返回列表 發帖
kinja

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2022-8-19 16:40 | 只看該作者

dual wan v6 想改造成 v7 可用

想請教下
目前用緊 雙4G Wan DHCP, failover + PCC
發現個code用唔到係v7 上面... 想請教下 點樣修改可以用係ros v7上面?

請各位高手指導
  1. /interface bridge add name=bridge

  3. /interface bridge port
  4. add bridge=bridge interface=ether3
  5. add bridge=bridge interface=ether2
  6. add bridge=bridge interface=ether1

  8. /interface list
  9. add comment=defconf name=WAN
  10. add comment=defconf name=LAN

  12. /interface list member
  13. add interface=bridge list=LAN
  14. add interface=ether5 list=WAN
  15. add interface=ether4 list=WAN


  18. /interface detect-internet set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN

  20. /ip upnp
  21. set enabled=yes
  22. /ip upnp interfaces
  23. add interface=bridge type=internal
  24. add interface=ether5 type=external
  25. add interface=ether4 type=external


  28. /ip settings
  29. set allow-fast-path=no

  31. /ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0

  33. /ip firewall address-list add address=192.168.88.0/24 list=local

  35. /ip firewall nat
  36. add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN

  38. /ip firewall mangle
  39. add action=accept chain=prerouting comment="bridge access" dst-address-list=local in-interface=bridge
  40. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=CONN2 passthrough=yes
  41. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=CONN1 passthrough=yes
  42. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
  43. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
  44. add action=mark-routing chain=prerouting connection-mark=CONN1 in-interface=bridge new-routing-mark=ISP1 passthrough=yes
  45. add action=mark-routing chain=prerouting connection-mark=CONN2 in-interface=bridge new-routing-mark=ISP2 passthrough=yes
  46. add action=mark-routing chain=output connection-mark=CONN1 new-routing-mark=ISP1 passthrough=yes
  47. add action=mark-routing chain=output connection-mark=CONN2 new-routing-mark=ISP2 passthrough=yes


  50. /routing filter
  51. add chain=dynamic-in distance=33 set-distance=2 set-route-comment=ISP2 set-scope=10
  52. add chain=dynamic-in distance=34 set-distance=3 set-route-comment=ISP1 set-scope=10

  54. /ip dhcp-client
  55. add default-route-distance=33 disabled=no interface=ether4 script="{\
  56.     \n    :if (\$bound=1) do={\
  57.     \n        /ip route set [/ip route find where comment=\"ISP2_VALIDATE\"] gateway=\$\"gateway-address\"\
  58.     \n    } \
  59.     \n    /ip firewall connection remove [find connection-mark=\"CONN1\"]\
  60.     \n    /ip firewall connection remove [find connection-mark=\"CONN2\"]\
  61.     \n}" use-peer-dns=no use-peer-ntp=no
  62. add default-route-distance=32 disabled=no interface=ether5 script="{\
  63.     \n    :if (\$bound=1) do={\
  64.     \n        /ip route set [/ip route find where comment=\"ISP1_VALIDATE\"] gateway=\$\"gateway-address\"\
  65.     \n    } \
  66.     \n    /ip firewall connection remove [find connection-mark=\"CONN1\"]\
  67.     \n    /ip firewall connection remove [find connection-mark=\"CONN2\"]\
  68.     \n}" use-peer-dns=no use-peer-ntp=no

  70. /ip route
  71. add comment=ISP1_VALIDATE distance=1 dst-address=185.228.168.9/32 gateway=127.0.0.1 scope=10
  72. add comment=ISP1_VALIDATE distance=1 dst-address=208.67.220.220/32 gateway=127.0.0.1 scope=10
  73. add comment=ISP1_VALIDATE distance=1 dst-address=208.67.222.222/32 gateway=127.0.0.1 scope=10
  74. add comment=ISP2_VALIDATE distance=1 dst-address=94.140.14.14/32 gateway=127.0.0.1 scope=10
  75. add comment=ISP2_VALIDATE distance=1 dst-address=94.140.15.15/32 gateway=127.0.0.1 scope=10
  76. add comment=ISP2_VALIDATE distance=1 dst-address=8.20.247.20/32 gateway=127.0.0.1 scope=10
  77. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=185.228.168.9 scope=10
  78. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.220.220 scope=10
  79. add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.222.222 scope=10
  80. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.14.14 scope=10
  81. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.15.15 scope=10
  82. add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=8.20.247.20 scope=10
  83. add distance=1 gateway=10.1.1.1 routing-mark=ISP1
  84. add distance=2 gateway=10.2.2.1 routing-mark=ISP1
  85. add distance=1 gateway=10.2.2.1 routing-mark=ISP2
  86. add distance=2 gateway=10.1.1.1 routing-mark=ISP2
  87. add distance=20 dst-address=185.228.168.9/32 type=blackhole
  88. add distance=20 dst-address=208.67.220.220/32 type=blackhole
  89. add distance=20 dst-address=208.67.222.222/32 type=blackhole
  90. add distance=20 dst-address=94.140.14.14/32 type=blackhole
  91. add distance=20 dst-address=94.140.15.15/32 type=blackhole
  92. add distance=20 dst-address=8.20.247.20/32 type=blackhole
複製代碼
收藏 分享

Skypeus

Rank: 1
2#
發表於 2022-8-30 02:05 | 只看該作者
原来V6版本的教程、命令、界面按钮 有些与V7版本已经不太一样了。

TOP

kinja

Rank: 1
3#
發表於 2022-9-15 00:40 | 只看該作者
那唯有繼續用6.48.6吧

TOP

返回列表