ROS 典型PCC负载脚本
ROS3.30全套多线负载平衡设置脚本
ROS3.30全套多线负载平衡设置脚本ROS3.30设置脚本如果你是菜鸟,下面的脚本也许会帮了,如果你是高高手,请你多指证,谢谢下面是我花了一整天的时间整理出来的,第一次用ROS3.30,走了很多弯路,还好以前有点2.9的基础,结合在网上找些前辈门的脚本,终于测试一切正常,我自己在我的线路上测试通过,如果到你机器上有问题,请嘴上留情,别骂我,请仔细检查,相信你也一定能行的。
如果有问题实在搞不懂,可以加我QQ307237303(请先自己多钻研一下在加我)# dec/03/2011 20:55:29 by RouterOS 3.30# software id = K6BP-MUXD#/interface ethernetset 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C8:66 mtu=1500 name=W AN3 speed=100Mbpsset 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C2:FC mtu=1500 name=LAN speed=100Mbpsset 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:90 mtu=1500 name=W AN1 speed=100Mbpsset 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:91 mtu=1500 name=W AN2 speed=100Mbps以上是网卡名称设置/ip pooladd name=PPPOE-IP ranges=10.0.0.5-10.0.0.200以上是PPPOE拔号地址池/portset 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=\none stop-bits=1set 1 baud-rate=9600 data-bits=8 flow-control=hardware name=serial1 parity=\none stop-bits=1以上是导出后不知用处的/ppp profileset default change-tcp-mss=yes comment="" name=default only-one=default \use-compression=default use-encryption=default use-vj-compression=defaultadd change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=PPPOE-1 only-one=yes rate-limit=\"108k/1400k 128k/1600k 90k/1m" remote-address=PPPOE-IP use-compression=\default use-encryption=default use-vj-compression=default wins-server=\221.5.88.88add change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=LOW only-one=yes rate-limit="88k/900k 108k/1100k 90k/1m" \remote-address=PPPOE-IP use-compression=default use-encryption=default \use-vj-compression=default wins-server=221.5.88.88set default-encryption change-tcp-mss=yes comment="" name=default-encryption \ only-one=default use-compression=default use-encryption=yes \use-vj-compression=default以上是PPPOE服务建立/interface pppoe-clientadd ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out1 password=123 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out2 password=123456 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN3 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out3 password=3 profile=default service-name="" \ use-peer-dns=no user=3 以上是ADSL拔号上网的建立/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=12M name=totaldown parent=global-in priority=8/queue typeset default kind=pfifo name=default pfifo-limit=50set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \sfq-perturb=5set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \ red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\ 5add kind=pcq name=PCQ-up pcq-classifier=src-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000 add kind=pcq name=PCQ-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000 add kind=pcq name=80-Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 800000 pcq-total-limit=10000 add kind=pcq name=other_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000 add kind=pcq name=server_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000add kind=pcq name=game-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 400000 pcq-total-limit=10000 set default-small kind=pfifo name=default-small pfifo-limit=10/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=10M name=otherdown packet-mark=Port_Packet parent=totaldown \ priority=8 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=12M name=portdown packet-mark=Port_Packet parent=totaldown \priority=1 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=no limit-at=5M \ max-limit=12M name=80down packet-mark=80_packet parent=totaldown \priority=2 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=yes limit-at=0 \ max-limit=18M