返回列表 發帖
167pk

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2014-10-30 14:05 | 只看該作者

Mikrotik QOS script

本帖最後由 167pk 於 2014-11-8 06:30 編輯





預設是
1) 100Mb 寬頻
2) PPPOE 連線
3) VOIP 設備是 OBi202
4) IPTV  設備是 Maige , MiBox, TV
5) VPN server IP Range 是 172.16.2.0/24  & 172.16.3.0/24

下載: QOS script
  1. ######Script Settings#######
  2. :local WANUploadSpeed "100M"
  3. :local WANDownloadSpeed "100M"
  4. :local MAXUploadSpeed "95M"
  5. :local MAXDownloadSpeed "95M"
  6. :local WANInter "pppoe-out1"
  7. ########################

  9. /ip firewall address-list
  10. add address=192.168.88.0/24 list=Internal-Nets
  11. add address=192.168.88.2 comment="OBi202 IP" list=VOIP
  12. add address=172.16.3.0/24 comment="PPTP VPN IP Range" list=VPN-Nets
  13. add address=172.16.2.0/24 comment="L2TP VPN IP Range" list=VPN-Nets
  14. add address=192.168.88.10 comment="TV IP" list=IPTV
  15. add address=192.168.88.11 comment="Maige IPTV IP" list=IPTV
  16. add address=192.168.88.12 comment="MiBox IP" list=IPTV
複製代碼
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊
收藏 分享

167pk

Rank: 1
2#
發表於 2014-10-30 14:06 | 只看該作者
本帖最後由 167pk 於 2014-11-1 07:52 編輯
  1. /ip firewall layer7-protocol
  2. add name=speedtest-servers regexp="^.*(get|GET).+speedtest.*\$"
  3. add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
  4.     rtane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitso\
  5.     up|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
  6. add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demono\
  7.     id|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|\
  8.     fulldls|btbot|fenopy|gpirate|commonbits).*\$"
  9. add name=netflix regexp="^.*(get|GET).+(netflix).*\$"
  10. add name=mp4 regexp="^.*(get|GET).+\\.mp4.*\$"
  11. add name=swf regexp="^.*(get|GET).+\\.swf.*\$"
  12. add name=flv regexp="^.*(get|GET).+\\.flv.*\$"
  13. add name=video regexp="^.*(get|GET).+(\\.3gp|\\.flv|\\.mkv|\\.mp4|netflix|\\.o\
  14.     gv|\\.swf|\\.webm).*\$"
  15. add name=webm regexp="^.*(get|GET).+\\.webm.*\$"
  16. add name=mkv regexp="^.*(get|GET).+\\.mkv.*\$"
  17. add name=3gp regexp="^.*(get|GET).+\\.3gp.*\$"
  18. add name=streaming regexp=videoplayback|video
  19. add name=ogv regexp="^.*(get|GET).+\\.ogv.*\$"

  21. /queue type
  22. add kind=pfifo name=streaming-video-in pfifo-limit=500
  23. add kind=pcq name=games-in-pcq pcq-classifier=dst-address \
  24.     pcq-dst-address6-mask=64 pcq-rate=100k pcq-src-address6-mask=64 \
  25.     pcq-total-limit=750000

