三条动态,一条固定,帮忙查问题在哪,谢谢啦
四条外线:三条ADSL(动态地址),一条固定地址(192.168.1.6,网关:192.168.1.1)一条内线:LAN
192.168.0.9/24:走pppoe-out2
192.168.3.63/24:走pppoe-out3
192.168.100.63/24 :走pppoe-out1
目标地址address-list为202.119.80.0/24的走固定地址
问题:
1、目标地址address-list为202.119.80.0/24的走固定地址不能实现
2、端口影射dst-address=192.168.1.6 dst-port=80to-addresses=192.168.3.2 to-ports=80不能实现。
配置如下:
/ip address
add address=192.168.0.9/24 disabled=no interface=lan network=192.168.0.0
add address=192.168.3.63/24 disabled=no interface=lan network=192.168.3.0
add address=192.168.100.63/24 disabled=no interface=lan network=192.168.100.0
add address=192.168.1.6/24 disabled=no interface=edu network=192.168.1.0
/ip firewall address-list
add address=202.119.80.0/24 disabled=no list=edu
/ip firewall mangle
add action=mark-routing chain=prerouting comment=edu disabled=no \
dst-address-list=edu in-interface=lan new-routing-mark=edu passthrough=\
yes
add action=mark-routing chain=prerouting comment="3" disabled=no \
dst-address-list=!edu in-interface=lan new-routing-mark=R3 passthrough=\
yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting comment="2" disabled=no \
dst-address-list=!edu in-interface=lan new-routing-mark=R2 passthrough=\
yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="1" disabled=no \
dst-address-list=!edu in-interface=lan new-routing-mark=R1 passthrough=\
yes src-address=192.168.100.0/24
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 \
to-addresses=180.111.40.1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3 \
to-addresses=180.109.252.1
add action=src-nat chain=srcnat disabled=no dst-address-list=edu \
out-interface=edu routing-mark=edu to-addresses=192.168.1.6
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 \
to-addresses=180.109.252.1
add action=dst-nat chain=dstnat comment="" disabled=no \
dst-address=192.168.1.6 dst-port=80 in-interface=edu protocol=tcp \
to-addresses=192.168.3.2 to-ports=80
/ip route
add comment=edu disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=edu scope=30 target-scope=10
add comment=3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 \
routing-mark=R3 scope=30 target-scope=10
add comment=1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 \
routing-mark=R1 scope=30 target-scope=10
add comment=2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 \
routing-mark=R2 scope=30 target-scope=10
add comment=default disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out1 scope=30 target-scope=10
策略没有做好,你这是光钎+adsl 知道没做好啊,就是不知道错在哪! 自己找出问题答案,发在下面
/ip firewall mangle
add action=mark-routing chain=prerouting comment=edu disabled=no \
dst-address-list=edu new-routing-mark=EDU passthrough=no
add action=mark-routing chain=prerouting disabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
new-routing-mark=R3 passthrough=yes src-address=192.168.3.0/25
add action=mark-routing chain=prerouting disabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
new-routing-mark=R2 passthrough=yes src-address=192.168.3.128/25
add action=mark-routing chain=prerouting disabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
new-routing-mark=R2 passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting disabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
new-routing-mark=R2 passthrough=yes src-address=192.168.4.0/24
add action=mark-routing chain=preroutingdisabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
new-routing-mark=R1 passthrough=yes src-address=192.168.100.0/24
add action=mark-routing chain=prerouting comment=wan1 disabled=no \
dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan1 \
new-routing-mark=R1 passthrough=yes src-address=192.168.101.0/24
passthrough=no或者yes,竟然这么重要啊
除些之外,对于局域网数据,不要做magle,也就是目标地址是192.168.0.0/16 的不要做标记
页:
[1]