Ros 3.30 PCC多线负载均衡脚本脚本

合集下载

ROS3.30ADSL双线PCC及NTH负载均衡图文教程

ROS3.30ADSL双线PCC及NTH负载均衡图文教程第一篇：ROS3.30 ADSL双线PCC及NTH负载均衡图文教程1、内网IP设置：2、添加pppoe 去掉 Add Default Route 我们后期手动进行路由设置。

4、标记先标记New Connection Mark 名称为1st_conn，然后用Connection 标记New routing Mark min名称为：1st_route5、设置PCCNTH的设置方法：7、设置备用路由最终效果图8、伪装设置：第二篇：ROS 典型PCC负载脚本ROS 典型PCC负载脚本:global num:set num 38:for szwm from=1 to=$num do={ :global type:set type(“both-addresses:”.$num.“/”.($szwm-1))#设置网卡名字 name中的wlan可以改成#/interface set(“ether”.$szwm)name=(“wlan”.$szwm)#建立pppoe拨号，并禁用/interface pppoe-client add name=(“pppoe-out”.$szwm)user=(“user”.$szwm)password=(“pass”.$szwm) interface=(“wlan”.$szwm)comment=(“ADSL_”.$szwm)di sabled=no # NAT伪装/ip firewall nat add chain=srcnat out-inte rface=(“pppoe-out”.$szwm)action=masqueradecomment=(“NAT_ADSL”.$szwm)# 标记从哪里来/ ip firewall mangleadd chain=input in-interface=(“pppoe-out”.$szwm)action=mark-connection new-connection-mark=(“adsl”.$szwm.“_conn”)passthrough=yescomment=(“From_ADSL”.$szwm)#标记从哪里来，回哪里去/ ip firewall mangle add chain=output connection-mark=(“adsl”.$szwm.“_conn”)action=mark-routing new-routing-mark=(“to_adsl”.$szwm)passthrough=yescomment=(“To_ADSL”.$szwm)#PCC设置/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=(“adsl”.$szwm.“_conn”)dst-address-type=!local in-interface=Local per-connection-classifier=$type passthrough=yes comment=(“ADSL_PCC”.$szwm)#标记路由/ip firewall mangle add chain=prerouting connection-mark=(“adsl”.$szwm.“_conn”)in-interface=Localaction=mark-routing new-routing-mark=(“to_adsl”.$szwm)comment=(“Route_To_ADSL”.$szw m)#添加路由/ip route add dst-address=0.0.0.0/0 gateway=(“pppoe-out”.$szwm)routing-mark=(“to_adsl”.$szwm)check-gateway=pingcomment=(“To_ADSL”.$szwm)add dst-address=0.0.0.0/0 gateway=(“pppoe-out”.$szwm)distance=$szwm check-gateway=ping comment=(“ECMP_”.$szwm)}配合这个掉线后自动修改脚本很好用以4线为例，其中某条线路断了后，会自动判断剩余可用的线路数量然后修改PCC规则的参数，线路恢复正常后会自动把参数修改回正常状态，注意连接标记名称一定要以纯数字“1、2、3、4...”来命名。

ROS 多线PCC负载均衡

ROS 多线PCC负载均衡-宽带分租教程提示：PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port) PCC原理 PCC从一定范围内分析选择IP数据包头，通过哈西散列算法的帮助下，将选定的区域转换为32bit值PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port)PCC原理PCC从一定范围内分析选择IP数据包头，通过哈西散列算法的帮助下，将选定的区域转换为32bit值。

这个值除以指定Denominator（分母），余数将比较一个指定的余数（Remainder），如果相等这时数据包将会被捕获，你可以选择src-address, dst-address, src-port, dst-port等使用此操作。

per-connection-classifier= PerConnectionClassifier ::=[!]ValuesToHash:Denominator/Remainder Remainder ::= 0..4294967295 (integer number) Denominator ::= 1..4294967295 (integer number) ValuesToHash ::=src-address|dst-address|src-port|dst-port[,ValuesToHash*] per-connection-classifier分类器，通过判断源地址、目标地址、源端口和目标端口，对数据进行分类，如事例：这个配置将所有连接基于源地址和端口分类的3个组：/ip firewall mangle add chain=prerouting action=mark-connectionnew-connection-mark=1st_connper-connection-classifier=both-addresses:3/0 /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=2nd_conn per-connection-classifier=both-addresses:3/1 /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=3rd_conn per-connection-classifier=both-addresses:3/2per-connection-classifier=both-addresses:3/0，这条规则的含义为我们对原地址的端口进行分类，3/0为一共有3条出口，定义第一条，3/1则是第二条，以此类推。

ROS3.30限制P2P等软件(L7)脚本

5][0-9][0-9][\\x09-\\x0d -~]*(content-type: image/gif)"
add comment="" name=http_javascript regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x\
0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: text/javascript)"
add address=121.14.75.0/24 comment="" disabled=no list=games4 comment="" disabled=no list=games
add address=183.60.14.0/24 comment="" disabled=no list=games
# jun/01/2011 20:16:01 by RouterOS 3.30
# software id = U731-QIJR
# 使用说明：192.168.0.0/22批量替换成你自己的网段，如包括在内则不用修改。
# 服务器IP在IP address list自行更改
# 默认限速是50M带宽。
add comment="" name=rar regexp="^.*get.+\\.rar.*\$"
add comment="" name=exe regexp="^.*get.+\\.exe.*\$"
add comment="" name=iso regexp="^.*get.+\\.rar.*\$"

2018-rospcc负载均衡-范文模板 (6页)

本文部分内容来自网络整理，本司不为其真实性负责，如有异议或侵权请及时联系，本司将立即删除！== 本文为word格式，下载后可方便编辑和修改！ ==rospcc负载均衡篇一：ROS_PCC负载均衡案例40条线路PCC负载均衡RouterOS支持多线路的负载均衡，某小区为了节约费用，采用40条2M带宽的AD通过做汇聚实现高带宽的小区带宽，为解决接口问题采用一台Cisco的48口的交换机做VLAN接入40条AD，让后通过VLAN连接到RouterOS进行拨号，再做PCC负载均衡，网络拓扑图如下：外网接入的方法是在交换机和RouterOS路由器上划分VLAN，然后在ROS对应的VLAN上做PPPoE-CLIENT。

1、首先划分VLAN（我们这里是从2开始排序的），脚本如下：[admin@MikroTik] > :for i fro(来自: : rospcc负载均衡 )m=2 to=41 do= {interface vlan add name=("vlan".$i) vlan-id=$i interface=ether2-wan }2、然后添加PPPOE拨号（先添加拨号再手动输入每个AD的帐号和密码，40条AD设置还是要花点时间了），脚本如下：[admin@MikroTik] > :for i from=2 to=41 do= {interface pppoe-clientadd name=("pppoe-out".$i) user=$i password=$i interface=("vlan".$i)}3、我们这里采用PCC的负载均衡，在ip firewall mangle里添加相应的PCC规则，通过一些脚本添加PCC的规则，注意：如果PPPoE客户端拨号没有成功，那么添加的规则则为红色的，拨号成功后自动正常[admin@MikroTik] > :for i from=2 to=41 do={/ip firewall mangle add chain=inputaction=mark-connection new-connection-mark=conn1 in-interface=("pppoe-out".$i)}4.然后标记路由让从哪个接口进来的数据就从哪个接口出去：[admin@MikroTik] > :for i from=2 to=41 do= {ip firewall mangle add chain=outputconnection-mark=("conn".$i) action=mark-routing new-routing-mark=("rout".$i)}[admin@MikroTik] >5．然后将所有内网出来的数据通过pcc的both-addresses分成40分并标记连接和路由：[admin@MikroTik] > :for i from=2 to=41 do= {/ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-connection new-connection-mark=("conn".$i)per-connection-classifier=("both-addresses:40/".$i) comment=$i{... /ip firewall mangle add chain=prerouting src-address-list=lan-add action=mark-routingnew-routing-mark=("rout".($i-2)) connection-mark=("conn".$i)}篇二：RouterOS多线PCC负载均衡RouterOS多线PCC负载均衡核心提示：PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port) PCC原理 PCC从一定范围内分析选择IP数据包头，通过哈西散列算法的帮助下，将选定的区域转换为32bit值PCC匹配器允许分离传输流做到平衡流量的功能(能指定这个属性选择src-address, src-port, dst-address,dst-port)PCC原理PCC从一定范围内分析选择IP数据包头，通过哈西散列算法的帮助下，将选定的区域转换为32bit值。

