新人第一贴，有关部分常识及动态切换线路icmp掉线的问题

everest79 · 发表于 2007-1-21 17:16:26

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？注册

×

各位好，这是我在本论坛发的第一篇贴子，由于是初学，有着众多问题可能让大家扔鸡蛋，不过为避免在同一问题上做第二次小白，请您将解决方法或致错因素也扔给我，在此谢了

好了，转入正题，观摩学习了论坛大量贴子后我参考以下内容:

host2318的 [双线不同网关分流教程]
专卖精品等高手在 [光纤用户使用NAT方式多还是使用masquerade方式的多] 中的讨论
wwjun的 [双网关按源地址动态稳固分流]
bow在 [关于ros限速] 中的回答

做了一个自已的路由routeros2.9.27，忘了说，路由也是打置顶贴子里下载的，感谢loverouter感谢routerclub.con感谢CCTV
路由也按照我的设想实现了:

1.识别接入IP并分配相应网关 192.168.1.146-147 to 192.168.111.1 ; 192.168.1.148-149 to 192.168.222.1
2.模拟静态SRC NAT转发
3.识别网关通路并动态切换网关并修改SRC NAT地址源
4.针对IP地址集合进行不同要求限速

但我在使用当中发现线路切换&3后http访问正常但部分软件就会掉线，例如ping(icmp)，看以前的贴子QQ也会掉，所以想请教具体原因及解决方法
同时线路切换后我将当前的icmp连接清除后ping会恢复正常，QQ没条件测试
若我想在线路切换的同时删除icmp或某个特征连接，脚本应如何写？
再，假设以上脚本可行，如何识别只删除切换了网关的接入IP icmp连接(路由标识或连接标记+当前协议？)

按以下配置:
网关192.168.222.1掉线后
192.168.1.146 ping(icmp) www.163.com gateway 192.168.111.1 保留
192.168.1.168 ping(icmp) www.163.com gateway 192.168.222.1 删除

再问wwjun的 [双网关按源地址动态稳固分流]中通过nth来分辨新连接的奇偶，具体算法是什么？passthrough的作用又是什么？

最后请教ROS使用了大量脚本对性能有多大影响？较高配置（2.0+/1G/ATA）能否抵消这些影响？

以下是我路由的配置
RouterOS 2.9.27

/ interface ethernet
set ether1 name="ether1_LAN"
set ether2 name="ether2_WAN1"
set ether3 name="ether3_WAN2"
/ ip address
add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=ether1_LAN comment="LAN" disabled=no
add address=192.168.111.110/24 network=192.168.111.0 broadcast=192.168.111.255 \
interface=ether2_WAN1 comment="WAN1" disabled=no
add address=192.168.222.110/24 network=192.168.222.0 broadcast=192.168.222.255 \
interface=ether3_WAN2 comment="WAN2" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.1.146/31 action=mark-routing \
new-routing-mark=10 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.1.148/31 action=mark-routing \
new-routing-mark=20 passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat routing-mark=10 action=src-nat to-addresses=192.168.111.110 \
to-ports=0-65535 comment="wan1" disabled=no
add chain=srcnat routing-mark=20 action=src-nat to-addresses=192.168.111.110 \
to-ports=0-65535 comment="wan2" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.111.1 scope=255 target-scope=10 \
routing-mark=10 comment="wan1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.111.1 scope=255 target-scope=10 \
routing-mark=20 comment="wan2" disabled=no
/ system script
add name="wan1up" source="/ip route set wan1 gateway=192.168.111.1 \n/ip fir nat set wan1 to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1down" source="/ip route set wan1 gateway=192.168.222.1 \n/ip fir nat set wan1 to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2up" source="/ip route set wan2 gateway=192.168.222.1 \n/ip fir nat set wan2 to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2down" source="/ip route set wan2 gateway=192.168.111.1 \n/ip fir nat set wan2 to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
/ tool netwatch
add host=192.168.111.1 timeout=30ms interval=1s up-script=wan1up \
down-script=wan1down comment="" disabled=no
add host=192.168.222.1 timeout=30ms interval=1s up-script=wan2up \
down-script=wan2down comment="" disabled=no
/ queue simple
add name="queueA" target-addresses=192.168.1.146/32,192.168.1.147/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=64000/200000 \
burst-limit=128000/400000 burst-threshold=64000/180000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
disabled=no
add name="queueB" target-addresses=192.168.1.148/32,192.168.1.149/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
disabled=yes

