標題: dual wan v6 想改造成 v7 可用 [打印本頁]

---

作者: kinja    時間: 2022-8-19 16:40     標題: dual wan v6 想改造成 v7 可用

想請教下
目前用緊 雙4G Wan DHCP, failover + PCC
發現個code用唔到係v7 上面... 想請教下 點樣修改可以用係ros v7上面?

請各位高手指導

1. /interface bridge add name=bridge
   
2. 
   
3. /interface bridge port
   
4. add bridge=bridge interface=ether3
   
5. add bridge=bridge interface=ether2
   
6. add bridge=bridge interface=ether1
   
7. 
   
8. /interface list
   
9. add comment=defconf name=WAN
   
10. add comment=defconf name=LAN
    
11. 
    
12. /interface list member
    
13. add interface=bridge list=LAN
    
14. add interface=ether5 list=WAN
    
15. add interface=ether4 list=WAN
    
16. 
    
17. 
    
18. /interface detect-internet set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
    
19. 
    
20. /ip upnp
    
21. set enabled=yes
    
22. /ip upnp interfaces
    
23. add interface=bridge type=internal
    
24. add interface=ether5 type=external
    
25. add interface=ether4 type=external
    
26. 
    
27. 
    
28. /ip settings
    
29. set allow-fast-path=no
    
30. 
    
31. /ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0
    
32. 
    
33. /ip firewall address-list add address=192.168.88.0/24 list=local
    
34. 
    
35. /ip firewall nat
    
36. add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
    
37. 
    
38. /ip firewall mangle
    
39. add action=accept chain=prerouting comment="bridge access" dst-address-list=local in-interface=bridge
    
40. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=CONN2 passthrough=yes
    
41. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=CONN1 passthrough=yes
    
42. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
    
43. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
    
44. add action=mark-routing chain=prerouting connection-mark=CONN1 in-interface=bridge new-routing-mark=ISP1 passthrough=yes
    
45. add action=mark-routing chain=prerouting connection-mark=CONN2 in-interface=bridge new-routing-mark=ISP2 passthrough=yes
    
46. add action=mark-routing chain=output connection-mark=CONN1 new-routing-mark=ISP1 passthrough=yes
    
47. add action=mark-routing chain=output connection-mark=CONN2 new-routing-mark=ISP2 passthrough=yes
    
48. 
    
49. 
    
50. /routing filter
    
51. add chain=dynamic-in distance=33 set-distance=2 set-route-comment=ISP2 set-scope=10
    
52. add chain=dynamic-in distance=34 set-distance=3 set-route-comment=ISP1 set-scope=10
    
53. 
    
54. /ip dhcp-client
    
55. add default-route-distance=33 disabled=no interface=ether4 script="{\
    
56.     \n    :if (\$bound=1) do={\
    
57.     \n        /ip route set [/ip route find where comment=\"ISP2_VALIDATE\"] gateway=\$\"gateway-address\"\
    
58.     \n    } \
    
59.     \n    /ip firewall connection remove [find connection-mark=\"CONN1\"]\
    
60.     \n    /ip firewall connection remove [find connection-mark=\"CONN2\"]\
    
61.     \n}" use-peer-dns=no use-peer-ntp=no
    
62. add default-route-distance=32 disabled=no interface=ether5 script="{\
    
63.     \n    :if (\$bound=1) do={\
    
64.     \n        /ip route set [/ip route find where comment=\"ISP1_VALIDATE\"] gateway=\$\"gateway-address\"\
    
65.     \n    } \
    
66.     \n    /ip firewall connection remove [find connection-mark=\"CONN1\"]\
    
67.     \n    /ip firewall connection remove [find connection-mark=\"CONN2\"]\
    
68.     \n}" use-peer-dns=no use-peer-ntp=no
    
69. 
    
70. /ip route
    
71. add comment=ISP1_VALIDATE distance=1 dst-address=185.228.168.9/32 gateway=127.0.0.1 scope=10
    
72. add comment=ISP1_VALIDATE distance=1 dst-address=208.67.220.220/32 gateway=127.0.0.1 scope=10
    
73. add comment=ISP1_VALIDATE distance=1 dst-address=208.67.222.222/32 gateway=127.0.0.1 scope=10
    
74. add comment=ISP2_VALIDATE distance=1 dst-address=94.140.14.14/32 gateway=127.0.0.1 scope=10
    
75. add comment=ISP2_VALIDATE distance=1 dst-address=94.140.15.15/32 gateway=127.0.0.1 scope=10
    
76. add comment=ISP2_VALIDATE distance=1 dst-address=8.20.247.20/32 gateway=127.0.0.1 scope=10
    
77. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=185.228.168.9 scope=10
    
78. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.220.220 scope=10
    
79. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.222.222 scope=10
    
80. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.14.14 scope=10
    
81. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.15.15 scope=10
    
82. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=8.20.247.20 scope=10
    
83. add distance=1 gateway=10.1.1.1 routing-mark=ISP1
    
84. add distance=2 gateway=10.2.2.1 routing-mark=ISP1
    
85. add distance=1 gateway=10.2.2.1 routing-mark=ISP2
    
86. add distance=2 gateway=10.1.1.1 routing-mark=ISP2
    
87. add distance=20 dst-address=185.228.168.9/32 type=blackhole
    
88. add distance=20 dst-address=208.67.220.220/32 type=blackhole
    
89. add distance=20 dst-address=208.67.222.222/32 type=blackhole
    
90. add distance=20 dst-address=94.140.14.14/32 type=blackhole
    
91. add distance=20 dst-address=94.140.15.15/32 type=blackhole
    
92. add distance=20 dst-address=8.20.247.20/32 type=blackhole

複製代碼

---

作者: Skypeus    時間: 2022-8-30 02:05

原来V6版本的教程、命令、界面按钮 有些与V7版本已经不太一样了。

---

作者: kinja    時間: 2022-9-15 00:40

那唯有繼續用6.48.6吧

---

歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/)

Powered by Discuz! 7.2