/interface ethernet
set [find default-name=ether1] name=ether1
set [find default-name=ether2] name=ether2
set [find default-name=ether3] name=ether3
set [find default-name=ether4] name=ether4
set [find default-name=ether5] name=ether5
/ip address
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether5
add address=192.168.1.10/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1
add address=192.168.2.10/24 network=192.168.2.0 broadcast=192.168.2.255 interface=ether2
add address=192.168.3.10/24 network=192.168.3.0 broadcast=192.168.3.255 interface=ether3
add address=192.168.4.10/24 network=192.168.4.0 broadcast=192.168.4.255 interface=ether4
/ip firewall mangle
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=ether1_conn
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn
add chain=input in-interface=ether3 action=mark-connection new-connection-mark=ether3_conn
add chain=input in-interface=ether4 action=mark-connection new-connection-mark=ether4_conn
add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1
add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether4_conn action=mark-routing new-routing-mark=to_ether4
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
add chain=prerouting connection-mark=ether1_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether2_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether2
add chain=prerouting connection-mark=ether3_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether3
add chain=prerouting connection-mark=ether4_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether4
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_ether2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ether4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
/ip dns
set servers=8.8.8.8,8.8.4.4
set [find default-name=ether1] name=ether1
set [find default-name=ether2] name=ether2
set [find default-name=ether3] name=ether3
set [find default-name=ether4] name=ether4
set [find default-name=ether5] name=ether5
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether5
add address=192.168.1.10/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1
add address=192.168.2.10/24 network=192.168.2.0 broadcast=192.168.2.255 interface=ether2
add address=192.168.3.10/24 network=192.168.3.0 broadcast=192.168.3.255 interface=ether3
add address=192.168.4.10/24 network=192.168.4.0 broadcast=192.168.4.255 interface=ether4
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=ether1_conn
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn
add chain=input in-interface=ether3 action=mark-connection new-connection-mark=ether3_conn
add chain=input in-interface=ether4 action=mark-connection new-connection-mark=ether4_conn
add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether4_conn action=mark-routing new-routing-mark=to_ether4
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
add chain=prerouting connection-mark=ether1_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether2_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether2
add chain=prerouting connection-mark=ether3_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether3
add chain=prerouting connection-mark=ether4_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether4
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_ether2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ether4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
set servers=8.8.8.8,8.8.4.4
0 التعليقات:
إرسال تعليق