ROS3.30全套多线负载平衡设置脚本

ROS3.30设置脚本如果你是菜鸟，下面的脚本也许会帮了，如果你是高高手，请你多指证，谢谢下面是我花了一整天的时间整理出来的，第一次用ROS3.30，走了很多弯路，还好以前有点2.9的基础，结合在网上找些前辈门的脚本，终于测试一切正常，我自己在我的线路上测试通过，如果到你机器上有问题，请嘴上留情，别骂我，请仔细检查，相信你也一定能行的。

如果有问题实在搞不懂，可以加我QQ307237303（请先自己多钻研一下在加我）# dec/03/2011 20:55:29 by RouterOS 3.30# software id = K6BP-MUXD#/interface ethernetset 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C8:66 mtu=1500 name=W AN3 speed=100Mbpsset 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:03:47:95:C2:FC mtu=1500 name=LAN speed=100Mbpsset 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:90 mtu=1500 name=W AN1 speed=100Mbpsset 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:20:ED:1C:B3:91 mtu=1500 name=W AN2 speed=100Mbps以上是网卡名称设置/ip pooladd name=PPPOE-IP ranges=10.0.0.5-10.0.0.200以上是PPPOE拔号地址池/portset 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=\none stop-bits=1set 1 baud-rate=9600 data-bits=8 flow-control=hardware name=serial1 parity=\none stop-bits=1以上是导出后不知用处的/ppp profileset default change-tcp-mss=yes comment="" name=default only-one=default \use-compression=default use-encryption=default use-vj-compression=defaultadd change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=PPPOE-1 only-one=yes rate-limit=\"108k/1400k 128k/1600k 90k/1m" remote-address=PPPOE-IP use-compression=\default use-encryption=default use-vj-compression=default wins-server=\221.5.88.88add change-tcp-mss=default comment="" dns-server=210.21.196.6 local-address=\10.0.0.1 name=LOW only-one=yes rate-limit="88k/900k 108k/1100k 90k/1m" \remote-address=PPPOE-IP use-compression=default use-encryption=default \use-vj-compression=default wins-server=221.5.88.88set default-encryption change-tcp-mss=yes comment="" name=default-encryption \ only-one=default use-compression=default use-encryption=yes \use-vj-compression=default以上是PPPOE服务建立/interface pppoe-clientadd ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN1 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out1 password=123 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN2 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out2 password=123456 profile=default \service-name="" use-peer-dns=no user=123add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \ dial-on-demand=no disabled=no interface=WAN3 max-mru=1480 max-mtu=1480 \ mrru=disabled name=pppoe-out3 password=3 profile=default service-name="" \ use-peer-dns=no user=3以上是ADSL拔号上网的建立/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=12M name=totaldown parent=global-in priority=8/queue typeset default kind=pfifo name=default pfifo-limit=50set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \sfq-perturb=5set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \ red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\ 5add kind=pcq name=PCQ-up pcq-classifier=src-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000add kind=pcq name=PCQ-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 1000000 pcq-total-limit=10000add kind=pcq name=80-Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 800000 pcq-total-limit=10000add kind=pcq name=other_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000add kind=pcq name=server_down pcq-classifier=dst-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000add kind=pcq name=game-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\ 400000 pcq-total-limit=10000set default-small kind=pfifo name=default-small pfifo-limit=10/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=10M name=otherdown packet-mark=Port_Packet parent=totaldown \ priority=8 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \ max-limit=12M name=portdown packet-mark=Port_Packet parent=totaldown \priority=1 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=no limit-at=5M \ max-limit=12M name=80down packet-mark=80_packet parent=totaldown \priority=2 queue=defaultadd burst-limit=0 burst-threshold=0 burst-time=3s disabled=yes limit-at=0 \ max-limit=18M name=totalup packet-mark=PCQ-up parent=global-out priority=\7 queue=default以上是网络优先设置，感觉用处不大，我是3*4M AD/snmpset contact="" enabled=no engine-boots=0 engine-id="" location="" \time-window=15 trap-sink=0.0.0.0 trap-version=1/snmp communityset public address=0.0.0.0/0 authentication-password="" \authentication-protocol=MD5 encryption-password="" encryption-protocol=\DES name=public read-access=yes security=none write-access=no/system logging actionset memory memory-lines=100 memory-stop-on-full=no name=memory target=memory set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \disk-stop-on-full=no name=disk target=diskset echo name=echo remember=yes target=echoset remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \ syslog-facility=daemon syslog-severity=auto target=remote/user groupadd comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\ word,web,sniff,sensitive,!ftp,!write,!policy"add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\ ox,password,web,sniff,sensitive,!ftp,!policy"add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\ ,test,winbox,password,web,sniff,sensitive"/interface bridge settingsset use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ no/interface ethernet mirrorset/interface l2tp-server serverset authentication=pap,chap,mschap1,mschap2 default-profile=\default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled/interface ovpn-server serverset auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:46:57:28:66:CB \max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no/interface pppoe-server serveradd authentication=pap,chap,mschap1,mschap2 default-profile=PPPOE-1 disabled=\ yes interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 \max-sessions=0 mrru=disabled one-session-per-host=no service-name=\service1/interface pptp-server serverset authentication=mschap1,mschap2 default-profile=default-encryption \ enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled /ip accountingset account-local-traffic=no enabled=no threshold=256/ip accounting web-accessset accessible-via-web=no address=0.0.0.0/0以上也是不知的东东/ip addressadd address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no \ interface=LAN network=192.168.2.0以上是设置ROS的内网IP/ip dhcp-server configset store-leases-disk=5m/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 primary-dns=210.21.196.6 secondary-dns=\221.5.88.88以上是设置DNS,你的可能不一样/ip firewall connection trackingset enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s以上是系统默认值/ip firewall mangleadd action=change-mss chain=postrouting comment="" disabled=yes new-mss=1460 \ protocol=tcp tcp-flags=synadd action=mark-routing chain=prerouting comment="" disabled=yes \ new-routing-mark=add passthrough=no src-address-list=src1add action=mark-connection chain=prerouting comment=1 disabled=yes \ in-interface=LAN new-connection-mark=1 passthrough=yes \per-connection-classifier=src-address-and-port:3/0add action=mark-routing chain=prerouting comment="" connection-mark=1 \ disabled=yes in-interface=LAN new-routing-mark=1 passthrough=noadd action=mark-connection chain=prerouting comment=2 disabled=yes \ in-interface=LAN new-connection-mark=2 passthrough=yes \per-connection-classifier=src-address-and-port:3/1add action=mark-routing chain=prerouting comment="" connection-mark=2 \ disabled=yes in-interface=LAN new-routing-mark=2 passthrough=noadd action=mark-connection chain=prerouting comment=3 disabled=yes \ in-interface=LAN new-connection-mark=3 passthrough=yes \per-connection-classifier=src-address-and-port:3/2add action=mark-routing chain=prerouting comment="" connection-mark=3 \ disabled=yes in-interface=LAN new-routing-mark=3 passthrough=noadd action=change-mss chain=forward comment="" disabled=no new-mss=1400 \ protocol=tcp tcp-flags=synadd action=add-src-to-address-list address-list=src1 address-list-timeout=5s \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=add-src-to-address-list address-list=src2 address-list-timeout=3h \ chain=prerouting comment="" disabled=no dst-port=80 protocol=tcp \src-address-list=!src2add action=accept chain=prerouting comment="" disabled=no dst-port=443 \in-interface=LAN protocol=tcpadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out1 new-connection-mark=1 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out2 new-connection-mark=2 passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=\pppoe-out3 new-connection-mark=3 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=1 disabled=no \new-routing-mark=to_1 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=2 disabled=no \new-routing-mark=to_2 passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=3 disabled=no \new-routing-mark=to_3 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=1 passthrough=yes \per-connection-classifier=both-addresses:3/0 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=2 passthrough=yes \per-connection-classifier=both-addresses:3/1 src-address=10.0.0.0/24add action=mark-connection