下载文档原格式
ROS3.30全套多线负载平衡设置脚本ROS3.30设置脚本如果你是菜鸟,下面的脚本也许会帮了,如果你是高高手,请你多指证,谢谢下面是我花了一整天的时间整理出来的,第一次用ROS3.30,走了很多弯路,还好以前有点2.9的基础,结合在网上找些前辈门的脚本,终于测试一切正常,我自己在我的线路上测试通过,如果到你机器上有问题,请嘴上留情,别骂我,请仔细检查,相信你也一定能行的。
如果有问题实在搞不懂,可以加我QQ307237303(请先自己多钻研一下在加我)# dec/03/2011 20:55:29 by RouterOS 3.30# software id = K6BP-MUXD#/interface ethernetset 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C8:66 mtu=1500 name=W AN3 speed=100Mbpsset 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C2:FC mtu=1500 name=LAN speed=100Mbpsset 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:90 mtu=1500 name=W AN1 speed=100Mbpsset 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:91 mtu=1500 name=W AN2 speed=100Mbps以上是网卡名称设置/ip pooladd name=PPPOE-IP ranges=10.0.0.5-10.0.0.200以上是PPPOE拔号地址池/portset 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=\none stop-bits=1set 1 baud-rate=9600 data-bits=8 flow-control=hardware name=serial1 parity=\none stop-bits=1以上是导出后不知用处的/ppp profileset default change-tcp-mss=yes comment="" name=default only-one=default \use-compression=default use-encryption=default use-vj-compression=defaultadd change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=PPPOE-1 only-one=yes rate-limit=\"108k/1400k 128k/1600k 90k/1m" remote-address=PPPOE-IP use-compression=\default use-encryption=default use-vj-compression=default wins-server=\221.5.88.88add change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=LOW only-one=yes rate-limit="88k/900k 108k/1100k 90k/1m" \remote-address=PPPOE-IP use-compression=default use-encryption=default \use-vj-compression=default wins-server=221.5.88.88set default-encryption change-tcp-mss=yes comment="" name=default-encryption \ only-one=default use-compression=default use-encryption=yes \use-vj-compression=default以上是PPPOE服务建立/interface pppoe-clientadd ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out1 password=123 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out2 password=123456 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN3 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out3 password=3 profile=default service-name="" \ use-peer-dns=no user=3 以上是ADSL拔号上网的建立/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=12M name=totaldown parent=global-in priority=8/queue typeset default kind=pfifo name=default pfifo-limit=50set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \sfq-perturb=5set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \ red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\ 5add kind=pcq name=PCQ-up pcq-classifier=src-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000 add kind=pcq name=PCQ-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000 add kind=pcq name=80-Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 800000 pcq-total-limit=10000 add kind=pcq name=other_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000 add kind=pcq name=server_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000add kind=pcq name=game-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 400000 pcq-total-limit=10000 set default-small kind=pfifo name=default-small pfifo-limit=10/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=10M name=otherdown packet-mark=Port_Packet parent=totaldown \ priority=8 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=12M name=portdown packet-mark=Port_Packet parent=totaldown \priority=1 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=no limit-at=5M \ max-limit=12M name=80down packet-mark=80_packet parent=totaldown \priority=2 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=yes limit-at=0 \ max-limit=18M name=totalup packet-mark=PCQ-up parent=global-out priority=\7 