name=totalup packet-mark=PCQ-up parent=global-out priority=\7 queue=default以上是网络优先设置,感觉用处不大,我是3*4M AD/snmpset contact="" enabled=no engine-boots=0 engine-id="" location="" \time-window=15 trap-sink=0.0.0.0 trap-version=1/snmp communityset public address=0.0.0.0/0 authentication-password="" \ authentication-protocol=MD5 encryption-password="" encryption-protocol=\DES name=public read-access=yes security=none write-access=no/system logging actionset memory memory-lines=100 memory-stop-on-full=no name=memory target=memory set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \disk-stop-on-full=no name=disk target=diskset echo name=echo remember=yes target=echoset remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \ syslog-facility=daemon syslog-severity=auto target=remote /user groupadd comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\word,web,sniff,sensitive,!ftp,!write,!policy"add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\ox,password,web,sniff,sensitive,!ftp,!policy"add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\ ,test,winbox ,password,web,sniff,sensitive"/interface bridge settingsset use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ no/interface ethernet mirrorset/interface l2tp-server serverset authentication=pap,chap,mschap1,mschap2 default-profile=\default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled/interface ovpn-server serverset auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:46:57:28:66:CB \max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no/interface pppoe-server serveradd authentication=pap,chap,mschap1,mschap2 default-profile=PPPOE-1 disabled=\ yes interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 \max-sessions=0 mrru=disabled one-session-per-host=no service-name=\service1/interface pptp-server serverset authentication=mschap1,mschap2 default-profile=default-encryption \ enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled /ip accounting set account-local-traffic=no enabled=no threshold=256/ip accounting web-accessset accessible-via-web=no address=0.0.0.0/0以上也是不知的东东/ip addressadd address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no \ interface=LAN network=192.168.2.0 以上是设置ROS的内网IP/ip dhcp-server configset store-leases-disk=5m/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 primary-dns=210.21.196.6 secondary-dns=\221.5.88.88以上是设置DNS,你的可能不一样/ip firewall connection trackingset enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s以上是系统默认值/ip firewall mangleadd action=change-mss chain=postrouting comment="" disabled=yes new-mss=1460 \ protocol=tcp tcp-flags=syn add action=mark-routing chain=prerouting comment="" disabled=yes \ new-routing-mark=add passthrough=no src-address-list=src1add action=mark-connection chain=prerouting comment=1 disabled=yes \ in-interface=LAN new-connection-mark=1 passthrough=yes \per-connection-classifier=src-address-and-port:3/0add action=mark-routing chain=prerouting comment="" connection-mark=1 \ disabled=yes in-interface=LAN new-routing-mark=1 passthrough=noadd action=mark-connection chain=prerouting comment=2 disabled=yes \ in-interface=LAN new-connection-mark=2passthrough=yes \per-connection-classifier=src-address-and-port:3/1add action=mark-routing chain=prerouting comment="" connection-mark=2 \ disabled=yes in-interface=LAN new-routing-mark=2 passthrough=noadd action=mark-connection chain=prerouting comment=3 disabled=yes \ in-interface=LAN new-connection-mark=3 passthrough=yes \per-connection-classifier=src-address-and-port:3/2add action=mark-routing chain=prerouting comment="" connection-mark=3 \ disabled=yes in-interface=LAN