chain=prerouting comment="" disabled=no \dst-address-type=!local new-connection-mark=3 passthrough=yes \per-connection-classifier=both-addresses:3/2 src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=1 \disabled=no new-routing-mark=to_1 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=2 \disabled=no new-routing-mark=to_2 passthrough=yes src-address=10.0.0.0/24add action=mark-routing chain=prerouting comment="" connection-mark=3 \disabled=no new-routing-mark=to_3 passthrough=yes src-address=10.0.0.0/24以上是PPPOE 负载平衡，为both-addresses形式的（好像和PCC一样，不明白，还有就是我没做IP负载平衡，我用不着，做了也删了）add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8291 in-interface=pppoe-out3 new-connection-mark=in_3 passthrough=yes \protocol=tcpadd action=mark-routing chain=output comment="" connection-mark=in_3 \disabled=no new-routing-mark=3 passthrough=yes以上是指定外网访问ROS的线路和端口，我这样理解，具体也不明白add action=mark-connection chain=prerouting comment=\"\D3\C5\CF\C8\B6\CB\BF\DA" disabled=no dst-port=443 new-connection-mark=\Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\3724 new-connection-mark=Port_Conn passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\8000 new-connection-mark=Port_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=Port_Conn \disabled=no new-packet-mark=Port_Packet passthrough=noadd action=mark-connection chain=prerouting comment="web\B6\CB\BF\DA" \disabled=no dst-port=80 new-connection-mark=80_Conn passthrough=yes \protocol=tcpadd action=mark-connection chain=prerouting comment="" disabled=no dst-port=\53 new-connection-mark=80_Conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting comment="" connection-mark=80_Conn \ disabled=no new-packet-mark=80_packet passthrough=noadd action=mark-connection chain=prerouting comment=\"\C6\E4\CB\FB\CA\FD\BE\DD" disabled=no new-connection-mark=Other_Conn \passthrough=yesadd action=mark-packet chain=prerouting comment="" connection-mark=Other_Conn \ disabled=no new-packet-mark=Other_Packet passthrough=no以上是端口优先标记，和前面的一起使用，不用就都不要加/ip firewall natadd action=masquerade chain=srcnat comment=10 disabled=no out-interface=\pppoe-out1add action=masquerade chain=srcnat comment=11 disabled=no out-interface=\pppoe-out2add action=masquerade chain=srcnat comment=12 disabled=no out-interface=\pppoe-out3以上是IP伪装，我是三知AD，和2.9的不一样，开始这里按2.9的搞，搞了很久上不了网/ip firewall service-portset ftp disabled=no ports=21set tftp disabled=no ports=69set irc disabled=no ports=6667set h323 disabled=noset sip disabled=no ports=5060,5061set pptp disabled=no/ip neighbor discoveryset WAN3 discover=yesset LAN discover=yesset WAN1 discover=yesset WAN2 discover=yesset pppoe-out1 discover=noset pppoe-out2 discover=noset pppoe-out3 discover=no/ip proxyset always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \parent-proxy-port=0 port=8080 serialize-connections=no src-address=\0.0.0.0以上是不知用的东东/ip routeadd check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out2 routing-mark=2add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out3 routing-mark=3add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="" disabled=yes distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1 routing-mark=1add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out2add comment=WAN1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out1 routing-mark=to_1add comment=WAN3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out3 routing-mark=to_3add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN2 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="" disabled=yes distance=2 dst-address=\0.0.0.0/0 gateway=pppoe-out3add comment=WAN2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\pppoe-out2 routing-mark=to_2add check-gateway=ping comment=WAN1 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=WAN3 disabled=no distance=10 dst-address=\0.0.0.0/0 gateway=pppoe-out3以上这里就是路由了，看着有点长，设好后其实就只有3*2+1条了，为什么？我这样理解的，3条AD+3条备用+1条默认/ip serviceset telnet address=0.0.0.0/0 disabled=no port=23set ftp address=0.0.0.0/0 disabled=no port=21set www address=0.0.0.0/0 disabled=no port=80set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443set api address=0.0.0.0/0 disabled=yes port=8728set winbox address=0.0.0.0/0 disabled=no port=8291/ip socksset connection-idle-timeout=2m enabled=no max-connections=200 port=1080/ip traffic-flowset active-flow-timeout=30m cache-entries=4k enabled=no \inactive-flow-timeout=15s interfaces=all/ip upnpset allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes以上这些也是不知用的东东，也不用管吧/ppp aaaset accounting=yes interim-update=0s use-radius=no/ppp secretadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC110 password=110110 profile=LOW routes="" service=anyadd caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \name=ADSC207 password=207207 profile=default routes="" service=any以上是我拔号上网的用户名和密码，按自己的加，PPPOE服务前面已建立好了set WAN3 queue=ethernet-defaultset LAN queue=ethernet-defaultset WAN1 queue=ethernet-defaultset WAN2 queue=ethernet-defaultset pppoe-out1 queue=defaultset pppoe-out2 queue=defaultset pppoe-out3 queue=default/radius incomingset accept=no port=3799/storeadd comment="" disabled=no disk=primary-master name=web-proxy1 type=web-proxy /system clockset time-zone-name=manual/system clock manualset dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\"jan/01/1970 00:00:00" time-zone=+00:00/system consoleadd disabled=no port=serial0 term=vt102set [ find vcno=1 ] disabled=no term=linuxset [ find vcno=2 ] disabled=no term=linuxset [ find vcno=3 ] disabled=no term=linuxset [ find vcno=4 ] disabled=no term=linuxset [ find vcno=5 ] disabled=no term=linuxset [ find vcno=6 ] disabled=no term=linuxset [ find vcno=7 ] disabled=no term=linuxset [ find vcno=8 ] disabled=no term=linux/system console screenset line-count=25/system hardwareset multi-cpu=yes/system healthset state-after-reboot=enabled/system identityset name=MikroTik/system loggingadd action=memory disabled=no prefix="" topics=infoadd action=memory disabled=no prefix="" topics=erroradd action=memory disabled=no prefix="" topics=warningadd action=echo disabled=no prefix="" topics=critical/system noteset note="" show-at-login=yes/system ntp clientset enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0上面的我也没搞明白是什么，也不用去理会/system scheduleradd comment="" disabled=no interval=30s name=getadsl on-event=":global assign\ \r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 3\r\（红字3改成你的AD条数）\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip address find c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n" start-time=startup以上是刷网关的脚本，很重点的哟add comment="" disabled=no interval=5m name=DDNS on-event=":log info \"DDNS: B\ egin\"\r\\n:global ddns-user \"123456\"\r\\n:global ddns-pass \"123456\"\r\\n:global ddns-host \"\"\r\（将红字改成你的）\n:global ddns-interface \"pppoe-out1\"\r\（这个是用那条线做DDNS）\n:global ddns-ip [ /ip address get [/ip address find interface=\$ddns-int\erface] address ] \r\\n:log info \"DDNS: Sending UPDATE!\"\r\\n:log info [ /tool dns-update name=\$ddns-host address=[:pick \$ddns-ip 0\\_[:find \$ddns-ip \"/\"] ] key-name=\$ddns-user key=\$ddns-pass ]\r\\n:log info \"DDNS: End\"" start-time=startup以上是DDNS,很好用的/system scriptadd name=ADSL policy=\ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\:global assign\r\\n:global new\r\\n:global status\r\\n:global x\r\\n:set x 2\r\\n:for i from=1 to=\$x do={\r\\n :set status [/interface get [/interface find name=(\"pppoe-out\" . \\$i)] running]\r\\n :if (\$status=true) do={\r\\n :set new [/ip address get [/ip address find dynamic=yes interface=(\\"pppoe-out\" . \$i)] address]\r\\n :set new [:pick \$new 0 ([:len \$new] -3)]\r\\n :set assign [/ip address get [/ip address find dynamic=no interface\=(\"pppoe-out\" . \$i)] address]\r\\n :set assign [:pick \$assign 0 ([:len \$assign] -3)]\r\\n :if (\$assign != \$new) do={ /ip address set [/ip address find c\omment=(\"adsl\" . \$i)] address=\$new network=\$new broadcast=\$new\r\\n /ip route set [/ip route find comment=(\"adsl\" . \$i)] gateway\=\$new\r\\n }\r\\n }\r\\n} \r\\n"/system upgrade mirrorset check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\0.0.0.0 user=""/system watchdogset auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ none watchdog-timer=yes/tool bandwidth-serverset allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\ 100/tool e-mailset from=<> password="" server=0.0.0.0:25 username=""/tool graphingset page-refresh=300 store-every=5min/tool graphing interfaceadd allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes/tool mac-serveradd disabled=no interface=all/tool mac-server pingset enabled=yes/tool smsset allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" /tool snifferset file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \ streaming-server=0.0.0.0/useradd address=0.0.0.0/0 comment="system default user" disabled=no group=full \ name=admin/user aaaset accounting=yes default-group=read interim-update=0s use-radius=no以上的我还是搞不懂的。