queue=default以上是网络优先设置,感觉用处不大,我是3*4M AD/snmpset contact="" enabled=no engine-boots=0 engine-id="" location="" \time-window=15 trap-sink=0.0.0.0 trap-version=1/snmp communityset public address=0.0.0.0/0 authentication-password="" \ authentication-protocol=MD5 encryption-password="" encryption-protocol=\DES name=public read-access=yes security=none write-access=no/system logging actionset memory memory-lines=100 memory-stop-on-full=no name=memory target=memory set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \disk-stop-on-full=no name=disk target=diskset echo name=echo remember=yes target=echoset remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \ syslog-facility=daemon syslog-severity=auto target=remote /user groupadd comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\word,web,sniff,sensitive,!ftp,!write,!policy"add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\ox,password,web,sniff,sensitive,!ftp,!policy"add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\ ,test,winbox ,password,web,sniff,sensitive"/interface bridge settingsset use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ no/interface ethernet mirrorset/interface l2tp-server serverset authentication=pap,chap,mschap1,mschap2 default-profile=\default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled/interface ovpn-server serverset auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:46:57:28:66:CB \max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no/interface pppoe-server serveradd authentication=pap,chap,mschap1,mschap2 default-profile=PPPOE-1 disabled=\ yes interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 \max-sessions=0 mrru=disabled one-session-per-host=no service-name=\service1/interface pptp-server serverset authentication=mschap1,mschap2 default-profile=default-encryption \ enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled /ip accounting set account-local-traffic=no enabled=no threshold=256/ip accounting web-accessset accessible-via-web=no address=0.0.0.0/0以上也是不知的东东/ip addressadd address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no \ interface=LAN network=192.168.2.0 以上是设置ROS的内网IP/ip dhcp-server configset store-leases-disk=5m/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 primary-dns=210.21.196.6 secondary-dns=\221.5.88.88以上是设置DNS,你的可能不一样/ip firewall connection trackingset enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s以上是系统默认值/ip firewall mangleadd action=change-mss chain=postrouting comment="" disabled=yes new-mss=1460 \ protocol=tcp tcp-flags=syn add action=mark-routing chain=prerouting comment="" disabled=yes \ new-routing-mark=add passthrough=no src-address-list=src1add action=mark-connection chain=prerouting comment=1 disabled=yes \ in-interface=LAN new-connection-mark=1 passthrough=yes \per-connection-classifier=src-address-and-port:3/0add action=mark-routing chain=prerouting comment="" connection-mark=1 \ disabled=yes in-interface=LAN new-routing-mark=1 passthrough=noadd action=mark-connection chain=prerouting comment=2 disabled=yes \ in-interface=LAN new-connection-mark=2passthrough=yes \per-connection-classifier=src-address-and-port:3/1add action=mark-routing chain=prerouting comment="" connection-mark=2 \ disabled=yes in-interface=LAN new-routing-mark=2 passthrough=noadd action=mark-connection chain=prerouting comment=3 disabled=yes \ in-interface=LAN new-connection-mark=3 passthrough=yes \per-connection-classifier=src-address-and-port:3/2add action=mark-routing chain=prerouting comment="" connection-mark=3 \ disabled=yes in-interface=LAN new-routing-mark=3 passthrough=noadd action=change-mss chain=forward comment="" disabled=no new-mss=1400 \ protocol=tcp