三条动态，一条固定，帮忙查问题在哪，谢谢啦

njalin

四条外线：三条ADSL（动态地址）,一条固定地址（192.168.1.6，网关：192.168.1.1）

一条内线：LAN
192.168.0.9/24:走pppoe-out2
192.168.3.63/24:走pppoe-out3
192.168.100.63/24 :走pppoe-out1
目标地址address-list为202.119.80.0/24的走固定地址

问题：
1、目标地址address-list为202.119.80.0/24的走固定地址不能实现
2、端口影射dst-address=192.168.1.6 dst-port=80  to-addresses=192.168.3.2 to-ports=80不能实现。


配置如下：
/ip address
add address=192.168.0.9/24 disabled=no interface=lan network=192.168.0.0
add address=192.168.3.63/24 disabled=no interface=lan network=192.168.3.0
add address=192.168.100.63/24 disabled=no interface=lan network=192.168.100.0

add address=192.168.1.6/24 disabled=no interface=edu network=192.168.1.0


/ip firewall address-list
add address=202.119.80.0/24 disabled=no list=edu

/ip firewall mangle
add action=mark-routing chain=prerouting comment=edu disabled=no \
    dst-address-list=edu in-interface=lan new-routing-mark=edu passthrough=\
    yes
add action=mark-routing chain=prerouting comment="3" disabled=no \
    dst-address-list=!edu in-interface=lan new-routing-mark=R3 passthrough=\
    yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting comment="2" disabled=no \
    dst-address-list=!edu in-interface=lan new-routing-mark=R2 passthrough=\
    yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="1" disabled=no \
    dst-address-list=!edu in-interface=lan new-routing-mark=R1 passthrough=\
    yes src-address=192.168.100.0/24


/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 \
    to-addresses=180.111.40.1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3 \
    to-addresses=180.109.252.1
add action=src-nat chain=srcnat disabled=no dst-address-list=edu \
    out-interface=edu routing-mark=edu to-addresses=192.168.1.6
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 \
    to-addresses=180.109.252.1

add action=dst-nat chain=dstnat comment="" disabled=no \
    dst-address=192.168.1.6 dst-port=80 in-interface=edu protocol=tcp \
    to-addresses=192.168.3.2 to-ports=80

/ip route
add comment=edu disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 routing-mark=edu scope=30 target-scope=10
add comment=3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 \
    routing-mark=R3 scope=30 target-scope=10
add comment=1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 \
    routing-mark=R1 scope=30 target-scope=10
add comment=2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 \
    routing-mark=R2 scope=30 target-scope=10
add comment=default disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 scope=30 target-scope=10

2980315

策略没有做好，你这是光钎+adsl

njalin

知道没做好啊，就是不知道错在哪！

njalin

自己找出问题答案，发在下面

/ip firewall mangle
add action=mark-routing chain=prerouting comment=edu disabled=no \
    dst-address-list=edu new-routing-mark=EDU passthrough=no
add action=mark-routing chain=prerouting   disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
    new-routing-mark=R3 passthrough=yes src-address=192.168.3.0/25
add action=mark-routing chain=prerouting   disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
    new-routing-mark=R2 passthrough=yes src-address=192.168.3.128/25
add action=mark-routing chain=prerouting   disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
    new-routing-mark=R2 passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting   disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
    new-routing-mark=R2 passthrough=yes src-address=192.168.4.0/24
add action=mark-routing chain=prerouting  disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan \
    new-routing-mark=R1 passthrough=yes src-address=192.168.100.0/24
add action=mark-routing chain=prerouting comment=wan1 disabled=no \
    dst-address=!192.168.0.0/16 dst-address-list=!edu in-interface=lan1 \
    new-routing-mark=R1 passthrough=yes src-address=192.168.101.0/24

njalin

passthrough=no或者yes,竟然这么重要啊

除些之外，对于局域网数据，不要做magle,也就是目标地址是192.168.0.0/16 的不要做标记