# ADDRESS NETWORK INTERFACE
0 10.5.1.1/24 10.5.1.0 br-cliente1
1 10.5.2.1/24 10.5.2.0 br-cliente2
2 192.168.1.2/24 192.168.1.0 ether1-WAN1
3 192.168.0.2/24 192.168.0.0 ether2-WAN2
4 192.168.2.2/24 192.168.2.0 ether3-WAN3
Flags: X - disabled, D - dynamic
# LIST ADDRESS TIMEOUT
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=accept protocol=tcp dst-port=443 log=no
log-prefix=""
1 chain=prerouting action=accept protocol=tcp dst-port=8291 log=no
log-prefix=""
2 ;;; VPN
chain=prerouting action=accept protocol=tcp dst-port=1723 log=no
log-prefix=""
3 chain=prerouting action=accept protocol=gre log=no log-prefix=""
4 ;;; **********************************************************************>
*****************************
chain=prerouting action=accept src-address=10.5.1.0/24
dst-address=10.5.1.0/24 log=no log-prefix=""
5 chain=prerouting action=accept src-address=10.5.1.0/24
dst-address=192.168.2.0/24 log=no log-prefix=""
6 chain=prerouting action=accept src-address=10.5.1.0/24
dst-address=192.168.1.0/24 log=no log-prefix=""
7 chain=prerouting action=accept src-address=10.5.1.0/24
dst-address=192.168.0.0/24 log=no log-prefix=""
8 ;;; **********************************************************************>
*****************************
chain=prerouting action=mark-connection new-connection-mark=wan3_conn
passthrough=yes in-interface=ether3-WAN3 connection-mark=no-mark log=no
log-prefix=""
9 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes in-interface=ether2-WAN2 connection-mark=no-mark log=no
log-prefix=""
10 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes in-interface=ether1-WAN1 connection-mark=no-mark log=no
log-prefix=""
11 ;;; **********************************************************************>
*****************************
chain=prerouting action=jump jump-target=policy_router
in-interface=br-PLUG connection-mark=no-mark log=no log-prefix=""
12 ;;; **********************************************************************>
*****************************
chain=prerouting action=mark-routing new-routing-mark=to_WAN3
passthrough=yes src-address=10.5.1.0/24 connection-mark=wan3_conn log=no
log-prefix=""
13 chain=prerouting action=mark-routing new-routing-mark=to_WAN2
passthrough=yes src-address=10.5.1.0/24 connection-mark=wan2_conn log=no
log-prefix=""
14 chain=prerouting action=mark-routing new-routing-mark=to_WAN1
passthrough=yes src-address=10.5.1.0/24 connection-mark=wan1_conn log=no
log-prefix=""
15 ;;; **********************************************************************>
*****************************
chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes
connection-mark=wan2_conn log=no log-prefix=""
16 chain=output action=mark-routing new-routing-mark=to_WAN3 passthrough=yes
connection-mark=wan3_conn log=no log-prefix=""
17 chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=yes
connection-mark=wan1_conn log=no log-prefix=""
18 ;;; **********************************************************************>
*****************************
chain=policy_router action=mark-connection new-connection-mark=wan3_conn
passthrough=yes dst-address-type=!local
per-connection-classifier=both-addresses:3/2 log=no log-prefix=""
19 chain=policy_router action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address-type=!local
per-connection-classifier=both-addresses:3/1 log=no log-prefix=""
21 ;;; P2P_IN
chain=prerouting action=mark-connection new-connection-mark=conn_p2p_in
passthrough=yes p2p=all-p2p protocol=tcp log=no log-prefix=""
22 chain=prerouting action=mark-packet new-packet-mark=p2p_in passthrough=yes
connection-mark=conn_p2p_in log=no log-prefix=""
23 ;;; P2P_OUT
chain=postrouting action=mark-connection new-connection-mark=conn_p2p_out
passthrough=yes p2p=all-p2p protocol=tcp log=no log-prefix=""
24 chain=postrouting action=mark-packet new-packet-mark=p2p_out
passthrough=yes connection-mark=conn_p2p_out log=no log-prefix=""
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.0.1 1
1 S ;;; ==== REGRAS DO FAIL OVER ====
0.0.0.0/0 8.8.8.8 1
2 S 0.0.0.0/0 10.0.0.3 1
3 A S 0.0.0.0/0 192.168.0.1 1
4 S 0.0.0.0/0 221.132.112.8 2
5 S 0.0.0.0/0 10.0.0.2 2
6 A S 0.0.0.0/0 192.168.0.1 1
7 S 0.0.0.0/0 208.84.244.116 3
8 S 0.0.0.0/0 10.0.0.1 3
9 A S 0.0.0.0/0 10.0.0.3 1
10 S 0.0.0.0/0 10.0.0.2 2
11 S 0.0.0.0/0 192.168.2.1 2
12 S 0.0.0.0/0 192.168.0.1 3
13 S 0.0.0.0/0 10.0.0.1 3
14 S 0.0.0.0/0 192.168.1.1 4
15 A S 8.8.8.8/32 192.168.2.1 1
16 S 10.0.0.1/32 208.84.244.116 1
17 S 10.0.0.2/32 221.132.112.8 1
18 A S 10.0.0.3/32 8.8.8.8 1
19 ADC 10.5.1.0/24 10.5.1.1 cliente 1 0
20 ADC 10.5.2.0/24 10.5.2.1 cliente 2 0
21 ADC 192.168.0.0/24 192.168.0.2 ether2-WAN2 0
22 ADC 192.168.1.0/24 192.168.1.2 ether1-WAN1 0
23 ADC 192.168.2.0/24 192.168.2.2 ether3-WAN3 0
24 A S ;;; ==== REGRAS DO FAIL OVER ====
208.84.244.116/32 192.168.1.1 1
25 A S 221.132.112.8/32 192.168.0.1 1