|
|
本帖最后由 学步车 于 2009-8-22 13:14 编辑
看到经常有人问这个,写了个基本配置,看看是否有用。
1、在主机上插入1片网卡,一般为最接近cpu插槽的网卡或者是主板集成网卡,作为接内网的卡。
2、安装routeros操作系统,可下载相应版本的ros。
3、安装完毕启动后,在ros登录界面,输入用户名“admin”,密码默认为空
4、在命令行输入“ip add add add=192.168.0.254/24 int=ether1",这个是把ether1卡配置为lan卡,配置网卡地址和子网掩码。
5、关机后再添加两片网卡,作为接外网的wan卡,硬件配置完成。
6、打开自己的主力机,确保主力机网卡的ip地址也在“192.168.0.*”中,如设置为192.168.0.1,子网掩码255.255.255.0,网关
192.168.0.254
7、打开浏览器,输入192.168.0.254,在弹出网页中下载winbox终端管理软件。
8、打开winbox,登陆服务器地址192.168.0.254,用户名“admin",密码空,登陆
9、在winbox的sytem-scheduler的 on event框中复制动态网关脚本,并设置为30秒运行一次(interval项)。
:local assign-address
:local new-address
:local status
:local x
:set x 2
:for i from=1 to=$x do={
:set status [/interface get [/interface find name=("pppoe-out" . $i)] running]
:if ($status=true) do={
:set new-address [/ip address get [/ip address find dynamic=yes interface=("pppoe-out" . $i)] address]
:set new-address [:pick $new-address 0 ([:len $new-address] -3)]
:set assign-address [/ip address get [/ip address find dynamic=no interface=("pppoe-out" . $i)] address]
:set assign-address [:pick $assign-address 0 ([:len $assign-address] -3)]
:if ($assign-address != $new-address) do={ /ip address set [/ip address find comment=$i] address=$new-address
network=$new-address broadcast=$new-address
/ip route set [/ip route find comment=$i] gateway=$new-address
/ip fir nat set [/ip fir nat find comment=$i] to-addresses=$new-address
/ip route set [/ip route find comment=$i] gateway=$new-address
}
}
}
10、在winbox的new terminal(新终端)复制是双线负载均衡脚本(user="xxxxxxxx",引号中用自己的宽带用户名代替,password="xxxxxxxx",引号中用自己的宽带密码代
替)
/ip address add address=192.168.0.254/255.255.255.0 interface=ether1 comment=lan
/ip dns set primary-dns=202.96.133.5 secondary-dns=202.96.133.6 allow-remote-requests=yes
/ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440
/interface pppoe-client add name="pppoe-out1" interface=ether2 user="xxxxxxxx" password="xxxxxxxx" add-default-route=no
disabled=no
/interface pppoe-client enable pppoe-out1
/ip address add address=58.58.58.1/32 interface=pppoe-out1 comment="1"
/ip route add gateway=58.58.58.1 routing-mark=1 comment="1"
/ip firewall mangle add chain=prerouting in-interface=ether1 connection-state=new nth=1,1,0 action=mark-connection new-
connection-mark=1 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=ether1 connection-mark=1 action=mark-routing new-routing-mark=1
passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=1 action=src-nat to-addresses=58.58.58.1 to-ports=0-65535 comment="1"
disabled=no
/interface pppoe-client add name="pppoe-out2" interface=ether3 user="xxxxxxxx" password="xxxxxxxx" add-default-route=no
disabled=no
/interface pppoe-client enable pppoe-out2
/ip address add address=58.58.58.2/32 interface=pppoe-out2 comment="2"
/ip route add gateway=58.58.58.2 routing-mark=2 comment="2"
/ip firewall mangle add chain=prerouting in-interface=ether1 connection-state=new nth=1,1,1 action=mark-connection new-
connection-mark=2 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting in-interface=ether1 connection-mark=2 action=mark-routing new-routing-mark=2
passthrough=no disabled=no
/ip firewall nat add chain=srcnat connection-mark=2 action=src-nat to-addresses=58.58.58.2 to-ports=0-65535 comment="2"
disabled=no
10、根据需要在firewall中设置dns,upd和开放bt端口 |
|
IP卡
狗仔卡
发表于 2009-8-22 13:05
QQ好友和群
收藏
分享
好贴
烂贴
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主