  27. /queue tree
  28. add max-limit=$WANDownloadSpeed name=in parent=global queue=default
  29. add max-limit=$WANUploadSpeed name=out parent=global queue=default
  30. add limit-at=500k max-limit=10M name=admin-in packet-mark=admin-in parent=in \
  31.     priority=1 queue=default
  32. add limit-at=500k max-limit=10M name=voip-in packet-mark=voip-in parent=in \
  33.     priority=1 queue=default
  34. add limit-at=500k max-limit=10M name=vpn-in packet-mark=vpn-in parent=in \
  35.     priority=2 queue=default
  36. add limit-at=500k max-limit=$MAXDownloadSpeed name=gaming-in packet-mark=games-in parent=in \
  37.     priority=2 queue=games-in-pcq
  38. add limit-at=5M max-limit=$MAXDownloadSpeed name=IPTV-in packet-mark=IPTV-in parent=in \
  39.     priority=3 queue=default
  40. add limit-at=4M max-limit=$MAXDownloadSpeed name=streaming-video-in packet-mark=\
  41.     streaming-video-in parent=in priority=3 queue=streaming-video-in
  42. add limit-at=500k max-limit=10M name=vpn-server-in packet-mark=vpn-server-in \
  43.     parent=in priority=3 queue=default
  44. add limit-at=3M max-limit=$MAXDownloadSpeed name=http-in packet-mark=http-in parent=in \
  45.     priority=4 queue=default
  46. add max-limit=$MAXDownloadSpeed name=download-in packet-mark=in parent=in queue=default
  47. add limit-at=500k max-limit=10M name=admin-out packet-mark=admin-out parent=\
  48.     out priority=1 queue=default
  49. add limit-at=500k max-limit=10M name=voip-out packet-mark=voip-out parent=out \
  50.     priority=1 queue=default
  51. add limit-at=500k max-limit=$MAXUploadSpeed name=gaming-out packet-mark=games-out parent=\
  52.     out priority=2 queue=default
  53. add limit-at=500k max-limit=10M name=vpn-out packet-mark=vpn-out parent=out \
  54.     priority=2 queue=default
  55. add limit-at=500k max-limit=$MAXUploadSpeed name=IPTV-out packet-mark=IPTV-out parent=out \
  56.     priority=3 queue=default
  57. add limit-at=4M max-limit=$MAXUploadSpeed name=streaming-video-out packet-mark=\
  58.     streaming-video-out parent=out priority=3 queue=default
  59. add limit-at=3M max-limit=$MAXUploadSpeed name=http-out packet-mark=http-out parent=out \
  60.     priority=4 queue=default
  61. add max-limit=$MAXUploadSpeed name=upload-out packet-mark=out parent=out queue=default
  62. add limit-at=500k max-limit=10M name=vpn-server-out packet-mark=\
  63.     vpn-server-out parent=out priority=3 queue=default
複製代碼

