Roteador gateway ISP1_ROUTE – 192.168.15.1 Vivo
Roteador gateway ISP2_ROUTE – 192.168.18.1 Sumicity
/ip route #criacao de uma interface virtual somente para auxiliar. Ip diferente de qualquer rede existente. Aqui se troca a priorizacao de qual internet sair add distance=1 gateway=10.1.1.1 add distance=2 gateway=10.2.2.2 add dst-address=10.1.1.1 gateway=8.8.8.8 scope=10 check-gateway=ping add dst-address=10.1.1.1 gateway=208.67.220.220 scope=10 check-gateway=ping add dst-address=10.2.2.2 gateway=8.8.4.4 scope=10 check-gateway=ping add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 check-gateway=ping add dst-address=8.8.8.8 gateway=192.168.15.1 scope=10 add dst-address=208.67.220.220 gateway=192.168.15.1 scope=10 add dst-address=8.8.4.4 gateway=192.168.18.1 scope=10 add dst-address=208.67.222.222 gateway=192.168.18.1 scope=10 add distance=2 gateway=10.1.1.1 routing-mark=ISP1_ROUTE add distance=1 gateway=10.2.2.2 routing-mark=ISP1_ROUTE add distance=2 gateway=10.2.2.2 routing-mark=ISP2_ROUTE add distance=1 gateway=10.1.1.1 routing-mark=ISP2_ROUTE Configuracao completa (script de exportacao): # mar/29/2022 04:57:06 by RouterOS 6.48.6 # software id = F0IQ-UDP2 # # model = 750G # serial number = 268D0182810D /interface bridge add fast-forward=no name=bridge1 /interface ethernet set [ find default-name=ether4 ] name=GwGrandstreamUP set [ find default-name=ether5 ] name=Server set [ find default-name=ether2 ] name=SumicityISP2 set [ find default-name=ether3 ] name=Switch set [ find default-name=ether1 ] name=VivoISP1 /ip pool add name=dhcp_pool0 ranges=192.168.17.100-192.168.17.198 /ip dhcp-server add address-pool=dhcp_pool0 authoritative=after-2sec-delay disabled=no \ interface=bridge1 lease-time=1w3d10m name=dhcp1 /interface bridge port add bridge=bridge1 interface=Switch add bridge=bridge1 interface=GwGrandstreamUP add bridge=bridge1 interface=Server /ip address add address=192.168.15.254/24 interface=VivoISP1 network=192.168.15.0 add address=192.168.18.254/24 interface=SumicityISP2 network=192.168.18.0 add address=192.168.17.1/24 interface=bridge1 network=192.168.17.0 /ip cloud set ddns-enabled=yes /ip dhcp-server network add address=192.168.17.0/24 dns-server=192.168.17.1,8.8.8.8,8.8.4.4 gateway=\ 192.168.17.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip dns static add address=192.168.17.254 name=up.abratel.com.br /ip firewall address-list add address=200.155.0.0/16 list=BRADESCO add address=200.201.0.0/16 list=CEF add address=170.66.0.0/16 list=BB add address=200.220.0.0/16 list=SANTANDER add address=200.196.0.0/16 list=ITAU add address=189.56.0.0/16 list=NOSSACAIXA add address=161.113.0.0/24 list=HSBC add address=201.77.231.25 list=PrefMuriae add address=187.4.128.0/18 list=sicoob add address=200.252.146.0/24 list=sicoob add address=187.72.5.139 list=sicoob add address=186.215.92.171 list=sicoob add address=177.11.48.200 list="estrela dalva" add address=192.168.17.0/24 list=lan add address=192.168.2.0/24 list=lan add address=192.168.3.0/24 list=lan add address=192.168.4.0/24 list=lan add address=192.168.5.0/24 list=lan add address=192.168.6.0/24 list=lan add address=192.168.8.0/24 list=lan add address=192.168.9.0/24 list=lan add address=192.168.10.0/24 list=lan add address=192.168.11.0/24 list=lan add address=192.168.13.0/24 list=lan add address=192.168.12.0/24 list=lan add address=192.168.14.0/24 list=lan add address=up.abratel.com.br list=wan-ip /ip firewall filter add action=accept chain=input src-address=24.4.133.107 add action=drop chain=input dst-port=53 in-interface=VivoISP1 protocol=tcp add action=drop chain=input dst-port=53 in-interface=SumicityISP2 protocol=\ tcp add action=drop chain=input dst-port=53 in-interface=VivoISP1 protocol=udp add action=drop chain=input dst-port=53 in-interface=SumicityISP2 protocol=\ udp add action=drop chain=input comment="drop WINBOX brute forcers" dst-port=81 \ protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=input connection-state=new dst-port=81 \ protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=input connection-state=new dst-port=81 \ protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=input connection-state=new dst-port=81 \ protocol=tcp add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=14w2d chain=input connection-state=new dst-port=81 \ hotspot="" protocol=tcp src-address-list=ssh_stage3 add action=accept chain=input connection-state="" dst-port=81 protocol=tcp add action=accept chain=forward add action=accept chain=output add action=accept chain=input /ip firewall mangle add action=accept chain=prerouting dst-address=192.168.17.0/24 src-address=\ 192.168.17.0/24 add action=accept chain=prerouting