ros多线做端口映射脚本

正文开始，脚本在下面。

我做完ROS加VLAN ADSL多线PCC叠加设置设置后不久，网站开发小组的项目经理就找到我向我提出了需求，因为现在他们的测试服务器是放在我们办公室内网的，我们公司其它部门和其它分公司和我们办公室不是一个局域网，网站开发小组的项目经理想让我们公司的所有同事都能访问到测试服务器做用户体验度测试，想让我帮助实现，当时我一口答应下来，也觉得这是个很简单的事情，但是事情往往出人意料。

我一开始的思路是这样的，第一步就是在IP－>firewall－> nat下面做基于目标的伪装，也就是映射，第二步就是要做回流让内网的客户端也能通过公网IP 访问到服务器，第三步就是做动态映射的计划任务，定时更新第一步里面的目标地址即ADSL的地址，最后一步就要用到DDNS做一个二级域名的动态解析方便同事记忆和输入。

做完以后发现需求基本满足，就是内网客户端不能通过域名访问到服务器，只能通过内网IP访问，为了精益求精，继续研究，baidu和google 上搜索了无数方法均无效，后来在一个论坛里面看到一个高人的回复内容给了我启发，于是再一次尝试配置居然成功了。

不敢独享，现在将思路和脚本整理分享给更多需要的人。

首先我来分析下出现上述问题的原因，因为我们这里的环境是多线叠加的，我们的每个连接在进行路由之前都会对连接进行标记并路由，不同的标记有可能走不同的路由导致数据没办法顺利到达服务器，其内部数据的具体流向以及转换我也不是很清楚，如有高手路过请不吝赐教。

下面进入正题，其实很简单，我们只要在标记里面把目标地址为我们的外网接口地址的数据直接通过就可以解决这个问题了，有几条线就做几个标记，最后要添加计划任务更新标记里的目标地址为对应的外网接口地址，所以加上这最后两步一共是六步，下面就放出每一步的脚本（我的环境是双线叠加的，所以以下脚本都是适合双线的，改成多线的也很容易）1、做映射，这里以把内网的8890端口映射成9000端口为例。

ROSPCC负载详细图文教程(新)

ROS PCC负载详细图文教程（新）！虽然网上很多视频，但是貌似很多菜菜天天都在问如何负载平衡，下面做一个PCC的负载教程。

以下环境是ADSL 4线负载均衡，线路数量不同的请自行修改脚本。

接口图示开启DHCP，自己先给lan网卡配置一个地址，例如192.168.0.1/24NAT伪装Mangle视图下面是回程路由，只发一个接口的图，其他的自己添加，可加可不加标记连接，路由路由设置4线PCC负载脚本PCC 负载脚本—–仅支持3.30或以上脚本！/ip firewall mangleadd action=change-mss chain=forward comment=”" disabled=no new-mss=1400 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-connection chain=input comment=”" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-routing chain=output comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4passthrough=yesadd action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24add action=mark-connection chain=prerouting comment=”" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24add action=mark-routing chain=prerouting comment=”" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24/ip routeadd comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4/ip firewall natadd action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out1add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out2add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out3add action=masquerade chain=srcnat comment=”" disabled=no out-interface=pppoe-out4。

【新提醒】ros多线负载方法

【新提醒】ros多线负载方法
本帖最后由 zaiyongni 于 2013-6-11 20:40 编辑
吐槽一下，伪ros高手太多了。

前段时间一时大意给一个骗了。

结果还是自己慢慢研究透了。

PS，不要太相信网络上所谓高手帮你解决问题，只要你肯下决心去研究，多找找资料就没什么解决不了的。

正题：有段时间在想办法减少防火墙里规则的时候发现一个很有意思的事情：
本帖隐藏的内容
看这个有没有人看懂呢？
然后我在自家的出租房把所有的规则删除掉，连限速都没有留，，然后就成了这样
实测15天，在这里我解释一下，其实在路由表里直接添加一条规则就可以了，不用那么麻烦，如果你的是多isp的话就需要分开来做，还是只要在路由表里面添加，这样的话就省了做PCC的规则，而且经测试负载均衡也可以实现，你只需要再做下限速或者二次树形就可以了。

313以上理论上应该都可以，实测330和524的
这样做还有一个问题就是当你负载太高的时候类似QQ之类的软件会掉线，这个问题其实也不算什么问题，只要做一下回流就好了。

