简单做路由配置(MikroTik RouterOS 2.8.26 )
本文共 5248 字,大约阅读时间需要 17 分钟。
++++++++++++++++++++++++++++++++++++++++++++++
要是安全性要求比较高的话,可以参考相关防火墙规则设置,
本文只是做简单的配置,目的只是想说清路由配置的原理或
者说最基本的规则。
——————仅供学习,希望得到各个朋友能多指点
+++++++++++++++++++++++++++++++++++++ +++++++++
MikroTik RouterOS 2.8.26 MikroTik WinBox Console Download and run the RouterOS GUI client. WinBox has optional command line arguments: winbox [<address> [<login> [<password>]]] RouterOS Terminal Console Telnet to the router and use the ASCII Terminal Console. MikroTik RouterOS Reference Manual Reference Manual is available on the router. Additional documentation is available at http://www.mikrotik.com/documentation.html MIKROTIK ROUTER SOFTWARE END-USER LICENCE AGREEMENT +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
说明:
clin003 是路由的具有full权限的管理员!
lan 和 net 只是为啦方便区分内网和外网网卡才改动的,可以用
[clin003@MikroTik] ip firewall src-nat> /interface set ether1 name=lan
[clin003@MikroTik] ip firewall src-nat> /interface set ether2 name=net
如果不确定那个网卡是ether1那个是ether2可以用
[clin003@MikroTik] ip firewall src-nat> /interface ethernet disable ether1
[clin003@MikroTik] ip firewall src-nat> /interface ethernet blink ether1 ERROR: interface is disabled
这说明ether1已经没有工作,
可以用
[clin003@MikroTik] ip firewall src-nat> /interface ethernet blink ether2
看看哪个网卡的灯亮确定网卡和(ether*)的对应关系
首先保证网卡是工作状态,可以用 interface print查看,“R”
________________________________________________________________________ [clin003@MikroTik] > interface print Flags: X - disabled, D - dynamic, R - running # NAME TYPE RX-RATE TX-RATE MTU 0 R lan ether 0 0 1500 1 R net ether 0 0 1500
________________________________________________________________
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
设置路由器ip地址
________________________________________________________________
[clin003@MikroTik] ip address> add address 61.53.2.54/27 interface net [clin003@MikroTik] ip address> add address 192.168.0.1/24 interface lan
[clin003@MikroTik] ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 61.53.2.54/27 61.53.2.32 61.53.2.63 net 1 192.168.0.1/24 192.168.0.0 192.168.0.255 lan
________________________________________________________________
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
查看当前路由表
_______________________________________________________________
[clin003@MikroTik] ip address> .. route print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST-ADDRESS G GATEWAY DISTANCE INTERFACE 0 DC 192.168.0.0/24 r 0.0.0.0 0 lan 1 DC 61.53.2.32/27 r 0.0.0.0 0 net
__________________________________________________________________
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
添加默认网关然后查看路由表<注意不能添加相同的dst-address,就是说 192.168.0.1/24 和 192.168.0.100/24 是在同一个网段,不能同时添加进路由表,但是可以给同一个网段的地址设置多个不同的网关地址。>,如果想删除错误的设置可以用remove number (就是flag前面的序号)
___________________________________________________________________
[clin003@MikroTik] ip address> .. route add gateway=61.53.2.62
[clin003@MikroTik] ip address> .. route print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST-ADDRESS G GATEWAY DISTANCE INTERFACE 0 DC 192.168.0.0/24 r 0.0.0.0 0 lan 1 DC 61.53.2.32/27 r 0.0.0.0 0 net
2 S 0.0.0.0/0 r 61.53.2.62 1 net
______________________________________________________________________
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
现在可以使用ping 测试下网络连接情况。(一个网内地址,一个网外地址,都能正常ping通说明正常)
_____________________________________________________________________
[clin003@MikroTik] ip address> /ping 192.168.0.100 192.168.0.100 64 byte ping: ttl=64 time<1 ms 192.168.0.100 64 byte ping: ttl=64 time<1 ms 192.168.0.100 64 byte ping: ttl=64 time<1 ms 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0/0.0/0 ms [clin003@MikroTik] ip address> /ping 202.102.233.3 202.102.233.3 64 byte ping: ttl=125 time<1 ms 202.102.233.3 64 byte ping: ttl=125 time<1 ms 202.102.233.3 64 byte ping: ttl=125 time<1 ms 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0/0.0/0 ms
_____________________________________________________________________
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
现在内网的除啦路由的其他机子还不能连入外网,需要在firewall nat 里添加一条 规则
_____________________________________________________________________
[clin003@MikroTik] ip firewall src-nat> add action=masquerade [clin003@MikroTik] ip firewall src-nat> print Flags: X - disabled, I - invalid, D - dynamic 0 action=masquerade
______________________________________________________________________
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
如果想对外隐藏内网机子可以这样添加这条规则
______________________________________________________________________
[clin003@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=net [clin003@MikroTik] ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat out-interface=net action=masquerade
_________________________________________________________________________
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
其实说啦这么多,就做啦三件事
1:配制路由器的正确ip地址
2:设置默认网关
3:设置路由器对从外网和内网到达的包的处理规则
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
下面是一个对应的网络结构图:路由同时充当内网的网关
你可能感兴趣的文章
python编辑器对比和推荐
查看>>
极阅和微精
查看>>
回顾我的2011
查看>>
解析UTF8字符串,并截取每个字符到vector(C++代码)
查看>>
Outbrain
查看>>
视频站点下载地址汇总
查看>>
智能Web算法第二版前言和译者序
查看>>
第一本docker书学习笔记1-3章
查看>>
《Spark机器学习》笔记——Spark分类模型(线性回归、朴素贝叶斯、决策树、支持向量机)
查看>>
《Spark机器学习》笔记——Spark Streaming 在实时机器学习中的应用
查看>>
CDH5实践(一)本地Yum软件源安装Cloudera Manager 5
查看>>
CDH5实践(二)Cloudera Manager 5安装Hive,HBase,Impala,Spark等服务
查看>>
Redis实践(一):安装和部署
查看>>
Mysql 实践(一):部署和安装
查看>>
hive 实践(一):部署和安装
查看>>
CDH5实践(三)Cloudera Manager 5卸载步骤
查看>>
Mysql实践(二)一些常见问题处理
查看>>
hive 实践(二):hive基本原理
查看>>
CDH5实践(四)Cloudera Manager 5安装中碰到的一些问题和解决办法
查看>>
hive实践(三)、 问题与解决
查看>>