新人第一贴,有关部分常识及动态切换线路icmp掉线的问题
各位好,这是我在本论坛发的第一篇贴子,由于是初学,有着众多问题可能让大家扔鸡蛋,不过为避免在同一问题上做第二次小白,请您将解决方法或致错因素也扔给我,在此谢了好了,转入正题,观摩学习了论坛大量贴子后我参考以下内容:
host2318的 [双线不同网关分流教程]
专卖精品等高手在 [光纤用户使用NAT方式多还是使用masquerade方式的多] 中的讨论
wwjun的 [双网关按源地址动态稳固分流]
bow在 [关于ROS限速] 中的回答
做了一个自已的路由routeros2.9.27,忘了说,路由也是打置顶贴子里下载的,感谢loverouter感谢routerclub.con感谢CCTV
路由也按照我的设想实现了:
1.识别接入IP并分配相应网关 192.168.1.146-147 to 192.168.111.1; 192.168.1.148-149 to 192.168.222.1
2.模拟静态SRC NAT转发
3.识别网关通路并动态切换网关并修改SRC NAT地址源
4.针对IP地址集合进行不同要求限速
但我在使用当中发现线路切换&3后http访问正常但部分软件就会掉线,例如ping(icmp),看以前的贴子QQ也会掉,所以想请教具体原因及解决方法
同时线路切换后我将当前的icmp连接清除后ping会恢复正常,QQ没条件测试
若我想在线路切换的同时删除icmp或某个特征连接,脚本应如何写?
再,假设以上脚本可行,如何识别只删除切换了网关的接入IP icmp连接(路由标识或连接标记+当前协议?)
按以下配置:
网关192.168.222.1掉线后
192.168.1.146 ping(icmp) www.163.com gateway 192.168.111.1 保留
192.168.1.168 ping(icmp) www.163.com gateway 192.168.222.1 删除
再问wwjun的 [双网关按源地址动态稳固分流]中通过nth来分辨新连接的奇偶,具体算法是什么?passthrough的作用又是什么?
最后请教ros使用了大量脚本对性能有多大影响?较高配置(2.0+/1G/ATA)能否抵消这些影响?
以下是我路由的配置
routeros 2.9.27
/ interface ethernet
set ether1 name="ether1_LAN"
set ether2 name="ether2_WAN1"
set ether3 name="ether3_WAN2"
/ ip address
add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=ether1_LAN comment="LAN" disabled=no
add address=192.168.111.110/24 network=192.168.111.0 broadcast=192.168.111.255 \
interface=ether2_WAN1 comment="WAN1" disabled=no
add address=192.168.222.110/24 network=192.168.222.0 broadcast=192.168.222.255 \
interface=ether3_WAN2 comment="WAN2" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.1.146/31 action=mark-routing \
new-routing-mark=10 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.1.148/31 action=mark-routing \
new-routing-mark=20 passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat routing-mark=10 action=src-nat to-addresses=192.168.111.110 \
to-ports=0-65535 comment="wan1" disabled=no
add chain=srcnat routing-mark=20 action=src-nat to-addresses=192.168.111.110 \
to-ports=0-65535 comment="wan2" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.111.1 scope=255 target-scope=10 \
routing-mark=10 comment="wan1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.111.1 scope=255 target-scope=10 \
routing-mark=20 comment="wan2" disabled=no
/ system script
add name="wan1up" source="/ip route set wan1 gateway=192.168.111.1 \n/ip fir nat set wan1to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1down" source="/ip route set wan1 gateway=192.168.222.1 \n/ip fir nat set wan1to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2up" source="/ip route set wan2 gateway=192.168.222.1 \n/ip fir nat set wan2to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2down" source="/ip route set wan2 gateway=192.168.111.1 \n/ip fir nat set wan2to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
/ tool netwatch
add host=192.168.111.1 timeout=30ms interval=1s up-script=wan1up \
down-script=wan1down comment="" disabled=no
add host=192.168.222.1 timeout=30ms interval=1s up-script=wan2up \
down-script=wan2down comment="" disabled=no
/ queue simple
add name="queueA" target-addresses=192.168.1.146/32,192.168.1.147/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=64000/200000 \
burst-limit=128000/400000 burst-threshold=64000/180000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
disabled=no
add name="queueB" target-addresses=192.168.1.148/32,192.168.1.149/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
disabled=yes
如果我修改/route与/system script两个地方的代码不知是否可行
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.111.1;192.168.222.1 scope=255 target-scope=10 \
comment="wan" disabled=no
/ system script
add name="wan1up" source="/ip fir nat set wan1to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1down" source="/ip fir nat set wan1to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2up" source="/ip fir nat set wan2to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2down" source="/ip fir nat set wan2to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
[ 本帖最后由 everest79 于 2007-1-21 19:43 编辑 ] 各位老大,回贴呀,我这等着类 两动态ip+1静态ip 3网关分流+自动切换
/ interface ethernet
set ether1 name="ether1_LAN"
set ether2 name="ether2_WAN1"
set ether3 name="ether3_WAN2"
set ether4 name="ether4_WAN3"
/ interface pppoe-client
add name="pppoe-out1" max-mtu=1480 max-mru=1480 interface=ether2_WAN1 \
user="adsl01" password="123456" profile=default service-name="" ac-name="" \
add-default-route=no dial-on-demand=no use-peer-dns=yes \
allow=pap,chap,mschap1,mschap2 disabled=no
add name="pppoe-out2" max-mtu=1480 max-mru=1480 interface=ether3_WAN2 \
user="adsl02" password="654321" profile=default service-name="" ac-name="" \
add-default-route=no dial-on-demand=no use-peer-dns=yes \
allow=pap,chap,mschap1,mschap2 disabled=yes
/ ip address
add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=ether1_LAN comment="added by setup" disabled=no
add address=15.12.11.1/32 network=15.12.11.1 broadcast=15.12.11.1 \
interface=ether3_WAN2 comment="" disabled=yes
add address=15.12.11.2/24 network=15.12.11.0 broadcast=15.12.11.255 \
