求助 vrrp 分流
环境:1条pppoe进来 ,给了3个帐号 ,光猫出来1根线 接到24口普通交换机上 交换机上出2根线 一根接ros lan口。一个接wan口 做了vrrp 想实现1个帐号带 PC2台现在做好了在ip address 处可以看到三个外线的IP都获取到了, 客户机配制了IP后。上不了网。在ROS上ping 外网也是不通。
但是更改下 ip route add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=mian check-gateway=ping disabled=no distance=1走主线 不走标记线路。上网什么的都正常可用
但是改回走标记。所有的机子就上不 了网
还有nat 处能不能做内网分流 add action=masquerade chain=srcnat comment=1 disabled=no out-interface=pppoe-out1 src address 192.168.1.1-192.168.1.5分别做3个,行不行。?
在线等回复 QQ:1260647428
规则--------------------------------------
/interface vrrp
add name=vrrp1 disabled=no interface=WAN interval=1 vrid=1
add name=vrrp2 disabled=no interface=WAN interval=1 vrid=2
add name=vrrp3 disabled=no interface=WAN interval=1 vrid=3
/ip address
add address=11.11.11.1/24 disabled=no interface=WAN
add address=11.11.11.11/24 disabled=no interface=vrrp1
add address=11.11.11.12/24 disabled=no interface=vrrp2
add address=11.11.11.13/24 disabled=no interface=vrrp3
/interface pppoe-client
add name=pppoe-out1 interface=vrrp1 user=aaaa password=11111 disabled=no
add name=pppoe-out2 interface=vrrp2 user=bbbb password=22222 disabled=no
add name=pppoe-out3 interface=vrrp3 user=cccc password=33333 disabled=no
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 new-connection-mark=conn_pppoe-out1 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_pppoe-out1 disabled=no new-routing-mark=router_1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_pppoe-out1 disabled=no in-interface=LAN new-routing-mark=router_1 passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 new-connection-mark=conn_pppoe-out2 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_pppoe-out2 disabled=no new-routing-mark=router_2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_pppoe-out2 disabled=no in-interface=LAN new-routing-mark=router_2 passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 new-connection-mark=conn_pppoe-out3 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_pppoe-out3 disabled=no new-routing-mark=router_3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_pppoe-out3 disabled=no in-interface=LAN new-routing-mark=router_3 passthrough=yes
/ip route
add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=router_1 check-gateway=ping disabled=no distance=1
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=router_2 check-gateway=ping disabled=no distance=1
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=router_3 check-gateway=ping disabled=no distance=1
/ip firewall nat
add action=masquerade chain=srcnat comment=1 disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat comment=2 disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat comment=3 disabled=no out-interface=pppoe-out3
-----------------------------------------
本帖最后由 cspm333 于 2016-4-21 14:06 编辑
把vrrp的部份刪掉吧,不需要它.
/interface pppoe-client
add allow=pap interface=WAN max-mru=1492 max-mtu=1492 name=pppoe-out1 password=aaaa user=11111
add allow=pap interface=WAN max-mru=1492 max-mtu=1492 name=pppoe-out2 password=bbbb user=22222
add allow=pap interface=WAN max-mru=1492 max-mtu=1492 name=pppoe-out3 password=cccc user=33333
/ip firewall mangle
add action=accept chain=prerouting src-address=11.11.11.0/24 dst-address=11.11.11.0/24
add action=accept chain=prerouting src-address=11.11.11.0/24 dst-address-type=local
add action=accept chain=output dst-address=11.11.11.0/24
add action=mark-routing chain=prerouting new-routing-mark=route_1 \
per-connection-classifier=src-address-and-port:3/0 src-address=11.11.11.0/24 passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=route_2 \
per-connection-classifier=src-address-and-port:3/1 src-address=11.11.11.0/24 passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=route_3 \
per-connection-classifier=src-address-and-port:3/2 src-address=11.11.11.0/24 passthrough=no
add action=mark-routing chain=output new-routing-mark=route_1 \
per-connection-classifier=src-port:3/0 passthrough=no
add action=mark-routing chain=output new-routing-mark=route_2 \
per-connection-classifier=src-port:3/1 passthrough=no
add action=mark-routing chain=output new-routing-mark=route_3 \
per-connection-classifier=src-port:3/2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=1 out-interface=pppoe-out1
add action=masquerade chain=srcnat comment=2 out-interface=pppoe-out2
add action=masquerade chain=srcnat comment=3 out-interface=pppoe-out3
/ip route
add comment=0 dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=5
add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=router_1 distance=4
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=router_2 distance=4
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=router_3 distance=4
补充内容 (2016-4-22 08:47):
小弟誤以為您是做PCC ,若只是單純分流在mangle指定:
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=route_1 \
src-address=11.11.11.10-11.11.11.20 passthrough=no
补充内容 (2016-4-22 09:04):
不管您在/ip firewall mangle新增什麼,請將manle範例中前3行action=accept保留並且置頂.
這3行是確保內網連系時不會因標記 將內網封包誤送網際網路(極重要!!) Vrrrp 才是主要的功能。你发的这个不成啊,一线多拨。全部加wan口。IP都获取不到。有联系方式没。 本帖最后由 cspm333 于 2016-4-22 08:50 编辑
http://i.imgur.com/xX1AlYy.png
小弟以為您是做pcc ,已在2樓補充說明.
除mangle外,其餘的不變.
註:
您的router設置了3組pppoe ,您的這3組pppoe理應皆可當網際網路入口.
若只有pppoe1可進入內網 ,另2組則無法...基本上就是port forward沒做好.
也就是沒做到:
pppoe1進,pppoe1出
pppoe2進,pppoe2出
pppoe3進,pppoe3出
若發生pppoe1進出正常,但pppoe2與pppoe3卻無法正常進出.
即代表從pppoe2與pppoe3進入的封包沒標記好,
使得原本該從pppoe2與pppoe3返回的封包卻誤送pppoe1(default route),
讓傳遞發生異常... 学习了....
页:
[1]