tcp-flags=syn add action=add-src-to-address-list address-list=src1 address-list-timeout=5s \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=add-src-to-address-list address-list=src2 address-list-timeout=3h \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=accept chain=prerouting comment="" disabled=no dst-port=443 \in-interface=LAN protocol=tcpadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out1 new-connection-mark=1 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out2 new-connection-mark=2 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out3 new-connection-mark=3 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=1 disabled=no \new-routing-mark=to_1 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=2 disabled=no \new-routing-mark=to_2 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=3 disabled=no \new-routing-mark=to_3 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=1 passthrough=yes \per-connection-classifier=both-addresses:3/0 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=2 passthrough=yes \per-connection-classifier=both-addresses:3/1 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=3 passthrough=yes \per-connection-classifier=both-addresses:3/2 src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=1 \disabled=no new-routing-mark=to_1 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=2 \disabled=no new-routing-mark=to_2 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=3 \disabled=no new-routing-mark=to_3 passthrough=yes src-address=10.0.0.0/24以上是PPPOE 负载平衡,为both-addresses形式的(好像和PCC一样,不明白,还有就是我没做IP负载平衡,我用不着,做了也删了)add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8291 in-interface=pppoe-out3 new-connection-mark=in_3 passthrough=yes \protocol=tcpadd action=mark-routing chain=output comment="" connection-mark=in_3 \disabled=no new-routing-mark=3 passthrough=yes以上是指定外网访问ROS的线路和端口,我这样理解,具体也不明白add action=mark-connection chain=prerouting comment=\ "\D3\C5\CF\C8\B6\CB\BF\DA" disabled=no dst-port=443 new-connection-mark=\Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\3724 new-connection-mark=Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8000 new-connection-mark=Port_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=Port_Conn \disabled=no new-packet-mark=Port_Packet passthrough=noadd action=mark-connection chain=prerouting comment="web\B6\CB\BF\DA" \disabled=no dst-port=80 new-connection-mark=80_Conn passthrough=yes \protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\53 new-connection-mark=80_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=80_Conn \ disabled=no new-packet-mark=80_packet passthrough=noadd action=mark-connection chain=prerouting comment=\ "\C6\E4\CB\FB\CA\FD\BE\DD" disabled=no new-connection-mark=Other_Conn \passthrough=yesadd action=mark-packet chain=prerouting comment="" connection-mark=Other_Conn \ disabled=no new-packet-mark=Other_Packet passthrough=no以上是端口优先标记,和前面的一起使用,不用就都不要加/ip firewall natadd action=masquerade chain=srcnat comment=10 disabled=no out-interface=\pppoe-out1add action=masquerade chain=srcnat comment=11 disabled=no out-interface=\pppoe-out2add action=masquerade chain=srcnat comment=12 disabled=no out-interface=\pppoe-out3以上是IP伪装,我是三知AD,和2.9的不一样,开始这里按2.9的搞,搞了很久上不了网/ip firewall service-portset ftp disabled=no ports=21set tftp disabled=no ports=69set irc disabled=no ports=6667set h323 disabled=noset sip disabled=no ports=5060,5061set pptp disabled=no/ip neighbor discoveryset WAN3 discover=yesset LAN discover=yesset WAN1 discover=yesset WAN2 discover=yesset pppoe-out1 discover=noset pppoe-out2 discover=noset pppoe-out3 discover=no/ip proxyset always-from-cache=no