找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 3335|回复: 7

[其它] ROS在比较复杂的网络环境里

[复制链接]
发表于 2004-12-20 09:47:53 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
看到大家大多讨论的是ros在网吧里的应用,偶公司的网络环境相对来讲复杂一点,偶做了个ROS调试了N久,在坛子里也看到不少高手的高论使偶受益非浅,所以偶把偶的东东贴出来给大家PP,也顺便打击那些认为软件路由器不如硬件路由器好的同志们,偶认为如果我有那么丰富的接口的话那些硬件路由器也就没有什么优势了。1。硬件配置

QUOTE
C566、128M、4G、rel8139×1
2。软件配置

QUOTE
/ interface ethernet set ether1 name="ether1" mtu=1500 arp=enabled disable-running-check=yes \    auto-negotiation=yes full-duplex=yes long-cable=no speed=100Mbps \    disabled=no / interface bridge port set ether1 bridge=none / interface l2tp-server server set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1,chap,pap \    default-profile=default / interface pptp-server server set enabled=yes mtu=1460 mru=1460 authentication=mschap2,mschap1,chap,pap \    default-profile=default / interface prism aaa set use-radius=no / ip pool add name="vpn1" ranges=172.16.1.1-172.16.1.50 / ip telephony region / ip telephony gatekeeper set gatekeeper=none remote-id="" remote-address=0.0.0.0 / ip telephony aaa set use-radius-accounting=no interim-update=0s / ip telephony codec move G.711-uLaw-64k/sw move G.711-ALaw-64k/sw move G.729A-8k/sw move G.729-8k/sw move G.723.1-6.3k/sw move GSM-06.10-13.2k/sw move LPC-10-2.5k/sw / ip accounting set enabled=no threshold=256 / ip accounting web-access set accessible-via-web=no address=0.0.0.0/0 / ip address add address=132.63.2.252/24 network=132.63.2.0 broadcast=132.63.2.255 \    interface=ether1 comment="" disabled=no add address=10.19.42.146/24 network=10.19.42.0 broadcast=10.19.42.255 \    interface=ether1 comment="" disabled=no / ip arp / ip dns set primary-dns=132.63.2.251 secondary-dns=0.0.0.0 / ip firewall set input name="input" policy=accept comment="" set forward name="forward" policy=accept comment="" set output name="output" policy=accept comment="" / ip firewall rule forward add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:135-139 out-interface=all protocol=tcp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:135-139 out-interface=all protocol=udp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=all \    icmp-options=any:any tcp-options=any connection-state=established flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=accept log=no comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=icmp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=yes / ip firewall rule input add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:135-139 out-interface=all protocol=udp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=0.0.0.0/0:135-139 out-interface=all protocol=tcp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all dst-address=0.0.0.0/0:445 \    out-interface=all protocol=tcp icmp-options=any:any tcp-options=any \    connection-state=any flow="" connection="" content="" \    src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0 \    limit-time=0s action=drop log=no comment="" disabled=no add src-address=0.0.0.0/0:20561 in-interface=all \    dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=udp \    icmp-options=any:any tcp-options=any connection-state=any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=drop log=no comment="" disabled=no / ip firewall rule output add src-address=0.0.0.0/0:5678 in-interface=all dst-address=0.0.0.0/0:0-65535 \    out-interface=all protocol=udp icmp-options=any:any tcp-options=any \    connection-state=any flow="" connection="" content="" \    src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0 \    limit-time=0s action=drop log=no comment="" disabled=no / ip firewall dst-nat add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=132.63.2.252/32:80 protocol=tcp icmp-options=any:any flow="" \    connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0 \    limit-burst=0 limit-time=0s action=nat to-dst-address=10.203.37.6 \    to-dst-port=80 comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=132.63.2.252/32:5016 protocol=tcp icmp-options=any:any \    flow="" connection="" content="" src-mac-address=00:00:00:00:00:00 \    limit-count=0 limit-burst=0 limit-time=0s action=nat \    to-dst-address=10.77.32.114 to-dst-port=5018 comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=132.63.2.252/32:7800 protocol=tcp icmp-options=any:any \    flow="" connection="" content="" src-mac-address=00:00:00:00:00:00 \    limit-count=0 limit-burst=0 limit-time=0s action=nat \    to-dst-address=10.77.32.42 to-dst-port=7800 comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=132.63.2.252/32:7810 protocol=tcp icmp-options=any:any \    flow="" connection="" content="" src-mac-address=00:00:00:00:00:00 \    limit-count=0 limit-burst=0 limit-time=0s action=nat \    to-dst-address=10.77.32.43 to-dst-port=7800 comment="" disabled=no add src-address=0.0.0.0/0:0-65535 in-interface=all \    dst-address=132.63.2.252/32:7820 protocol=tcp icmp-options=any:any \    flow="" connection="" content="" src-mac-address=00:00:00:00:00:00 \    limit-count=0 limit-burst=0 limit-time=0s action=nat \    to-dst-address=10.77.32.44 to-dst-port=7800 comment="" disabled=no / ip firewall service-port set ftp ports=21 disabled=no set pptp disabled=no set gre disabled=no set h323 disabled=no set mms disabled=no set irc ports=6667 disabled=no set quake3 disabled=no / ip firewall src-nat add src-address=134.48.0.0/16:0-65535 dst-address=0.0.0.0/0:0-65535 \    out-interface=all protocol=all icmp-options=any:any flow="" connection="" \    content="" limit-count=0 