|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?注册
×
本帖最后由 zooyo 于 2011-2-9 20:22 编辑
看大坛友讨论比较激烈。还有哥们吵了起来,真是伤和气。
先发规则,脚本。
/ip firewall mangle
add action=jump chain=prerouting comment=adsl_bonding disabled=no dst-port=80,81,82,8080 jump-target=bonding protocol=tcp src-address=192.168.0.0/16
add action=jump chain=prerouting comment="" disabled=no jump-target=bonding src-address-list=other_list
add action=mark-connection chain=bonding comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=adsl1conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-routing chain=bonding comment="" connection-mark=adsl1conn disabled=no in-interface=LAN new-routing-mark=main passthrough=yes
add action=mark-connection chain=bonding comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=adsl2conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-routing chain=bonding comment="" connection-mark=adsl2conn disabled=no in-interface=LAN new-routing-mark=main passthrough=yes
add action=mark-connection chain=bonding comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=adsl3conn passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=bonding comment="" connection-mark=adsl3conn disabled=no in-interface=LAN new-routing-mark=main passthrough=yes
要让哪走上行就new-routing-mark=main 到哪,当然vpn也行。按常规方式添加VPN网关(vpn服务器是要未做NAT伪装的)。
/ip firewall nat
add action=src-nat chain=srcnat comment=ADSL1 connection-mark=adsl1conn disabled=yes src-address=192.168.0.0/16 to-addresses=121.69.45.22
add action=src-nat chain=srcnat comment=ADSL2 connection-mark=adsl2conn disabled=yes src-address=192.168.0.0/16 to-addresses=121.71.114.11
add action=src-nat chain=srcnat comment=ADSL3 connection-mark=adsl3conn disabled=yes src-address=192.168.0.0/16 to-addresses=121.69.47.21
add action=src-nat chain=srcnat comment="" disabled=yes src-address=192.168.0.0/16 to-addresses=221.219.144.111
虽然mark-routing 到了指定的线路,但src-nat 伪装到了ADSL线路IP,回来的数据(下载)就通过ADSL返回了,连接正常建立,当然也就不会断线。
:local curaddress
:local newaddress
:local status
:local x
:set x 3
:for i from=1 to=$x do={
:set status [/interface get [/interface find name=("pppoe-out" . $i)] running]
:if ($status=true) do={
:set newaddress [/ip address get [/ip address find dynamic=yes interface=("pppoe-out" . $i)] address ]
:set newaddress [:pick $newaddress 0 [:find $newaddress "/"]]
:set curaddress [ /ip firewall nat get [/ip firewall nat find comment=("ADSL" . $i)] to-addresses ]
:if ($curaddress != $newaddress) do={
/ip firewall nat set [ /ip firewall nat find comment=("ADSL" . $i) ] to-addresses=$newaddress
:log info ("Change ADSL" . $i . " NAT IP" )
}
}
}
自动修改 NAT ip脚本 注意 comment=ADSL1 这样的格式。
不是所有运营商都会不检测源地址是否合法,具体能否这样成功应用,自己测。
|
|