TOP

167pk

Rank: 1
3#
發表於 2014-10-30 14:06 | 只看該作者
本帖最後由 167pk 於 2014-11-3 18:18 編輯
  1. /ip firewall mangle
  2. add action=mark-connection chain=prerouting comment=\
  3.     "Internal-Traffic mark-in" dst-address-list=Internal-Nets \
  4.     new-connection-mark=cm-internal-traffic-in src-address-list=Internal-Nets
  5. add action=mark-packet chain=prerouting connection-mark=\
  6.     cm-internal-traffic-in new-packet-mark=internal-traffic passthrough=no
  7. add action=mark-connection chain=postrouting comment=\
  8.     "Internal-Traffic mark-out" dst-address-list=Internal-Nets \
  9.     new-connection-mark=cm-internal-traffic-out src-address-list=\
  10.     Internal-Nets
  11. add action=mark-packet chain=postrouting connection-mark=\
  12.     cm-internal-traffic-out new-packet-mark=internal-traffic passthrough=no
  13. add action=mark-connection chain=forward comment="VPN Server mark-in" \
  14.     dst-address-list=VPN-Nets in-interface=$WANInter new-connection-mark=\
  15.     cm-vpn-server-in
  16. add action=mark-packet chain=forward connection-mark=cm-vpn-server-in \
  17.     new-packet-mark=vpn-server-in passthrough=no
  18. add action=mark-connection chain=postrouting comment="VPN Server mark-out" \
  19.     new-connection-mark=cm-vpn-server-out out-interface=$WANInter \
  20.     src-address-list=VPN-Nets
  21. add action=mark-packet chain=postrouting connection-mark=cm-vpn-server-out \
  22.     new-packet-mark=vpn-server-out passthrough=no
  23. add action=mark-connection chain=forward comment="IPTV mark-in" \
  24.     dst-address-list=IPTV in-interface=$WANInter new-connection-mark=\
  25.     cm-iptv-in
  26. add action=mark-packet chain=forward connection-mark=cm-iptv-in \
  27.     new-packet-mark=IPTV-in passthrough=no
  28. add action=mark-connection chain=postrouting comment="IPTV mark-out" \
  29.     new-connection-mark=cm-iptv-out out-interface=$WANInter \
  30.     src-address-list=IPTV
  31. add action=mark-packet chain=postrouting connection-mark=cm-iptv-out \
  32.     new-packet-mark=IPTV-out passthrough=no
  33. add action=mark-connection chain=prerouting comment="Admin mark-in" \
  34.     in-interface=$WANInter new-connection-mark=cm-admin-in port=53,161 \
  35.     protocol=udp
  36. add action=mark-connection chain=prerouting in-interface=$WANInter \
  37.     new-connection-mark=cm-admin-in port=25,53,110,143,465,587,993,995 \
  38.     protocol=tcp
  39. add action=mark-connection chain=prerouting in-interface=$WANInter \
  40.     new-connection-mark=cm-admin-in port=22-23,3389,5900,8291,8728-8729 \
  41.     protocol=tcp
  42. add action=mark-connection chain=prerouting in-interface=$WANInter \
  43.     new-connection-mark=cm-admin-in protocol=icmp
  44. add action=mark-packet chain=prerouting connection-mark=cm-admin-in \
  45.     new-packet-mark=admin-in passthrough=no
  46. add action=mark-connection chain=postrouting comment="Admin mark-out" \
  47.     new-connection-mark=cm-admin-out out-interface=$WANInter port=53,161 \
  48.     protocol=udp
  49. add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
  50.     out-interface=$WANInter port=25,53,110,143,465,587,993,995 protocol=tcp
  51. add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
  52.     out-interface=$WANInter port=22-23,3389,5900,8291,8728-8729 protocol=tcp
  53. add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
  54.     out-interface=$WANInter protocol=icmp
  55. add action=mark-packet chain=postrouting connection-mark=cm-admin-out \
  56.     new-packet-mark=admin-out passthrough=no
  57. add action=mark-connection chain=prerouting comment="Streaming Video mark-in" \
  58.     in-interface=$WANInter layer7-protocol=video new-connection-mark=\
  59.     cm-streaming-video-in
  60. add action=mark-connection chain=prerouting in-interface=$WANInter \
  61.     layer7-protocol=streaming new-connection-mark=cm-streaming-video-in
  62. add action=mark-connection chain=prerouting in-interface=$WANInter \
  63.     new-connection-mark=cm-streaming-video-in port=554,1935 protocol=tcp
  64. add action=mark-packet chain=prerouting connection-mark=cm-streaming-video-in \
  65.     new-packet-mark=streaming-video-in passthrough=no
  66. add action=mark-connection chain=postrouting comment=\
  67.     "Streaming Video mark-out" layer7-protocol=video new-connection-mark=\
  68.     cm-streaming-video-out out-interface=$WANInter
  69. add action=mark-connection chain=postrouting layer7-protocol=streaming \
  70.     new-connection-mark=cm-streaming-video-out out-interface=$WANInter
  71. add action=mark-connection chain=postrouting new-connection-mark=\
  72.     cm-streaming-video-out out-interface=$WANInter port=554,1935 protocol=\
  73.     tcp
  74. add action=mark-packet chain=postrouting connection-mark=\
  75.     cm-streaming-video-out new-packet-mark=streaming-video-out passthrough=no
  76. add action=mark-connection chain=prerouting comment="http mark-in" \
  77.     connection-bytes=0-512000 in-interface=$WANInter new-connection-mark=\
  78.     cm-http-in port=80,443,8008,8080,8443 protocol=tcp
  79. add action=mark-packet chain=prerouting connection-mark=cm-http-in \
  80.     new-packet-mark=http-in passthrough=no
  81. add action=mark-connection chain=postrouting comment="http mark-out" \
  82.     connection-bytes=0-512000 new-connection-mark=cm-http-out out-interface=\
  83.     $WANInter port=80,443,8008,8080,8443 protocol=tcp
  84. add action=mark-packet chain=postrouting connection-mark=cm-http-out \
  85.     new-packet-mark=http-out passthrough=no
複製代碼