new-routing-mark=3 passthrough=noadd action=change-mss chain=forward comment="" disabled=no new-mss=1400 \ protocol=tcp tcp-flags=syn add action=add-src-to-address-list address-list=src1 address-list-timeout=5s \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=add-src-to-address-list address-list=src2 address-list-timeout=3h \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=accept chain=prerouting comment="" disabled=no dst-port=443 \in-interface=LAN protocol=tcpadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out1 new-connection-mark=1 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out2 new-connection-mark=2 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out3 new-connection-mark=3 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=1 disabled=no \new-routing-mark=to_1 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=2 disabled=no \new-routing-mark=to_2 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=3 disabled=no \new-routing-mark=to_3 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=1 passthrough=yes \per-connection-classifier=both-addresses:3/0 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=2 passthrough=yes \per-connection-classifier=both-addresses:3/1 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=3 passthrough=yes \per-connection-classifier=both-addresses:3/2 src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=1 \disabled=no new-routing-mark=to_1 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=2 \disabled=no new-routing-mark=to_2 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=3 \disabled=no new-routing-mark=to_3 passthrough=yes src-address=10.0.0.0/24以上是PPPOE 负载平衡,为both-addresses形式的(好像和PCC一样,不明白,还有就是我没做IP负载平衡,我用不着,做了也删了)add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8291 in-interface=pppoe-out3 new-connection-mark=in_3 passthrough=yes \protocol=tcpadd action=mark-routing chain=output comment="" connection-mark=in_3 \disabled=no new-routing-mark=3 passthrough=yes以上是指定外网访问ROS的线路和端口,我这样理解,具体也不明白add action=mark-connection chain=prerouting comment=\ "\D3\C5\CF\C8\B6\CB\BF\DA" disabled=no dst-port=443 new-connection-mark=\Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\3724 new-connection-mark=Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8000 new-connection-mark=Port_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=Port_Conn \disabled=no new-packet-mark=Port_Packet passthrough=noadd action=mark-connection chain=prerouting comment="web\B6\CB\BF\DA" \disabled=no dst-port=80 new-connection-mark=80_Conn passthrough=yes \protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\53 new-connection-mark=80_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=80_Conn \ disabled=no new-packet-mark=80_packet passthrough=noadd action=mark-connection chain=prerouting comment=\ "\C6\E4\CB\FB\CA\FD\BE\DD" disabled=no new-connection-mark=Other_Conn \passthrough=yesadd action=mark-packet chain=prerouting comment="" connection-mark=Other_Conn \ disabled=no new-packet-mark=Other_Packet passthrough=no以上是端口优先标记,和前面的一起使用,不用就都不要加/ip firewall natadd action=masquerade chain=srcnat comment=10 disabled=no out-interface=\pppoe-out1add action=masquerade chain=srcnat comment=11 disabled=no out-interface=\pppoe-out2add action=masquerade chain=srcnat comment=12 disabled=no out-interface=\pppoe-out3以上是IP伪装,我是三知AD,和2.9的不一样,开始这里按2.9的搞,搞了很久上不了网/ip firewall service-portset ftp disabled=no ports=21set tftp disabled=no ports=69set irc disabled=no ports=6667set h323 disabled=noset sip disabled=no ports=5060,5061set pptp disabled=no/ip neighbor discoveryset WAN3 discover=yesset LAN discover=yesset