cache-administrator=webmastercache-hit-dscp=4 \cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \parent-proxy-port=0 port=8080 serialize-connections=no src-address=\0.0.0.0以上是不知用的东东/ip routeadd check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out2 routing-mark=2add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out3 routing-mark=3add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1 routing-mark=1add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out2add comment=WAN1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out1 routing-mark=to_1add comment=WAN3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out3 routing-mark=to_3add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN2 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out3add comment=WAN2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out2 routing-mark=to_2add check-gateway=ping comment=WAN1 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN3 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out3以上这里就是路由了,看着有点长,设好后其实就只有3*2+1条了,为什么?我这样理解的,3条AD+3条备用+1条默认/ip serviceset telnet address=0.0.0.0/0 disabled=no port=23set ftp address=0.0.0.0/0 disabled=no port=21set www address=0.0.0.0/0 disabled=no port=80set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443set api address=0.0.0.0/0 disabled=yes port=8728set winbox address=0.0.0.0/0 disabled=no port=8291/ip socksset connection-idle-timeout=2m enabled=no max-connections=200 port=1080/ip traffic-flowset active-flow-timeout=30m cache-entries=4k enabled=no \inactive-flow-timeout=15s interfaces=all/ip upnpset allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes以上这些也是不知用的东东,也不用管吧/ppp aaaset accounting=yes interim-update=0s use-radius=no/ppp secretadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC110 password=110110 profile=LOW routes="" service=anyadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC207 password=207207 profile=default routes="" service=any以上是我拔号上网的用户名和密码,按自己的加,PPPOE服务前面已建立好了set WAN3 queue=ethernet-defaultset LAN queue=ethernet-defaultset WAN1 queue=ethernet-defaultset WAN2 queue=ethernet-defaultset pppoe-out1 queue=defaultset pppoe-out2 queue=defaultset pppoe-out3 queue=default/radius incomingset accept=no port=3799/storeadd comment="" disabled=no disk=primary-master name=web-proxy1 type=web-proxy /system clockset time-zone-name=manual/system clock manualset dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\"jan/01/1970 00:00:00" time-zone=+00:00/system consoleadd disabled=no port=serial0 term=vt102set [ find vcno=1 ] disabled=no term=linuxset [ find vcno=2 ] disabled=no term=linuxset [ find vcno=3 ] disabled=no term=linuxset [ find vcno=4 ] disabled=no term=linuxset [ find vcno=5 ] disabled=no term=linuxset [ find vcno=6 ] disabled=no term=linuxset [ find vcno=7 ] disabled=no term=linuxset [ find vcno=8 ] disabled=no term=linux/system console screenset line-count=25/system hardwareset multi-cpu=yes/system healthset state-after-reboot=enabled/system identityset name=MikroTik/system loggingadd action=memory disabled=no prefix="" topics=infoadd action=memory disabled=no prefix="" topics=erroradd action=memory disabled=no prefix="" topics=warning add action=echo disabled=no prefix="" topics=critical/system noteset note="" show-at-login=yes/system ntp clientset enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0上面的我也没搞明白是什么,也不用去理会/system scheduleradd comment="" disabled=no interval=30s name=getadsl on-event=":global assign\ \r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 3\r\(红字3改成你的AD条数)\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip addressfind c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n" start-time=startup以上是刷网关的脚本,很重点的哟add comment="" disabled=no interval=5m name=DDNS on-event=":log info \"DDNS: B\ egin\"\r\\n:global ddns-user \"123456\"\r\\n:global ddns-pass \"123456\"\r\\n:global ddns-host \"/doc/143656614.html,\"\r\(将红字改成你的)\n:global ddns-interface \"pppoe-out1\"\r\(这个是用那条线做DDNS)\n:global ddns-ip [ /ip address get [/ip address find interface=\$ddns-int\erface] address ] \r\\n:log info \"DDNS: Sending UPDATE!