前言:不知道是不是做网管的人都比较扣,基本没完整的文档。摸索了一天,基本以前学校学的东西又复习了一下
#一、注意:请先将routeros预置的配置文件删除或者重置。
#原理:将进入路由和局域网的数据都打上标记mangle,不同的光纤宽带入口数据打上不同的mangle进行分类,那么就能保证发出去的包又能从同一个宽带出口进入,
#举例:我有一个100兆的zip文件,发出去的数据被routeros路由通过两个光纤出口发,在routeros里面会被打上不同标签,那么就变成
#多宽带输出;接受数据的时候一样,网上的数据都会经过routeros,他匹配标志,然后又定位我的ip,将数据发给我.
#二、设置域名服务器和局域网的DHCP池
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=222.246.129.80 secondary-dns=59.51.78.210
/ip address add address=192.168.87.1/255.255.255.0 interface=LAN comment=LAN
#三、修改最小分包的大小
/ip firewall mangle add chain=forward comment="change MSS" protocol=tcp tcp-flags=syn action=change-mss new-mss=1440
#四、添加PPOE账号
/interface pppoe-client add name=pppoe-out1 interface=ether2 user=073198887556 password=357770 add-default-route=no disabled=no
/interface pppoe-client add name=pppoe-out2 interface=ether3 user=073198529234 password=167256 add-default-route=no disabled=no
#五、mangle标记PPOE端口进出的数据包。类似我们对数据包进行打个标记,以便分类进行控制
#使用mangle标记连接和路由的数据包,标注第一条PPOE网线的:
/ip firewall mangle add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out1 new-connection-mark=adsl_conn_1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output comment="" connection-mark=adsl_conn_1 disabled=no new-routing-mark=adsl_rout_1 passthrough=yes
#使用mangle标记连接和路由的数据包,标注第二个PPOE条网线的:
/ip firewall mangle add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out2 new-connection-mark=adsl_conn_2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output comment="" connection-mark=adsl_conn_2 disabled=no new-routing-mark=adsl_rout_2 passthrough=yes
#六、标记局域网进出的数据包,注意一下局域网的mangle标记的路由名称必须和PPOE的mangle对应上
#标记局域网LAN的接入第一条PPOE(pppoe-out1)的路由和连接,注意一下这里的路由标记必须和“pppoe-out1路由标记”相同:adsl_rout_1
/ip firewall mangle add action=mark-connection chain=prerouting comment=PCC_1 disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=adsl_conn_1 passthrough=yes per-connection-classifier=src-address-and-port:2/0
/ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=adsl_conn_1 disabled=no in-interface=LAN new-routing-mark=adsl_rout_1 passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting comment=PCC_2 disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=adsl_conn_2 passthrough=yes per-connection-classifier=src-address-and-port:2/1
/ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=adsl_conn_2 disabled=no in-interface=LAN new-routing-mark=adsl_rout_2 passthrough=yes
#七、将PPOE标记的包和局域网标记的包通过路由连接上.
#将标记的“pppoe-out1连接和路由”和“LAN局域网接入pppoe-out1被标记的连接和路由”都配置到pppoe-out1端口
/ip route add check-gateway=ping comment=ADSL_1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=adsl_rout_1
/ip route add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
#将标记的“pppoe-out2连接和路由”和“LAN局域网接入pppoe-out2被标记的连接和路由”都配置到pppoe-out2端口
/ip route add check-gateway=ping comment=ADSL_2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=adsl_rout_2
/ip route add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
#配置局域网的网络地址转换,屏蔽外网知道内网的IP
/ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
/ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2