这样省了很多做了PCC之后的后遗症。

在这里说明一下给人骗的是关于多ISP负载均衡的！并不是PCC负载之类的。

这个问题我问过很多人，后面被催的急了病急乱投医。

结果你们懂的。

冷静下来后我又找过一些高手，在这里我还真的要谢谢大玩家，本来我打算出个千多块钱买个脚本来的，后面在跟大玩家沟通过程中才知道具体问题的思考方向。

PS,大玩家虽然不愿意接这个活，但是给了我些中肯的建议。

在这里，谢谢。

如果不是你，我可能现在还在问题死角里钻着。

多线ADSL拨出动态IP自动负载均衡脚本

用ROS已经十多天了，俺就不信做不了这个喜欢的请顶一下不管是双网通、还是双电信，还是一个网通一个电信还是更多的ADSL线路，只要动态分配IP，通吃。

设计包含了根据动态分配的IP自动更新为静态IP，然后再设为负载均衡的网关。

所有拨通、断开、禁用等均可自动设置。

如果没有变化不会有设置命令执行，对上网无任何影响。

工作流程概述：1、查找所有断开状态的PPPoE线路，删除未连接的静态IP设置；2、查找所有结连的PPPoE线路，检查动态IP、更新静态IP；3、计算出多线均衡的网关设置，然后用/ip route add gateway ip1,ip2,ip3....形式加入网关完成！！使用方法：建一个脚本，起一个名字；在计划中每几秒执行一次；基本不会对CPU加重负载。

有图为证，4线拨出：脚本源码：:local gw "":local js 0:foreach k in=[/inter pppoe-c find running=false] do={:set n [/inter pppoe-c get $k name]:set ipi [/ip addr find interface=$n dynamic=false]:if ($ipi != "") do={/ip addr remove $ipi}}:foreach k in=[/inter pppoe-c find running=true] do={:set n [/inter pppoe-c get $k name]:set dip [/ip address get [find interface=$n dynamic=true] address]:set diip [:pick $dip 0 [:find $dip /]]:if ($js=0) do={:set gw $diip} else={:set gw ($gw . "," . $diip)}:set js ($js+1):set ipi [/ip addr find interface=$n dynamic=false]:if ($ipi="") do={/ip addr add address=$diip netmask=255.255.255.255 network=$diip broadcast=$diip interface=$n} else={ :set sip [/ip addr get $ipi address]:set siip [:pick $sip 0 [:find $sip /]]:if ($diip != $siip) do={/ip addr set $ipi addr=$diip netmask=255.255.255.255 network=$diip broadcast=$diip}}}:set i [/ip route find comm=ecmp]:if ($gw = "") do={:if ($i != "") do={/ip route remove $i}} else={:if ($i="") do={/ip route add gateway $gw comment=ecmp} else={:set ogw [/ip route get $i gateway]:if ($ogw != $gw) do={/ip route set $i gateway $gw}}}给脚本加注解，希望想学习者不走弯路：因为只有使用形如/ip route gateway ip1,ip2,ip3 .... 才得得到负载均衡，但拨号的IP不固定，因此必须检查并设置为拨号得到的IP地址为静态，再设到网关中去才起作用。

ROS多根adsl叠加负载均衡PCC的做法

ROS多根adsl叠加负载均衡PCC的做法命令⾏：/ ip firewall mangle1、保证访问局域⽹IP的时候不被PCC了。

add chain=prerouting dst-address=10.1.1.0/24 action=accept in-interface=ether1add chain=prerouting dst-address=10.2.2.0/24 action=accept in-interface=ether12、保证上⽹流量从哪进就从哪出，所以必须⽐如对从wan⼝进来的流量进⾏标识。

为避免上下流量出错connection-mark=no-mark不可少！add chain=prerouting in-interface=wlan1 connection-mark=no-mark action=mark-connection new-connection-mark=1add chain=prerouting in-interface=wlan2 connection-mark=no-mark action=mark-connection new-connection-mark=23、对于从局域⽹进的连接，⽬的地址为⾮局域⽹IP的流量进⾏连接标记，每个1/2。

为避免上下流量出错connection-mark=no-mark不可少！add chain=prerouting in-interface=ether1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=1add chain=prerouting in-interface=ether1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=24、对于之前进⾏连接的标识进⾏，分别标识不同的路由标记。

