找回密码
 加入网盟
分割线
官方精品推荐
ROS 3.3PCC负载均衡
pcc只能用于同ISP情况下
A基础设置

#接口配置
                /ip address add address=192.168.0.1/255.255.255.0 interface=lan comment=lan
                /interface pppoe-client
                add name="pppoe-out01" max-mtu=1440 max-mru=1440 interface=WAN1 \
                        user="adsl1" password="adsl1" profile=default \
                        service-name="" ac-name="" add-default-route=yes dial-on-demand=no \
                        use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
                add name="pppoe-out02" max-mtu=1440 max-mru=1440 interface=WAN2 \
                        user="adsl2" password="adsl2" profile=default \
                        service-name="" ac-name="" add-default-route=yes dial-on-demand=no \
                        use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
                       
        #DNS配置
                /ip dns set primary-dns=202.102.192.68 secondary-dns=202.102.199.68 allow-remote-requests=yes

        #路由配置
                /ip rout
                add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01
                add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out02

        #伪装
                /ip firewall nat
                add action=masquerade chain=srcnat  disabled=no src-address=192.168.0.0/24

B高级配置
        /ip firewall mangle
        add action=change-mss chain=forward comment="" disabled=no new-mss=1440 protocol=tcp tcp-flags=syn

        #标记pcc负载均衡的第一条连接和路由
                add chain=prerouting  dst-address-type=!local in-interface=lan \
                action=mark-connection new-connection-mark=conn1 per-connection-classifier=both-addresses:2/0 passthrough=yes

                add chain=prerouting connection-mark=conn1 in-interface=lan \
                action=mark-routing new-routing-mark=rout1 passthrough=yes

        #标记pcc负载均衡的第二条连接和路由
                add chain=prerouting  dst-address-type=!local in-interface=lan \
                action=mark-connection new-connection-mark=conn2 per-connection-classifier=both-addresses:2/1 passthrough=yes

                add chain=prerouting connection-mark=conn2 in-interface=lan \
                action=mark-routing new-routing-mark=rout2 passthrough=yes

        #配置路由指向
                /ip route
                add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01 routing-mark=rout1 check-gateway=ping
                add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out02 routing-mark=rout2 check-gateway=ping

C为了使内网服务器可以被内外网的机器正常访问 设置回程路由

        #标记连接先
                add chain=input in-interface=pppoe-out01 action=mark-connection new-connection-mark=conn1 passthrough=yes
                add chain=input in-interface=pppoe-out02 action=mark-connection new-connection-mark=conn2 passthrough=yes
        #对上述的连接做路由标记
                add chain=output connection-mark=conn1 action=mark-routing new-routing-mark=rout1 passthrough=yes
                add chain=output connection-mark=conn2 action=mark-routing new-routing-mark=rout2 passthrough=yes
        #对上述路由标记做路由指向,前面已配置过路由指向故这里可省略
                #/ip route
                #add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01 routing-mark=rout1 check-gateway=ping
                #add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out02 routing-mark=rout2 check-gateway=ping

备注:
    当你有多个内网卡的时候,在B高级配置中,每条标记中in-interface=lan就显得不够用了,解决方法是
        1,/ip firewall address-list add list=lan address=192.168.1.0/24
           /ip firewall address-list add list=lan address=192.168.2.0/24
        2,在#标记pcc负载均衡的第一条连接和路由
                add chain=prerouting  dst-address-type=!local in-interface=lan \
                action=mark-connection new-connection-mark=conn1 per-connection-classifier=both-addresses:2/0 passthrough=yes

                add chain=prerouting connection-mark=conn1 in-interface=lan \
                action=mark-routing new-routing-mark=rout1 passthrough=yes

            #标记pcc负载均衡的第二条连接和路由
                add chain=prerouting  dst-address-type=!local in-interface=lan \
                action=mark-connection new-connection-mark=conn2 per-connection-classifier=both-addresses:2/1 passthrough=yes

                add chain=prerouting connection-mark=conn2 in-interface=lan \
                action=mark-routing new-routing-mark=rout2 passthrough=yes
     中,in-interface=lan替换为src-address-list=lan即可

分享至 : QQ空间
收藏

0 个回复

您需要登录后才可以回帖 登录 | 加入网盟
关闭

华夏网盟推荐 上一条 /1 下一条