\"\r\\n:log info [ /tool dns-update name=\$ddns-host address=[:pick \$ddns-ip 0\\_[:find \$ddns-ip \"/\"] ] key-name=\$ddns-user key=\$ddns-pass ]\r\\n:log info \"DDNS: End\"" start-time=startup以上是DDNS,很好用的/system scriptadd name=ADSL policy=\ftp,reboot,read,write,policy,test,winbox,password,sniff,sensit ive source="\:global assign\r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 2\r\\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip address find c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n"/system upgrade mirrorset check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\0.0.0.0 user=""/system watchdogset auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ none watchdog-timer=yes /tool bandwidth-serverset allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\ 100/tool e-mailset from=<> password="" server=0.0.0.0:25 username=""/tool graphingset page-refresh=300 store-every=5min/tool graphing interfaceadd allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes/tool mac-serveradd disabled=no interface=all/tool mac-server pingset enabled=yes/tool smsset allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" /tool snifferset file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \ streaming-server=0.0.0.0/useradd address=0.0.0.0/0 comment="system default user" disabled=no group=full \ name=admin/user aaaset accounting=yes default-group=read interim-update=0s use-radius=no以上的我还是搞不懂的。
ROS脚本大全(通用)ROS脚本大全(通用)一:限速脚本:for wbsz from 1 to 254 do={/queue simple add name=(wbsz . $wbsz) dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K}二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32 action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21九:增加本ROS管理用户/user add name=wbsz password=admin group=full十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ"十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \ disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz]十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV"add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(一般公司才需要)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ"ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=drop comment="Backdoor.GrayBird.ad"add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"以上脚本使用说明:用winbox.exe 登陆找到System -- Script - 点击+ 将对应脚本复制其中后,点击Run Script即脚本安装成功!。
本文部分内容来自网络整理,本司不为其真实性负责,如有异议或侵权请及时联系,本司将立即删除!== 本文为word格式,下载后可方便编辑和修改! ==rospcc负载均衡篇一:ROS_PCC负载均衡案例40条线路PCC负载均衡RouterOS支持多线路的负载均衡,某小区为了节约费用,采用40条2M带宽的AD通过做汇聚实现高带宽的小区带宽,为解决接口问题采用一台Cisco的48口的交换机做VLAN接入40条AD,让后通过VLAN连接到RouterOS进行拨号,再做PCC负载均衡,网络拓扑图如下:外网接入的方法是在交换机和RouterOS路由器上划分VLAN,然后在ROS对应的VLAN上做PPPoE-CLIENT。
1、首先划分VLAN(我们这里是从2开始排序的),脚本如下:[admin@MikroTik] > :for i fro(来自: : rospcc负载均衡 )m=2 to=41 do= {interface vlan add name=("vlan".$i) vlan-id=$i interface=ether2-wan }2、然后添加PPPOE拨号(先添加拨号再手动输入每个AD的帐号和密码,40条AD设置还是要花点时间了),脚本如下:[admin@MikroTik] > :for i from=2 to=41 do= {interface pppoe-clientadd name=("pppoe-out".$i) user=$i password=$i interface=("vlan".$i)}3、我们这里采用PCC的负载均衡,在ip firewall mangle里添加相应的PCC规则,通过一些脚本添加PCC的规则,注意:如果PPPoE客户端拨号没有成功,那么添加的规则则为红色的,拨号成功后自动正常[admin@MikroTik] > :for i from=2 to=41 do={/ip firewall mangle add chain=inputaction=mark-connection new-connection-mark=conn1 in-interface=("pppoe-out".$i)}4.