Contoh

/ip firewall nat
add chain=dstnat action=dst-nat to-ports=53

al dst-port=53 comment="TRANSPARENT DNS"
al dst-port=53
xy dst-port=53
xy dst-port=53
/ip
add
add
add
add
protocol=udp in-interface=ether3-loc
protocol=tcp in-interface=ether3-loc
protocol=udp in-interface=ether5-pro
protocol=tcp in-interface=ether5-pro
firewall address-list
list=LAN-NeT address=192.168.0.0/24
list=Proxy-NeT address=192.168.50.0/24
list=Local+Proxy address=192.168.0.0/24
list=Local+Proxy address=192.168.50.0/24
/ip firewall mangle

add chain=prerouting action=mark-routing new-routing-mark=PointBlank passthrough
=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=49100 comment="ROUTER POINTBLANK"
=yes protocol=udp \
dst-address=203.89.146.0/23 dst-port=40000-40010
=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=39190
add chain=input action=mark-connection new-connection-mark=pppoe1-conn passthrou
gh=yes connection-state=new \
in-interface=pppoe-out1 comment="PPPoE CONN"
add chain=input action=mark-connection new-connection-mark=pppoe2-conn passthrou
gh=yes connection-state=new \
in-interface=pppoe-out2
add chain=prerouting action=mark-connection new-connection-mark=pppoe1-conn pass
through=yes connection-state=established \
through=yes connection-state=established \
through=yes connection-state=related \
through=yes connection-state=related \
add chain=output action=mark-routing new-routing-mark=pppoe-out1 passthrough=no
connection-mark=pppoe1-conn
add chain=output action=mark-routing new-routing-mark=pppoe-out2 passthrough=no
connection-mark=pppoe2-conn
HTTP CONN
add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 pass

through=yes protocol=tcp \
src-address-type="" dst-address-type=!local dst-address-list=!Local+Proxy in-int
erface=ether5-proxy \
per-connection-classifier=both-addresses-and-ports:2/0 comment="HTTP CONN"
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether5-proxy
\
per-connection-classifier=both-addresses-and-ports:2/1
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether3-local
dst-port=80,3128 \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether3-local
dst-port=80,3128 \
MARK-HTTP ROUTE :
add chain=prerouting action=mark-routing new-routing-mark=pppoe-out1 passthrough
=yes in-interface=ether5-proxy \
connection-mark=http-pppoe1 comment="MARK-HTTP ROUTE"
add chain=prerouting action=mark-routing new-routing-mark=pppoe-out2 passthrough
=yes in-interface=ether5-proxy \
connection-mark=http-pppoe2
NON-HTTP CONN :
add chain=prerouting action=mark-connection new-connection-mark=non-http-pppoe1
passthrough=yes protocol=tcp
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether5-proxy
dst-port=80,3128 \
per-connection-classifier=both-addresses-and-ports:2/0 comment="NON-HTTP CONN"
passthrough=yes protocol=tcp \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether5-pr
oxy dst-port=80,3128 \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether3-lo
cal dst-port=!80,3128 \
dst-address-type=!local dst-address-list=!Local+Proxy in-interface=ether3-lo
cal dst-port=!80,3128 \
passthrough=yes protocol=udp \
oxy \
oxy \
dst-address-type=!local in-interface=ether3-local per-connection-classifier=
both-addresses-and-ports:2/0 \
dst-address-type=!local in-interface=ether3-local per-connection-classifier=
both-addresses-and-ports:2/1
MARK NON HTTP ROUTE :
add chain=prerouting action=mark-routing new-routing-mark=pppoe-out1 passthr
ough=yes in-interface=ether3-local \
connection-mark=non-http-pppoe1 comment="MARK NON HTTP ROUTE"
add chain=prerouting action=mark-routing new-routing-mark=pppoe-out2 passthr
ough=yes in-interface=ether3-local \
connection-mark=non-http-pppoe2
CRITICAL CONN :
add chain=postrouting action=change-dscp new-dscp=1 protocol=tcp dst-port=53
comment="CRITICAL CONN"
add chain=postrouting action=change-dscp new-dscp=1 protocol=icmp
add chain=postrouting action=change-dscp new-dscp=1 protocol=udp dst-port=53
add chain=postrouting action=mark-connection new-connection-mark=critical-co
nn passthrough=yes dscp=1
add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passth
rough=no connection-mark=critical-conn
PROXY-HIT :
add chain=prerouting action=mark-packet new-packet-mark=PKT-HIT passthrough=
no protocol=tcp \
in-interface=Proxy dscp=12 comment="PROXY-HIT"
add chain=postrouting action=mark-packet new-packet-mark=PKT-HIT passthrough
=no out-interface=LAN dscp=12
IP ROUTE :
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable
check-gateway=ping distance=1 \
scope=30 target-scope=10 comment="Default_Speedy1"
scope=30 target-scope=10 routing-mark=PointBlank comment="Default_Speedy2"
scope=30 target-scope=10 routing-mark=pppoe-out1
atau
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 check-gateway=ping distance=1
scope=30 target-scope=10 comment="Default_Speedy1"
scope=30 target-scope=10 routing-mark=PointBlank comment="Default_Speedy2"
\
\
\
\

Contoh

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Contoh

Transféré par

Droits d'auteur :

Formats disponibles

/ip firewall nat

add chain=dstnat action=dst-nat to-ports=53

/ip firewall mangle

add chain=prerouting action=mark-connection new-connection-mark=http-pppoe1 pass

Vous aimerez peut-être aussi