WAN1 discover=yesset WAN2 discover=yesset pppoe-out1 discover=noset pppoe-out2 discover=noset pppoe-out3 discover=no/ip proxyset always-from-cache=no cache-administrator=webmastercache-hit-dscp=4 \cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \parent-proxy-port=0 port=8080 serialize-connections=no src-address=\0.0.0.0以上是不知用的东东/ip routeadd check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out2 routing-mark=2add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out3 routing-mark=3add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1 routing-mark=1add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out2add comment=WAN1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out1 routing-mark=to_1add comment=WAN3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out3 routing-mark=to_3add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN2 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out3add comment=WAN2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out2 routing-mark=to_2add check-gateway=ping comment=WAN1 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN3 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out3以上这里就是路由了,看着有点长,设好后其实就只有3*2+1条了,为什么?我这样理解的,3条AD+3条备用+1条默认/ip serviceset telnet address=0.0.0.0/0 disabled=no port=23set ftp address=0.0.0.0/0 disabled=no port=21set www address=0.0.0.0/0 disabled=no port=80set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443set api address=0.0.0.0/0 disabled=yes port=8728set winbox address=0.0.0.0/0 disabled=no port=8291/ip socksset connection-idle-timeout=2m enabled=no max-connections=200 port=1080/ip traffic-flowset active-flow-timeout=30m cache-entries=4k enabled=no \inactive-flow-timeout=15s interfaces=all/ip upnpset allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes以上这些也是不知用的东东,也不用管吧/ppp aaaset accounting=yes interim-update=0s use-radius=no/ppp secretadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC110 password=110110 profile=LOW routes="" service=anyadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC207 password=207207 profile=default routes="" service=any以上是我拔号上网的用户名和密码,按自己的加,PPPOE服务前面已建立好了set WAN3 queue=ethernet-defaultset LAN queue=ethernet-defaultset WAN1 queue=ethernet-defaultset WAN2 queue=ethernet-defaultset pppoe-out1 queue=defaultset pppoe-out2 queue=defaultset pppoe-out3 queue=default/radius incomingset accept=no port=3799/storeadd comment="" disabled=no disk=primary-master name=web-proxy1 type=web-proxy /system clockset time-zone-name=manual/system clock manualset dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\"jan/01/1970 00:00:00" time-zone=+00:00/system consoleadd disabled=no port=serial0 term=vt102set [ find vcno=1 ] disabled=no term=linuxset [ find vcno=2 ] disabled=no term=linuxset [ find vcno=3 ] disabled=no term=linuxset [ find vcno=4 ] disabled=no term=linuxset [ find vcno=5 ] disabled=no term=linuxset [ find vcno=6 ] disabled=no term=linuxset [ find vcno=7 ] disabled=no term=linuxset [ find vcno=8 ] disabled=no term=linux/system console screenset line-count=25/system hardwareset multi-cpu=yes/system healthset state-after-reboot=enabled/system identityset name=MikroTik/system loggingadd action=memory disabled=no prefix="" topics=infoadd action=memory disabled=no prefix="" topics=erroradd action=memory disabled=no prefix="" topics=warning add action=echo disabled=no prefix="" topics=critical/system noteset note="" show-at-login=yes/system ntp clientset enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0上面的我也没搞明白是什么,也不用去理会/system scheduleradd comment="" disabled=no interval=30s name=getadsl on-event=":global