然后标记路由让从哪个接口进来的数据就从哪个接口出去:[admin@MikroTik] > :for i from=2 to=41 do= {ip firewall mangle add chain=outputconnection-mark=("conn".$i) action=mark-routing new-routing-mark=("rout".$i)}[admin@MikroTik] >5.然后将所有内网出来的数据通过pcc的both-addresses分成40分并标记连接和路由:[admin@MikroTik] > :for i from=2 to=41 do= {/ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-connection new-connection-mark=("conn".$i)per-connection-classifier=("both-addresses:40/".$i) comment=$i{... /ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-routingnew-routing-mark=("rout".($i-2)) connection-mark=("conn".$i)}篇二:RouterOS多线PCC负载均衡RouterOS多线PCC负载均衡核心提示:PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port) PCC原理 PCC从一定范围内分析选择IP数据包头,通过哈西散列算法的帮助下,将选定的区域转换为32bit值PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port)PCC原理PCC从一定范围内分析选择IP数据包头,通过哈西散列算法的帮助下,将选定的区域转换为32bit值。
ROS PCC负载详细图文教程(新)!虽然网上很多视频,但是貌似很多菜菜天天都在问如何负载平衡,下面做一个PCC的负载教程。
以下环境是ADSL 4线负载均衡,线路数量不同的请自行修改脚本。
接口图示开启DHCP,自己先给lan网卡配置一个地址,例如192.168.0.1/24NAT伪装Mangle视图下面是回程路由,只发一个接口的图,其他的自己添加,可加可不加标记连接,路由路由设置4线PCC负载脚本PCC 负载脚本—–仅支持3.30或以上脚本!/ip firewall mangleadd action=change-mss chain=forward comment=”" disabled=no new-mss=1400 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4passthrough=yesadd action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24/ip routeadd comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4/ip firewall natadd action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out1add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out2add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out3add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out4。
ROS 双线负载均衡实例(PCC)
最近朋友的宾馆申请了两条4M的ADSL线路,需要做负载均衡,满足客人上网需求。
配置如下
一:准备条件:ros 3.3
二、步骤:
1、新建PPPOE拨号账户(注意:不要添加默认路由)
拨号账户1
拨号账户2
2、定义数据包
3、把刚定义的数据包定义路由走向
同理,对于第二个数据包,也是先定义数据包,然后定义路由走向
定义后的效果如图所示
三、对于刚才定义好的数据包和路由,在路由里面选择指定路径。
当然,为了防止一条线路中断影响网络,可以添加一条备份的路由,distance改为2(默认下该路由不生效,但链路中断后,会生效),如图
路由效果图如下:
四、最后,做ip伪装
五、完成效果图
总结:
改负载均衡方法采用ros pcc的负载均衡,提供负载均衡的同时提供冗余功能,路由器会根据线路的状态自动选择出口。
时间紧迫,没有很好整理,测试成功,有问题可联系我。
ros脚本大全(ROS scripts)ROS script Daquan (generic) Post By:2010-3-13 10:11:37 [just see the author]This article summarizes some of the commonly used ROS script, in the hope that everyone will help!Speed limit script: for, wbsz, from, 1, to,, do={/queue, simple, add, name= (wbsz. $wbsz), dst-address= (192.168.0.. $wbsz),limit-at=1024K/1024K, max-limit=1024K/1024K}Two: limit the maximum number of threads per machine: for, wbsz, from, 1, to,, do={/ip, firewall, filter, add, chain=forward, src-address= (192.168.0.. $wbsz), protocol=tcp, connection-limit=50,32, action=drop}Three: port mappingIP, firewall, NAT, add, chain=dstnat, dst-address=(202.96.134.134), protocol=tcp, dst-port=80, to-addresses= (192.168.0.1), to-ports=80, action=dst-natFour: end slogan/ IP firewall filterAd, CH, forward, PR, TCP, dst-po,, act, drop, comment=, Blockade, QQ"Five: more variable telnet service port/ip, service, set, Telnet, port=23Six: more change SSH management service port/ip, service, set, SSH, port=22Seven: change the WWW service port number/ip, service, set, WWW, port=80Eight: change the FTP service port number/ip, service, set, FTP, port=21Nine: increase this ROS management user/user, add, name=wbsz, password=admin, group=fullTen: delete speed limit script: for, wbsz, from, 1, to, 254, do={/queue, simple, remove (wbsz. $wbsz)}Eleven: seal IP footsteps/ IP firewall filterAdd, chain=forward, dst-address=58.60.13.38/32, action=drop,comment=, "Blockade, QQ.""Twelve: banned P2P script/ IP firewall filterAdd, chain=forward, src-address=192.168.0.0/24, p2p=all-p2p, action=drop, comment=, No, P2P"Thirteen: limit the maximum number of TCP threads per