dingyl9 发表于 2004-1-3 14:09:36

我用了两块网卡,一块接外网,设置了外网的IP;另一块接内网,设置了内网的IP,网关设置了外网的网关,可内网的电脑就是上不了网,不知是为什么?请知道内情的指教。

sendin2000 发表于 2004-1-3 15:10:51

我也是,RouterOS这款软件不会设置啊!那位能够说说怎样设置的!

dingyl9 发表于 2004-1-3 16:00:30

期待ing

心想事成 发表于 2004-1-3 16:41:48

心想事成 发表于 2004-1-3 16:42:44

Configuring Basic Functions
Working with Interfaces
Before configuring the IP addresses and routes please check the /interface menu to see the list of available interfaces. If you have Plug-and-Play cards installed in the router, it is most likely that the device drivers have been loaded for them automatically, and the relevant interfaces appear on the /interface print list, for example:

interface> print
Flags: X - disabled, D - dynamic, R - running
#    NAME               TYPE             MTU
0R ether1               ether            1500
1R ether2               ether            1500
2R ether3               ether            1500
3R ether4               ether            1500
4R ether5               ether            1500
5R sync1                sync             1500
6R pc1                  pc               1500
7R ether6               ether            1500
8R prism1               prism            1500
interface>

The interfaces need to be enabled, if you want to use them for communications. Use the /interface enable name command to enable the interface with a given name or number, for example:


interface> print
Flags: X - disabled, D - dynamic, R - running
#   NAME               TYPE             MTU
0 Xether1               ether            1500
0 Xether2               ether            1500
interface> enable 0
interface> enable ether2
interface> print
Flags: X - disabled, D - dynamic, R - running
#   NAME               MTU   TYPE
0R ether1               ether            1500
0R ether2               ether            1500
interface>

The interface name can be changed to a more descriptive one by using the /interface set command:


interface> set 0 name=Public
interface> set 1 name=Local
interface> print
Flags: X - disabled, D - dynamic, R - running
#   NAME               MTU   TYPE
0R Public               ether            1500
0R Local                ether            1500
interface>

Use of the 'setup' Command
The initial setup of the router can be done by using the /setup command which enables an interface, assigns an address/netmask to it, and configures the default route. If you do not use the setup command, or need to modify/add the settings for addresses and routes, please follow the steps described below.
Notes
The device drivers for NE2000 compatible ISA cards need to be loaded using the add command under the /drivers menu. For example, to load the driver for a card with IO address 0x280 and IRQ 5, it is enough to issue the command:

driver> add name=ne2k-isa io=0x280
driver> print
Flags: I - invalid, D - dynamic
#   DRIVER                              IRQ IO       MEMORY   ISDN-PROTOCOL
0 D RealTek 8139
1 D Intel EtherExpressPro
2 D PCI NE2000
3   ISA NE2000                            280
4   Moxa C101 Synchronous                              C8000
driver>

There are some other drivers that should be added manually. Please refer to the respective manual sections for the detailed information on how drivers are to be loaded.
Adding Addresses
Assume you need to configure the MikroTik router for the following network setup:


In the current example we use two networks:

The local LAN with network address 192.168.0.0 and 24-bit netmask 255.255.255.0 The router's address is 192.168.0.254 in this network.
The ISP's network with address 10.0.0.0 and 24-bit netmask 255.255.255.0 The router's address is 10.0.0.217 in this network.
The addresses can be added and viewed using the following commands:

ip address> add address 10.0.0.217/24 interface Public
ip address> add address 192.168.0.254/24 interface Local
ip address> print
Flags: X - disabled, I - invalid, D - dynamic
#   ADDRESS            NETWORK         BROADCAST       INTERFACE
0   10.0.0.217/24      10.0.0.217      10.0.0.255      Public
1   192.168.0.254/24   192.168.0.0   192.168.0.255   Local
ip address>

Here, the network mask has been specified in the value of the address argument. Alternatively, the argument 'netmask' could have been used with the value '255.255.255.0'. The network and broadcast addresses were not specified in the input since they could be calculated automatically.

Notes
Please note that the addresses assigned to different interfaces of the router should belong to different networks.
Configuring the Default Route
You can see two dynamic (D) and connected ?routes, which have been added automatically when the addresses were added in the example above:

ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS      G GATEWAY         DISTANCE INTERFACE
    0 DC 192.168.0.0/24   r 0.0.0.0         0      Local
    1 DC 10.0.0.0/24      r 0.0.0.0         0      Public
ip route> print detail
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    0 DC dst-address=192.168.0.0/24 preferred-source=192.168.0.254
         gateway=0.0.0.0 gateway-state=reachable distance=0 interface=Local

    1 DC dst-address=10.0.0.0/24 preferred-source=10.0.0.217 gateway=0.0.0.0
         gateway-state=reachable distance=0 interface=Public

ip route>

These routes show, that IP packets with destination to 10.0.0.0/24 would be sent through the interface Public, whereas IP packets with destination to 192.168.0.0/24 would be sent through the interface Local. However, you need to specify where the router should forward packets, which have destination other than networks connected directly to the router.