assign\ \r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 3\r\(红字3改成你的AD条数)\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip addressfind c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n" start-time=startup以上是刷网关的脚本,很重点的哟add comment="" disabled=no interval=5m name=DDNS on-event=":log info \"DDNS: B\ egin\"\r\\n:global ddns-user \"123456\"\r\\n:global ddns-pass \"123456\"\r\\n:global ddns-host \"/doc/143656614.html,\"\r\(将红字改成你的)\n:global ddns-interface \"pppoe-out1\"\r\(这个是用那条线做DDNS)\n:global ddns-ip [ /ip address get [/ip address find interface=\$ddns-int\erface] address ] \r\\n:log info \"DDNS: Sending UPDATE!\"\r\\n:log info [ /tool dns-update name=\$ddns-host address=[:pick \$ddns-ip 0\\_[:find \$ddns-ip \"/\"] ] key-name=\$ddns-user key=\$ddns-pass ]\r\\n:log info \"DDNS: End\"" start-time=startup以上是DDNS,很好用的/system scriptadd name=ADSL policy=\ftp,reboot,read,write,policy,test,winbox,password,sniff,sensit ive source="\:global assign\r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 2\r\\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip address find c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n"/system upgrade mirrorset check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\0.0.0.0 user=""/system watchdogset auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ none watchdog-timer=yes /tool bandwidth-serverset allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\ 100/tool e-mailset from=<> password="" server=0.0.0.0:25 username=""/tool graphingset page-refresh=300 store-every=5min/tool graphing interfaceadd allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes/tool mac-serveradd disabled=no interface=all/tool mac-server pingset enabled=yes/tool smsset allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" /tool snifferset file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \ streaming-server=0.0.0.0/useradd address=0.0.0.0/0 comment="system default user" disabled=no group=full \ name=admin/user aaaset accounting=yes default-group=read interim-update=0s use-radius=no以上的我还是搞不懂的。
ROS脚本大全(通用)
ROS脚本大全(通用)ROS脚本大全(通用)一:限速脚本:for wbsz from 1 to 254 do={/queue simple add name=(wbsz . $wbsz) dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K}二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32 action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21九:增加本ROS管理用户/user add name=wbsz password=admin group=full十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ"十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \ disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz]十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV"add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(一般公司才需要)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ"ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=drop comment="Backdoor.GrayBird.ad"add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"以上脚本使用说明:用winbox.exe 登陆找到System -- Script - 点击+ 将对应脚本复制其中后,点击Run Script即脚本安装成功!。
ROS常用脚本命令有哪些
2011、8、9 2011、5、28
2012、5、16 2012、2、5 女 3.2kg 顺产 40w 38w 男 3.45kg 剖腹产
流出 流出 15149525369 13848545068
2010、9、20 2011、6、27 2011、6、27 2011、1、14 2011、10、21 2011、10、7
Hale Waihona Puke 女 3.15kg 3.0kg 2.5kg 3.7kg 3.4kg 3.1kg
3.8kg 剖腹产 40w+1
女 3.85kg
40w+2 2011、8、11转出
2010、10、11 2011、7、18 2011、7、14 2010、10、27 2011、7、4 2010、10、27 2011、7、4 2010、10、18 2011、7、25 2010、10、31 2011、8、7 2010、11、23 2011、9、1 2011、3、22 2011、12、29 2011、5、29 2012、3、6
3.3kg 剖腹产 39w+3
女 3.10kg 男 3.55kg
2010、10、13 2011、7、20 2011、7、20
3.3kg 剖腹产 41w+4 3.8kg 剖腹产
托那娃斯琴 29岁
张波 陈蓉 黄玉 刘春艳
26岁 19岁 23岁 24岁
弘丰锆业 三垧梁 弘丰锆业 三垧梁
G1P0 G1P0 G1P0 G1P0
孕产妇登记本