Ros3.30PCC多线负载均衡脚本脚本

Ros 3.30 PCC双线负载均衡脚本脚本如下/ip address add address=内网网关IP/内网子网掩码interface=内网网卡名称comment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38"/ip dns set primary-dns=首选DNS secondary-dns=备用DNSallow-remote-requests=yes/interface pppoe-client add name="pppoe-out1" interface=外网网卡1名称user="PPPoE帐号1" password="密码1" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out2" interface=外网网卡2名称user="PPPoE帐号2" password="密码2" add-default-route=no disabled=no/ip firewall mangleadd action=change-mss chain=forwardcomment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38" disabled=no new-mss=1440 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out1_conn disabled=nonew-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out2_conn disabled=nonew-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out1_conn passthrough=yesper-connection-classifier=both-addresses:2/0 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out2_conn passthrough=yesper-connection-classifier=both-addresses:2/1 src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out1_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out1 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out2_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out2 passthrough=yes src-address=内网网断/内网子网掩码/ip routeadd comment=1 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out1 routing-mark=to_pppoe-out1 check-gateway=pingadd comment=2 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out2 routing-mark=to_pppoe-out2 check-gateway=pingadd check-gateway=ping comment="pppoe-out1" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="pppoe-out2" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2/ip firewall natadd action=masquerade chain=srcnat comment="1" disabled=noout-interface=pppoe-out1add action=masquerade chain=srcnat comment="2" disabled=noout-interface=pppoe-out2Ros 3.30 PCC三线负载均衡脚本脚本如下/ip address add address=内网网关IP/内网子网掩码interface=内网网卡名称comment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38"/ip dns set primary-dns=首选DNS secondary-dns=备用DNSallow-remote-requests=yes/interface pppoe-client add name="pppoe-out1" interface=外网网卡1名称user="PPPoE帐号1" password="密码1" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out2" interface=外网网卡2名称user="PPPoE帐号2" password="密码2" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out3" interface=外网网卡3名称user="PPPoE帐号3" password="密码3" add-default-route=no disabled=no/ip firewall mangleadd action=change-mss chain=forwardcomment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38" disabled=no new-mss=1440 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out1_conn disabled=nonew-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out2_conn disabled=nonew-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out3_conn disabled=nonew-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out1_conn passthrough=yesper-connection-classifier=both-addresses:3/0 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out2_conn passthrough=yesper-connection-classifier=both-addresses:3/1 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out3_conn passthrough=yesper-connection-classifier=both-addresses:3/2 src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out1_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out1 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out2_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out2 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out3 passthrough=yes src-address=内网网断/内网子网掩码/ip routeadd comment=1 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out1 routing-mark=to_pppoe-out1 check-gateway=pingadd comment=2 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out2 routing-mark=to_pppoe-out2 check-gateway=ping add comment=3 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out3 routing-mark=to_pppoe-out3 check-gateway=ping add check-gateway=ping comment="pppoe-out1" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="pppoe-out2" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="pppoe-out3" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3/ip firewall natadd action=masquerade chain=srcnat comment="1" disabled=noout-interface=pppoe-out1add action=masquerade chain=srcnat comment="2" disabled=noout-interface=pppoe-out2add action=masquerade chain=srcnat comment="3" disabled=noout-interface=pppoe-out3Ros 3.30 PCC四线负载均衡脚本脚本如下/ip address add address=内网网关IP/内网子网掩码interface=内网网卡名称comment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38"/ip dns set primary-dns=首选DNS secondary-dns=备用DNSallow-remote-requests=yes/interface pppoe-client add name="pppoe-out1" interface=外网网卡1名称user="PPPoE帐号1" password="密码1" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out2" interface=外网网卡2名称user="PPPoE帐号2" password="密码2" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out3" interface=外网网卡3名称user="PPPoE帐号3" password="密码3" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out4" interface=外网网卡4名称user="PPPoE帐号4" password="密码4" add-default-route=no disabled=no/ip firewall mangleadd action=change-mss chain=forwardcomment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38" disabled=nonew-mss=1440 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out1_conn disabled=nonew-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out2_conn disabled=nonew-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out3_conn disabled=nonew-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out4_conn disabled=nonew-routing-mark=to_pppoe-out4 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out1_conn passthrough=yesper-connection-classifier=both-addresses:4/0 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out2_conn passthrough=yesper-connection-classifier=both-addresses:4/1 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out3_conn passthrough=yesper-connection-classifier=both-addresses:4/2 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out4_conn passthrough=yesper-connection-classifier=both-addresses:4/3 src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out1_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out1 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out2_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out2 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out3 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out4 passthrough=yes src-address=内网网断/内网子网掩码/ip routeadd comment=1 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out1 routing-mark=to_pppoe-out1 check-gateway=pingadd comment=2 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out2 routing-mark=to_pppoe-out2 check-gateway=pingadd comment=3 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out3 routing-mark=to_pppoe-out3 check-gateway=pingadd comment=4 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out4 routing-mark=to_pppoe-out4 check-gateway=pingadd check-gateway=ping comment="pppoe-out1" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="pppoe-out2" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="pppoe-out3" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3add check-gateway=ping comment="pppoe-out4" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4/ip firewall natadd action=masquerade chain=srcnat comment="1" disabled=noout-interface=pppoe-out1add action=masquerade chain=srcnat comment="2" disabled=noout-interface=pppoe-out2add action=masquerade chain=srcnat comment="3" disabled=noout-interface=pppoe-out3add action=masquerade chain=srcnat comment="4" disabled=noout-interface=pppoe-out4Ros 3.30 PCC五线负载均衡脚本脚本如下/ip address add address=内网网关IP/内网子网掩码interface=内网网卡名称comment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38"/ip dns set primary-dns=首选DNS secondary-dns=备用DNSallow-remote-requests=yes/interface pppoe-client add name="pppoe-out1" interface=外网网卡1名称user="PPPoE帐号1" password="密码1" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out2" interface=外网网卡2名称user="PPPoE帐号2" password="密码2" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out3" interface=外网网卡3名称user="PPPoE帐号3" password="密码3" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out4" interface=外网网卡4名称user="PPPoE帐号4" password="密码4" add-default-route=no disabled=no/interface pppoe-client add name="pppoe-out5" interface=外网网卡5名称user="PPPoE帐号5" password="密码5" add-default-route=no disabled=no/ip firewall mangleadd action=change-mss chain=forwardcomment="\D1\CC\C9\F1\B6\E0\CF\DF\50\43\43\BD\C5\B1\BE\52\6F\73\BC\BC\ CA\F5\BD\BB\C1\F7\C8\BA\A3\BA\31\30\32\38\37\32\30\35\38" disabled=no new-mss=1440 protocol=tcp tcp-flags=synadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yesadd action=mark-connection chain=input comment="" disabled=noin-interface=pppoe-out5 new-connection-mark=pppoe-out5_conn passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out1_conn disabled=nonew-routing-mark=to_pppoe-out1 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out2_conn disabled=nonew-routing-mark=to_pppoe-out2 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out3_conn disabled=nonew-routing-mark=to_pppoe-out3 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out4_conn disabled=nonew-routing-mark=to_pppoe-out4 passthrough=yesadd action=mark-routing chain=output comment=""connection-mark=pppoe-out5_conn disabled=nonew-routing-mark=to_pppoe-out5 passthrough=yesadd action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out1_conn passthrough=yesper-connection-classifier=both-addresses:5/0 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out2_conn passthrough=yesper-connection-classifier=both-addresses:5/1 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out3_conn passthrough=yesper-connection-classifier=both-addresses:5/2 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out4_conn passthrough=yesper-connection-classifier=both-addresses:5/3 src-address=内网网断/内网子网掩码add action=mark-connection chain=prerouting comment="" disabled=nodst-address-type=!local in-interface=ether1new-connection-mark=pppoe-out5_conn passthrough=yesper-connection-classifier=both-addresses:5/4 src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out1_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out1 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out2_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out2 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out3 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out4 passthrough=yes src-address=内网网断/内网子网掩码add action=mark-routing chain=prerouting comment=""connection-mark=pppoe-out3_conn disabled=no in-interface=ether1new-routing-mark=to_pppoe-out5 passthrough=yes src-address=内网网断/内网子网掩码/ip routeadd comment=1 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out1 routing-mark=to_pppoe-out1 check-gateway=pingadd comment=2 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out2 routing-mark=to_pppoe-out2 check-gateway=pingadd comment=3 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out3 routing-mark=to_pppoe-out3 check-gateway=pingadd comment=4 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out4 routing-mark=to_pppoe-out4 check-gateway=pingadd comment=5 disabled=no distance=1 dst-address=0.0.0.0/0gateway=pppoe-out5 routing-mark=to_pppoe-out5 check-gateway=pingadd check-gateway=ping comment="pppoe-out1" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1add check-gateway=ping comment="pppoe-out2" disabled=no distance=10dst-address=0.0.0.0/0 gateway=pppoe-out2add check-gateway=ping comment="pppoe-out3" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3add check-gateway=ping comment="pppoe-out4" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4add check-gateway=ping comment="pppoe-out5" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out5/ip firewall natadd action=masquerade chain=srcnat comment="1" disabled=noout-interface=pppoe-out1add action=masquerade chain=srcnat comment="2" disabled=noout-interface=pppoe-out2add action=masquerade chain=srcnat comment="3" disabled=noout-interface=pppoe-out3add action=masquerade chain=srcnat comment="4" disabled=noout-interface=pppoe-out4add action=masquerade chain=srcnat comment="5" disabled=noout-interface=pppoe-out5。

