拨号光纤如何实现DMZ?有三块网卡wan lan dmz
拨号光纤如何实现DMZ?有三块网卡wan lan dmz恳请高手指点! 将dmz网卡 netmap到wan口的第二个ip即可 zhjchina 发表于 2011-11-22 23:00 static/image/common/back.gif
将dmz网卡 netmap到wan口的第二个ip即可
第二个ip是指哪个ip 自己定义一个吗? 如何实现? /ip address
add address=192.168.0.1/24 interface=LAN
add address=172.16.0.1/24 interface=DMZ
add address=10.111.0.2/24 interface=ISP1
add address=10.112.0.2/24 interface=ISP2
/ip firewall address-list
add list=local-networks address=10.111.0.0/24
add list=local-networks address=10.112.0.0/24
add list=local-networks address=192.168.0.0/24
add list=local-networks address=172.16.0.0/24
/ip firewall mangle
add chain=prerouting src-address-list=local-networks dst-address-list=local-networks action=accept
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=preroutingin-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=preroutingin-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=preroutingin-interface=DMZ connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=preroutingin-interface=DMZ connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
add chain=prerouting connection-mark=ISP1_conn in-interface=DMZ action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=DMZ action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade
这是官方的PCC DMZ脚本 不知是否有效 需要的用用吧 greney 发表于 2012-8-10 14:32 static/image/common/back.gif
/ip address
add address=192.168.0.1/24 interface=LAN
add address=172.16.0.1/24 interface=DMZ
:handshake 谢谢指点!我测试一下
页:
[1]