返回列表 發帖
fems

Rank: 1
1# 跳轉到 »
發表於 2015-1-19 16:04 | 顯示全部帖子
本帖最後由 fems 於 2015-2-4 04:41 編輯

PCC不指定内网in interface的方法,把in interface条件,换成内部网络地址段(本例中的net_local),适合内部多网段的用户。
PS:增加PCC backup路由的设置。
  1. /ip firewall address-list
  2. add address=192.168.0.0/24 list=net_local
  3. add address=192.168.1.0/24 list=net_local
  4. add address=192.168.2.0/24 list=net_local
  5. #
  6. /ip firewall mangle
  7. add  action=accept chain=prerouting dst-address-list=net_local src-address-list=net_local
  8. #
  9. /ip firewall mangle
  10. add action=mark-connection chain=prerouting connection-mark=no-mark \
  11.     in-interface=pppoe-wan1-out1 new-connection-mark=conn-pcc1
  12. add action=mark-connection chain=prerouting connection-mark=no-mark \
  13.     in-interface=pppoe-wan1-out2 new-connection-mark=conn-pcc2
  14. add action=mark-connection chain=prerouting connection-mark=no-mark \
  15.     dst-address-type=!local new-connection-mark=conn-pcc1 \
  16.     per-connection-classifier=both-addresses:2/0
  17. add action=mark-connection chain=prerouting connection-mark=no-mark \
  18.     dst-address-type=!local new-connection-mark=conn-pcc2 \
  19.     per-connection-classifier=both-addresses:2/1
  20. add action=mark-routing chain=prerouting connection-mark=conn-pcc1 \
  21.     dst-address-list=!net_local new-routing-mark=route-pcc1 src-address-list=net_local
  22. add action=mark-routing chain=prerouting connection-mark=conn-pcc2 \
  23.     dst-address-list=!net_local new-routing-mark=route-pcc2 src-address-list=net_local
  24. add action=mark-routing chain=output connection-mark=conn-pcc1 \
  25.     new-routing-mark=route-pcc1
  26. add action=mark-routing chain=output connection-mark=conn-pcc2 \
  27.     new-routing-mark=route-pcc2
  28. #
  29. /ip route
  30. add check-gateway=ping comment=router-pcc1 distance=1 gateway=pppoe-wan1-out1 \
  31.     routing-mark=route-pcc1
  32. add check-gateway=ping comment=router-pcc2 distance=1 gateway=pppoe-wan1-out2 \
  33.     routing-mark=route-pcc2
  34. add check-gateway=ping comment=router-pcc1_backup distance=2 gateway=wan1-out2 \
  35.     routing-mark=pcc1-route
  36. add check-gateway=ping comment=router-pcc2_backup distance=2 gateway=wan1-out1 \
  37.     routing-mark=pcc2-route
  38. add check-gateway=ping distance=1 gateway=pppoe-wan1-out1
  39. add check-gateway=ping distance=2 gateway=pppoe-wan1-out2
  40. #
  41. /ip firewall nat
  42. add action=masquerade chain=srcnat out-interface=pppoe-wan1-out1
  43. add action=masquerade chain=srcnat out-interface=pppoe-wan1-out2
複製代碼

TOP

返回列表