TOP

167pk

Rank: 1
4#
發表於 2014-10-30 14:24 | 只看該作者
本帖最後由 167pk 於 2014-11-1 07:53 編輯
  1. add action=mark-connection chain=prerouting comment="xbox live mark" \
  2.     new-connection-mark=cm-games-in port=3074 protocol=tcp
  3. add action=mark-connection chain=prerouting in-interface=$WANInter \
  4.     new-connection-mark=cm-games-in port=88,3074,3544,4500 protocol=udp
  5. add action=mark-connection chain=prerouting comment="steam mark-in" \
  6.     new-connection-mark=cm-games-in port=27014-27050 protocol=tcp
  7. add action=mark-connection chain=prerouting dst-address-list=Internal-Nets \
  8.     in-interface=$WANInter new-connection-mark=cm-games-in port=\
  9.     4380,28960,27000-27030 protocol=udp
  10. add action=mark-connection chain=prerouting comment="ps3 online mark" \
  11.     new-connection-mark=cm-games-in port=5223 protocol=tcp
  12. add action=mark-connection chain=prerouting in-interface=$WANInter \
  13.     new-connection-mark=cm-games-in port=3478,3479,3658 protocol=udp
  14. add action=mark-connection chain=prerouting comment="wii online mark" \
  15.     new-connection-mark=cm-games-in port=28910,29900-29901,29920 protocol=tcp
  16. add action=mark-packet chain=prerouting comment="games packet mark-in" \
  17.     connection-mark=cm-games-in new-packet-mark=games-in passthrough=no
  18. add action=mark-connection chain=postrouting comment="steam mark-out" \
  19.     new-connection-mark=cm-games-out out-interface=$WANInter port=\
  20.     53,1500,3005,3101,3478,4379-4380,27000-27030,28960 protocol=udp \
  21.     src-address-list=Internal-Nets
  22. add action=mark-packet chain=postrouting comment="games packet mark-out" \
  23.     connection-mark=cm-games-out new-packet-mark=games-out passthrough=no
  24. add action=mark-connection chain=forward comment="VOIP mark-in" \
  25.     dst-address-list=VOIP in-interface=$WANInter new-connection-mark=\
  26.     cm-voip-in
  27. add action=mark-connection chain=prerouting in-interface=$WANInter \
  28.     new-connection-mark=cm-voip-in port=3478,3784,4080,5060-5061,5223 \
  29.     protocol=tcp
  30. add action=mark-connection chain=prerouting in-interface=$WANInter \
  31.     new-connection-mark=cm-voip-in port=3784,5004,5060-5061,9987,16348-16798 \
  32.     protocol=udp
  33. add action=mark-packet chain=prerouting connection-mark=cm-voip-in \
  34.     new-packet-mark=voip-in passthrough=no
  35. add action=mark-connection chain=postrouting comment="VOIP mark-out" \
  36.     new-connection-mark=cm-voip-out out-interface=$WANInter \
  37.     src-address-list=VOIP
  38. add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
  39.     out-interface=$WANInter port=3478,3784,4080,5060-5061,5223 protocol=tcp
  40. add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
  41.     out-interface=$WANInter port=3784,5004,5060-5061,9987,16348-16798 \
  42.     protocol=udp
  43. add action=mark-packet chain=postrouting connection-mark=cm-voip-out \
  44.     new-packet-mark=voip-out passthrough=no
  45. add action=mark-connection chain=prerouting comment="VPN mark-in" \
  46.     in-interface=$WANInter new-connection-mark=cm-vpn-in protocol=gre
  47. add action=mark-connection chain=prerouting in-interface=$WANInter \
  48.     new-connection-mark=cm-vpn-in protocol=ipsec-esp
  49. add action=mark-connection chain=prerouting in-interface=$WANInter \
  50.     new-connection-mark=cm-vpn-in protocol=ipsec-ah
  51. add action=mark-connection chain=prerouting in-interface=$WANInter \
  52.     new-connection-mark=cm-vpn-in port=500,1701,4500 protocol=udp
  53. add action=mark-connection chain=prerouting in-interface=$WANInter \
  54.     new-connection-mark=cm-vpn-in port=1723 protocol=tcp
  55. add action=mark-packet chain=prerouting connection-mark=cm-vpn-in \
  56.     new-packet-mark=vpn-in passthrough=no
  57. add action=mark-connection chain=postrouting comment="VPN mark-out" \
  58.     new-connection-mark=cm-vpn-out out-interface=$WANInter protocol=gre
  59. add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
  60.     out-interface=$WANInter protocol=ipsec-esp
  61. add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
  62.     out-interface=$WANInter protocol=ipsec-ah
  63. add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
  64.     out-interface=$WANInter port=500,1701,4500 protocol=udp
  65. add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
  66.     out-interface=$WANInter port=1723 protocol=tcp
  67. add action=mark-packet chain=postrouting connection-mark=cm-vpn-out \
  68.     new-packet-mark=vpn-out passthrough=no
  69. add action=mark-connection chain=prerouting comment="ALL in" in-interface=\
  70.     $WANInter new-connection-mark=cm-in
  71. add action=mark-packet chain=prerouting connection-mark=cm-in \
  72.     new-packet-mark=in passthrough=no
  73. add action=mark-connection chain=postrouting comment="ALL out" \
  74.     new-connection-mark=cm-out out-interface=$WANInter
  75. add action=mark-packet chain=postrouting connection-mark=cm-out \
  76.     new-packet-mark=out passthrough=no
複製代碼

