มือใหม่กับ Mikrotik ครับ
จาก command ข้างล่างนี้ ผมแก้ไขมาจากของคุณ Pakorn Amornprapateerakul ซึ่งสามารถ Run ได้เรียบร้อยดี แต่ติดปัญหาตรงที่ไม่สามารถออกอินเตอร์เน็ตได้
ผมได้ทดสอบ ping จากเครื่อง pc client ที่ต่อ port4 (ether4) ไปยัง www.google.com ขึ้น timeout
ผมได้ทดสอบ ping จากเครื่อง pc client ที่ต่อ port4 (ether4) ไปยัง IP address ของบริษัท 203.149.xx.xx สำเร็จ
ผมได้ทดสอบเข้า IP โดยตรง ผ่านเว็บ browser http://203.149.xx.xx ปรากฎว่าเข้าไม่ได้
ผมได้ทดสอบเข้า IP โดยตรง ผ่านเว็บ browser https://203.149.xx.xx ปรากฎว่าเข้าได้ (HTTPS)
ปล. 1.) IP address ที่อ้างอิงเป็น IP จริง ซึ่ง Co-location ไว้กับ ISP
2.) ผม disable PPPoE client ไว้ เพราะจะทดสอบว่า ถ้าเน็ตเส้นหนึ่งหลุด อีกเส้นต้องทำงานได้ปกติ
3.) ether2_outside2 ผมจำลองต่อจาก adsl router ที่ออกเน็ตอีกที จึงเซ็ตให้เป็น dhcp client (ตอนใช้จริงจะต่อกับ true docsis ซึ่งใช้ dhcp client ได้เลย)
รบกวนผู้รู้ช่วยชี้แนะด้วยครับ จะเป็นพระคุณอย่างยิ่งครับ ขอบคุณครับ
# Source from Pakorn Amornprapateerakul (pakorna@gmail.com)
# Basic Config MikroTik RouterOS on RB1100AHx2
# For Load Balance 2 WANs : Per Connection Classifier Method
# Ether1: WAN1 (Set as DHCP client)
# Ether2: WAN2 (Set as PPPoE connection)
# Ether3-13: LAN (Create 3 bridges for 3 networks)
# DHCP: 192.168.10.1/24, 192.168.20.1/24 and 192.168.30.1/24
# DNS:8.8.8.8 / 8.8.4.4
/
# Rename interface name
/ interface
set name=ether1_outside1 [find name=ether1]
set name=ether2_outside2 [find name=ether2]
/
# Create bridge1-3 interface for 3 networks
/
/ interface bridge
add name=bridge1 disabled=no comment="bridge1 from ether3-5"
add name=bridge2 disabled=no comment="bridge2 from ether6-8"
add name=bridge3 disabled=no comment="bridge3 from ether9-10"
/
/
/ interface bridge port
add bridge=bridge1 disabled=no interface=ether3
add bridge=bridge1 disabled=no interface=ether4
add bridge=bridge1 disabled=no interface=ether5
add bridge=bridge2 disabled=no interface=ether6
add bridge=bridge2 disabled=no interface=ether7
add bridge=bridge2 disabled=no interface=ether8
add bridge=bridge3 disabled=no interface=ether9
add bridge=bridge3 disabled=no interface=ether10
/
/ ip service
set telnet address="" disabled=yes port=23
set ftp address="" disabled=yes port=21
set www address="" disabled=no port=81
set ssh address="" disabled=yes port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/
/ system clock
set time-zone-name=Asia/Bangkok
/
/ system ntp client
set enabled=yes mode=unicast primary-ntp=128.138.141.172 secondary-ntp=118.175.67.83
/
/ ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=8.8.8.8,8.8.4.4
/
/ ip address
add address=192.168.10.1/24 disabled=no interface=bridge1 network=192.168.10.0
add address=192.168.20.1/24 disabled=no interface=bridge2 network=192.168.20.0
add address=192.168.30.1/24 disabled=no interface=bridge3 network=192.168.30.0
/
/ ip pool
add name=dhcp_pool1 ranges=192.168.10.10-192.168.1.254
add name=dhcp_pool2 ranges=192.168.20.10-192.168.1.254
add name=dhcp_pool3 ranges=192.168.30.10-192.168.1.254
/
/ ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=bridge1 lease-time=3d name=dhcp_server1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=bridge2 lease-time=3d name=dhcp_server2
add address-pool=dhcp_pool3 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=bridge3 lease-time=3d name=dhcp_server3