复制代码

everest79 · 发表于 2007-1-21 19:41:07

如果我修改/route与/system script两个地方的代码不知是否可行

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.111.1;192.168.222.1 scope=255 target-scope=10 \
comment="wan" disabled=no

/ system script
add name="wan1up" source="/ip fir nat set wan1  to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1down" source="/ip fir nat set wan1  to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2up" source="/ip fir nat set wan2  to-
addresses=192.168.222.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2down" source="/ip fir nat set wan2  to-
addresses=192.168.111.110" \
policy=ftp,reboot,read,write,policy,test,winbox,password

[ 本帖最后由 everest79 于 2007-1-21 19:43 编辑 ]

everest79 · 发表于 2007-1-21 21:45:18

各位老大，回贴呀，我这等着类

everest79 · 发表于 2007-1-24 02:23:39

两动态ip+1静态ip 3网关分流+自动切换

/ interface ethernet
set ether1 name="ether1_LAN"
set ether2 name="ether2_WAN1"
set ether3 name="ether3_WAN2"
set ether4 name="ether4_WAN3"
/ interface pppoe-client
add name="pppoe-out1" max-mtu=1480 max-mru=1480 interface=ether2_WAN1 \
user="adsl01" password="123456" profile=default service-name="" ac-name="" \
add-default-route=no dial-on-demand=no use-peer-dns=yes \
allow=pap,chap,mschap1,mschap2 disabled=no
add name="pppoe-out2" max-mtu=1480 max-mru=1480 interface=ether3_WAN2 \
user="adsl02" password="654321" profile=default service-name="" ac-name="" \
add-default-route=no dial-on-demand=no use-peer-dns=yes \
allow=pap,chap,mschap1,mschap2 disabled=yes
/ ip address
add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=ether1_LAN comment="added by setup" disabled=no
add address=15.12.11.1/32 network=15.12.11.1 broadcast=15.12.11.1 \
interface=ether3_WAN2 comment="" disabled=yes
add address=15.12.11.2/24 network=15.12.11.0 broadcast=15.12.11.255 \
interface=ether1_LAN comment="wan" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=10 comment="wan1" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=20 comment="wan2" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.100.186 scope=255 target-scope=10 \
routing-mark=30 comment="wan3" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.1.146/31 action=mark-routing \
new-routing-mark=10 passthrough=yes comment="wan1" disabled=no
add chain=prerouting src-address=192.168.1.148/31 action=mark-routing \
new-routing-mark=20 passthrough=yes comment="wan2" disabled=no
add chain=prerouting src-address=192.168.1.150/31 action=mark-routing \
new-routing-mark=30 passthrough=yes comment="wan3" disabled=no
/ ip firewall nat
add chain=srcnat routing-mark=10 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan1" disabled=no
add chain=srcnat routing-mark=20 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan2" disabled=no
add chain=srcnat routing-mark=30 action=src-nat to-addresses=192.168.100.184 \
to-ports=0-65535 comment="wan3" disabled=no
/ system script
\n/ip firewall nat set \="/ip route set wan1 gateway=\$wan1
\n/system scheduler dis wan1stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \2" source=":set chw1 \$wan2
\n:if $\[/tool netwatch get wan3 $ do={
\n:set chw1 \$src3} else={
\n/ip route set \disable wan1}
\n/ip \ip route find dst-address=0.0.0.0/0 gateway=\$wan1\] gateway=\$chw1
firewall nat set \[/ip firewall nat find action=src-nat to-addresses=\$src1\] \
\n/system scheduler enable wan1stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n/ip firewall nat set \="/ip route set wan2 gateway=\$wan2
\n/system scheduler dis wan2stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \3" source=":set chw2 \$wan3
\n:if $\[/tool netwatch get wan1 $ do={
\n:set chw2 \$src1} else={
\n/ip route set \disable wan2}
\n/ip \ip route find dst-address=0.0.0.0/0 gateway=\$wan2\] gateway=\$chw2
firewall nat set \[/ip firewall nat find action=src-nat to-addresses=\$src2\] \
