[研究所] MikroTik RouterOS 學習 (持續更新) (第319頁)

kuanhsien

kuanhsien
個人積分：0分
文章編號：54478282

0分

3181樓

2015-02-13 21:17

gfx wrote:
您用複雜的方式處裡簡...(恕刪)

您好!!

想請問題正確設定方式是怎麼設定的?

主要需求單純就是希望三台電腦可以透過不同ip開設服務出去

感謝您~

YAWPYNG

YAWPYNG
個人積分：618分
文章編號：54478859

618分

3182樓

2015-02-13 22:14

kuanhsien wrote:
您好!!想請問題正確...(恕刪)

mangle那邊對初學者來說比較難搞.

比較簡單的作法如下.
直接綁死.

gfx

gfx
個人積分：1603分
文章編號：54479042

1603分

3183樓

2015-02-13 22:33

kuanhsien wrote:
您好!!想請問題正確...(恕刪)

我把設定匯出來,您修改後匯入即可

/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=pppoe-out1 \
new-connection-mark=pppoe1_conn
add action=mark-connection chain=prerouting in-interface=pppoe-out2 \
new-connection-mark=pppoe2_conn
add action=mark-connection chain=prerouting in-interface=pppoe-out3 \
new-connection-mark=pppoe3_conn
add action=mark-routing chain=output comment="PPPoE\\A5X\\A4f" connection-mark=\
pppoe1_conn new-routing-mark=to_pppoe1 passthrough=no
add action=mark-routing chain=output connection-mark=pppoe2_conn \
new-routing-mark=to_pppoe2 passthrough=no
add action=mark-routing chain=output connection-mark=pppoe3_conn \
new-routing-mark=to_pppoe3 passthrough=no
add action=mark-routing chain=prerouting comment=DVR connection-mark=pppoe1_conn \
new-routing-mark=to_pppoe1 passthrough=no src-address=192.168.1.57
add action=mark-routing chain=prerouting connection-mark=pppoe2_conn \
new-routing-mark=to_pppoe2 passthrough=no src-address=192.168.1.58
add action=mark-routing chain=prerouting comment=IPCAM \
connection-mark=pppoe3_conn new-routing-mark=to_pppoe3 passthrough=no \
src-address=192.168.1.50

/ip firewall nat
add action=dst-nat chain=dstnat comment=DVR in-interface=pppoe-out1 \
to-addresses=192.168.1.57
add action=dst-nat chain=dstnat interface=pppoe-out2 to-addresses=\
192.168.1.58
add action=dst-nat chain=dstnat comment=IPCAM in-interface=\
pppoe-out3 to-addresses=192.168.1.50

/ip route
add distance=1 gateway=pppoe-out1 routing-mark=to_pppoe1
add distance=1 gateway=pppoe-out2 routing-mark=to_pppoe2
add distance=1 gateway=pppoe-out3 routing-mark=to_pppoe3

kuanhsien

kuanhsien
個人積分：0分
文章編號：54480755

0分

3184樓

2015-02-14 0:58

gfx wrote:
我把設定匯出來,您修...(恕刪)

這樣設定有錯誤嗎?

另外想請問一下怎麼把我設定資料匯出來像你們那樣的文字呢

我先用拍照方式

設定完後發現網路不能上了不知道哪邊漏掉了

感恩

gfx

gfx
個人積分：1603分
文章編號：54480923

1603分

3185樓

2015-02-14 1:20

kuanhsien wrote:
這樣設定有錯誤嗎?
...(恕刪)

nat設定dmz時須設例外,
不然pppoe所有的連線都會被轉到dmz的那台電腦(192.168.1.X)上面.

在/ip firewall nat加入三個新設定:
1.

2.

3.

然後把三個新增的設定拖曳至nat頂端,也就是"置頂"讓這三個新增功能優先.

最後再您再瀏覽網路試試,看網頁能否順利開啟.

gfx

gfx
個人積分：1603分
文章編號：54481014

1603分

3186樓

2015-02-14 1:38

kuanhsien wrote:
想請問一下怎麼把我設定資料匯出來像你們那樣的文字呢

在命令視窗(New Terminal)輸入:
/interface pppoe-client export 就只匯出pppoe的設定.

/ip firewall nat export 就只匯出nat的設定.

若在根目錄/只單獨輸入export這一個單字,
就會匯出整台機器所有設定.

zfnakj

zfnakj
個人積分：4分
文章編號：54483622

4分

3187樓

2015-02-14 11:59

YAWPYNG wrote:
mangle那邊對初...(恕刪)

請問不設定mangle的話
table這邊要選什麼呢？

chrisintaipei

chrisintaipei
個人積分：79分
文章編號：54483919

79分

3188樓

2015-02-14 12:34

我是覺得若要用 RouterOS，那就花點時間把 mangle 怎標瞭解下。

會用的話這東西很方便的。

kuanhsien

kuanhsien
個人積分：0分
文章編號：54484247

0分

3189樓

2015-02-14 13:13

gfx wrote:
在命令視窗(New ...(恕刪)

您好!!