limit-burst=0 limit-time=0s action=masquerade \    to-src-address=0.0.0.0 to-src-port=0-65535 comment="" disabled=no add src-address=132.63.2.0/24:0-65535 dst-address=0.0.0.0/0:0-65535 \    out-interface=all protocol=all icmp-options=any:any flow="" connection="" \    content="" limit-count=0 limit-burst=0 limit-time=0s action=masquerade \    to-src-address=0.0.0.0 to-src-port=0-65535 comment="" disabled=no add src-address=172.16.1.0/24:0-65535 dst-address=0.0.0.0/0:0-65535 \    out-interface=all protocol=all icmp-options=any:any flow="" connection="" \    content="" limit-count=0 limit-burst=0 limit-time=0s action=masquerade \    to-src-address=0.0.0.0 to-src-port=0-65535 comment="" disabled=no add src-address=10.19.4.0/24:0-65535 dst-address=0.0.0.0/0:0-65535 \    out-interface=all protocol=all icmp-options=any:any flow="" connection="" \    content="" limit-count=0 limit-burst=0 limit-time=0s action=masquerade \    to-src-address=0.0.0.0 to-src-port=0-65535 comment="" disabled=no / ip neighbor discovery set ether1 discover=yes / ip route add dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=132.63.2.1 \    distance=1 comment="" disabled=no add dst-address=10.19.4.0/24 preferred-source=0.0.0.0 gateway=132.63.2.254 \    distance=1 comment="" disabled=no add dst-address=10.77.32.0/24 preferred-source=0.0.0.0 gateway=10.19.42.1 \    distance=1 comment="" disabled=no add dst-address=134.48.0.0/16 preferred-source=0.0.0.0 gateway=132.63.2.254 \    distance=1 comment="" disabled=no add dst-address=10.15.42.0/24 preferred-source=0.0.0.0 gateway=10.19.42.1 \    distance=1 comment="" disabled=no / ip service set telnet port=23 address=0.0.0.0/0 disabled=no set ftp port=21 address=0.0.0.0/0 disabled=no set www port=8080 address=0.0.0.0/0 disabled=no set hotspot port=8088 address=0.0.0.0/0 disabled=no set ssh port=22 address=0.0.0.0/0 disabled=no set hotspot-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes / ip policy-routing / ip policy-routing rule add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow="" interface=all \    action=lookup table=main comment="" disabled=no / ip policy-routing table main add dst-address=0.0.0.0/0 gateway=132.63.2.1 preferred-source=0.0.0.0 \    comment="" disabled=no add dst-address=10.19.4.0/24 gateway=132.63.2.254 preferred-source=0.0.0.0 \    comment="" disabled=no add dst-address=10.77.32.0/24 gateway=10.19.42.1 preferred-source=0.0.0.0 \    comment="" disabled=no add dst-address=134.48.0.0/16 gateway=132.63.2.254 preferred-source=0.0.0.0 \    comment="" disabled=no add dst-address=10.15.42.0/24 gateway=10.19.42.1 preferred-source=0.0.0.0 \    comment="" disabled=no / ip upnp set enabled=no / ip dhcp-client set enabled=no host-name="" client-id="" add-default-route=yes \    use-peer-dns=yes / ip dns-cache set enabled=no size=256 primary-server=0.0.0.0 secondary-server=0.0.0.0 \    reset-interval=12h / ip hotspot set use-ssl=no hotspot-address=0.0.0.0 dns-name="" status-autorefresh=1m \    universal-proxy=yes auth-mac=no auth-mac-password=no auth-http-cookie=no \    http-cookie-lifetime=1d allow-unencrypted-passwords=no \    split-user-domain=no / ip hotspot profile set default name="default" session-timeout=0s idle-timeout=0s only-one=yes \    tx-bit-rate=0 rx-bit-rate=0 incoming-filter="" outgoing-filter="" \    mark-flow="" login-method=smart keepalive-timeout=2m / ip hotspot user add name="1860" password="1861" address=0.0.0.0 mac-address=00:00:00:00:00:00 \    profile=default routes="" limit-uptime=0s limit-bytes-in=0 \    limit-bytes-out=0 comment="" disabled=no / ip hotspot aaa set use-radius=no accounting=yes interim-update=0s / ip hotspot universal service-port set ftp ports=21 disabled=no / ip ipsec proposal add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \    lifebytes=0 pfs-group=modp1024 disabled=no / ip web-proxy set enabled=yes address=0.0.0.0:3128 hostname="proxy" transparent-proxy=yes \    parent-proxy=10.19.4.68:3128 cache-administrator="zhaokun@1860.com" \    max-object-size="40960 kB" max-cache-size=unlimited / ip web-proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-port=!443 url="" \    method=connect action=deny comment="allow CONNECT only to SSL ports 443 \    \[https\] and 563 \[snews\]" disabled=yes add src-address=132.63.2.200/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.171/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.143/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.101/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.88/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.90/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=132.63.2.94/32 dst-address=0.0.0.0/0 dst-port="" url="" \    method=any action=allow comment="" disabled=no add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-port="" url="" method=any \    action=deny comment="" disabled=no / ip web-proxy cache add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-port="" url="cgi-bin \\?" \    method=any action=deny comment="don't cache dynamic http pages" \    disabled=no / ip web-proxy direct add src-address=0.0.0.0/0 dst-address=10.77.40.0/24 dst-port=!0 url="" \    method=any action=allow comment="" disabled=no add src-address=0.0.0.0/0 dst-address=132.63.2.0/24 dst-port=!0 url="" \    method=any action=allow comment="" disabled=no add src-address=0.0.0.0/0 dst-address=10.19.85.0/24 dst-port=!0 url="" \    method=any action=allow comment="" disabled=no add src-address=0.0.0.0/0 dst-address=10.203.27.0/24 dst-port=!0 url="" \    