設完 PPC 設不起來 dstnat web server(192.168.0.2) for WAN1(192.168.10.1) & WAN2(192.168.20.1) ,幫忙指導一下。
/ip address add address=192.168.0.1/255.255.255.0 interface=LAN comment=LAN
/ip address add address=192.168.10.1/255.255.255.248 interface=WAN1
/ip address add address=192.168.20.1/255.255.255.0 interface=WAN2
/ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=ip_conn_1
/ip firewall mangle add chain=output connection-mark=ip_conn_1 action=mark-routing new-routing-mark=ip_rout_1
/ip firewall mangle add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=ip_conn_2
/ip firewall mangle add chain=output connection-mark=ip_conn_2 action=mark-routing new-routing-mark=ip_rout_2
/ip firewall mangle add action=mark-connection chain=prerouting comment=PCC_1 dst-address-type=!local in-interface=LAN new-connection-mark=ip_conn_1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ip_conn_1 in-interface=LAN new-routing-mark=ip_rout_1 passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting comment=PCC_2 dst-address-type=!local in-interface=LAN new-connection-mark=ip_conn_2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ip_conn_2 in-interface=LAN new-routing-mark=ip_rout_2 passthrough=yes
/ip route add comment=IP_1 distance=1 dst-address=0.0.0.0/0 gateway=192.168.10.254 routing-mark=ip_rout_1
/ip route add distance=1 dst-address=0.0.0.0/0 gateway=WAN1
/ip route add comment=IP_2 distance=1 dst-address=0.0.0.0/0 gateway=192.168.20.254 routing-mark=ip_rout_2
/ip route add distance=2 dst-address=0.0.0.0/0 gateway=WAN2
/ip firewall nat add action=masquerade chain=srcnat comment=NAT out-interface=!LAN src-address=192.168.0.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="NAT Loopback" src-address=192.168.0.0/2
/ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.10.1 dst-port=80 protocol=tcp to-addresses=192.168.0.2 to-ports=80
/ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.20.1 dst-port=80 protocol=tcp to-addresses=192.168.0.2 to-ports=80
個人積分:258分
文章編號:58045251
個人積分:258分
文章編號:58184489
是左進右回的問題
只要設定 左進左回就沒問題了
但加入的 WAN2 nat 就沒法 loopback WAN2 了
把加的 ip firewall mangle 拉到最上面去
加入的是
/ip firewall address-list add address=192.168.0.2 list=web-server
/ip firewall mangle add action=mark-connection chain=prerouting dst-address=192.168.20.1 dst-port=80 in-interface=WAN2 new-connection-mark=wan2-mapping_conn protocol=tcp
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=wan2-mapping_conn new-routing-mark=ip_rout_2 src-address-list=web-server
個人積分:1603分
文章編號:58186719
echochio wrote:小弟修正:
設完 PPC 設不起...(恕刪)
https://dl.dropboxusercontent.com/u/34743921/ex-policy-routing.txt
個人積分:258分
文章編號:58432472
個人積分:1603分
文章編號:58432995
