دمج 3 خطوط

1/ 2 �� 10/100 �� 12 ��
2/ 30 �� (�� )

3/ ��
4/ ��
5/ ��
6/ ��
/ip firewall filter

add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 new-connection-
mark=wan1_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wan1_conn hotspot=auth new-

routing-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-

interface=ether5 new-connection-mark=wan1_conn passthrough=yes per-connection-
classifier=both-addresses-and-ports:4/0



/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=wan1_conn in-
interface=ether5 new-routing-mark=wan1



==================�� ==============
add action=mark-connection chain=prerouting dst-address-typ in-interface=bridge1
new-connection-mark=wan2_conn pass
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-typ
in-interface=bridge1 new-connection-mark=wan3_conn pass
====================================================
add action=mark-routing chain=prerouting connection-mark=wa in-interface=bridge1

new-routing-mark=wan1 passthrough=
add action=mark-routing chain=prerouting connection-mark=wa
in-interface=bridge1 new-routing-mark=wan2 passthrough=
add action=mark-routing chain=prerouting connection-mark=wa
in-interface=bridge1 new-routing-mark=wan3 passthrough=
add action=mark-packet chain=prerouting comment=pcq-max-lim
!7.7.7.0 new-packet-mark=from_web passthrough=no

interface=bridge1 new-routing-mark=wan1
/ip firewall nat

add action=passthrough chain=unused-hs-chain comment="place" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hots" src-address=7.7.7.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall nat

/ip route
add check-gateway=ping distance=1 gateway=192.168.101.1 routing-mark=wan1
add check-gateway=ping distance=1 gateway=192.168.101.1
/ip route


====================================================================
/ip firewall mangle

mark=WAN1_conn
mark=WAN2_conn
add action=mark-connection chain=input in-interface=WAN3 new-connection-
mark=WAN3_conn
mark=WAN4_conn
/ip firewall mangle

add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-
mark=wan1
mark=to_WAN2
mark=to_WAN3
mark=to_WAN4
add action=mark-connection chain=prerouting comment=LoadBalance dst-address-type=!

local in-interface=LAN_H new-connection-mark=WAN1_conn per-connection-

interface=LAN_H new-connection-mark=WAN2_conn


add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-

interface=LAN_H new-routing-mark=to_WAN1


/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=wan1_conn in-interface=LAN
new-routing-mark=wan1



-======================
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1

================================================
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=false
interface=ether1 use-peer-dns=false use-peer-ntp=false
add default-route-distance=0 dhcp-options=hostname,clientid disabled=false \

interface=ether1 use-peer-dns=false use-peer-ntp=false
/ip firewall mangle

add action=mark-connection chain=prerouting connection-state=new \
new-connection-mark=WAN1 nth=2,1 src-address=10.0.0.0/16
add action=mark-routing chain=prerouting connection-mark=WAN1 \
new-routing-mark=WAN1 src-address=10.0.0.0/16
add action=mark-connection chain=prerouting connection-state=new \

new-connection-mark=WAN2 nth=2,2 src-address=10.0.0.0/16
add action=mark-routing chain=prerouting connection-mark=WAN2 \
new-routing-mark=WAN2 src-address=10.0.0.0/16
/ip route
add distance=1 gateway=192.168.1.1 routing-mark=WAN1
add distance=1 gateway=192.168.2.1 routing-mark=WAN2
add action=add-src-to-address-list address-list=freedom address-list-timeout=\

1d chain=prerouting comment=freedom-maxupgrade layer7-protocol=freedom
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=true
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=7.7.7.0/24
=========================================
add action=mark-connection chain=prerouting connection-state=new disabled=yes new-
connection-mark=ln1 nth=!2,1 passthrough=yes src-address=10.0.0.0/16
add action=mark-routing chain=prerouting connection-mark=ln1 disabled=yes new-
routing-mark=lnr1 passthrough=yes src-address=10.0.0.0/16
add action=mark-connection chain=prerouting connection-state=new disabled=yes new-
connection-mark=ln2 nth=!2,2 passthrough=yes src-address=10.0.0.0/16
add action=mark-routing chain=prerouting connection-mark=ln2 disabled=yes new-
routing-mark=lnr2 passthrough=yes src-address=10.0.0.0/16
/ip firewall nat

add chain=dstnat action=dst-nat in-interface=ether1 dst-address=192.168.1.102 dst-
port=3389 to-address=10.0.0.10
add chain=dstnat action=dst-nat in-interface=ether2 dst-address=192.168.2.101 dst-
port=3389 to-address=10.0.0.10
/ip route




