طرق دمج خطين او اكثر نسخة 7 دمج احترافي مايكروتك Mikrotik ROS v7

بسم الله الرحمن الرحيم

نقدم لكم افضل طرق الدمج للنسخة 7مع فايرول لحماية الخطوط من ثغرات البورت 53+8728 .

لنبدأ شرح دمج عدد خطين او 3 خطوط او 4 خطوط تابع الشرح

متطلبات قبل تنفيذ الاسكربت :

1- تغيير اي بي اللست LAN الى اي بي منفذ خروج الشبكة .

2- عمل نسخة احتياطية للروتر قبل نسخ الاسكربت .

3- التأكد من استخدامك ip محلي الذي يشمل ال LIST -LAN1 .

سكربت اضافة الادرس لست:

 /ip firewall address-list


add list=LAN address=192.168.88.0/24


add address=172.16.0.0/12 comment=RFC6890 list=LAN1

add address=192.168.0.0/16 comment=RFC6890 list=LAN1

add address=10.0.0.0/8 comment=RFC6890 list=LAN1

add address=169.254.0.0/16 comment=RFC6890 list=LAN1

add address=127.0.0.0/8 comment=RFC6890 list=LAN1

add address=224.0.0.0/4 comment=Multicast list=LAN1

add address=198.18.0.0/15 comment=RFC6890 list=LAN1

add address=192.0.0.0/24 comment=RFC6890 list=LAN1

add address=192.0.2.0/24 comment=RFC6890 list=LAN1

add address=198.51.100.0/24 comment=RFC6890 list=LAN1

add address=203.0.113.0/24 comment=RFC6890 list=LAN1

add address=100.64.0.0/10 comment=RFC6890 list=LAN1

add address=240.0.0.0/4 comment=RFC6890 list=LAN1

add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=LAN1

سكربت دمج خطين نسخة 7


  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2


/interface pppoe-client set add-default-route=yes [find ]

سكربت دمج 3 خطوط نسخة 7


  
  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
add fib name=R3
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting in-interface=pppoe-out3 connection-mark=no-mark action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:3/2 action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=prerouting connection-mark=ISP3_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R3
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=R3

 

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2
add gateway=pppoe-out3 routing-table=R3


/interface pppoe-client set add-default-route=yes [find ]

سكربت دمج 4 خطوط نسخة 7


  
  
  /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 action=masquerade
  
  /routing/table
add fib name=R1
add fib name=R2
add fib name=R3
add fib name=R4
  
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting in-interface=pppoe-out3 connection-mark=no-mark action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting in-interface=pppoe-out4 connection-mark=no-mark action=mark-connection new-connection-mark=ISP4_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/2 action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!LAN1 per-connection-classifier=src-address-and-port:4/3 action=mark-connection new-connection-mark=ISP4_conn
add chain=prerouting connection-mark=ISP1_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R1
add chain=prerouting connection-mark=ISP2_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R2
add chain=prerouting connection-mark=ISP3_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R3
add chain=prerouting connection-mark=ISP4_conn src-address-list=LAN dst-address-list=!LAN1 action=mark-routing new-routing-mark=R4
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=R1    
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=R2
add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=R3
add chain=output connection-mark=ISP4_conn action=mark-routing new-routing-mark=R4

 

/ip route
add gateway=pppoe-out1 routing-table=R1 
add gateway=pppoe-out2 routing-table=R2
add gateway=pppoe-out3 routing-table=R3
add gateway=pppoe-out4 routing-table=R4


/interface pppoe-client set add-default-route=yes [find ]

سكربت حماية الخطوط


  

/interface list

add name=PPPOE


{

:foreach i in=[/interface pppoe-client find ] do={

:local a [/interface pppoe-client get $i name];

/interface list member add list=PPPOE interface=$a comment=salmandahmash;

}

}


/ip firewall raw

add action=drop chain=prerouting dst-port=53,8728 in-interface-list=PPPOE protocol=tcp

add action=drop chain=prerouting dst-port=53 in-interface-list=PPPOE protocol=udp

انتهى الشرح بالتوفيق للجميع ..

سلمان دهمش

بحث هذه المدونة الإلكترونية

مشاركة مميزة

إغلاق البورت 80 وحماية الشبكة من مشكلة استنزاف الرصيد Mikrotik

طرق دمج خطين او اكثر نسخة 7 دمج احترافي مايكروتك Mikrotik ROS v7

تعليقات

إرسال تعليق