 new-connection-mark=port2_c_input passthrough=yes
06 add action=mark-routing chain=output connection-mark=port2_c_input disabled=no new-routing-mark=port2_r_input passthrough=no
 
07 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network1 passthrough=no src-address=192.168.1.0/24
08 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network2 passthrough=no src-address=192.168.2.0/24
09 add action=mark-routing chain=prerouting disabled=no new-routing-mark=network3 passthrough=no src-address=192.168.3.0/24
 
10 add action=mark-connection chain=forward disabled=no dst-address=192.168.1.0/24 in-interface=port1 new-connection-mark=port1-network1 passthrough=no
11 add action=mark-routing chain=prerouting connection-mark=port1-network1 disabled=no new-routing-mark=port1_network1 passthrough=no src-address=192.168.1.0/24
12 add action=mark-connection chain=forward disabled=no dst-address=192.168.1.0/24 in-interface=port2 new-connection-mark=port2-network1 passthrough=no
13 add action=mark-routing chain=prerouting connection-mark=port2-network1 disabled=no new-routing-mark=port2_network1 passthrough=no src-address=192.168.1.0/24
14 add action=mark-connection chain=forward disabled=no dst-address=192.168.2.0/24 in-interface=port1 new-connection-mark=port1-network2 passthrough=no
15 add action=mark-routing chain=prerouting connection-mark=port1-network2 disabled=no new-routing-mark=port1_network2 passthrough=no src-address=192.168.2.0/24
16 add action=mark-connection chain=forward disabled=no dst-address=192.168.2.0/24 in-interface=port2 new-connection-mark=port2-network2 passthrough=no
17 add action=mark-routing chain=prerouting connection-mark=port2-network2 disabled=no new-routing-mark=port2_network2 passthrough=no src-address=192.168.2.0/24
18 add action=mark-connection chain=forward disabled=no dst-address=192.168.3.0/24 in-interface=port1 new-connection-mark=port1-network3 passthrough=no
19 add action=mark-routing chain=prerouting connection-mark=port1-network3 disabled=no new-routing-mark=port1_network3 passthrough=no src-address=192.168.3.0/24
20 add action=mark-connection chain=forward disabled=no dst-address=192.168.3.0/24 in-interface=port2 new-connection-mark=port2-network3 passthrough=no
21 add action=mark-routing chain=prerouting connection-mark=port2-network3 disabled=no new-routing-mark=port2_network3 passthrough=no src-address=192.168.3.0/24

/ip route

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=isp1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=isp2 scope=30 target-scope=10
 
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_r_input scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_r_input scope=30 target-scope=10
 
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network1 scope=30 target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network2 scope=30 target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=network3 scope=30 target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=network3 scope=30 target-scope=10
 
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10 routing-mark=port1_network3 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.20 routing-mark=port2_network3 scope=30 target-scope=10
 
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.10,2.2.2.20,2.2.2.20 scope=30 target-scope=10

Все ли правильно?

Всех с наступающим!

Answer 1

[ruskella]

Не твой случай, habrahabr.ru/post/186284 ?