這是我目前的設定

我先在192.168.1.3做測試希望達到ppoe3可以對應到192.168.1.3 開啟所有服務port出去

目前這樣設定後，發現無法上網了...

麻煩您了

/interface ethernet
set [ find default-name=ether1 ] name=PORT1_WAN1
set [ find default-name=ether2 ] name=PORT2_WAN2
set [ find default-name=ether3 ] name=PORT3_LAN1
set [ find default-name=ether4 ] master-port=PORT3_LAN1 name=PORT4_LAN2
set [ find default-name=ether5 ] master-port=PORT3_LAN1 name=PORT5_LAN3

/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.199

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=PORT3_LAN1 name=dhcp1

/port
set 0 name=serial0

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=PORT2_WAN2 keepalive-timeout=\
disabled max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=\
seednet profile=default service-name="" use-peer-dns=yes user=seednet
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=PORT2_WAN2 keepalive-timeout=\
disabled max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out2 password=\
seednet profile=default service-name="" use-peer-dns=yes user=seednet
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=PORT2_WAN2 keepalive-timeout=\
disabled max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out3 password=\
seednet profile=default service-name="" use-peer-dns=yes user=seednet

/ip address
add address=192.168.1.1/24 interface=PORT3_LAN1 network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=139.175.1.1,168.95.1.1,8.8.8.8 gateway=\
192.168.1.1

/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=pppoe-out3 \
new-connection-mark=pppoe3_conn passthrough=no
add action=mark-routing chain=output connection-mark=pppoe3_conn \
new-routing-mark=to_pppoe3 passthrough=no
add action=mark-routing chain=prerouting connection-mark=pppoe3_conn \
new-routing-mark=to_pppoe3 src-address=192.168.1.3

/ip firewall nat
add chain=dstnat dst-address=192.168.1.3 src-address=192.168.1.3
add chain=dstnat protocol=tcp src-port=0-65535
add action=dst-nat chain=dstnat in-interface=pppoe-out3 to-addresses=\
192.168.1.3
add action=masquerade chain=srcnat src-address=192.168.1.3

/ip route
add distance=1 gateway=pppoe-out3 routing-mark=to_pppoe3

/ip upnp
set allow-disable-external-interface=no

/system clock
set time-zone-name=Asia/Taipei

/system clock manual
set time-zone=+08:00

gfx

gfx
個人積分：1603分
文章編號：54488503

1603分

3190樓

2015-02-14 22:15

kuanhsien wrote:
您好!!
這是我目前...(恕刪)

先讓您的系統能上網為優先!
請把下面的code全部複製起來,然後一口氣全部貼到執行視窗(New Terminal)

/interface pppoe-client set [find name="pppoe-out1"] user-peer-dns=no
/interface pppoe-client set [find name="pppoe-out2"] user-peer-dns=no
/interface pppoe-client set [find name="pppoe-out3"] user-peer-dns=no

/ip firewall nat remobe [find action="masquerade"]
/ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-out2
/ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-out3

/ip firewall mangle add chain=prerouting \
src-address=192.168.1.0/24 dst-address=192.168.1.0/24

/ip firewall mangle set [find in-interface="pppoe-out3"] passthrough=yes

/ip firewall mangle add action=mark-connection chain=prerouting \
in-interface=pppoe-out2 new-connection-mark=pppoe2_conn
/ip firewall mangle add action=mark-routing chain=output \
connection-mark=pppoe2_conn new-routing-mark=to_pppoe2 passthrough=no

/ip firewall mangle add action=mark-connection chain=prerouting \
in-interface=pppoe-out1 new-connection-mark=pppoe1_conn
/ip firewall mangle add action=mark-routing chain=output \
connection-mark=pppoe1_conn new-routing-mark=to_pppoe1 passthrough=no

/ip firewall mangle add add action=mark-routing chain=prerouting \
new-routing-mark=to_pppoe1 src-address=192.168.1.0/24

/ip route add distance=1 gateway=pppoe-out1 routing-mark=to_pppoe1
/ip route add distance=1 gateway=pppoe-out2 routing-mark=to_pppoe2

貼上code的後,在/ip firewall mangle會有新增的action=accept ,把它給置頂(重要)
再打開電腦瀏覽器,看網路部份是否正常.

若您PPPoE都要對應的特定的裝置,那您應該再開pppoe-out4來對應.
不應該pppoe-out1既設定dmz對應裝置,又使用一般上網.

另外/ip firewall裡的設定都有排序先後,
您要透過整裡將優先往上置頂,不然運行起來結果會大不相同.