Balance PCC com Police_Routing

[goplex]

Pessoal implantei um balance diferente que encontrei no MUM 2011!
Atualmente funciona perfeito abrindo HTTPS e Sites de bancos normal!
Porem dentro da minha rede possuo um servidor de Tarifação Voip e o mesmo não consegue registrar seus troncos nas operadoras pq acredito eu. a requisição ta saindo por um link e voltando por outro, ja add a regrar para o ip das operadoras saírem pelo mesmo link, porem mesmo assim sem sucesso!
Dando um traceroute do servidor vejo q ele esta saindo pelo link 2 e na regra obrigo ele a sair pelo link 1, não sei mais o que fazer, se alguém tiver uma dica.. agradeço!
Grato!

Abaixo as Regras do Mangle;

/ip firewall mangle
add action=accept chain=prerouting comment="--" disabled=no dst-address=000.00.00.000/29 \
src-address=172.17.37.0/29
add action=accept chain=prerouting disabled=no dst-address=000.00.00.000/29 \
src-address=172.17.37.0/29
add action=accept chain=prerouting disabled=no dst-address=172.17.37.0/29 \
src-address=172.17.37.0/29
add action=mark-connection chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=ether1-LINKMAXIWEB \
new-connection-mark=mxweb_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no in-interface=pppoe-GVT new-connection-mark=gvt_conn passthrough=yes
add action=jump chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=ether3-SAIDALAN \
jump-target=policy_routing
add action=mark-routing chain=prerouting comment=\
"====================================================================" \
connection-mark=gvt_conn disabled=no new-routing-mark=gvt_traffic \
passthrough=yes src-address=172.17.37.0/29
add action=mark-routing chain=prerouting connection-mark=mxweb_conn disabled=\
no new-routing-mark=mxweb_traffic passthrough=yes src-address=\
172.17.37.0/29
add action=mark-routing chain=output connection-mark=gvt_conn disabled=no \
new-routing-mark=gvt_traffic passthrough=yes
add action=mark-routing chain=output connection-mark=mxweb_conn disabled=no \
new-routing-mark=mxweb_traffic passthrough=yes
add action=mark-connection chain=policy_routing comment=PCC-BALANCE disabled=\
no dst-address-type=!local new-connection-mark=gvt_conn passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=policy_routing disabled=no dst-address-type=\
!local new-connection-mark=mxweb_conn passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="PROTOCOLO SIP" disabled=no \
dst-port=5060-5070 new-routing-mark=mxweb_traffic passthrough=no \
protocol=udp
add action=mark-routing chain=prerouting comment="PROTOCOLO SIP" disabled=no \
dst-port=10000-20000 new-routing-mark=mxweb_traffic passthrough=no \
protocol=udp

[wdnc5]

Pessoal implantei um balance diferente que encontrei no MUM 2011!
Atualmente funciona perfeito abrindo HTTPS e Sites de bancos normal!
Porem dentro da minha rede possuo um servidor de Tarifação Voip e o mesmo não consegue registrar seus troncos nas operadoras pq acredito eu. a requisição ta saindo por um link e voltando por outro, ja add a regrar para o ip das operadoras saírem pelo mesmo link, porem mesmo assim sem sucesso!
Dando um traceroute do servidor vejo q ele esta saindo pelo link 2 e na regra obrigo ele a sair pelo link 1, não sei mais o que fazer, se alguém tiver uma dica.. agradeço!
Grato!

Abaixo as Regras do Mangle;

/ip firewall mangle
add action=accept chain=prerouting comment="--" disabled=no dst-address=187.49.37.200/29 \
src-address=172.17.37.0/29
add action=accept chain=prerouting disabled=no dst-address=187.115.132.79 \
src-address=172.17.37.0/29
add action=accept chain=prerouting disabled=no dst-address=172.17.37.0/29 \
src-address=172.17.37.0/29
add action=mark-connection chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=ether1-LINKMAXIWEB \
new-connection-mark=mxweb_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no in-interface=pppoe-GVT new-connection-mark=gvt_conn passthrough=yes
add action=jump chain=prerouting comment=\
"====================================================================" \
connection-mark=no-mark disabled=no in-interface=ether3-SAIDALAN \
jump-target=policy_routing
add action=mark-routing chain=prerouting comment=\
"====================================================================" \
connection-mark=gvt_conn disabled=no new-routing-mark=gvt_traffic \
passthrough=yes src-address=172.17.37.0/29
add action=mark-routing chain=prerouting connection-mark=mxweb_conn disabled=\
no new-routing-mark=mxweb_traffic passthrough=yes src-address=\
172.17.37.0/29
add action=mark-routing chain=output connection-mark=gvt_conn disabled=no \
new-routing-mark=gvt_traffic passthrough=yes
add action=mark-routing chain=output connection-mark=mxweb_conn disabled=no \
new-routing-mark=mxweb_traffic passthrough=yes
add action=mark-connection chain=policy_routing comment=PCC-BALANCE disabled=\
no dst-address-type=!local new-connection-mark=gvt_conn passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=policy_routing disabled=no dst-address-type=\
!local new-connection-mark=mxweb_conn passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="PROTOCOLO SIP" disabled=no \
dst-port=5060-5070 new-routing-mark=mxweb_traffic passthrough=no \
protocol=udp
add action=mark-routing chain=prerouting comment="PROTOCOLO SIP" disabled=no \
dst-port=10000-20000 new-routing-mark=mxweb_traffic passthrough=no \
protocol=udp

DICA: não poste Ips da sua rede em fóruns amigo pode ter dar problemas.

[caicarabruno]

DDoS, Scanner, SCANN em 3.2.1....