越來越多 個人用戶申辦Hinet企業固6/固2網路,
但在設定RouterOS策略路由(Policy Routing)時,固i 與PPPoE是有差異的.
若以PPPoE方法用在固i會是沒作用的,所以小弟略做整理,給需要的用戶參考
以固2為例:
/ip address
/ip firewall mangle
/ip firewall mangle
add chain=prerouting dst-address-list=All-Lan src-address-list=All-Lan
add chain=prerouting dst-address-type=local src-address-list=All-Lan
add action=mark-connection chain=prerouting dst-address=\
111.162.112.163-111.162.112.164 new-connection-mark=static2_conn
add action=mark-routing chain=prerouting connection-mark=static2_conn \
new-routing-mark=to_static2 passthrough=no src-address-list=All-Lan
/ip route
/ip route
add comment=Default-Routing distance=1 gateway=111.162.112.254
add distance=1 gateway=111.162.112.254 routing-mark=to_static2
/ip firewall nat (指定Qnap NAS使用111.162.112.164對外)
/ip firewall nat
add action=dst-nat chain=dstnat \
dst-address=111.162.112.164 to-addresses=192.168.1.6
add action=src-nat chain=srcnat out-interface=ether1-wan \
src-address=192.168.1.6 to-addresses=111.162.112.164
add action=masquerade chain=srcnat out-interface=ether1-wan
戰略方向:
因固定IP封包 大多設定是從固定的ether1做進/出入,
所以不需像多個PPPoE時每個接口皆做標記,並指向不同的PPPoE做回覆.
所以不管是從那個固i進入,全部封包您只需指向ether1就好,不需每個ip都分開.
透過src-nat可指定裝置對外的ip ,如範例Qnap NAS對外ip即定義111.162.112.164
就這樣
留言列表
留言列表
