Estoy usando un enrutador MikroTik. Tengo dos redes: 192.168.1.0/24 y 192.168.3.0/24. Uno está en ether4 y el otro en ether5. Estoy intentando configurarlo de manera que estas redes puedan hacer ping entre sí.
Aquí está la configuración del enrutador:
/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus
/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=\
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60 \
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD} \
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60 \
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD} \
profile=default service-name="" use-peer-dns=no user={USERNAME}
/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1 \
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus \
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell \
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=\
"For DNS Server On MikroTik Will Fetch Through Primus Connection" \
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=\
RouteToPrimus protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=\
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=\
Primus_ISP
/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell
Salida de Tracert de una computadora 3.x a una 1.x:
Respuesta1
Parece que el filtro "!local" no funciona en su caso, está marcando paquetes locales para usar el ISP, por lo que se pierden en Internet. Intenta agregar esas reglas de destrucciónal principiode la lista de mangle.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
Eso obligará a los paquetes locales a abandonar la lista de manipulación, por lo que no se marcarán.
Respuesta2
Tengo el mismo problema y lo resolví. Agregué algunas rutas dinámicas, activas y conectadas. en tu caso tal vez así
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Corrígeme si estoy equivocado