Простая настройка для моей конфигурации с 2 WAN. Я пытаюсь сделать так, чтобы часть одной из моих LAN VLAN (vlan5-dmz LAN01) отправляла список адресов (iDigit Private Subnet) на WAN02 iDigit. Когда я активирую следующее правило mangle, tracert к внешнему IP из iDigit Private Subnet по-прежнему идёт через мой WAN01. Из других VLAN внутри моей LAN больше не удаётся связаться с этим iDigit Private IP подсетью. Должен быть способ сделать это проще. Вот мои правила:
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.196.20.161 routing-mark=to_WAN02-iDigit scope=30 target-scope=10
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=xx.196.20.32/27 in-interface="vlan5-dmz LAN01"
add action=accept chain=prerouting disabled=no dst-address=xx.196.20.160/27 in-interface="vlan5-dmz LAN01"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no in-interface="ether6 WAN01 SDP" new-connection-mark=WAN01-SDP_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no in-interface="ether13 WAN02 iDigit" new-connection-mark= WAN02-iDigit_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no dst-address-type=!local in-interface="vlan5-dmz LAN01" new-connection-mark=WAN01-SDP_conn passthrough=yes src-address-list= "!iDigit Private Subnet"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no dst-address-type=!local in-interface="vlan5-dmz LAN01" new-connection-mark=WAN02-iDigit_conn passthrough=yes src-address-list= "iDigit Private Subnet"
add action=mark-routing chain=prerouting connection-mark=WAN01-SDP_conn disabled=no in-interface="vlan5-dmz LAN01" new-routing-mark=to_WAN01-SDP passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN02-iDigit_conn disabled=no in-interface="vlan5-dmz LAN01" new-routing-mark= to_WAN02-iDigit passthrough=yes
add action=mark-routing chain=output connection-mark=WAN01-SDP_conn disabled= no new-routing-mark=to_WAN01-SDP passthrough=yes
add action=mark-routing chain=output connection-mark=WAN02-iDigit_conn disabled=no new-routing-mark=to_WAN02-iDigit passthrough=yes
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.196.20.161 routing-mark=to_WAN02-iDigit scope=30 target-scope=10
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=xx.196.20.32/27 in-interface="vlan5-dmz LAN01"
add action=accept chain=prerouting disabled=no dst-address=xx.196.20.160/27 in-interface="vlan5-dmz LAN01"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no in-interface="ether6 WAN01 SDP" new-connection-mark=WAN01-SDP_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no in-interface="ether13 WAN02 iDigit" new-connection-mark= WAN02-iDigit_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no dst-address-type=!local in-interface="vlan5-dmz LAN01" new-connection-mark=WAN01-SDP_conn passthrough=yes src-address-list= "!iDigit Private Subnet"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled= no dst-address-type=!local in-interface="vlan5-dmz LAN01" new-connection-mark=WAN02-iDigit_conn passthrough=yes src-address-list= "iDigit Private Subnet"
add action=mark-routing chain=prerouting connection-mark=WAN01-SDP_conn disabled=no in-interface="vlan5-dmz LAN01" new-routing-mark=to_WAN01-SDP passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN02-iDigit_conn disabled=no in-interface="vlan5-dmz LAN01" new-routing-mark= to_WAN02-iDigit passthrough=yes
add action=mark-routing chain=output connection-mark=WAN01-SDP_conn disabled= no new-routing-mark=to_WAN01-SDP passthrough=yes
add action=mark-routing chain=output connection-mark=WAN02-iDigit_conn disabled=no new-routing-mark=to_WAN02-iDigit passthrough=yes
