关于ROS设置一线多拨再映射内网IP端口的问题，请教高手了...

pzg

ros版本6.46.1
主机:192.168.8.100(可上外网)
内网机：192.168.8.101 需要映射的端口13456

ROS:
网卡：
ether1
wan (pppoe)

建立vrrp1 vrrp2 vrrp3

adsl拨号三路  一线多拨
pppoe-out1 对应vrrp1
pppoe-out2 对应vrrp2
pppoe-out3 对应vrrp3

wan vrrp1 vrrp2都设置同一网段的IP

然后就是作标记，加路由
再端口映射

现在的问题是，用第一个pppoe产生的IP，访问时，成功映射到内网，其它的几路都不行，帮忙看一下是哪里设置不对了， 谢谢了！！！
具体脚本：


/interface vrrp
add name=vrrp1 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=1
add name=vrrp2 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=2
add name=vrrp3 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=3



/ip address
add address=1.1.1.1/24 disabled=no interface=wan
add address=1.1.1.10/24 disabled=no interface=vrrp1
add address=1.1.1.11/24 disabled=no interface=vrrp2
add address=1.1.1.12/24 disabled=no interface=vrrp3

/interface pppoe-client #填上你的宽带账号ID和密码
add name="pppoe-out1" interface="vrrp1" user="1" password="2" disabled=no
add name="pppoe-out2" interface="vrrp2" user="1" password="2" disabled=no
add name="pppoe-out3" interface="vrrp3" user="1" password="2" disabled=no

/ip firewall mangle
add action=change-mss chain=forward comment=change-mss disabled=no new-mss=1440 protocol=tcp tcp-flags=syn

/ip firewall mangle
add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/0 new-connection-mark=PCC_1 passthrough=yes comment="PCC1"
add action=mark-routing chain=prerouting connection-mark=PCC_1 disabled=no in-interface=lan new-routing-mark=PCC_ROUT1 passthrough=yes

add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/1 new-connection-mark=PCC_2 passthrough=yes comment="PCC2"
add action=mark-routing chain=prerouting connection-mark=PCC_2 disabled=no in-interface=lan new-routing-mark=PCC_ROUT2 passthrough=yes

add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/2 new-connection-mark=PCC_3 passthrough=yes comment="PCC3"
add action=mark-routing chain=prerouting connection-mark=PCC_3 disabled=no in-interface=lan new-routing-mark=PCC_ROUT3 passthrough=yes

/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 new-connection-mark=PCC_1 passthrough=yes comment="INOUT1"
add action=mark-routing chain=output connection-mark=PCC_1 disabled=no new-routing-mark=PCC_ROUT1 passthrough=yes

add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 new-connection-mark=PCC_2 passthrough=yes comment="INOUT2"
add action=mark-routing chain=output connection-mark=PCC_2 disabled=no new-routing-mark=PCC_ROUT2 passthrough=yes

add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 new-connection-mark=PCC_3 passthrough=yes comment="INOUT3"
add action=mark-routing chain=output connection-mark=PCC_3 disabled=no new-routing-mark=PCC_ROUT3 passthrough=yes

/ip firewall nat

add action=masquerade chain=srcnat comment=1 disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat comment=2 disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat comment=3 disabled=no out-interface=pppoe-out3

/ip route
add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=PCC_ROUT1 check-gateway=ping disabled=no distance=1
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=PCC_ROUT2 check-gateway=ping disabled=no distance=1
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=PCC_ROUT3 check-gateway=ping disabled=no distance=1

add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 check-gateway=ping disabled=no distance=1
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 check-gateway=ping disabled=no distance=2
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 check-gateway=ping disabled=no distance=3


/ip firewall nat
add chain=dstnat in-interface=wan protocol=tcp dst-port=13456 action=dst-nat  to-addresses=192.168.8.101 to-ports=13456
add action=masquerade chain=srcnat comment="" disabled=no

pzg

求高手指教呀！！！

胖虎

端口映射的数据经过PCC了，要排除出去。或者再标记一次端口映射的数据，把前面PCC打上的mark覆盖掉。

wzlxyl

新手路过，学习中。

635834090

表示一脸懵逼

qijianjiang

胖虎 发表于 2020-7-7 22:13
端口映射的数据经过PCC了，要排除出去。或者再标记一次端口映射的数据，把前面PCC打上的mark覆盖掉。 ...

也恳请老大能出一个简单的示例不知道可以不？我也是差不多相同的问题困扰，只不过我一个是电信一个是移动（内网），我做了映射后一样有时候能映射有时候又不能，并且试过让这个端口单独标记后做路由表指定到电信也不行，估计还是在标记的设置上面设置有错误了。。。。。

sjirene5

解决了吗