交流 › RouterOS › NTH load balancing with masquerade

yiwuyun 发表于 2010-3-14 19:56:39

NTH load balancing with masquerade

原文见
http://wiki.mikrotik.com/wiki/NTH_load_balancing_with_masquerade

我读了之后感觉准确的做法应如下：

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1

/ ip firewall mangle
add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection \
new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing \
connection-mark=odd new-routing-mark=odd passthrough=no                                          //有变
add chain=prerouting src-address-list=even in-interface=Local action=mark-connection \
new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=Local action=mark-routing \
connection-mark=even new-routing-mark=even passthrough=no                                        //有变

add chain=prerouting in-interface=Local connection-state=new nth=2,1 \
    src-address-list=!even action=mark-connection new-connection-mark=odd \                  //有变
    passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
    new-routing-mark=odd passthrough=no

add chain=prerouting in-interface=Local connection-state=new nth=2,2 \
    src-address-list=!odd action=mark-connection new-connection-mark=even \                        //有变
    passthrough=yes
add chain=prerouting in-interface=Local action=add-src-to-address-list \
address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
    new-routing-mark=even passthrough=no

/ ip firewall nat
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10

我有一个地方不明白，为何一定要先做"标记连接"的事，不可以直接就"标记路由"吗，这样就可少写一条规则?
还有一个不太明白，这里的标记连接是作用在"连接"上，还是作用在"包"上。
另我上面私自作的变化是对还是错？

47771885 发表于 2010-3-14 20:31:12

对与错你试验下就知道了

wugalang88 发表于 2010-3-14 23:59:48

试一下就知了

mark_x 发表于 2010-3-22 16:20:01

这个是平衡吧，是平衡的做法吧！

查看完整版本: NTH load balancing with masquerade