姓名 郝巧花 张瑞芳 崔霞 尚娜 高蕊 白艳霞 何爱梅 李小蓉 何艳 马玲 蔺玉芬 田二芬 卢明英 乌日娜 王丽红 乌兰图雅 格鲁 刘玉霞 年龄 36岁 25岁 24岁 23岁 29岁 29岁 28岁 19岁 25岁 31岁 25岁 41岁 20岁 28岁 23岁 29岁 41岁 32岁 家庭住址 草原村 草原村焦家圪卜 草原村焦家圪卜 草原村秦油坊 草原村三座塔 草原村 二贵壕兴忠砖厂 三垧梁陶尔斯 草原村 草原村 三垧梁工厂 草原村三座塔 三垧梁 草原村园子塔拉 草原村释尼召 草原村三垧梁 草原村三座塔 草原村三座塔 草原村秦油坊 孕产次 G2P1 G1P0 G1P0 G1P0 G2P1 G1P0 G1P0 G1P0 G3P2 G3P2 G2P1 G3P2 G2P0 G3P2 G1P0 G3P2 G2P1 G2P1 G2P1 末次月经 预产期 分娩日期 性别 体重 分娩方式 孕周 3.2Kg 顺产 40w 40w 40w 40w 40w+1 40w 40w 40w+6 40w-3 41w+2 41w+3 40w 40w 女 男 男 女 女 男 男 男 女 女 男 3.2Kg 剖腹产 305kg 剖腹产 3.6kg 剖腹产 顺产 顺产 顺产 顺产 顺产 顺产 顺产 顺产 顺产 联系电话 13214855313 15344022110 15947736573 13848799528 13451377829 15134873730 13530230784转出 2011、7、12转出 2011、8、2转出 15047743485 13134888165 15247391163 15134806061 15847474774 15924504880 13214855313 2010、1、13 2010、10、27 2010、10、27 男 2009、12、20 2010、10、4 2010、10、4 2010、6、21 2011、3、5 2011、3、5 2010、3、2 2010、12、16 2010、12、16 女 2010、7、13 2011、4、27 2011、4、28 2010、8、16 2011、5、30 2011、5、29 2010、9、2 2010、7、26 2010、7、25 2011、6、9 2011、5、3 2011、5、2 2011、6、9 2011、5、5 2011、5、8 2011、7、1 2011、7、13 2011、8、5 2011、8、18 2011、9、1 2010、7、18 2011、4、25 2011、4、25
2018-rospcc负载均衡-范文模板 (6页)
本文部分内容来自网络整理,本司不为其真实性负责,如有异议或侵权请及时联系,本司将立即删除!== 本文为word格式,下载后可方便编辑和修改! ==rospcc负载均衡篇一:ROS_PCC负载均衡案例40条线路PCC负载均衡RouterOS支持多线路的负载均衡,某小区为了节约费用,采用40条2M带宽的AD通过做汇聚实现高带宽的小区带宽,为解决接口问题采用一台Cisco的48口的交换机做VLAN接入40条AD,让后通过VLAN连接到RouterOS进行拨号,再做PCC负载均衡,网络拓扑图如下:外网接入的方法是在交换机和RouterOS路由器上划分VLAN,然后在ROS对应的VLAN上做PPPoE-CLIENT。
1、首先划分VLAN(我们这里是从2开始排序的),脚本如下:[admin@MikroTik] > :for i fro(来自: : rospcc负载均衡 )m=2 to=41 do= {interface vlan add name=("vlan".$i) vlan-id=$i interface=ether2-wan }2、然后添加PPPOE拨号(先添加拨号再手动输入每个AD的帐号和密码,40条AD设置还是要花点时间了),脚本如下:[admin@MikroTik] > :for i from=2 to=41 do= {interface pppoe-clientadd name=("pppoe-out".$i) user=$i password=$i interface=("vlan".$i)}3、我们这里采用PCC的负载均衡,在ip firewall mangle里添加相应的PCC规则,通过一些脚本添加PCC的规则,注意:如果PPPoE客户端拨号没有成功,那么添加的规则则为红色的,拨号成功后自动正常[admin@MikroTik] > :for i from=2 to=41 do={/ip firewall mangle add chain=inputaction=mark-connection new-connection-mark=conn1 in-interface=("pppoe-out".$i)}4.然后标记路由让从哪个接口进来的数据就从哪个接口出去:[admin@MikroTik] > :for i from=2 to=41 do= {ip firewall mangle add chain=outputconnection-mark=("conn".$i) action=mark-routing new-routing-mark=("rout".$i)}[admin@MikroTik] >5.然后将所有内网出来的数据通过pcc的both-addresses分成40分并标记连接和路由:[admin@MikroTik] > :for i from=2 to=41 do= {/ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-connection new-connection-mark=("conn".$i)per-connection-classifier=("both-addresses:40/".$i) comment=$i{... /ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-routingnew-routing-mark=("rout".($i-2)) connection-mark=("conn".$i)}篇二:RouterOS多线PCC负载均衡RouterOS多线PCC负载均衡核心提示:PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port) PCC原理 PCC从一定范围内分析选择IP数据包头,通过哈西散列算法的帮助下,将选定的区域转换为32bit值PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port)PCC原理PCC从一定范围内分析选择IP数据包头,通过哈西散列算法的帮助下,将选定的区域转换为32bit值。
固定IP多线负载PCC掉线后自动修改PCC参数并利用PCC对内网用户进行分组
# 变量 vlanAllNum vlan 总线路数量
# 变量 vlanRunNum 实际运行正常 的 vlan 线路数量
# 变量 y PCC后面一部分自增变量。
# 新增 yB 参数,是限制24网段用户只能使用VLAN80- VLAN92这13条线路 判断条件是 $ii >= 80,,如果不需要可删除
}
/ip fir man set [find new-connection-mark=("vlan".$ii."_conn")] disable=no
/ip fir man set [find new-routing-mark=("to_vlan".$ii)] disable=no
# 因为本项目使用了ISP服务商提供的路由猫,猫的内部已经集成配置了ADSL帐号。
# ISP线路 ---公网IP---- 路由猫 --内网IP192.168.1.1---思科2960交换机vlan----ROS.VLAN.IP-192.168.1.200---PCC
# 此时,ROS面对的是192.168.1.1这样的设备,无法通过监视此IP判断线路是否正常。因此改进了正常线路数的获取机制。
/ip fir man set [find new-routing-mark=("to_vlan".$ii)] disable=yes
:log info ("stop the pcc with vlan".$ii."_conn")
}
:set vlanRunNum ($vlanRunNum + 1)}
ROS 多线 PCC导致 内网PC 无法互相通信解决方案
!local new-connection-mark=h2 passthrough=yes per-connection-classifier=\