ROS配置脚本

ROS 配置脚本1口的IP 地址为192.168.0.2 2口的IP 地址为192.168.0.693口的IP 地址为192.168.3.1 4口的IP 地址为192.168.3.2PC1-PC2的IP 地址处于192.168.3.0/24的网段Pc3-pc4的IP 地址处于192.168.4.0/24的网段ROS1是PPPOE 服务器 ROS2是PPPOE 客户端 ROS3是通过ROS2拨号使得与其连接的客户机能正常上网负载均衡：三线ADSL 叠加实现负载均衡NTH--匹配特定的第N 次收到的数据包的规则Every--匹配每every 个数据包Packet---匹配给定的数据数ROS2的配置如下：/interface ethernetset 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:0C:29:71:AE:6E mtu=1500 name=lan1 speed=100Mbpsset 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:0C:29:71:AE:78 mtu=1500 name=wan1 speed=100Mbpsset 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:0C:29:71:AE:82 mtu=1500 name=wan2 speed=100Mbpsset 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \disable-running-check=yes disabled=no full-duplex=yes mac-address=\00:0C:29:71:AE:8C mtu=1500 name=wan3 speed=100Mbps 1 ROS1ROS2 ROS3 32 4 PC1 PC4 PC3 PC21、建立PPPOE拨号/interface pppoe-clientadd ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\ "" dial-on-demand=no disabled=no interface=wan1 max-mru=1480 max-mtu=1480 \mrru=disabled name=pppoe-out1 password=adsl1 profile=default \service-name="" use-peer-dns=yes user=adsl1add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\ "" dial-on-demand=no disabled=no interface=wan2 max-mru=1480 max-mtu=1480 \mrru=disabled name=pppoe-out2 password=adsl2 profile=default \service-name="" use-peer-dns=yes user=adsl2add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\ "" dial-on-demand=no disabled=no interface=wan3 max-mru=1480 max-mtu=1480 \mrru=disabled name=pppoe-out3 password=test profile=default service-name=\"" use-peer-dns=yes user=test2、Mangle标记/ip firewall mangleadd action=change-mss chain=forward comment="chage mss" disabled=no new-mss=\ 1440 protocol=tcp tcp-flags=synadd action=mark-connection chain=prerouting comment=nth-1 connection-state=\ new disabled=no new-connection-mark=adsl-nth-1 nth=3,1 passthrough=yes \src-address=192.168.3.0/24add action=mark-routing chain=prerouting comment="" connection-mark=\adsl-nth-1 disabled=no new-routing-mark=rout-1 passthrough=yes \src-address=192.168.3.0/24add action=mark-connection chain=prerouting comment=nth-2 connection-state=\ new disabled=no new-connection-mark=adsl-nth-2 nth=3,2 passthrough=yes \src-address=192.168.3.0/24add action=mark-routing chain=prerouting comment="" connection-mark=\adsl-nth-2 disabled=no new-routing-mark=rout-2 nth=3,2 passthrough=yes \src-address=192.168.3.0/24add action=mark-connection chain=prerouting comment=nth-3 connection-state=\ new disabled=no new-connection-mark=adsl-nth-3 nth=3,3 passthrough=yes \src-address=192.168.3.0/24add action=mark-routing chain=prerouting comment="" connection-mark=\adsl-nth-3 disabled=no new-routing-mark=rout-3 passthrough=yes \src-address=192.168.3.0/243、NAT伪装，同时做路由标记/ip firewall natadd action=masquerade chain=srcnat comment="" disabled=no out-interface=\ pppoe-out1 routing-mark=rout-1add action=masquerade chain=srcnat comment="" disabled=no out-interface=\pppoe-out2 routing-mark=rout-2add action=masquerade chain=srcnat comment="" disabled=no out-interface=\ pppoe-out3 routing-mark=rout-3add action=masquerade chain=srcnat comment="" disabled=yes out-interface=\ pppoe-out1 src-address=192.168.40.0/24add action=masquerade chain=srcnat comment="" disabled=yes out-interface=\ pppoe-out2 src-address=192.168.40.0/24add action=masquerade chain=srcnat comment="" disabled=yes out-interface=\ pppoe-out3 src-address=192.168.40.0/244、设置路由/ip routeadd check-gateway=ping comment="" disabled=no distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out1 routing-mark=rout-1 scope=30 target-scope=10 add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ pppoe-out2 routing-mark=rout-2 scope=30 target-scope=10add check-gateway=ping comment="" disabled=no distance=1 dst-address=\0.0.0.0/0 gateway=pppoe-out3 routing-mark=rout-3 scope=30 target-scope=10 add comment="" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\ pppoe-out1 scope=30 target-scope=10add comment="" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\ pppoe-out3 scope=30 target-scope=10add comment="" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\ pppoe-out2 scope=30 target-scope=10add comment="" disabled=no distance=1 dst-address=192.168.40.0/24 gateway=\ lan1 scope=30 target-scope=10简单队列限速/queue simpleadd burst-limit=0/1M burst-threshold=0/800k burst-time=0s/10s comment="" \ direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\0/256k max-limit=0/512k name=queue1 parent=none priority=8 queue=\default-small/default-small target-addresses=192.168.3.30/32 time=\0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=default-small add burst-limit=0/1M burst-threshold=0/900k burst-time=0s/10s comment="" \ direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=\0/0 max-limit=256k/512k name=ROS parent=none priority=8 queue=\default-small/default-small target-addresses=192.168.40.0/24 total-queue=\default-smallPCQ限速限制上传512K，下载800K/ip firewall mangleadd chain=prerouting src-address=192.168.3.0/24 action=mark-packet new-packet-mark=/ upload passthrough=noadd chain=prerouting dst-address=192.168.3.0/24 action=mark-packet new-packet-mark=/ download passthrough=no/queue typeadd name="download" kind=pcq pcq-rate=800000 pcq-classifier=dst-addressadd name="upload" kind=pcq pcq-rate=512000 pcq-classifier=src-address/queue treeadd parent=global-out queue=download packet-mark=downloadadd parent=global-in queue=upload packet-mark=upload接入控制，添加防火墙规则，封杀PPS/ip firewall filteradd action=drop chain=forward comment="\B7\E2PPS" disabled=no dst-port=17788 \ protocol=udp src-address=192.168.3.30add action=drop chain=forward comment="" disabled=no dst-port=8400 protocol=\ udp src-address=192.168.3.8ROS3脚本配置配置Ip地址/ ip addressadd address=192.168.3.20/24 network=192.168.3.0 broadcast=192.168.3.255 \ interface=wan comment="" disabled=noadd address=192.168.40.1/24 network=192.168.40.0 broadcast=192.168.40.255 \ interface=lan comment="" disabled=noadd address=11.11.11.2/24 network=11.11.11.0 broadcast=11.11.11.255 \interface=vlan11 comment="" disabled=no设置路由及防火墙规则/ ip routeadd dst-address=192.168.0.0/16 gateway=192.168.3.1 check-gateway=ping \ scope=255 target-scope=10 comment="" disabled=yesadd dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=255 target-scope=10 \ comment="" disabled=no/ ip firewall natadd chain=srcnat out-interface=wan action=masquerade comment="" disabled=no对其连接的电脑进行限速/queue simpleadd burst-limit=0/1M burst-threshold=0/800k burst-time=0s/10s comment="" \ direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\0/256k max-limit=0/512k name=queue1 parent=none priority=8 queue=\default-small/default-small target-addresses=192.168.4.30/32 time=\0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=default-small接入控制，添加防火墙规则，封杀PPS/ip firewall filteradd action=drop chain=forward comment="\B7\E2PPS" disabled=no dst-port=17788 \ protocol=udp src-address=192.168.40.30add action=drop chain=forward comment="" disabled=no dst-port=8400 protocol=\ udp src-address=192.168.40.30。

ROS-多条ADSLPCC叠加及VLAN多MAC脚本

ROS-多条ADSLPCC叠加及VLAN多MAC脚本ROS－多条ADSLPCC叠加及VLAN多MAC脚本NTH是2.9的脚本，掉一条线，整个丢包，而且要刷新IP，麻烦。

PCC是3.0以上版本才有的，方便好用，我这有6条ADSL，拔掉4条，下面上网感觉不到变化。

VLAN绑定多MAC脚本，据说是把TRUNK改成ACCESS，这样可以避免陷入ISP拔号规则，一般是5条以上的ADSL，用于解决主板网卡不够用的方法，很实用，有多少VLAN 就可以用多少条宽带。

当然，交换机一定要稳定，要支持802.1Q，一定要用TAG。

二手的也行，大概250元左右，但是便宜一般也会有些问题，我买的第一款VLAN 交换机是DLINK DES－3225G刚开始时通时不通，就是现在也是，很少有能看到一插上就拔通的情况，现在熟了，知道有几个口有问题，是拔不通的，知道要等几分钟才会拔通。

