美文网首页
ROS外部PPPOE联网,内部PPTP使用

ROS外部PPPOE联网,内部PPTP使用

作者: 有事找叮当 | 来源:发表于2020-12-24 14:37 被阅读0次

    参考资料:https://www.cnblogs.com/itfat/p/13915040.html

    环境:一台在win2012服务器,在里面用Hyper-V创建ROS虚拟机。ROS通过PPPOE账号对外拨号上网获取不同的公网IP,对内通过NAT把ROS的网络分给内部虚拟机。



    1、注意ROS网卡名字,做个标记。


    用winbox登录ros
    然后输入如下脚本

    #创建2个网桥,lan和wan。
/interface bridge
add name=bridge1-lan
add name=bridge2-wan


#创建vrrp,把vrrp绑定到wan网桥上,指定id。
/interface vrrp
add interface=bridge2-wan name=vrrp1 vrid=1
add interface=bridge2-wan name=vrrp2 vrid=2
add interface=bridge2-wan name=vrrp3 vrid=3
add interface=bridge2-wan name=vrrp4 vrid=4
add interface=bridge2-wan name=vrrp5 vrid=5
add interface=bridge2-wan name=vrrp6 vrid=6
add interface=bridge2-wan name=vrrp7 vrid=7
add interface=bridge2-wan name=vrrp8 vrid=8
add interface=bridge2-wan name=vrrp9 vrid=9
add interface=bridge2-wan name=vrrp10 vrid=10
add interface=bridge2-wan name=vrrp11 vrid=11
add interface=bridge2-wan name=vrrp12 vrid=12
add interface=bridge2-wan name=vrrp100 vrid=100

#创建pppoe客户端,填写你的拨号账号和密码。
/interface pppoe-client
add disabled=no interface=vrrp1 name=pppoe-out1 user=拨号账号 password=密码
add disabled=no interface=vrrp2 name=pppoe-out2 user=拨号账号 password=密码
add disabled=no interface=vrrp3 name=pppoe-out3 user=拨号账号 password=密码
add disabled=no interface=vrrp4 name=pppoe-out4 user=拨号账号 password=密码
add disabled=no interface=vrrp5 name=pppoe-out5 user=拨号账号 password=密码
add disabled=no interface=vrrp6 name=pppoe-out6 user=拨号账号 password=密码
add disabled=no interface=vrrp7 name=pppoe-out7 user=拨号账号 password=密码
add disabled=no interface=vrrp8 name=pppoe-out8 user=拨号账号 password=密码
add disabled=no interface=vrrp9 name=pppoe-out9 user=拨号账号 password=密码
add disabled=no interface=vrrp10 name=pppoe-out10 user=拨号账号 password=密码
add disabled=no interface=vrrp11 name=pppoe-out11 user=拨号账号 password=密码
add disabled=no interface=vrrp12 name=pppoe-out12 user=拨号账号 password=密码
add disabled=no interface=vrrp100 name=pppoe-client-out1 user=拨号账号 password=密码

##修改配置文件
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

创建IP池
/ip pool
add name=pptp ranges=172.22.22.1-172.22.22.12

##创建拨号规则
/ppp profile
set *FFFFFFFE dns-server=223.5.5.5,223.6.6.6 local-address=172.22.22.254 on-up=":log error (\$\"user\".\"/\".\$\"local-address\".\"/\".\$\"remote-address\
\".\"/\".\$\"caller-id\".\"/\".\$\"called-id\".\"/\".\$\"interface\")\r\
\n:log error (\$\"remote-address\")\r\
\n:global aaa [:pick \$\"remote-address\" 10 13]\r\
\n:log error \$aaa\r\
\n/interface pppoe-client enable (\"pppoe-out\".\$aaa)" only-one=no remote-address=pptp

#把网桥桥接到对应的ROS的网卡上
/interface bridge port
add bridge=bridge1-lan interface=ether2-nat
add bridge=bridge2-wan interface=ether1-pppoe

启动pptp-server服务
/interface pptp-server server
set enabled=yes


#配置网桥和虚拟拨号ip
/ip address
add address=192.168.64.201/24 interface=bridge1-lan network=192.168.64.0
add address=123.123.1.0 interface=bridge2-wan  network=123.123.1.0
add address=123.123.1.1 interface=vrrp1 network=123.123.1.1
add address=123.123.1.2 interface=vrrp2 network=123.123.1.2
add address=123.123.1.3 interface=vrrp3 network=123.123.1.3
add address=123.123.1.4 interface=vrrp4 network=123.123.1.4
add address=123.123.1.5 interface=vrrp5 network=123.123.1.5
add address=123.123.1.6 interface=vrrp6 network=123.123.1.6
add address=123.123.1.7 interface=vrrp7 network=123.123.1.7
add address=123.123.1.8 interface=vrrp8 network=123.123.1.8
add address=123.123.1.9 interface=vrrp9 network=123.123.1.9
add address=123.123.1.10 interface=vrrp10 network=123.123.1.10
add address=123.123.1.11 interface=vrrp11 network=123.123.1.11
add address=123.123.1.12 interface=vrrp12 network=123.123.1.12
add address=123.123.1.100 interface=vrrp100 network=123.123.1.100

##配置防火墙规则和转发
/ip firewall address-list
add address=192.168.0.0/16 list=lanip
add address=172.16.0.0/16 list=lanip
add address=10.0.0.0/8 list=lanip


