طرق دمج خطين او اكثر نسخة 7 دمج احترافي مايكروتك Mikrotik ROS v7

بسم الله الرحمن الرحيم

نقدم لكم افضل طرق الدمج للنسخة 7مع فايرول لحماية الخطوط من ثغرات البورت 53+8728 .

لنبدأ شرح دمج عدد خطين او 3 خطوط او 4 خطوط تابع الشرح

متطلبات قبل تنفيذ الاسكربت :

1- تغيير اي بي اللست LAN الى اي بي منفذ خروج الشبكة .

2- عمل نسخة احتياطية للروتر قبل نسخ الاسكربت .

3- التأكد من استخدامك ip محلي الذي يشمل ال LIST -LAN1 .

سكربت اضافة الادرس لست:

 /ip firewall address-list


add list=LAN address=192.168.88.0/24


add address=172.16.0.0/12 comment=RFC6890 list=LAN1

add address=192.168.0.0/16 comment=RFC6890 list=LAN1

add address=10.0.0.0/8 comment=RFC6890 list=LAN1

add address=169.254.0.0/16 comment=RFC6890 list=LAN1

add address=127.0.0.0/8 comment=RFC6890 list=LAN1

add address=224.0.0.0/4 comment=Multicast list=LAN1

add address=198.18.0.0/15 comment=RFC6890 list=LAN1

add address=192.0.0.0/24 comment=RFC6890 list=LAN1

add address=192.0.2.0/24 comment=RFC6890 list=LAN1

add address=198.51.100.0/24 comment=RFC6890 list=LAN1

add address=203.0.113.0/24 comment=RFC6890 list=LAN1

add address=100.64.0.0/10 comment=RFC6890 list=LAN1

add address=240.0.0.0/4 comment=RFC6890 list=LAN1

add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=LAN1

سكربت دمج خطين نسخة 7


  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2


/interface pppoe-client set add-default-route=yes [find ]

سكربت دمج 3 خطوط نسخة 7


  
  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
add fib name=R3
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting in-interface=pppoe-out3 connection-mark=no-mark action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/2 action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=prerouting connection-mark=ISP3_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R3
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=R3

 

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2
add gateway=pppoe-out3 routing-table=R3


/interface pppoe-client set add-default-route=yes [find ]

سكربت دمج 4 خطوط نسخة 7


  
  
  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
add fib name=R3
add fib name=R4
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting in-interface=pppoe-out3 connection-mark=no-mark action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting in-interface=pppoe-out4 connection-mark=no-mark action=mark-connection new-connection-mark=ISP4_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/2 action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/3 action=mark-connection new-connection-mark=ISP4_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=prerouting connection-mark=ISP3_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R3
add chain=prerouting connection-mark=ISP4_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R4
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=R3
add chain=output connection-mark=ISP4_conn action=mark-routing new-routing-mark=R4

 

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2
add gateway=pppoe-out3 routing-table=R3
add gateway=pppoe-out4 routing-table=R4


/interface pppoe-client set add-default-route=yes [find ]

سكربت حماية الخطوط


  

/interface list

add name=PPPOE


{

:foreach i in=[/interface pppoe-client find ] do={

:local a [/interface pppoe-client get $i name];

/interface list member add list=PPPOE interface=$a comment=salmandahmash;

}

}


/ip firewall raw

add action=drop chain=prerouting dst-port=53,8728 in-interface-list=PPPOE protocol=tcp

add action=drop chain=prerouting dst-port=53 in-interface-list=PPPOE protocol=udp

انتهى الشرح بالتوفيق للجميع ..

تعليقات

khaled mohammed23 أكتوبر 2024 في 6:17 ص
السلام عليكم يا بشمهندس بارك الله فيك انا خطوطي استاتك واضفت ايبيهات المودمات في الاي بي ادرس وحددت منافذ الدخول والخروج ولكن لم يشتغل فهل هناك اي تعديلات اقوم بها
ردحذف
الردود

إضافة تعليق

سلمان دهمش

بحث هذه المدونة الإلكترونية

مشاركة مميزة

صفحة تحديد سرعة 2025 لكروت الهوتسبوت واليوزر منجر اسم مستخدم وكلمة مرور فارغة مع حفظ التقسيم داخل الصفحة