/ip route
/ip route
/ip firewall mangle
mark=wan1_conn
mark=wan2_conn
mark=wan3_conn
mark=wan4_conn

mark=wan5_conn
mark=wan6_conn
mark=wan7_conn
mark=wan8_conn
add action=mark-routing chain=output connection-mark=wan1_conn new-routing-

mark=wan1
mark=wan2
mark=wan3
mark=wan4

mark=wan5
mark=wan6
mark=wan7
mark=wan8

classifier=\
both-addresses-and-ports:8/0
classifier=\
classifier=\
classifier=\

classifier=\

classifier=\

classifier=\

classifier=\

/ip address
add address=192.168.1.20/24 interface=ether1 network=192.168.1.0
/ip firewall nat

add action=masquerade chain=srcnat dst-address=192.168.10.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=ether9

/ip route


/ip firewall mangle

mark=wan1 passthrough=yes
interface=Local new-connection-mark=wan1_conn passthrough=yes per-connection-
classifier=\
classifier=\
classifier=\
classifier=\
interface=Local new-routing-mark=wan1
add action=accept chain=prerouting disabled=yes dst-address=192.168.1.0/24 in-
interface=ether5
interface=ether5
interface=ether5
interface=ether5

interface=ether9
interface=ether9
interface=ether9
interface=ether9
interface=ether9
interface=ether9
interface=ether9
interface=ether9
/ip firewall mangle
interface=bridge1 new-connection-mark=wan1_conn passthrough=yes per-connection-
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=bridge1
/ip route
/ip firewall nat

/ip route
/ip firewall nat

/ip firewall mangle






دمج 3 خطوط

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

دمج 3 خطوط

Uploaded by

Copyright:

Available Formats

1/ 2 ����� 10/100 ����� ��� 12 ����

2/ 30 ��� ��� ������ (���� ����)

/ip firewall filter

add action=mark-routing chain=output connection-mark=wan1_conn hotspot=auth new-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=wan2_conn in-

add action=mark-routing chain=prerouting connection-mark=wan3_conn in-

add action=mark-routing chain=prerouting connection-mark=wan4_conn in-

add action=mark-routing chain=prerouting connection-mark=wa in-interface=bridge1

add action=mark-routing chain=prerouting connection-mark=wan1_conn in-

/ip firewall nat

/ip firewall nat

add check-gateway=ping distance=1 gateway=192.168.1.1

add check-gateway=ping distance=1 gateway=192.168.101.1

/ip firewall mangle

add action=mark-connection chain=input in-interface=ether1 new-connection-

/ip firewall mangle

add action=mark-connection chain=prerouting comment=LoadBalance dst-address-type=!

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-

add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-

add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-

/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=wan2_conn in-interface=LAN

add action=mark-routing chain=prerouting connection-mark=wan3_conn in-interface=LAN

add action=mark-routing chain=prerouting connection-mark=wan4_conn in-interface=LAN

add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1

add check-gateway=ping distance=2 gateway=192.168.2.1 routing-mark=to_WAN1

add check-gateway=ping distance=3 gateway=192.168.3.1 routing-mark=to_WAN1

add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2

add check-gateway=ping distance=2 gateway=192.168.3.1 routing-mark=to_WAN2

add check-gateway=ping distance=3 gateway=192.168.4.1 routing-mark=to_WAN2

add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3

add check-gateway=ping distance=2 gateway=192.168.4.1 routing-mark=to_WAN3

add check-gateway=ping distance=3 gateway=192.168.2.1 routing-mark=to_WAN3

add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4

add check-gateway=ping distance=2 gateway=192.168.1.1 routing-mark=to_WAN4

add check-gateway=ping distance=3 gateway=192.168.1.1 routing-mark=to_WAN4

add check-gateway=ping distance=1 gateway=192.168.1.1

add check-gateway=ping distance=2 gateway=192.168.2.1

add check-gateway=ping distance=3 gateway=192.168.3.1

add check-gateway=ping distance=3 gateway=192.168.4.1

add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=wan1

add default-route-distance=0 dhcp-options=hostname,clientid disabled=false \

/ip firewall mangle

add action=mark-connection chain=prerouting connection-state=new \

add action=add-src-to-address-list address-list=freedom address-list-timeout=\

/ip firewall nat

add check-gateway=ping distance=2 gateway=192.168.1.1 routing-mark=wan1

add check-gateway=ping distance=3 gateway=192.168.1.1 routing-mark=wan1

add check-gateway=ping distance=4 gateway=192.168.1.1 routing-mark=wan1

add check-gateway=ping distance=1 gateway=192.168.1.1

add action=mark-connection chain=input in-interface=ether5 new-connection-

add action=mark-routing chain=output connection-mark=wan1_conn new-routing-

add action=mark-routing chain=output connection-mark=wan5_conn new-routing-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

add action=mark-connection chain=prerouting dst-address-type=!local in-

1/ 2 �� 10/100 �� 12 ��

2/ 30 �� (�� )