machine (thread number =60)/ IP firewall filterAdd, chain=forward, protocol=tcp, connection-limit=60,32, action=drop \Disabled=noFourteen: one-time binding all online machines MACForeach, wbsz, in=[/ip, find, dynamic=yes, ARP] do=[/ip, ARP, add, copy-from=$wbsz]Fifteen: remove the bound MACForeach, wbsz, in, [/ip, ARP, find], do={/ip, ARP, $wbsz}, remove, etc.Sixteen: ban Ping/ IP firewall filterAdd, chain=output, protocol=icmp, action=drop, comment=, "No, Ping.""Seventeen: prohibition/ IP firewall filterAdd, chain=forward, protocol=tcp, dst-port=4661-4662,action=drop, comment=, No, Emule"Add, chain=forward, protocol=tcp, dst-port=4242, action=dropAdd chain=forward dst-address=62.241.53.15 action=dropEighteen: ban PPLIVE/ IP firewall filterAdd, chain=forward, protocol=tcp, dst-port=8008, action=drop, comment=, No, PPlive, TV"Add, chain=forward, protocol=udp, dst-port=4004, action=dropAdd chain=forward dst-address=218.108.237.11 action=dropNineteen: forbidden QQ live broadcastIP防火墙过滤器添加链= =口=转发协议UDP DST 13000-14000行动=滴评论=“没有QQLive”二十:禁比特精灵IP防火墙过滤器添加链=转发协议TCP端口= 16881 = DST行动=滴评论=“BitSpirit”二十一:禁QQ聊天(一般公司才需要)IP防火墙过滤器添加链=正向src地址= 10.5.6.7/32行动=接受评论=“腾讯QQ”广告公关CH了TCP DST PO 8000幕广告公关CH了UDP DST PO 8000幕广告公关CH了UDP DST PO 8000幕添加链=了DST地址=行动=降61.144.238.0/24添加链=了DST地址=行动=降61.152.100.0/24添加链=了DST地址=行动=降61.141.194.0/24添加链=了DST地址=行动=降202.96.170.163/32添加链=了DST地址=行动=降202.104.129.0/24添加链=了DST地址=行动=降202.104.193.20/32 添加链=了DST地址=行动=降202.104.193.11/32 添加链=了DST地址=行动=降202.104.193.12/32 添加链=了DST地址=行动=降218.17.209.23/32 添加链=了DST地址=行动=降218.18.95.153/32 添加链=了DST地址=行动=降218.18.95.165/32 添加链=了DST地址=行动=降218.18.95.220/32 添加链=了DST地址=行动=降218.85.138.70/32 添加链=了DST地址=行动=降219.133.38.0/24 添加链=了DST地址=行动=降219.133.49.0/24 添加链=了DST地址=行动=降220.133.40.0/24 添加了内容sz.tencent链= =行动=拒绝添加了内容sz2.tencent链= =行动=拒绝添加了内容sz3.tencent链= =行动=拒绝添加了内容sz4.tencent链= =行动=拒绝添加了内容sz5.tencent链= =行动=拒绝添加了内容sz6.tencent链= =行动=拒绝添加了内容sz7.tencent链= =行动=拒绝添加了内容sz8.tencent链= =行动=拒添加了内容sz9.tencent链= =行动=拒添加了内容tcpconn.tencent链= =行动=拒绝添加了内容tcpconn2.tencent链= =行动=拒绝添加了内容tcpconn3.tencent链= =行动=拒绝添加了内容tcpconn4.tencent链= =行动=拒绝添加了内容tcpconn5.tencent链= =行动=拒绝添加了内容tcpconn6.tencent链= =行动=拒绝添加了内容tcpconn7链= =。
ROS 典型PCC负载脚本:global num:set num 38:for szwm from=1to=$num do={:global type:set type ("both-addresses:". $num . "/". ($szwm-1))#设置网卡名字 name中的wlan可以改成#/interface set ("ether" . $szwm) name=("wlan". $szwm)#建立pppoe拨号,并禁用/interface pppoe-client addname=("pppoe-out". $szwm) user=("user" . $szwm) password=("pass" . $sz wm) \interface=("wlan".$szwm) comment=("ADSL_". $szwm) disabled=no# NAT伪装/ip firewall nat add chain=srcnat out-interface=("pppoe-out". $szwm)action=masquerade \comment=("NAT_ADSL". $szwm)# 标记从哪里来/ ip firewall mangle \add chain=input in-interface=("pppoe-out". $szwm) action=mark-connection \ new-connection-mark=("adsl" . $szwm ."_conn") passthrough=yescomment=("From_ADSL". $szwm)#标记从哪里来,回哪里去/ ip firewall mangle add chain=outputconnection-mark=("adsl" . $szwm ."_conn") \action=mark-routing new-routing-mark=( "to_adsl". $szwm) passthrough=yes comment=("To_ADSL". $szwm)#PCC设置/ip firewall mangleadd chain=preroutingaction=mark-connection new-connection-mark=("adsl" . $szwm ."_conn") \dst-address-type=!local in-interface=Local per-connection-classifier=$type passthrough=yes comment=("ADSL_PCC". $szwm)#标记路由/ip firewall mangleadd chain=preroutingconnection-mark=("adsl" . $szwm ."_conn") in-interface=Localaction=mark-routing new-routing-mark=( "to_adsl". $szwm) \comment=("Route_To_ADSL". $szwm)#添加路由/ip routeadddst-address=0.0.0.0/0gateway=("pppoe-out". $szwm) routing-mark=( "to_adsl". $szwm) check-gateway=ping comment=("To_ADSL". $szwm)add dst-address=0.0.0.0/0gateway=("pppoe-out". $szwm) distance=$szwmcheck-gateway=ping comment=("ECMP_". $szwm)}配合这个掉线后自动修改脚本很好用以4线为例,其中某条线路断了后,会自动判断剩余可用的线路数量然后修改PCC规则的参数,线路恢复正常后会自动把参数修改回正常状态,注意连接标记名称一定要以纯数字“1、2、3、4...”来命名。
