Собственно настроил кучку VLANов, присвоил адреса, поднял DHCP сервер для VLANов. Компы кахдого из VLANов получают адреса, видят друг друга, можно выходить в тырнет, а вот компы из соседних VLANов не видно и шлюзы VLANов тоже не видно. Если делать трассировку до хостов в соседнем VLANе, то трафик улетает в тырнет через шлюз 213.79.123.113, а вот где моя ошибка - вот это для меня вопрос. Код: [sysadmin@MikroTik] > ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Emergency RDP 1C chain=dstnat action=netmap to-addresses=192.168.0.4 to-ports=3389 protocol=tcp in-interface=ether3-WAN3 dst-port=60086 log=no log-prefix="" 1 ;;; Emergency RDP Autodealer chain=dstnat action=netmap to-addresses=192.168.0.241 to-ports=3389 protocol=tcp in-interface=ether4-WAN4 dst-port=60087 log=no log-prefix="" 2 ;;; to SecurOS Mobile Client chain=dstnat action=netmap to-addresses=192.168.102.10 to-ports=7777 protocol=tcp in-interface=ether2-WAN2 dst-port=7777 3 chain=srcnat action=masquerade to-addresses=192.168.210.2 out-interface=all-ppp log=no log-prefix="" 4 chain=srcnat action=src-nat to-addresses=213.79.123.121 out-interface=ether1-WAN1 5 chain=srcnat action=src-nat to-addresses=213.79.123.120 out-interface=ether2-WAN2 6 chain=srcnat action=src-nat to-addresses=213.79.123.119 out-interface=ether3-WAN3 7 chain=srcnat action=src-nat to-addresses=213.79.123.118 out-interface=ether4-WAN4 [sysadmin@MikroTik] > ip firewall filter pri Flags: X - disabled, I - invalid, D - dynamic 0 ;;; BOGON Drop chain=input action=drop src-address-list=BOGON in-interface=ether1-WAN1 log=no log-prefix="" 1 ;;; BOGON Drop chain=input action=drop src-address-list=BOGON in-interface=ether4-WAN4 log=no log-prefix="" 2 ;;; BOGON Drop chain=input action=drop src-address-list=BOGON in-interface=ether3-WAN3 log=no log-prefix="" 3 ;;; BOGON Drop chain=input action=drop src-address-list=BOGON in-interface=ether2-WAN2 log=no log-prefix="" 4 ;;; Ping chain=input action=accept protocol=icmp log=no log-prefix="" 5 ;;; DNS chain=input action=accept protocol=udp in-interface-list=!lst-WAN dst-port=53 log=no log-prefix="" 6 ;;; L2TP chain=input action=accept protocol=udp in-interface=ether1-WAN1 dst-port=1701 log=no log-prefix="" 7 chain=forward action=accept out-interface=all-ppp log=no log-prefix="" 8 chain=input action=accept connection-state=established,related log=no log-prefix="" 9 chain=forward action=accept connection-state=established,related log=no log-prefix="" 10 ;;; Access to Mikrotik only from our local network chain=input action=accept src-address=192.168.0.0/16 log=no log-prefix="" 11 XI ;;; Access to Internet from our local network chain=forward action=accept src-address=192.168.0.0/16 log=no log-prefix="" 12 chain=forward action=accept connection-state=established,related log=no log-prefix="" 13 XI chain=forward action=accept dst-address=192.168.0.0/16 log=no log-prefix="" 14 chain=input action=drop connection-state=invalid log=no log-prefix="" 15 chain=input action=drop connection-state=new in-interface=!CISCO3750 log=no log-prefix="" [sysadmin@MikroTik] > ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-connection new-connection-mark=con-WAN1 src-address-list=LA 1 chain=prerouting action=mark-connection new-connection-mark=con-WAN2 src-address-list=IP 2 chain=prerouting action=mark-connection new-connection-mark=con-WAN3 src-address-list=AS 3 chain=prerouting action=mark-connection new-connection-mark=con-WAN4 src-address-list=AA 4 chain=prerouting action=mark-routing new-routing-mark=WAN1 passthrough=yes src-address-list=LA connection-mark=con-WAN1 in-interface-list=!lst-WAN 5 chain=prerouting action=mark-routing new-routing-mark=WAN2 passthrough=yes src-address-list=IP connection-mark=con-WAN2 in-interface-list=!lst-WAN 6 chain=prerouting action=mark-routing new-routing-mark=WAN3 passthrough=yes src-address-list=AS connection-mark=con-WAN3 in-interface-list=!lst-WAN 7 chain=prerouting action=mark-routing new-routing-mark=WAN4 passthrough=yes src-address-list=AA connection-mark=con-WAN4 in-interface-list=!lst-WAN 8 chain=prerouting action=mark-routing new-routing-mark=rm_to_G passthrough=yes dst-address=192.168.32.0/24 log=no log-prefix="" 9 chain=prerouting action=mark-routing new-routing-mark=rm_to_M passthrough=yes dst-address=192.168.37.0/24 log=no log-prefix="" 10 chain=prerouting action=mark-routing new-routing-mark=rm_to_PZ passthrough=yes dst-address=192.168.34.0/24 log=no log-prefix="" 11 chain=prerouting action=mark-routing new-routing-mark=rm_to_U passthrough=yes dst-address=192.168.38.0/24 log=no log-prefix="" 12 chain=prerouting action=mark-routing new-routing-mark=rm_to_Uc passthrough=yes dst-address=192.168.36.0/24 log=no log-prefix="" 13 chain=prerouting action=mark-routing new-routing-mark=rm_to_S passthrough=yes dst-address=192.168.35.0/24 log=no log-prefix="" 14 chain=prerouting action=mark-routing new-routing-mark=rm_to_A passthrough=yes dst-address=192.168.31.0/24 log=no log-prefix="" 15 chain=prerouting action=mark-routing new-routing-mark=rm_to_H passthrough=yes dst-address=192.168.39.0/24 log=no log-prefix="" [sysadmin@MikroTik] > [sysadmin@MikroTik] > ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 213.79.123.113%... 1 1 A S 0.0.0.0/0 213.79.123.113%... 1 2 A S 0.0.0.0/0 213.79.123.113%... 1 3 A S 0.0.0.0/0 213.79.123.113%... 1 12 A S 0.0.0.0/0 213.79.123.113%... 1 213.79.123.113%... 213.79.123.113%... 213.79.123.113%... 13 ADC 192.168.0.0/24 192.168.0.254 bridge-VLAN0 0 14 ADC 192.168.2.0/24 192.168.2.254 bridge-VLAN2 0 15 ADC 192.168.3.0/24 192.168.3.254 bridge-VLAN3 0 16 ADC 192.168.15.0/24 192.168.15.254 bridge-VLAN15 0 17 ADC 192.168.100.0/24 192.168.100.254 bridge-VLAN100 0 18 ADC 192.168.101.0/24 192.168.101.254 bridge-VLAN101 0 19 ADC 192.168.102.0/24 192.168.102.254 bridge-VLAN102 0 20 ADC 192.168.210.0/24 192.168.210.254 bridge-VLAN210 0 21 ADC 192.168.220.0/24 192.168.220.254 ether5 0 22 ADC 213.59.123.113/32 213.79.123.121 ether1-WAN1 0 ether2-WAN2 ether3-WAN3 ether4-WAN4