[转载]广电+电信双线设置分流设置

广电+电信双线设置分流设置
Wan1 ip 10.254.0.8/255.255.255.0 网关为10.254.0.1 DNS为10.254.115.9
Wan2 ip 172.16.0.10/255.255.255.0 网关为 172.16.0.1 DNS为202.103.44.150
Lan ip 192.168.0.1/255.255.254.0 (子网扩大了1位包含了0和1两个网段)
环境Wan1 为广电， Wan2 为电信 Lan口为内网接口
设置达到的效果为 192.168.0.2-192.168.0.254 走广电线路使用广电DNS， 192.168.1.1-192.168.1.254 走电信线路走电信DNS。
1.添加内外网ip

[admin@NETMAY] /ip address> print

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK INTERFACE

0 ;;; added by setup

192.168.0.1/23 192.168.0.0 LAN

1 ;;; added by setup

10.254.0.8/24 10.254.0.0 WAN1

2 ;;; added by setup

172.16.0.10/24 172.16.0.0 WAN2

2.添加标记标记分流的ip

[admin@NETMAY] > ip firewall mangle print

Flags: X - disabled, I - invalid, D - dynamic

0 chain=prerouting action=mark-routing new-routing-mark=GD passthrough=yes src-address=192.168.0.2-192.168.0.252

1 chain=prerouting action=mark-routing new-routing-mark=DX passthrough=yes src-address=192.168.1.1-192.168.1.254

3.添加外网网关(注意标记)

[admin@NETMAY] > ip route print

Flags: X - disabled, A - active, D - dynamic,

C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,

B - blackhole, U - unreachable, P - prohibit

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE RoutingMark

0 A S ;;; added by setup

0.0.0.0/0 10.254.0.1 1 GD

1 A S ;;; added by setup

0.0.0.0/0 172.16.0.1 1 DX

2 ADC 10.254.0.0/24 10.254.0.8 WAN1 0

3 ADC 172.168.0.0/24 172.16.0.10 WAN2 0

4 ADC 192.168.0.0/23 192.168.0.1 LAN 0

4添加伪装和DNS劫持

[admin@NETMAY] > ip firewall nat print

Flags: X - disabled, I - invalid, D - dynamic

0 chain=srcnat action=masquerade src-address=192.168.0.0/23

1 chain=dstnat action=dst-nat to-addresses=202.103.44.150 to-ports=53 protocol=udp src-address=192.168.1.0/24 dst-address=192.168.0.1 dst-port=53

2 chain=dstnat action=dst-nat to-addresses=10.254.115.9 to-ports=53 protocol=udp src-address=192.168.0.0/24 dst-address=192.168.0.1 dst-port=53

完成

本站仅提供存储服务，所有内容均由用户发布，如发现有害或侵权内容，请点击举报。