both-addresses:2/1 src-address-线后内网PC无法互相通信
Routeros内网网关在ROS上默认是三层通信,但是由于做PCC负载均衡标记了路由走指定标记路由,不在查询路由表,所有需要让内网PC查找路由经过yusong老师指点测试有3种方法可以实现,下面我把环境配置上图
方法一:在Mangle做条接受规则 接受任意地址 到内网地址.,顺序放到PCC前面
方法二:
add action=mark-connection chain=prerouting comment=PCC dst-address-type=\
!local new-connection-mark=h1 passthrough=yes per-connection-classifier=\
add action=mark-routing chain=prerouting connection-mark=h2 new-routing-mark=\
2r passthrough=no src-address-list=lanip
方法三:做路由
/ip route
add distance=1 gateway=vlan100 routing-mark=VLAN100
both-addresses:2/0 src-address-list=lanip
add action=mark-routing chain=prerouting connection-mark=h1 new-routing-mark=\
ROS V2,V3,V5负载均衡,适应PPPOE和静态IP
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.88.0/24
add action=mark-connection chain=prerouting disabled=no new-connection-mark=2 passthrough=yes per-connection-classifier=both-addresses:3/1 src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=3 disabled=no new-routing-mark=3 passthrough=yes src-address=192.168.88.0/24
#四线PCC负载均衡
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no new-connection-mark=1 passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.88.0/24
ROSPCC负载详细图文教程(新)
ROS PCC负载详细图文教程(新)!虽然网上很多视频,但是貌似很多菜菜天天都在问如何负载平衡,下面做一个PCC的负载教程。
以下环境是ADSL 4线负载均衡,线路数量不同的请自行修改脚本。
接口图示开启DHCP,自己先给lan网卡配置一个地址,例如192.168.0.1/24NAT伪装Mangle视图下面是回程路由,只发一个接口的图,其他的自己添加,可加可不加标记连接,路由路由设置4线PCC负载脚本PCC 负载脚本—–仅支持3.30或以上脚本!/ip firewall mangleadd action=change-mss chain=forward comment=”" disabled=no new-mss=1400 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4passthrough=yesadd action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24/ip routeadd comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4/ip firewall natadd action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out1add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out2add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out3add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out4。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
ROS 典型PCC负载脚本:global num:set num 38:for szwm from=1to=$num do={:global type:set type ("both-addresses:". $num . "/". ($szwm-1))#设置网卡名字 name中的wlan可以改成#/interface set ("ether" . $szwm) name=("wlan". $szwm)#建立pppoe拨号,并禁用/interface pppoe-client addname=("pppoe-out". $szwm) user=("user" . $szwm) password=("pass" . $sz wm) \interface=("wlan".$szwm) comment=("ADSL_". $szwm) disabled=no# NAT伪装/ip firewall nat add chain=srcnat out-interface=("pppoe-out". $szwm)action=masquerade \comment=("NAT_ADSL". $szwm)# 标记从哪里来/ ip firewall mangle \add chain=input in-interface=("pppoe-out". $szwm) action=mark-connection \ new-connection-mark=("adsl" . $szwm ."_conn") passthrough=yescomment=("From_ADSL". $szwm)#标记从哪里来,回哪里去/ ip firewall mangle add chain=outputconnection-mark=("adsl" . $szwm ."_conn") \action=mark-routing new-routing-mark=( "to_adsl". $szwm) passthrough=yes comment=("To_ADSL". $szwm)#PCC设置/ip firewall mangleadd chain=preroutingaction=mark-connection new-connection-mark=("adsl" . $szwm ."_conn") \dst-address-type=!local in-interface=Local per-connection-classifier=$type passthrough=yes comment=("ADSL_PCC". $szwm)#标记路由/ip firewall mangleadd chain=preroutingconnection-mark=("adsl" . $szwm ."_conn") in-interface=Localaction=mark-routing new-routing-mark=( "to_adsl". $szwm) \comment=("Route_To_ADSL". $szwm)#添加路由/ip routeadddst-address=0.0.0.0/0gateway=("pppoe-out". $szwm) routing-mark=( "to_adsl". $szwm) check-gateway=ping comment=("To_ADSL". $szwm)add dst-address=0.0.0.0/0gateway=("pppoe-out". $szwm) distance=$szwmcheck-gateway=ping comment=("ECMP_". $szwm)}配合这个掉线后自动修改脚本很好用以4线为例,其中某条线路断了后,会自动判断剩余可用的线路数量然后修改PCC规则的参数,线路恢复正常后会自动把参数修改回正常状态,注意连接标记名称一定要以纯数字“1、2、3、4...”来命名。
