close
Blogtrottr
Mobile01最新文章
 
[教學] RouterOS固2/固6 路由設定
Apr 6th 2015, 16:49

越來越多 個人用戶申辦Hinet企業固6/固2網路,
但在設定RouterOS策略路由(Policy Routing)時,固i 與PPPoE是有差異的.

若以PPPoE方法用在固i會是沒作用的,所以小弟略做整理,給需要的用戶參考
以固2為例:

/ip address

/ip firewall mangle

/ip firewall mangle
add chain=prerouting dst-address-list=All-Lan src-address-list=All-Lan
add chain=prerouting dst-address-type=local src-address-list=All-Lan
add action=mark-connection chain=prerouting dst-address=\
111.162.112.163-111.162.112.164 new-connection-mark=static2_conn
add action=mark-routing chain=prerouting connection-mark=static2_conn \
new-routing-mark=to_static2 passthrough=no src-address-list=All-Lan

/ip route

/ip route
add comment=Default-Routing distance=1 gateway=111.162.112.254
add distance=1 gateway=111.162.112.254 routing-mark=to_static2

/ip firewall nat (指定Qnap NAS使用111.162.112.164對外)

/ip firewall nat
add action=dst-nat chain=dstnat \
dst-address=111.162.112.164 to-addresses=192.168.1.6
add action=src-nat chain=srcnat out-interface=ether1-wan \
src-address=192.168.1.6 to-addresses=111.162.112.164
add action=masquerade chain=srcnat out-interface=ether1-wan

戰略方向:
因固定IP封包 大多設定是從固定的ether1做進/出入,
所以不需像多個PPPoE時每個接口皆做標記,並指向不同的PPPoE做回覆.

所以不管是從那個固i進入,全部封包您只需指向ether1就好,不需每個ip都分開.

透過src-nat可指定裝置對外的ip ,如範例Qnap NAS對外ip即定義111.162.112.164
就這樣

This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
You are receiving this email because you subscribed to this feed at blogtrottr.com.

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
arrow
arrow
    全站熱搜

    jmuko90 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