vou postar minhas regras aqui acho q fiz tudo certo mas não consigo navegar não sei oque esta errado
ip address
add address=192.168.4.1/24 network=192.168.4.0 broadcast=192.168.4.255 \
interface=ether1 comment="Clientes" disabled=no
add address=192.168.253.1/24 network=192.168.253.0 broadcast=192.168.253.255 \
interface=ether3 comment="Link2" disabled=no
add address=xxx.xx.xxx.xxx/28 network=xxx.xx.xxx.xxx broadcast=xxx.xx.xxx.xxx \
interface=ether2 comment="Link1" disabled=no
ip route
add dst-address=0.0.0.0/0 gateway=xxx.xx.xxx.xxx scope=255 target-scope=10 \
routing-mark=link1 comment="Pacotes marcados redirecionados para o link1" \
disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.253.254 scope=255 target-scope=10 \
routing-mark=link2 comment="Pacotes marcados redirecionados para o link2" \
disabled=no
ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
new-routing-mark=link2 passthrough=yes comment="Portas redirecionada para \
o link2" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-routing \
new-routing-mark=link2 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-routing \
new-routing-mark=link2 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6891 action=mark-routing \
new-routing-mark=link2 passthrough=yes comment="" disabled=no
add chain=prerouting routing-mark=link2 action=mark-packet \
new-packet-mark=link2 passthrough=yes comment="Pacotes marcados do Link2" \
disabled=no
add chain=prerouting routing-mark=link2 action=mark-packet \
new-packet-mark=link1 passthrough=yes comment="Pacotes marcados do Link1" \
disabled=no
add chain=prerouting protocol=tcp dst-port=21 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="Portas redirecionada para \
o link1" disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=23 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1080 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp p2p=all-p2p action=mark-routing \
new-routing-mark=link1 passthrough=yes comment="p2p 1 redirecionado link1" \
disabled=no
ip firewall nat
add chain=srcnat out-interface=ether2 action=masquerade comment="" disabled=no
add chain=srcnat out-interface=ether3 action=masquerade comment="" disabled=no
add chain=srcnat out-interface=ether4 action=masquerade comment="" disabled=no
aguardo anciosa