veja essa configuraçao onde eta diferente da suaAnexo 31385
Versão Imprimível
veja essa configuraçao onde eta diferente da suaAnexo 31385
Amigao o que isso faz?
# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link0\"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link1\"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=yes;\r\ \n/ip route set [find comment=\"Link2\"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip route set [find comment=\"Link0\"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip route set [find comment=\"Link1\"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link2\"] disabled=no;\r\ \n/ip firewall mangle set [find comment=\"Link2\"] disabled=no;\r\ \n/ip route set [find comment=\"Link2\"] disabled=no;"
Amigo da uma olhada abaixo como está o meu, funcionando perfeitamente.
/ip firewall mangle
add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" \
disabled=no dst-port=443 in-interface=ponte protocol=tcp
add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no \
dst-address-list=loopback in-interface=ponte
add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" \
disabled=no new-ttl=set:30 passthrough=yes protocol=icmp
add action=mark-connection chain=prerouting connection-state=new disabled=no \
in-interface="1 link" new-connection-mark=ether1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=no \
in-interface=adsl_ether2 new-connection-mark=adsl_ether2_conn passthrough=\
yes
add action=mark-connection chain=prerouting connection-state=new disabled=no \
in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=\
yes
add action=mark-routing chain=output connection-mark=ether1_conn disabled=no \
new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output connection-mark=adsl_ether2_conn disabled=\
no new-routing-mark=to_adsl_ether2 passthrough=yes
add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=\
no new-routing-mark=to_adsl_ether3 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=172.168.2.0/24 \
in-interface=ponte
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=ether1_conn \
passthrough=yes per-connection-classifier=both-addresses:6/0
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=ether1_conn \
passthrough=yes per-connection-classifier=both-addresses:6/1
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=ether1_conn \
passthrough=yes per-connection-classifier=both-addresses:6/2
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=\
adsl_ether2_conn passthrough=yes per-connection-classifier=\
both-addresses:6/3
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=\
adsl_ether2_conn passthrough=yes per-connection-classifier=\
both-addresses:6/4
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-address-type=!local in-interface=ponte new-connection-mark=\
adsl_ether3_conn passthrough=yes per-connection-classifier=\
both-addresses:6/5
add action=mark-routing chain=prerouting connection-mark=ether1_conn disabled=\
no in-interface=ponte new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=adsl_ether2_conn \
disabled=no in-interface=ponte new-routing-mark=to_adsl_ether2 passthrough=\
yes
add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn \
disabled=no in-interface=ponte new-routing-mark=to_adsl_ether3 passthrough=\
yes