/
/ ip dhcp-server config
set store-leases-disk=5m
/
# To prevent multi ISP DNS problem, you can use google dns 8.8.8.8 and 8.8.4.4 as a solution to this issue in multi wan.
/
/ ip dhcp-server network
add address=192.168.10.0/24 dhcp-option="" dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.10.1 netmask=24 ntp-server=129.6.15.29,118.175.67.83
add address=192.168.20.0/24 dhcp-option="" dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.20.1 netmask=24 ntp-server=129.6.15.29,118.175.67.83
add address=192.168.30.0/24 dhcp-option="" dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.30.1 netmask=24 ntp-server=129.6.15.29,118.175.67.83
/
/
#Define PPPoE Dial Up Interface is a must prior to script loading to prevent the script error#
/ interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
"WAN1 pppoe-out1 on ether1" dial-on-demand=no disabled=yes interface=\
ether1_outside1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=\
password1 profile=default service-name="" use-peer-dns=no user=username1
/
# Setup of the DHCP-Client (which will get a lease from the DHCP server)
/ ip dhcp-client
add interface=ether2_outside2 use-peer-dns=yes add-default-route=yes disabled=no
/
#Begining of PCC Load Balance Section#
/
/ ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no in-interface=ether1_outside1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no in-interface=ether2_outside2 new-connection-mark=WAN2_conn passthrough=yes
/
/ ip firewall mangle
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no \
new-routing-mark=to_WAN2 passthrough=yes
/
/ ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.10.0/24
add action=accept chain=prerouting dst-address=192.168.20.0/24
add action=accept chain=prerouting dst-address=192.168.30.0/24
/
# For using with HOTSPOT Function must be put hotspot=auth
# 3BB (16 M) : TRUE (20 M) = 4:5 Ratio
#Ratio WAN1 = 4 Times
#Ratio WAN2 = 5 Times
/
/ ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/3
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/4
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/5
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/6
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/7
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.10.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/8
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/3
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/4
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/5
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/6
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/7
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.20.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/8
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:9/3
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/4
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/5
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/6
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/7
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no dst-address-type=!local src-address=192.168.30.0/24 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:9/8
/
/
/ ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
no src-address=192.168.10.0/24 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
no src-address=192.168.10.0/24 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
no src-address=192.168.20.0/24 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
no src-address=192.168.20.0/24 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
no src-address=192.168.30.0/24 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
no src-address=192.168.30.0/24 new-routing-mark=to_WAN2 passthrough=yes
/
# NETWORK ADDRESS TRANSLATION(MASQUERADE) for local address which cannot route on the internet#
/
/ ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1_outside1 src-address=192.168.10.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether2_outside2 src-address=192.168.10.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether1_outside1 src-address=192.168.20.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether2_outside2 src-address=192.168.20.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether1_outside1 src-address=192.168.30.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether2_outside2 src-address=192.168.30.0/24
/
# DEFAULT GATEWAY SETUP SECTION#
/
/ ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=ether1_outside1 routing-mark=to_WAN1
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=ether2_outside2 routing-mark=to_WAN2
/
#GATEWAY FAIL OVER#
/
/ ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1_outside1
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ether2_outside2
/
#End Script PCC Dual WANS Load Balance#
ไม่มีความคิดเห็น:
แสดงความคิดเห็น