#|
#|
#| Define all parameters
#|
#|
:global wanAddress1 192.168.0.101/24
:global wanNetwork1 192.168.0.1
:global wanNetwork1Subnet 192.168.0.1/24
:global wanBroadcast1 192.168.0.255
:global wanGateway1 192.168.0.1
:global localAddress 10.5.50.1/24
:global localNetwork 10.5.50.1
:global localNetwork2 10.5.50.1/24
:global localBroadcast 10.5.50.255
:global localGateway 10.5.50.1
:global localDNS 10.5.50.1
:global localPool 10.5.50.10-10.5.50.200
:global dnsServer 8.8.8.8,8.8.4.4
#|
#|
#| Assign interace's name
#|
#|
/interface set "ether1" name="PORT1_WAN"
/interface set "ether2" name="PORT2_LAN"
#|
#|
#| Assign master port switch
#|
#|
/interface ethernet set master-port=PORT3_LAN
#|
#|
#| Assign ipaddress to our interfaces
#|
#|
#| Port 1 -> WAN 1
/ip address add address=$wanAddress1 network=$wanNetwork1 broadcast=$wanBroadcast1 interface=PORT1_WAN
#| Port 2 -> Local LAN
/ip address add address=$localAddress network=$localNetwork broadcast=$localBroadcast interface=PORT2_LAN
#|
#| Mark incoming package on input's chain
#|
/ip firewall mangle add chain=input in-interface=PORT1_WAN action=mark-connection new-connection-mark=PORT1_WAN_conn
#|
#| Mark routing package on output's chain
#|
/ip firewall mangle add chain=output connection-mark=PORT1_WAN_conn action=mark-routing new-routing-mark=to_PORT1_WAN
#|
#| Accept all packages if they come from local
#|
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork1Subnet action=accept in-interface=PORT2_LAN
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork2Subnet action=accept in-interface=PORT2_LAN
#|
#| Do the load balance package
#|
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=PORT2_LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=PORT1_WAN_conn passthrough=yes
#|
#| Mark output network for packages
#|
/ip firewall mangle add chain=prerouting connection-mark=PORT1_WAN_conn in-interface=PORT2_LAN action=mark-routing new-routing-mark=to_PORT1_WAN
#|
#| Add routing table
#|
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway1 routing-mark=to_PORT1_WAN check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway1 distance=1 check-gateway=ping
#|
#|
#| Assign NAT
#|
#|
/ip firewall nat add chain=srcnat out-interface=PORT1_WAN action=masquerade
#|
#|
#| Assign allow DNS
#|
#|
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=$dnsServer
#|
#|
#| Assign DHCP server
#|
#|
/ip pool add name=default-dhcp ranges=$localPool
/ip dhcp-server add name=default address-pool=default-dhcp interface=PORT3_LAN disabled=yes
/ip dhcp-server network add address=$localNetwork2 gateway=$localGateway dns-server=$localDNS
ไม่มีความคิดเห็น:
แสดงความคิดเห็น