method=any action=allow comment="" disabled=no / system identity set name="CSCRouter" / system logging set default-remote-address=132.63.2.251 default-remote-port=514 \    buffer-lines=100 / system logging facility set Firewall-Log logging=remote remote-address=0.0.0.0 remote-port=0 \    prefix="" echo=no set PPP-Account logging=local prefix="" echo=no set PPP-Info logging=local prefix="" echo=no set PPP-Error logging=local prefix="" echo=no set System-Info logging=local prefix="" echo=no set System-Error logging=local prefix="" echo=no set System-Warning logging=local prefix="" echo=no set Telephony-Info logging=local prefix="" echo=no set Telephony-Error logging=local prefix="" echo=no set Prism-Info logging=local prefix="" echo=no set Web-Proxy-Access logging=remote remote-address=0.0.0.0 remote-port=0 \    prefix="" echo=no set ISDN-Info logging=local prefix="" echo=no set Hotspot-Account logging=local prefix="" echo=no set Hotspot-Info logging=local prefix="" echo=no set Hotspot-Error logging=local prefix="" echo=no set IPsec-Event logging=local prefix="" echo=no set IKE-Event logging=local prefix="" echo=no set IPsec-Warning logging=local prefix="" echo=no set System-Echo logging=local prefix="" echo=yes set OSPF-Info logging=local prefix="" echo=no / system serial-console set enabled=yes port=serial0 / system gps set enabled=no set-system-time=yes / system lcd set enabled=no type=powertip / system lcd page set time display-time=5s disabled=yes set resources display-time=5s disabled=yes set uptime display-time=5s disabled=yes set packets display-time=5s disabled=yes set bits display-time=5s disabled=yes set version display-time=5s disabled=yes set ether1 display-time=5s disabled=yes / system ups set enabled=no off-line-time=5m min-run-time=5m alarm-setting=immediate \    rtc-alarm-setting=none / system ntp client set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0 / system ntp server set enabled=no broadcast=no multicast=no manycast=yes / port set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1 \    flow-control=hardware set serial1 name="serial1" baud-rate=9600 data-bits=8 parity=none stop-bits=1 \    flow-control=hardware / ppp profile add name="default" local-address=0.0.0.0 remote-address=0.0.0.0 \    session-timeout=0s idle-timeout=0s use-compression=no \    use-vj-compression=no use-encryption=no require-encryption=no only-one=no \    tx-bit-rate=0 rx-bit-rate=0 incoming-filter="" outgoing-filter="" \    wins-server="" add name="vpn1" local-address=172.16.1.1 remote-address=vpn1 \    session-timeout=0s idle-timeout=0s use-compression=yes \    use-vj-compression=yes use-encryption=yes require-encryption=yes \    only-one=no tx-bit-rate=0 rx-bit-rate=0 incoming-filter="" \    outgoing-filter="" wins-server=0.0.0.0 / ppp secret add name="1860" service=pptp caller-id="" password="18601861" profile=vpn1 \    local-address=0.0.0.0 remote-address=0.0.0.0 routes="" comment="" \    disabled=no / ppp aaa set use-radius=no accounting=yes interim-update=0s / user add name="zhaokun" group=full address=132.63.2.0/24 comment="" disabled=no / user group add name="read" policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,w\    eb add name="write" policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,w\    eb add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web / user aaa set use-radius=no accounting=yes interim-update=0s default-group=read / driver / snmp set enabled=no contact="" location="" / snmp community set public name="public" address=0.0.0.0/0 read-access=yes / queue type set default name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 \    red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 \    sfq-perturb=5 sfq-allot=1514 set ethernet-default name="ethernet-default" kind=pfifo bfifo-limit=15000 \    pfifo-limit=50 red-limit=60 red-min-threshold=10 red-max-threshold=50 \    red-burst=20 sfq-perturb=5 sfq-allot=1514 set wireless-default name="wireless-default" kind=sfq bfifo-limit=15000 \    pfifo-limit=50 red-limit=60 red-min-threshold=10 red-max-threshold=50 \    red-burst=20 sfq-perturb=5 sfq-allot=1514 set synchronous-default name="synchronous-default" kind=red bfifo-limit=15000 \    pfifo-limit=50 red-limit=60 red-min-threshold=10 red-max-threshold=50 \    red-burst=20 sfq-perturb=5 sfq-allot=1514 / tool bandwidth-server set enabled=no authenticate=yes allocate-udp-ports-from=2000 max-sessions=10 / tool mac-server ping set enabled=yes / tool sniffer set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 \    streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes \    filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \    filter-address2=0.0.0.0/0:0-65535 / tool e-mail set server=132.63.2.100 from="zhaokun@1860.com" / routing bgp set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no \    redistribute-connected=no redistribute-rip=no redistribute-ospf=no / routing ospf set router-id=0.0.0.0 distribute-default=never redistribute-connected=no \    redistribute-static=no redistribute-rip=no redistribute-bgp=no \    metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \    metric-bgp=20 / routing ospf area set backbone area-id=0.0.0.0 authentication=none disabled=no / routing rip set redistribute-static=no redistribute-connected=no redistribute-ospf=no \    redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 \    metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
3。简单网络结构
______.jpg
routeros
 楼主| 发表于 2004-12-20 10:00:01 | 显示全部楼层
一点说明