Example
In the following example the default route (destination 0.0.0.0, netmask 0.0.0.0) will be added. In this case it is the ISP's gateway 10.0.0.1, which can be reached through the interface Public:

ip route> add gateway=10.0.0.1
ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS      G GATEWAY         DISTANCE INTERFACE
    0S 0.0.0.0/0          r 10.0.0.1      1      Public
    1 DC 192.168.0.0/24   r 0.0.0.0         0      Local
    2 DC 10.0.0.0/24      r 0.0.0.0         0      Public
ip route>

Here, the default route is listed under #0. As we see, the gateway 10.0.0.1 can be reached through the interface 'Public'. If the gateway was specified incorrectly, the value for the argument 'interface' would be unknown.

Notes
You cannot add two routes to the same destination, i.e., destination-address/netmask! It applies to the default routes as well. Instead, you can enter multiple gateways for one destination. For more information on IP routes, please read the relevant topic in the Manual.
If you have added an unwanted static route accidentally, use the remove command to delete the unneeded one. You will not be able to delete dynamic (DC) routes. They are added automatically and represent routes to the networks the router connected directly.

Testing the Network Connectivity
From now on, the /ping command can be used to test the network connectivity on both interfaces. You can reach any host on both connected networks from the router.
Example
In the example below it's seen, hows does ping command work:

ip route> /ping 10.0.0.4
10.0.0.4 64 byte ping: ttl=255 time=7 ms
10.0.0.4 64 byte ping: ttl=255 time=5 ms
10.0.0.4 64 byte ping: ttl=255 time=5 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5/5.6/7 ms
ip route>
ip route> /ping 192.168.0.1
192.168.0.1 64 byte ping: ttl=255 time=1 ms
192.168.0.1 64 byte ping: ttl=255 time=1 ms
192.168.0.1 64 byte ping: ttl=255 time=1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1/1.0/1 ms
ip route>

The workstation and the laptop can reach (ping) the router at its local address 192.168.0.254, If the router's address 192.168.0.254 is specified as the default gateway in the TCP/IP configuration of both the workstation and the laptop, then you should be able to ping the router:


C:>ping 192.168.0.254
Reply from 192.168.0.254: bytes=32 time=10ms TTL=253
Reply from 192.168.0.254: bytes=32 time add action=masquerade out-interface=Public
ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   src-address=0.0.0.0/0:0-65535 dst-address=0.0.0.0/0:0-65535
      out-interface=Public protocol=all icmp-options=any:any flow=""
      connection="" content="" limit-count=0 limit-burst=0 limit-time=0s
      action=masquerade to-src-address=0.0.0.0 to-src-port=0-65535

ip firewall src-nat>

Notes
Please consult the Firewall Manual for more information on masquerading.
Application Example with Bandwidth Management
Mikrotik RouterOS V2.7 offers extensive queue management.
Assume you want to limit the bandwidth to 128kbps on downloads and 64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by applying queues for outgoing interfaces regarding the traffic flow. It is enough to add two queues at the MikroTik router:


queue simple> add interface=Local max-limit=128000
queue simple> add interface=Public max-limit=64000
queue simple> print
Flags: X - disabled, I - invalid, D - dynamic
0   name="queue1" src-address=0.0.0.0/0 dst-address=0.0.0.0/0
      interface=Local limit-at=0 queue=default priority=8 max-limit=128000

1   name="queue2" src-address=0.0.0.0/0 dst-address=0.0.0.0/0
      interface=Public limit-at=0 queue=default priority=8 max-limit=64000

queue simple>

Leave all other parameters as set by default. The limit is approximately 128kbps going to the LAN (download) and 64kbps leaving the client's LAN (upload).

Notes
The queues have been added for the outgoing interfaces regarding the traffic flow.
Please consult the Queues Manual for more information on bandwidth management and queuing.

Application Example with NAT
Assume we have moved the server in our previous examples from the public network to our local one:


The server'would have been s address now is 192.168.0.4, and we are running web server on it that listens to the TCP port 80. We want to make it accessible from the Internet at address:port 10.0.0.217:80. This can be done by means of Static Network Address translation (NAT) at the MikroTik Router. The Public address:port 10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One destination NAT rule is required for translating the destination address and port:


ip firewall dst-nat> add action=nat protocol=tcp
dst-address=10.0.0.217/32:80 to-dst-address=192.168.0.4
ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   src-address=0.0.0.0/0:0-65535 in-interface=all
      dst-address=10.1.0.217/32:80 protocol=tcp icmp-options=any:any flow=""
      src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0
      limit-time=0s action=nat to-dst-address=192.168.0.4 to-dst-port=0-65535

ip firewall dst-nat>

Notes
Please consult the Firewall Manual for more information on NAT.

心想事成 发表于 2004-1-3 16:44:12

http://www.cdnat.com/mikrotik/manual_2.7/Basic/Basic.html#ht63166021

zhyum1 发表于 2004-1-3 20:46:28

我的也是

dingyl9 发表于 2004-1-3 22:55:21

不需要这么麻烦吧?我已经搞好了,其实关键的两步是:
1.在IPRoutesnew route里添加ISP提供的光纤固定IP的网关。
2.在IPFirewallsource nat添加一条新的规则,所有的设置取默认值就行了。
页: [1]
查看完整版本: [问题]用光纤固定IP上网在routeos中怎样设置才能作代理服务?