TOP

角色

Rank: 2
5#
發表於 2014-10-30 21:41 | 只看該作者
哗噻!CHing厉害,真的要花点时间才能明白。

TOP

167pk

Rank: 1
6#
發表於 2014-10-31 13:44 | 只看該作者


VOIP 果度應咁才符合大家的需要
禾用DSCP是就自己
  1. add action=mark-connection chain=forward comment="VOIP mark-in" \
  2.     dst-address-list=VOIP in-interface=pppoe-out1 new-connection-mark=\
  3.     cm-voip-in
  4. add action=mark-connection chain=prerouting in-interface=pppoe-out1 \
  5.     new-connection-mark=cm-voip-in port=3478,3784,4080,5060-5061,5223 \
  6.     protocol=tcp
  7. add action=mark-connection chain=prerouting in-interface=pppoe-out1 \
  8.     new-connection-mark=cm-voip-in port=3784,5004,5060-5061,9987,16348-16798 \
  9.     protocol=udp
  10. add action=mark-packet chain=prerouting connection-mark=cm-voip-in \
  11.     new-packet-mark=voip-in passthrough=no
  12. add action=mark-connection chain=postrouting comment="VOIP mark-out" \
  13.     new-connection-mark=cm-voip-out out-interface=pppoe-out1 \
  14.     src-address-list=VOIP
  15. add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
  16.     out-interface=pppoe-out1 port=3478,3784,4080,5060-5061,5223 protocol=tcp
  17. add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
  18.     out-interface=pppoe-out1 port=3784,5004,5060-5061,9987,16348-16798 \
  19.     protocol=udp
  20. add action=mark-packet chain=postrouting connection-mark=cm-voip-out \
  21.     new-packet-mark=voip-out passthrough=no
複製代碼

TOP

角色

Rank: 2
7#
發表於 2014-11-2 18:51 | 只看該作者
回復 6# 167pk

想请教CHing一句,你从哪里知道上面的信息?还有你自己会编RouterOS的scripts?如果是的话,你用什么书(PDF)来学些呢?

TOP

167pk

Rank: 1
8#
發表於 2014-11-3 15:23 | 只看該作者
本帖最後由 167pk 於 2014-11-3 15:24 編輯

自學

沒看過RouterOS的書
如懂linux 應不太難, 因RouterOS 係用LINUX做基礎

我主要用佢的來改
http://gregsowell.com/?p=4665
因佢有好多地方錯, 要自己修改

TOP

角色

Rank: 2
9#
發表於 2014-11-3 22:12 | 只看該作者
明白,看来我也要抓紧在RouterOS学习。

TOP

雯雯

Rank: 1
10#
發表於 2014-11-3 23:15 | 只看該作者
回復 9# 角色

先學好CCNA, 基本上大同小異.
Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

hklkf

Rank: 1
11#
發表於 2014-11-20 17:45 | 只看該作者
argee

回復  角色

先學好CCNA, 基本上大同小異.
雯雯 發表於 2014-11-3 23:15

TOP

benyahoo

Rank: 1
12#
發表於 2014-12-16 10:56 | 只看該作者
無network底, 見到就煩....
基本功能用住先!
有空再研究, 多謝ching 分享!

TOP

ryan314

Rank: 1
13#
發表於 2016-7-27 15:34 | 只看該作者
請教在 RB750G  V6.35.4 無法設max-limit為$WANDownloadSpeed
請問我需要改那裡才可以正確執行,謝謝
/queue tree> add max-limit=$WANDownloadSpeed name=in parent=global queue=default
invalid value  for max-limit, an integer required

TOP

返回列表