QUOTE
图上所示的是我们公司的一个小部分,我所在的是市公司的一个部门 132.63.2.0/242631 到另外一个部门134.48.101.0/24和10.19.85.0/24以及10.203.37.0/242621连接省中心的10.77.40.0/24 3640连接省中心的另外一个部门10.77.32.0/24
routeros
回复

使用道具 举报

发表于 2004-12-20 12:08:59 | 显示全部楼层
兄弟,谢谢哈,辛苦了!希望继续发扬!
routeros
回复

使用道具 举报

发表于 2004-12-20 14:27:33 | 显示全部楼层
谢谢分享!!!支持楼主
routeros
回复

使用道具 举报

发表于 2004-12-21 08:31:51 | 显示全部楼层
看得晕呼呼的,能不能具体讲述一下呀?
routeros
回复

使用道具 举报

发表于 2004-12-21 09:04:41 | 显示全部楼层
真是高手啊
routeros
回复

使用道具 举报

 楼主| 发表于 2004-12-22 11:26:40 | 显示全部楼层
呵呵 自我陶醉了帮主加个精鼓励一下吧
routeros
回复

使用道具 举报

发表于 2004-12-22 16:45:04 | 显示全部楼层
楼主,看的晕乎乎的。能不能把拓扑图中的几个IP地址详细解释一下。还有,你在拓扑里的什么位置?另外,你用的是专线嘛?『其实,你贴出来的配置完全可以简化一下,好多都是空的,只保留有用的部分就行』
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-12-23 13:30 , Processed in 0.060091 second(s), 6 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表