多线路端口映射与Interface List应用

最近在做接入4条拨号线路的PCC汇聚,需要将4条线路的TCP/UDP端口映射到内网,由于映射端口较多,dstnat的重复操作非常多,首先是动态获取的公网IP地址,需要设置dst-address写入公网IP,并用脚本判断IP是否变动,然后修改dstnat的dst-address的IP地址,

提示:PCC多线路映射确保mangle的input和output策略已经正确配置,这里省略不在说明(请参考https://www.oowz.com/401.html)。

然后改用in-interface=pppoe-out的方式,来实现端口映射,无需配置脚本定期检查,具体配置如下:

映射4条拨号线路的TCP/UDP 12389端口(当然还有其他,这里举例一个端口),一共写了8条规则:

/ip firewall nat

add action=dst-nat chain=dstnat comment=p1 in-interface=pppoe-out1 dst-port=12389 protocol=tcp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p2 in-interface=pppoe-out2 dst-port=12389 protocol=tcp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p3 in-interface=pppoe-out3 dst-port=12389 protocol=tcp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p4 in-interface=pppoe-out4 dst-port=12389 protocol=tcp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p1 in-interface=pppoe-out1 dst-port=12389 protocol=udp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p4 in-interface=pppoe-out2 dst-port=12389 protocol=udp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p3 in-interface=pppoe-out3 dst-port=12389 protocol=udp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p1 in-interface=pppoe-out4 dst-port=12389 protocol=udp to-addresses=192.168.88.8 to-ports=12389

但以上的配置仍然较多,为了简化规则数量,选择使用interface list完成这个操作,

首先创建接口列表名称,取名PPPoE

/interface list

add name=PPPoE

将4个pppoe-out拨号接口接入到PPPoE列表:

/interface list member

add interface=pppoe-out1 list=PPPoE

add interface=pppoe-out2 list=PPPoE

add interface=pppoe-out3 list=PPPoE

add interface=pppoe-out4 list=PPPoE

然后规则,将8条规则,简化为2条,配置如下:

/ip firewall nat

add action=dst-nat chain=dstnat comment=p1 dst-port=12389 in-interface-list=PPPoE protocol=tcp to-addresses=192.168.88.8 to-ports=12389

add action=dst-nat chain=dstnat comment=p1 dst-port=12389 in-interface-list=PPPoE protocol=udp to-addresses=192.168.88.8 to-ports=12389

未经允许不得转载:OZ分享-吉家大宝官方博客 » 多线路端口映射与Interface List应用

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

置顶文章


Warning: error_log(/www/wwwroot/oowz.com/wp-content/plugins/spider-analyser/#log/log-0122.txt): failed to open stream: No such file or directory in /www/wwwroot/oowz.com/wp-content/plugins/spider-analyser/spider.class.php on line 2900