dst-port=8085 in-interface=bridge1 \ protocol=tcp src-address=192.168.17.0/24 add action=accept chain=prerouting dst-port=4569 in-interface=bridge1 \ protocol=udp src-address=192.168.17.0/24 add action=accept chain=prerouting comment="LIBERAR SITES HTTPS" \ dst-address-list=BB add action=accept chain=prerouting dst-address-list=SANTANDER add action=accept chain=prerouting dst-address-list=sicoob add action=accept chain=prerouting dst-address-list=BRADESCO add action=accept chain=prerouting dst-address-list=PrefMuriae add action=mark-connection chain=prerouting dst-address-list="estrela dalva" \ new-connection-mark=ISP2_CONN passthrough=yes add action=accept chain=prerouting dst-address-list=CEF add action=accept chain=prerouting dst-address-list=HSBC add action=accept chain=prerouting dst-address-list=ITAU add action=accept chain=prerouting dst-address-list=NOSSACAIXA add action=accept chain=prerouting dst-address-list=SANTANDER add action=accept chain=prerouting dst-port=443 protocol=tcp add action=mark-connection chain=prerouting comment=\ ------------------------------------------ connection-mark=no-mark \ in-interface=VivoISP1 new-connection-mark=ISP1_CONN passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark \ in-interface=SumicityISP2 new-connection-mark=ISP2_CONN passthrough=yes add action=jump chain=prerouting comment="====================" \ connection-mark=no-mark in-interface=bridge1 jump-target=policy_route add action=mark-routing chain=prerouting comment="======================" \ connection-mark=ISP1_CONN new-routing-mark=ISP1_ROUTE passthrough=yes \ src-address=192.168.17.0/24 add action=mark-routing chain=prerouting connection-mark=ISP2_CONN \ new-routing-mark=ISP2_ROUTE passthrough=yes src-address=192.168.17.0/24 add action=mark-routing chain=output comment="===========================" \ connection-mark=ISP1_CONN new-routing-mark=ISP1_ROUTE passthrough=yes add action=mark-routing chain=output connection-mark=ISP2_CONN \ new-routing-mark=ISP2_ROUTE passthrough=yes add action=mark-connection chain=policy_route2 comment=\ "=======================" dst-address-type=!local new-connection-mark=\ ISP1_CONN passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 add action=mark-connection chain=policy_route dst-address-type=!local \ new-connection-mark=ISP2_CONN passthrough=yes /ip firewall nat add action=src-nat chain=srcnat comment=\ "============= Internet =================" out-interface=VivoISP1 \ to-addresses=192.168.15.254 add action=src-nat chain=srcnat out-interface=SumicityISP2 to-addresses=\ 192.168.18.254 add action=dst-nat chain=dstnat dst-port=8085 protocol=tcp to-addresses=\ 192.168.17.254 to-ports=8085 add action=masquerade chain=srcnat dst-port=8085 out-interface=bridge1 \ protocol=tcp src-address=192.168.17.0/24 to-addresses=192.168.17.254 add action=masquerade chain=srcnat dst-port=4569 out-interface=bridge1 \ protocol=udp src-address=192.168.17.0/24 to-addresses=192.168.17.254 add action=dst-nat chain=dstnat dst-port=4569 protocol=udp to-addresses=\ 192.168.17.254 to-ports=4569 add action=redirect chain=dstnat comment=\ "========= Winbox Redirect vindo da ISP1 ===========" dst-port=1198 \ in-interface=VivoISP1 log-prefix=TESTE_ISP1 protocol=tcp to-ports=81 add action=redirect chain=dstnat dst-port=1198 in-interface=VivoISP1 \ protocol=tcp to-ports=81 /ip route add distance=1 gateway=10.1.1.1 routing-mark=ISP1_ROUTE add distance=2 gateway=10.2.2.2 routing-mark=ISP1_ROUTE add distance=1 gateway=10.2.2.2 routing-mark=ISP2_ROUTE add distance=2 gateway=10.1.1.1 routing-mark=ISP2_ROUTE add distance=1 gateway=10.2.2.2 add distance=2 gateway=10.1.1.1 add distance=1 dst-address=8.8.4.4/32 gateway=192.168.18.1 scope=10 add distance=1 dst-address=8.8.8.8/32 gateway=192.168.15.1 scope=10 add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=\ 208.67.220.220 scope=10 add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=8.8.8.8 \ scope=10 add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=8.8.4.4 \ scope=10 add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=\ 208.67.222.222 scope=10 add distance=1 dst-address=208.67.220.220/32 gateway=192.168.15.1 scope=10 add distance=1 dst-address=208.67.222.222/32 gateway=192.168.18.1 scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www port=1199 set ssh disabled=yes set api disabled=yes set winbox port=81 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Up-Abratel /system ntp client set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8 /system package update set channel=long-term /tool bandwidth-server set authenticate=no enabled=no /tool netwatch add disabled=yes host=8.8.8.8 add disabled=yes host=8.8.4.4