/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp1 passthrough=no src-address=172.22.22.1
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp2 passthrough=no src-address=172.22.22.2
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp3 passthrough=no src-address=172.22.22.3
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp4 passthrough=no src-address=172.22.22.4
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp5 passthrough=no src-address=172.22.22.5
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp6 passthrough=no src-address=172.22.22.6
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp7 passthrough=no src-address=172.22.22.7
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp8 passthrough=no src-address=172.22.22.8
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp9 passthrough=no src-address=172.22.22.9
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp10 passthrough=no src-address=172.22.22.10
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp11 passthrough=no src-address=172.22.22.11
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp12 passthrough=no src-address=172.22.22.12
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp100 passthrough=no src-address=172.22.22.100

/ip firewall nat
add action=masquerade chain=srcnat out-interface=all-ppp
add action=masquerade chain=srcnat out-interface=bridge1-lan

##配置路由规则
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=pptp1
add distance=1 gateway=pppoe-out2 routing-mark=pptp2
add distance=1 gateway=pppoe-out3 routing-mark=pptp3
add distance=1 gateway=pppoe-out4 routing-mark=pptp4
add distance=1 gateway=pppoe-out5 routing-mark=pptp5
add distance=1 gateway=pppoe-out6 routing-mark=pptp6
add distance=1 gateway=pppoe-out7 routing-mark=pptp7
add distance=1 gateway=pppoe-out8 routing-mark=pptp8
add distance=1 gateway=pppoe-out9 routing-mark=pptp9
add distance=1 gateway=pppoe-out10 routing-mark=pptp10
add distance=1 gateway=pppoe-out11 routing-mark=pptp11
add distance=1 gateway=pppoe-out12 routing-mark=pptp12
add distance=1 gateway=pppoe-client-out1 routing-mark=pptp100
add distance=1 dst-address=10.0.0.0/8 gateway=192.168.64.254
add distance=1 dst-address=172.16.0.0/16 gateway=192.168.64.254
add distance=1 dst-address=192.168.0.0/16 gateway=192.168.64.254

## 配置服务
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8081
set api-ssl disabled=yes

##配置pptp用户名和密码
/ppp secret
add name=wd password=wd123 profile=default-encryption service=pptp

##配置时区
/system clock manual
set dst-delta=+08:00 time-zone=+08:00

##ppp脚本那边设置pptp拨号上来 ,就重启对应的pppoe拨号
:log error ($"user"."/".$"local-address"."/".$"remote-address"."/".$"caller-id"."/".$"called-id"."/".$"interface")
:log error ($"remote-address")
:global aaa [:pick $"remote-address" 10 13]
:log error $aaa
/interface pppoe-client enable ("pppoe-out".$aaa)

##配置阿里云ddns接口
:local id "LTAI4G844q5tW8pQnYPcfd9c"
:local secret "Y74Q3apPCeOT7ZUBkgnEnp37UTvWgG"
:local domain "domain.com"
:local record "subdomain"
:local pppoe "pppoe-client-out1"

:local ipaddr [/ip address get [/ip address find interface=$pppoe] address]
:set ipaddr [:pick $ipaddr 0 ([len $ipaddr] -3)]
:global aliip
:if ($ipaddr != $aliip) do={
:local result [/tool fetch url="http://u.myxzy.com/alidns/\?id=$id&secret=$secret&domain=$domain&record=$record&ip=$ipaddr" as-value output=user];
:if ($result->"status" = "finished") do={
:if ($result->"data" = "0") do={
:set aliip $ipaddr
:log info "alidns update ok";
} else={
:log info "alidns update error";
}
}
}

#RouterOS原生脚本实现DNSPOD的DDNS动态解析
脚本说明:
1. 不存在的记录,不会自动添加,需要手动在DNSPOD添加记录,线路为默认,不支持单记录多线路解析。
2. 只支持IPv4,不支持IPv6
3. 脚本中需要自己修改的信息
pppoe,拨号连接的名称,如pppoe-out1
token,dnspod的token。id和token之间用半角逗号连接(英文状态下的逗号)
domain,域名
subdomain,主机记录
#PPPoE
:local pppoe "ADSL-PPPoE"

#DNSPOD token
:local token "xxxxx,xxxxxxxxxxxxxxxxxxx"

#域名
:local domain "myxzy.com"

#域名主机名
:local subdomain "www"

#以下不是专业人士请不要修改
#domain
:local dname ($subdomain.".".$domain)

#获取pppoe拨号ip
:local ipaddr [/ip address get [/ip address find interface=$pppoe] address]
:set ipaddr [:pick $ipaddr 0 ([len $ipaddr] -3)]

#获取域名列表
:local record [/tool fetch url="https://dnsapi.cn/Record.List" http-data="login_token=$token&format=json&domain=$domain&sub_domain=$subdomain&record_type=A" as-value output=user]

#获取id和ip
:set record ($record->"data")
:set record [:pick $record [:find $record "\"records\":"] [:len $record]]
:local recordid [:pick $record ([:find $record "\"id\":\""]+6) [:find $record "\",\"ttl"]]
:local recordip [:pick $record ([:find $record "\"value\":\""]+9) [:find $record "\",\"en"]]

#更新ip地址
:if ($recordip!=$ipaddr) do={
/tool fetch url="https://dnsapi.cn/Record.Ddns" http-data="login_token=$token&format=json&domain=$domain&sub_domain=$subdomain&record_id=$recordid&record_line_id=0&value=$ipaddr"
:log info ("[".$dname."] ip update")
} else={
:log info ("[".$dname."] ip not update")
}

    相关文章

      网友评论

          本文标题:ROS外部PPPOE联网,内部PPTP使用

          本文链接:https://www.haomeiwen.com/subject/pxnpnktx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|ROS外部PPPOE联网,内部PPTP使用|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!