Mikrotik CCR1009 ROS 7 双 WAN 配置

tag-icon tag-icon networking router internet mikrotik routeros
Mikrotik CCR1009 ROS 7 双 WAN 配置

我有一台 CCR1009(ROS 7.2.3),其 COMBO 端口配置为 WAN_1,eth1 到 eth5 端口配置为 LAN、VOIP 和 3 个具有不同子网的 SERVER。

ISP 是 fastweb(混合光纤 100/100),它为我提供了 5 个公共 IP 地址,我已将这些地址分配给每个端口以区分某些服务。

由于沃达丰以 1000/200 的速度通过直连光纤到达,我希望将其作为 WAN_2 连接到 eth7,并将所有流量从 LAN 转移到它,并将 VOIP 和 3 SERVER 留在 WAN_1 上。

我研究了几个小时,我意识到您需要创建 2 个 mangle 规则(一个用于 FASWEB,一个用于 VODAFONE),其中标记数据包,将它们分配给 2 个路由表,然后通过为两个连接分配表来修改路由。

不幸的是,尽管我尝试了所有方法,但我还是无法使配置正常工作。

有谁能帮助我吗?

提前致谢,

詹卢卡

当前没有 mangle 规则的配置如下:

# jun/22/2022 13:59:29 by RouterOS 7.2.3
#
# model = CCR1009-7G-1C-1S+
# 

/interface bridge
add name=BRIDGE_LAN
add name=BRIDGE_SERVER

/interface ethernet
set [ find default-name=combo1 ] name=WAN_ISP1
set [ find default-name=ether1 ] name=LAN
set [ find default-name=ether2 ] name=VOIP
set [ find default-name=ether3 ] name=SERVER1
set [ find default-name=ether4 ] name=SERVER2
set [ find default-name=ether5 ] name=SERVER3
set [ find default-name=ether7 ] name=WAN_ISP2
set [ find default-name=sfp-sfpplus1 ] name=SFPPLUS

/ip pool
add name=dhcp_lan_pool ranges=192.168.98.100-192.168.98.254

/ip dhcp-server
add address-pool=dhcp_lan_pool interface=BRIDGE_LAN name=dhcp_lan

/routing table
add disabled=no fib name=TO_VODA
add disabled=no fib name=TO_FAST

/interface bridge port
add bridge=BRIDGE_SERVER ingress-filtering=no interface=SERVER1
add bridge=BRIDGE_SERVER ingress-filtering=no interface=SERVER2
add bridge=BRIDGE_SERVER ingress-filtering=no interface=SERVER3
add bridge=BRIDGE_LAN ingress-filtering=no interface=LAN

/ip address
add address=192.168.99.1/24 interface=BRIDGE_SERVER network=192.168.99.0
add address=192.168.98.1/24 interface=BRIDGE_LAN network=192.168.98.0
add address=192.168.1.1/24 interface=VOIP network=192.168.1.0

add address=xxx.xxx.xxx.142/29 comment="WAN_ISP1 EMPTY" interface=WAN_ISP1 network=xxx.xxx.xxx.136
add address=xxx.xxx.xxx.141/29 comment="WAN_ISP1 VOIP" interface=WAN_ISP1 network=xxx.xxx.xxx.136
add address=xxx.xxx.xxx.140/29 comment="WAN_ISP1 WEB" interface=WAN_ISP1 network=xxx.xxx.xxx.136
add address=xxx.xxx.xxx.139/29 comment="WAN_ISP1 NAS" interface=WAN_ISP1 network=xxx.xxx.xxx.136
add address=xxx.xxx.xxx.138/29 comment="WAN_ISP2 LAN" interface=WAN_ISP1 network=xxx.xxx.xxx.xxx


/ip dhcp-server network
add address=192.168.98.0/24 comment="GW LAN" dns-server=192.168.98.1 gateway=192.168.98.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1

/ip firewall filter
add action=accept chain=input comment="ACCEPT ESTABILISHED,RELATED" connection-state=established,related
add action=accept chain=input comment="ALLOW PING ROUTERBOARD" protocol=icmp
add action=drop chain=forward comment="DROP INVALID PACKET" connection-state=invalid
add action=drop chain=input comment="DROP ALL OTHER ON WAN" in-interface=WAN_ISP1
add action=drop chain=input comment="DROPPA DROP ALL OTHER" disabled=yes

/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT VOIP 1:1 WITH HAIRPIN NAT" disabled=yes dst-address=xxx.xxx.xxx.141 dst-port=0-65535 protocol=udp to-addresses=192.168.1.10
add action=dst-nat chain=dstnat comment="VOIP TEST TCP" dst-address=xxx.xxx.xxx.141 dst-port=40000-40999 protocol=tcp to-addresses=192.168.1.10 to-ports=40000-40999
add action=dst-nat chain=dstnat comment="VOIP TEST UDP" dst-address=xxx.xxx.xxx.141 dst-port=40000-40999 protocol=udp to-addresses=192.168.1.10 to-ports=40000-40999
add action=dst-nat chain=dstnat comment="NAT WEBSITE 1:1 WITH HAIRPIN NAT" dst-address=xxx.xxx.xxx.140 dst-port=0-65535 protocol=tcp to-addresses=192.168.99.16
add action=dst-nat chain=dstnat comment="VOIP SIM (SU LAN) TCP" dst-address=xxx.xxx.xxx.141 dst-port=45000-45999 protocol=tcp to-addresses=192.168.98.42 to-ports=45000-45999
add action=dst-nat chain=dstnat comment="VOIP SIM (SU LAN) UDP" dst-address=xxx.xxx.xxx.141 dst-port=45000-45999 protocol=udp to-addresses=192.168.98.42 to-ports=45000-45999
add action=src-nat chain=srcnat comment="NAT WEBSITE 1:1 OUT" src-address=192.168.99.0/24 to-addresses=xxx.xxx.xxx.140
add action=src-nat chain=srcnat comment="NAT VOIP 1:1 OUT" src-address=192.168.1.0/24 to-addresses=xxx.xxx.xxx.141
add action=src-nat chain=srcnat comment="NAT LAN 1:1 OUT" src-address=192.168.98.0/24 to-addresses=xxx.xxx.xxx.138


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.137 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 # route per fastweb

相关内容