买完这款交换机后，委实头疼了一个星期。

刚做完ROS，首先添加PPPOE：:for i from 1 to 7 do={/interface pppoe-client add name=("pppoe-out".$i) interface=("wan") user=("wan") password=("wan") add-default-route=yes disabled=no以下是PCC叠加脚本，我这是7条ADSL，彩字是要根据你的情况修改后运行的：::::标记及PCC/ip firewall mangleadd action=change-mss chain=forward comment="" disabled=no new-mss=1400 protocol=tcp tcp-flags=syn :for i from=1 to=7 do= {/ip firewall mangle add action=mark-connection chain=input comment="" disabled=no in-interface=("pppoe-out".$i) new-connection-mark=("pppoe-out".$i) passthrough=yes}:for i from=1 to=7 do= {/ip firewall mangle add action=mark-routing chain=output comment="" connection-mark=("pppoe-out".$i) disabled=no new-routing-mark=("to_pppoe-out".$i) passthrough=yes}:for i from=1 to=7 do= {/ip firewall mangle add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=("pppoe-out".$i) passthrough=yes per-connection-classifier=("both-addresses:7/".($i-1)) src-address=192.168.0.0/24}:for i from=1 to=7 do= {/ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=("pppoe-out".$i) disabled=no new-routing-mark=("to_pppoe-out".$i) passthrough=yes src-address=192.168.0.0/24}:::添加路由表:for i from=1 to=7 do= {/ip route add comment=("adsl".$i) disabled=no distance=1 dst-address=0.0.0.0/0gateway=("pppoe-out".$i) routing-mark=("to_pppoe-out".$i)} :for i from=1 to=7 do= {/ip route add check-gateway=ping comment=("adsl".$i) disabled=no distance=10 dst-address=0.0.0.0/0 gateway=("pppoe-out".$i)}:for i from=1 to=7 do= {/ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=("pppoe-out".$i)}::::VLAN绑定多MAC脚本:for i from 1 to 7 do={/interface vlan add arp=enabled comment="" disabled=no interface=1lan mtu=1500 name=("v1".$i) use-service-tag=no vlan-id=("1".$i)}:for i from 1 to 7 do={/interface bridge add admin-mac=("00:A2:E0:F1:71:9".$i) ageing-time=5m arp=enabled auto-mac=no comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 name=("ADSL-".$i) priority=0x8000 protocol-mode=none transmit-hold-count=6}:for i from 1 to 7 do={/interface bridge port add bridge=("ADSL-".$i) comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=("v1".$i) path-cost=10 point-to-point=auto priority=0x80}。

ROS多线ADSL掉线（可编辑）

ROS多线ADSL掉线# 多线ADSL掉线自动修改PCC参数-脚本 # ROS版本 3.30 # 思路：自动判断 ADSL 总线路数，自动判断正常ADSL线路数 # 根据对比，如果正常线路数与总线路数不一致，则更改PCC参数， # 如果一致，则恢复原有的PCC参数。

# 对 ADSL线路名称没有特定要求。

# 对 Mangle 标记连接和标记路由名称没有特定要求。

# 要求：所有的ADSL线路都要做PCC # 变量 pppoeclientAllNum ADSL 总线路数量 # 变量pppoeclientRunNum 实际运行正常的 ADSL 线路数量 # 变量pppoeclientName 实际运行正常的 ADSL 名 # 变量 z 线路正常后禁止掉的连接标记数。

{ :local pppoeclientAllNum :local pppoeclientRunNum :local pppoeclientName :local z 0 #得到 ADSL 总线路数，包括禁用的,未拨号的。

:set pppoeclientAllNum [:len [/interface pppoe-client find ]] :log info ("pppoeclientAllNum".$pppoeclientAllNum) #得到 ADSL 正常线路数。

:set pppoeclientRunNum [:len [/interface pppoe-clientfind running=yes]] :log info ("pppoeclientRunNum".$pppoeclientRunNum) #正常线路数总线路数 :if ($pppoeclientRunNum $pppoeclientAllNum) do={ #用一个循环来修改PCC :for ii from=0 to=($pppoeclientAllNum-1)do={ :log info ("ii".$ii) #如果ii的值 =(正常线路数-1) (因为ii从0开始的)，则修改PCC 连接标记及路由标记 :if ($ii =($pppoeclientRunNum-1)) do={ #修改 PCC值 /ipfirewall mangle set [findper-connection-classifier~("/".$ii."\$")] \ per-connection-classifier=("both-addresses:".$pppoeclientRu nNum."/".$ii) \ comment=("PCC" . $pppoeclientRunNum . "-" . $ii) \ disable=no #修改PCC路由标记 /ip firewall mangle set [find action="mark-routing"connection-mark=[/ip firewall mangle get [findper-connection-classifier~("/".$ii."\$")] new-connection-mark ]] disable=no :log warning ("both-addresses:".$pppoeclientRunNum."/".$ii) #如果ii 的值 (正常线路数-1) (因为ii从0开始的)，则把余下的 PCC 连接标记及路由标记禁止掉。

ros PCC负载均衡

ROS PCC负载均衡一：标记PCC和路由：/ip firewall mangle add chain=forward tcp-flags=syn action=change-mss new-mss=1440 comment="Change MSS"/ip firewall mangle add chain=prerouting in-interface=lan dst-address-type=!local per-connection-classifier=both-addresses:5/0 action=mark-connection new-connection-mark=pcc_1 passthrough=yes comment=PCC_1/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=pcc_1 action=mark-routing new-routing-mark=pcc_route_1 passthrough=no/ip firewall mangle add chain=prerouting in-interface=lan dst-address-type=!local per-connection-classifier=both-addresses:5/1 action=mark-connection new-connection-mark=pcc_1 passthrough=yes comment=PCC_2/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=pcc_1 action=mark-routing new-routing-mark=pcc_route_2 passthrough=no/ip firewall mangle add chain=prerouting in-interface=lan dst-address-type=!local per-connection-classifier=both-addresses:5/2 action=mark-connection new-connection-mark=pcc_1 passthrough=yes comment=PCC_3/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=pcc_1 action=mark-routing new-routing-mark=pcc_route_3 passthrough=no/ip firewall mangle add chain=prerouting in-interface=lan dst-address-type=!local per-connection-classifier=both-addresses:5/3 action=mark-connection new-connection-mark=pcc_1 passthrough=yes comment=PCC_4/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=pcc_1 action=mark-routing new-routing-mark=pcc_route_4 passthrough=no/ip firewall mangle add chain=prerouting in-interface=lan dst-address-type=!local per-connection-classifier=both-addresses:5/4 action=mark-connection new-connection-mark=pcc_1 passthrough=yes comment=PCC_5/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=pcc_1 action=mark-routing new-routing-mark=pcc_route_5 passthrough=no注：在标记PCC时将“in-interface=lan”取消并换成“src-address=网段”效果好像比较好。

ROS3.30游戏脚本

action=mark-packet new-packet-mark=netgame passthrough=yes
comment="穿越火线" disabled=no
add chain=prerouting src-address=
action=mark-packet new-packet-mark=netgame passthrough=yes comment=""
disabled=no
add chain=prerouting src-address=
action=mark-packet new-packet-mark=netgame passthrough=yes comment="QQ"
disabled=no
add chain=prerouting src-address=
add chain=prerouting src-address=
action=mark-packet new-packet-mark=netgame passthrough=yes comment="问道"
disabled=no
add chain=prerouting src-address=
add chain=prerouting src-address=
action=mark-packet new-packet-mark=netgame passthrough=yes comment="war3"
disabled=no
add chain=prerouting src-address=
disabled=no