一般该脚本设置30秒间隔就比较合适。
#pcc掉线后自动修改参数脚本{:local status:local i "4":local x "0":local y "0":local z "0":set x [:len [/interface pppoe-client find running=yes]]:if($x<$i) do={:for ii from=1to=$i do={:set status [/interface get[find name=("pppoe-out".$ii)] running]:if($status=true) do={/ip fir man set[find new-connection-mark=$ii]per-connection-classifier=("both-addresses:".$x."/".$y) disable=no;:set y($y+1)} else={/ip fir man set[find new-connection-mark=$ii] disable=yes}}}:if($x=$i) do={:set z [:len [/ip fir man find action="mark-connection"disabled=yeschain=prerouting]]:if($z>0) do={:for ii from=1to=$i do={/ip fi man set[find new-connection-mark=$ii]per-connection-classifier=("both-addresses:".$x."/".$y) disable=no;:set y($y+1)}}}}以上是PPPOE环境下的,下面的这个是固定IP相同网关的环境,2条线/ip addressadd address=192.168.1.1/24comment="shan"disabled=no interface=lan \network=192.168.1.0add address=10.10.10.10/32disabled=no interface=wan1add address=20.20.20.20/32disabled=no interface=wan2/ip firewall mangleadd action=accept chain=prerouting disabled=no dst-address=10.10.10.10\in-interface=wan1add action=accept chain=prerouting disabled=no dst-address=20.20.20.20\in-interface=wan2add action=mark-connection chain=input comment=\"\C2\B7\D3\C9\D4\AD\C2\B7\B7\B5\BB\D8\B2\DF\C2\D4"disabled=no \in-interface=wan1 new-connection-mark=wan1_conn passthrough=yesadd action=mark-routing chain=output connection-mark=wan1_conn disabled=no \new-routing-mark=wan1_rout passthrough=yesadd action=mark-connection chain=input disabled=no in-interface=wan2 \new-connection-mark=wan2_conn passthrough=yesadd action=mark-routing chain=output connection-mark=wan2_conn disabled=no \new-routing-mark=wan2_rout passthrough=yesadd action=mark-connection chain=prerouting comment=wan1 disabled=no \dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes \per-connection-classifier=both-addresses:2/0src-address-list=192.168.1.0/ 24add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=\ no new-routing-mark=wan1_rout passthrough=yessrc-address-list=192.168.1.0/24add action=mark-connection chain=prerouting comment=wan2 disabled=no \dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes \per-connection-classifier=both-addresses:2/1src-address-list=192.168.1.0/ 24add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=\ no new-routing-mark=wan2_rout passthrough=yessrc-address-list=192.168.1.0/24add action=change-mss chain=forward comment=\"============\D0\DE\B8\C4MMS=============shan"disabled=yes new-mss=1440\ passthrough=yes protocol=tcp tcp-flags=syn/ip firewall natadd action=src-nat chain=srcnat comment="wan1\BF\DANat"disabled=no \out-interface=wan1 src-address-list=192.168.1.0/24to-addresses=10.10.10.10 add action=src-nat chain=srcnat comment="wan2\BF\DANat"disabled=no \out-interface=wan2 src-address-list=192.168.1.0/24to-addresses=20.20.20.20 add action=masquerade chain=srcnat comment="shan"disabled=nosrc-address-list=192.168.1.0/24\to-addresses=0.0.0.0/ip routeadd disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan1 \routing-mark=wan1_rout scope=30target-scope=10add disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan2 \routing-mark=wan2_rout scope=30target-scope=10add disabled=no distance=1dst-address=0.0.0.0/0gateway=1.1.1.1%wan1 \scope=255target-scope=10add disabled=no distance=2dst-address=0.0.0.0/0gateway=1.1.1.1%wan2 \scope=255target-scope=10add comment="shan"disabled=yes distance=1dst-address=0.0.0.0/0\gateway=192.168.1.1scope=30target-scope=10这上5.x的双线同网关固定IP的pcc脚本,lan为局域网口,wan1和wan2为两个外网口。