\n/system scheduler enable wan2stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n/ip firewall nat set \="/ip route set wan3 gateway=\$wan3
\n/system scheduler disable wan3stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool \1" source=":set chw3 \$wan1
\n:if $\[/tool netwatch get wan2 $ do={
\n:set chw3 \$src2} else={
\n/ip route set \[/ip route find \
\n/ip firewall nat set \0 gateway=\$wan3\] gateway=\$chw3
\[/ip firewall nat find action=src-nat to-addresses=\$src3\] \
\n/system scheduler enable wan3stat" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:global src3 \n" source=":global wan3 15.12.11.1
\n:global wan2 \one0.0.1
\n:global src1 \one
\n:global chs2 \55.0.0.1
\n:global \pp2 none
\n/tool netwatch disable \
\n/tool netwatch set wan3 host=\$wan3 \
\n/system scheduler enable \an1stat
\n" \stem scheduler enable wan3stat
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan1stat" source="/interface pppoe-client monitor pppoe-out1 once \
\n:set wan1 \[/ip \nnected"\) do={
\n:set src1 \et \[/ip address find interface=pppoe-out1\] network\]
\n/tool \ route get \[/ip route find dst-address=\$wan1\] pref-src\]
\n/tool \10h set wan1 host=\$wan1 disabled=no
netwatch enable wan1}" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="wan2stat" source="/interface pppoe-client monitor pppoe-out2 once \
\n:set wan2 \[/ip \nnected"\) do={
\n:set src2 \et \[/ip address find interface=pppoe-out2\] network\]
\n/tool \ route get \[/ip route find dst-address=\$wan2\] pref-src\]
\n/tool \10h set wan2 host=\$wan2 disabled=no
netwatch enable wan2}" \
policy=ftp,reboot,read,write,policy,test,winbox,password
\n:if \(\[/tool netwatch get wan1 \pc 0
\n:if $\[/tool netwatch get wan2 \$tmpc+1$}
\n/tool \$tmpc>0\) do={set tmpc $\$tmpc+1$}
\n}" \ay 20h enable wan3
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="local886" source=":set ppp2 \$status" \
policy=ftp,reboot,read,write,policy,test,winbox,password
/ system scheduler
add name="startup" on-event=autorun start-time=startup interval=0s \
comment="autorun" disabled=no
add name="startup1" on-event=wan1stat start-time=startup interval=0s comment="" \
disabled=no
add name="startup2" on-event=wan2stat start-time=startup interval=0s comment="" \
disabled=no
add name="wan1stat" on-event=wan1stat start-date=jan/01/1970 start-time=00:00:00 \
interval=10s comment="wan1stat" disabled=yes
add name="wan2stat" on-event=wan2stat start-date=jan/01/1970 start-time=00:00:00 \
interval=10s comment="wan2stat" disabled=no
add name="wan3stat" on-event=wan3stat start-date=jan/01/1970 start-time=00:00:00 \
interval=20s comment="wan3stat" disabled=no
/ queue simple
add name="queueA" target-addresses=192.168.1.146/32,192.168.1.147/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=64000/200000 \
burst-limit=128000/400000 burst-threshold=64000/180000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=yes
add name="queueB" target-addresses=192.168.1.148/32,192.168.1.149/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=no
add name="queueC" target-addresses=192.168.1.150/32,192.168.1.151/32 \
dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=128000/256000 \
burst-limit=256000/512000 burst-threshold=100000/200000 burst-time=3s/10s \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat disabled=yes
/ tool netwatch
add host=192.168.100.186 timeout=30ms interval=1s up-script=wan1up \
down-script=wan1down comment="wan1" disabled=no
add host=192.168.100.188 timeout=30ms interval=1s up-script=wan2up \
down-script=wan2down comment="wan2" disabled=no
add host=15.12.11.1 timeout=30ms interval=1s up-script=wan3up down-script=wan3down \
comment="wan3" disabled=no

复制代码

ssffzz1 · 发表于 2007-1-24 09:57:29

因为ICMP不使用重传机制,这样一旦丢包就发现了.而别的协议也丢包,但有重传机制,所以就看不出来,你可以抓包看看.

everest79 · 发表于 2007-1-24 15:12:06

谢谢ssffzz1的回答

账号		自动登录	找回密码
密码			注册

[其它] 新人第一贴，有关部分常识及动态切换线路icmp掉线的问题

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。