一般该脚本设置30秒间隔就比较合适。
#pcc掉线后自动修改参数脚本{:local status:local i "4":local x "0":local y "0":local z "0":set x [:len [/interface pppoe-client find running=yes]]:if($x<$i) do={:for ii from=1to=$i do={:set status [/interface get[find name=("pppoe-out".$ii)] running]:if($status=true) do={/ip fir man set[find new-connection-mark=$ii]per-connection-classifier=("both-addresses:".$x."/".$y) disable=no;:set y($y+1)} else={/ip fir man set[find new-connection-mark=$ii] disable=yes}}}:if($x=$i) do={:set z [:len [/ip fir man find action="mark-connection"disabled=yeschain=prerouting]]:if($z>0) do={:for ii from=1to=$i do={/ip fi man set[find new-connection-mark=$ii]per-connection-classifier=("both-addresses:".$x."/".$y) disable=no;:set y($y+1)}}}}以上是PPPOE环境下的,下面的这个是固定IP相同网关的环境,2条线/ip addressadd address=192.168.1.1/24comment="shan"disabled=no interface=lan \network=192.168.1.0add address=10.10.10.10/32disabled=no interface=wan1add address=20.20.20.20/32disabled=no interface=wan2/ip firewall mangleadd action=accept chain=prerouting disabled=no dst-address=10.10.10.10\in-interface=wan1add action=accept chain=prerouting disabled=no dst-address=20.20.20.20\in-interface=wan2add action=mark-connection chain=input comment=\"\C2\B7\D3\C9\D4\AD\C2\B7\B7\B5\BB\D8\B2\DF\C2\D4"disabled=no \in-interface=wan1 new-connection-mark=wan1_conn passthrough=yesadd action=mark-routing chain=output connection-mark=wan1_conn disabled=no \new-routing-mark=wan1_rout passthrough=yesadd action=mark-connection chain=input disabled=no in-interface=wan2 \new-connection-mark=wan2_conn passthrough=yesadd action=mark-routing chain=output connection-mark=wan2_conn disabled=no \new-routing-mark=wan2_rout passthrough=yesadd action=mark-connection chain=prerouting comment=wan1 disabled=no \dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes \per-connection-classifier=both-addresses:2/0src-address-list=192.168.1.0/ 24add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=\ no new-routing-mark=wan1_rout passthrough=yessrc-address-list=192.168.1.0/24add action=mark-connection chain=prerouting comment=wan2 disabled=no \dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes \per-connection-classifier=both-addresses:2/1src-address-list=192.168.1.0/ 24add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=\ no new-routing-mark=wan2_rout passthrough=yessrc-address-list=192.168.1.0/24add action=change-mss chain=forward comment=\"============\D0\DE\B8\C4MMS=============shan"disabled=yes new-mss=1440\ passthrough=yes protocol=tcp tcp-flags=syn/ip firewall natadd action=src-nat chain=srcnat comment="wan1\BF\DANat"disabled=no \out-interface=wan1 src-address-list=192.168.1.0/24to-addresses=10.10.10.10 add action=src-nat chain=srcnat comment="wan2\BF\DANat"disabled=no \out-interface=wan2 src-address-list=192.168.1.0/24to-addresses=20.20.20.20 add action=masquerade chain=srcnat comment="shan"disabled=nosrc-address-list=192.168.1.0/24\to-addresses=0.0.0.0/ip routeadd disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan1 \routing-mark=wan1_rout scope=30target-scope=10add disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan2 \routing-mark=wan2_rout scope=30target-scope=10add disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan1 \scope=255target-scope=10add disabled=no distance=2dst-address=0.0.0.0/0gateway=1.1.1.1%wan2 \scope=255target-scope=10add comment="shan"disabled=yes distance=1dst-address=0.0.0.0/0\gateway=192.168.1.1scope=30target-scope=10这上5.x的双线同网关固定IP的pcc脚本,lan为局域网口,wan1和wan2为两个外网口。