interface=ether1_LAN comment="wan" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=10 comment="wan1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=20 comment="wan2" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=30 comment="wan3" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.1.146/31 action=mark-routing \
new-routing-mark=10 passthrough=yes comment="wan1" disabled=no
add chain=prerouting src-address=192.168.1.148/31 action=mark-routing \
new-routing-mark=20 passthrough=yes comment="wan2" disabled=no
add chain=prerouting src-address=192.168.1.150/31 action=mark-routing \
new-routing-mark=30 passthrough=yes comment="wan3" disabled=no
/ ip firewall nat
add chain=srcnat routing-mark=10 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan1" disabled=no
add chain=srcnat routing-mark=20 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan2" disabled=no
add chain=srcnat routing-mark=30 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan3" disabled=no
/ system script
\n/ip firewall nat set \="/ip route set wan1 gateway=\$wan1
\n/system scheduler dis wan1stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \2" source=":set chw1 \$wan2
\n:if \(\[/tool netwatch get wan3 \) do={
\n:set chw1 \$src3} else={
\n/ip route set \disable wan1}
\n/ip \ip route find dst-address=0.0.0.0/0 gateway=\$wan1\] gateway=\$chw1
firewall nat set \ \
\n/system scheduler enable wan1stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n/ip firewall nat set \="/ip route set wan2 gateway=\$wan2
\n/system scheduler dis wan2stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \3" source=":set chw2 \$wan3
\n:if \(\[/tool netwatch get wan1 \) do={
\n:set chw2 \$src1} else={
\n/ip route set \disable wan2}
\n/ip \ip route find dst-address=0.0.0.0/0 gateway=\$wan2\] gateway=\$chw2
firewall nat set \ \
\n/system scheduler enable wan2stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n/ip firewall nat set \="/ip route set wan3 gateway=\$wan3
\n/system scheduler disable wan3stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \1" source=":set chw3 \$wan1
\n:if \(\[/tool netwatch get wan2 \) do={
\n:set chw3 \$src2} else={
\n/ip route set \[/ip route find \
\n/ip firewall nat set \0 gateway=\$wan3\] gateway=\$chw3
\ \
\n/system scheduler enable wan3stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:global src3 \n" source=":global wan3 15.12.11.1
\n:global wan2 \one0.0.1
\n:global src1 \one
\n:global chs2 \55.0.0.1
\n:global \pp2 none
\n/tool netwatch disable \
\n/tool netwatch set wan3 host=\$wan3 \
\n/system scheduler enable \an1stat
\n" \stem scheduler enable wan3stat
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1stat" source="/interface pppoe-client monitor pppoe-out1 once \
\n:set wan1 \[/ip \nnected\"\) do={
\n:set src1 \et \ network\]
\n/tool \ route get \ pref-src\]
\n/tool \10h set wan1 host=\$wan1 disabled=no
netwatch enable wan1}" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2stat" source="/interface pppoe-client monitor pppoe-out2 once \
\n:set wan2 \[/ip \nnected\"\) do={
\n:set src2 \et \ network\]
\n/tool \ route get \ pref-src\]
\n/tool \10h set wan2 host=\$wan2 disabled=no
netwatch enable wan2}" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool netwatch get wan1 \pc 0
\n:if \(\[/tool netwatch get wan2 \$tmpc+1\)}
\n/tool \$tmpc>0\) do={set tmpc \(\$tmpc+1\)}
\n}" \ay 20h enable wan3
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="local886" source=":set ppp2 \$status" \
policy=ftp,reboot,read,write,policy,test,winbox,password
/ system scheduler
add name="startup" on-event=autorun start-time=startup interval=0s \
comment="autorun" disabled=no
add name="startup1" on-event=wan1stat start-time=startup interval=0s comment="" \
disabled=no
add name="startup2" on-event=wan2stat start-time=startup interval=0s comment="" \
disabled=no
add name="wan1stat" on-event=wan1stat start-date=jan/01/1970 start-time=00:00:00 \
interval=10s comment="wan1stat" disabled=yes
add name="wan2stat" on-event=wan2stat start-date=jan/01/1970 start-time=00:00:00 \
interval=10s comment="wan2stat" disabled=no
add name="wan3stat" on-event=wan3stat start-date=jan/01/1970 start-time=00:00:00 \
interval=20s comment="wan3stat" disabled=no
/ queue simple
add name="queueA" target-addresses=192.168.1.146/32,192.168.1.147/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=64000/200000 \
burst-limit=128000/400000 burst-threshold=64000/180000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=yes
add name="queueB" target-addresses=192.168.1.148/32,192.168.1.149/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=no
add name="queueC" target-addresses=192.168.1.150/32,192.168.1.151/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=yes
/ tool netwatch
add host=192.168.100.186 timeout=30ms interval=1s up-script=wan1up \
down-script=wan1down comment="wan1" disabled=no
add host=192.168.100.188 timeout=30ms interval=1s up-script=wan2up \
down-script=wan2down comment="wan2" disabled=no
add host=15.12.11.1 timeout=30ms interval=1s up-script=wan3up down-script=wan3down \
comment="wan3" disabled=no
因为ICMP不使用重传机制,这样一旦丢包就发现了.而别的协议也丢包,但有重传机制,所以就看不出来,你可以抓包看看. 谢谢ssffzz1的回答
页:
[1]