关于ROS设置一线多拨再映射内网IP端口的问题，请教高手了...

pzg · 发表于 2020-7-5 10:51:06

马上注册成为ROSABC会员，随时发帖回复。

您需要登录才可以下载或查看，没有账号？会员注册

x

ros版本6.46.1
主机:192.168.8.100(可上外网)
内网机：192.168.8.101 需要映射的端口13456

ROS:
网卡：
ether1
wan (pppoe)

建立vrrp1 vrrp2 vrrp3

adsl拨号三路一线多拨
pppoe-out1 对应vrrp1
pppoe-out2 对应vrrp2
pppoe-out3 对应vrrp3

wan vrrp1 vrrp2都设置同一网段的IP

然后就是作标记，加路由
再端口映射

现在的问题是，用第一个pppoe产生的IP，访问时，成功映射到内网，其它的几路都不行，帮忙看一下是哪里设置不对了，谢谢了！！！
具体脚本：

/interface vrrp
add name=vrrp1 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=1
add name=vrrp2 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=2
add name=vrrp3 arp=enabled authentication=none disabled=no interface=wan interval=1 mtu=1500 preemption-mode=yes priority=100 vrid=3

/ip address
add address=1.1.1.1/24 disabled=no interface=wan
add address=1.1.1.10/24 disabled=no interface=vrrp1
add address=1.1.1.11/24 disabled=no interface=vrrp2
add address=1.1.1.12/24 disabled=no interface=vrrp3

/interface pppoe-client #填上你的宽带账号ID和密码
add name="pppoe-out1" interface="vrrp1" user="1" password="2" disabled=no
add name="pppoe-out2" interface="vrrp2" user="1" password="2" disabled=no
add name="pppoe-out3" interface="vrrp3" user="1" password="2" disabled=no

/ip firewall mangle
add action=change-mss chain=forward comment=change-mss disabled=no new-mss=1440 protocol=tcp tcp-flags=syn

/ip firewall mangle
add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/0 new-connection-mark=PCC_1 passthrough=yes comment="PCC1"
add action=mark-routing chain=prerouting connection-mark=PCC_1 disabled=no in-interface=lan new-routing-mark=PCC_ROUT1 passthrough=yes

add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/1 new-connection-mark=PCC_2 passthrough=yes comment="PCC2"
add action=mark-routing chain=prerouting connection-mark=PCC_2 disabled=no in-interface=lan new-routing-mark=PCC_ROUT2 passthrough=yes

add chain=prerouting action=mark-connection dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:3/2 new-connection-mark=PCC_3 passthrough=yes comment="PCC3"
add action=mark-routing chain=prerouting connection-mark=PCC_3 disabled=no in-interface=lan new-routing-mark=PCC_ROUT3 passthrough=yes

/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 new-connection-mark=PCC_1 passthrough=yes comment="INOUT1"
add action=mark-routing chain=output connection-mark=PCC_1 disabled=no new-routing-mark=PCC_ROUT1 passthrough=yes

add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 new-connection-mark=PCC_2 passthrough=yes comment="INOUT2"
add action=mark-routing chain=output connection-mark=PCC_2 disabled=no new-routing-mark=PCC_ROUT2 passthrough=yes

add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 new-connection-mark=PCC_3 passthrough=yes comment="INOUT3"
add action=mark-routing chain=output connection-mark=PCC_3 disabled=no new-routing-mark=PCC_ROUT3 passthrough=yes

/ip firewall nat

add action=masquerade chain=srcnat comment=1 disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat comment=2 disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat comment=3 disabled=no out-interface=pppoe-out3

/ip route
add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=PCC_ROUT1 check-gateway=ping disabled=no distance=1
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=PCC_ROUT2 check-gateway=ping disabled=no distance=1
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=PCC_ROUT3 check-gateway=ping disabled=no distance=1

add comment=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 check-gateway=ping disabled=no distance=1
add comment=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 check-gateway=ping disabled=no distance=2
add comment=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 check-gateway=ping disabled=no distance=3

/ip firewall nat
add chain=dstnat in-interface=wan protocol=tcp dst-port=13456 action=dst-nat to-addresses=192.168.8.101 to-ports=13456
add action=masquerade chain=srcnat comment="" disabled=no

pzg · 发表于 2020-7-5 20:21:53

求高手指教呀！！！

胖虎 · 发表于 2020-7-7 22:13:04

端口映射的数据经过PCC了，要排除出去。或者再标记一次端口映射的数据，把前面PCC打上的mark覆盖掉。

wzlxyl · 发表于 2020-8-9 13:46:14

新手路过，学习中。

635834090 · 发表于 2020-9-12 02:22:18

表示一脸懵逼

qijianjiang · 发表于 2020-12-25 13:45:46

胖虎发表于 2020-7-7 22:13
端口映射的数据经过PCC了，要排除出去。或者再标记一次端口映射的数据，把前面PCC打上的mark覆盖掉。 ...

也恳请老大能出一个简单的示例不知道可以不？我也是差不多相同的问题困扰，只不过我一个是电信一个是移动（内网），我做了映射后一样有时候能映射有时候又不能，并且试过让这个端口单独标记后做路由表指定到电信也不行，估计还是在标记的设置上面设置有错误了。。。。。

sjirene5 · 发表于 2021-5-10 00:04:09

解决了吗

		自动登录	找回密码
密码			会员注册

[求助] 关于ROS设置一线多拨再映射内网IP端口的问题，请教高手了...

马上注册成为ROSABC会员，随时发帖回复。