{"id":4632,"date":"2021-12-05T02:01:13","date_gmt":"2021-12-05T10:01:13","guid":{"rendered":"https:\/\/www.xh86.me\/?p=4632"},"modified":"2021-12-05T02:01:13","modified_gmt":"2021-12-05T10:01:13","slug":"mikrotik-routeros-chr%e8%ae%be%e7%bd%aepcc%e5%a4%9a%e7%ba%bf%e5%88%86%e6%b5%81","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=4632","title":{"rendered":"MikroTik RouterOS CHR\u8bbe\u7f6ePCC\u591a\u7ebf\u5206\u6d41"},"content":{"rendered":"<p>RouterOS\u7684CHR P10\u7248\u5b9e\u73b0\u591a\u7ebf\u5206\u6d41+IPIP\u901a\u9053\u5efa\u7acb\u3002<\/p>\n<p><strong>\u914d\u7f6e\u8be6\u60c5<\/strong><\/p>\n<p><strong>\u7f51\u7edc\u6784\u67b6<\/strong><\/p>\n<p>CHR\u8f6f\u8def\u7531\uff1a<\/p>\n<ul>\n<li>\u5343\u5146\u516c\u7f51eth0 IP 95.217.x.100<\/li>\n<li>\u4e07\u5146\u5185\u7f51eth1 IP 10.0.0.1<\/li>\n<li>\u516c\u7f51\u4e3b\u7f51\u5173 95.217.x.1 @ eth0 distance=1<\/li>\n<li>\u516c\u7f51\u526f\u7f51\u5173 10.1.1.1~5 @ eth1 distance=2<\/li>\n<\/ul>\n<p>\u7269\u7406\u673a1~5\uff1a<\/p>\n<ul>\n<li>\u5343\u5146\u516c\u7f51eth0 IP 95.217.x.101~105<\/li>\n<li>\u4e07\u5146\u5185\u7f51eth1 IP 10.1.2.1~5<\/li>\n<li>\u5f00\u542fNAT\u8f6c\u53d1\uff1aiptables -t nat -A POSTROUTING -s &#8216;10.0.0.0\/8&#8217; -o vmbr1 -j MASQUERADE<\/li>\n<\/ul>\n<p><strong>\u5f00\u59cb\u914d\u7f6e<\/strong><\/p>\n<p>\u5148\u914d\u7f6e\u8def\u7531\u5668\u7684\u516c\u7f51\u548c\u5185\u7f51IP\uff0c\u7136\u540e\u53bbIP&gt;Firewall&gt;Mangle\uff0c\u8bbe\u7f6e\u5206\u6d41\u6807\u8bb0\uff0c\u5177\u4f53\u65b9\u6cd5\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li>\u5728Mangle\u4e0b\u70b9\u51fb\u65b0\u5efa\u89c4\u5219<\/li>\n<li>\u5728General\u4e0b\u9009\u62e9Chain\u4e3aprerouting\uff0csrc-address=10.0.0.0\/8<\/li>\n<li>\u5728Advance\u4e0b\u914d\u7f6ePer Connection Classifier\uff0c\u63a8\u8350\u9009both addresses and ports\uff0c\u540e\u9762\u7684\u53c2\u6570\u51995\u548c0\uff0c\u5176\u4e2d5\u4e3a\u62df\u4f7f\u7528\u7684WAN\u6570\u91cf\uff0c0\u662f\u6807\u5fd7\u6392\u5e8f\uff08\u4ece0\u5f00\u59cb\uff0c0~4\uff0c\u8fd9\u4e24\u4e2a\u6570\u5b57\u641e\u5f97\u4eba\u6bd4\u8f83\u96be\u53d7\uff0c\u4ece1\u5f00\u59cb\u591a\u597d\u2026.\uff09<\/li>\n<li>\u5728Extra\u4e0b\u914d\u7f6eDst-address-type\u7684address-type\u4e3aLocal\uff0c\u52fe\u9009Invert\uff08\u4ee3\u8868\u6392\u9664\u8def\u7531\u5668\u672c\u5730IP\u5730\u5740\uff09<\/li>\n<li>\u5728Action\u4e0b\u914d\u7f6eaction=mark-connection\u6807\u8bb0\u8fde\u63a5\uff0cnew-connection-mark\u53d6\u540dc101<\/li>\n<\/ol>\n<p>\u7136\u540e\u8bbe\u7f6e\u5206\u6d41\u89c4\u5219\uff0c\u5177\u4f53\u65b9\u6cd5\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li>\u5728Mangle\u4e0b\u70b9\u51fb\u65b0\u5efa\u89c4\u5219<\/li>\n<li>\u5728General\u4e0b\u9009\u62e9Chain\u4e3aprerouting\uff0csrc-address=10.0.0.0\/8\uff0cConnection Mark\u8bbe\u4e3ac101<\/li>\n<li>\u5728Action\u4e2d\u9009\u62e9Action\u4e3amark-routing\uff0cnew-routing-mark\u53d6\u540droute-c101<\/li>\n<\/ol>\n<p>\u518d\u53bbIP&gt;Routes\u91cc\u6dfb\u52a0\u526f\u8def\u7531\uff0cgateway\u8bbe\u4e3a10.1.2.1\uff0cRouting Mark\u9009\u62e9route-c101\uff0cdistance\u90092\uff08\u56e0\u4e3a\u4e3b\u8def\u7531\u8fd8\u662f\u8d70\u4e0a\u8054\u516c\u7f51\uff09<br \/>\n<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"138\" class=\"wp-image-4633\" src=\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/12\/graphical-user-interface-application-description.png\" alt=\"Graphical user interface, application\n\nDescription automatically generated\" \/><\/p>\n<p>\u6700\u540e\u53bbIP&gt;Firewall&gt;NAT\u4e2d\u65b0\u589e\u4e00\u4e2asrcnat\uff0csrc-address=10.0.0.0\/8\uff0cOut Interface\u9009eth0\uff0cConnection Mark\u8bbe\u4e3ac101\uff0cAction\u9009masquerade<br \/>\n\u8fd9\u6837\u4e00\u4e2a\u8282\u70b9\u5c31\u914d\u7f6e\u597d\u4e86\uff0c\u5176\u4ed6\u7684\u8282\u70b9\u4e00\u6837\u7684\u6b65\u9aa4\u91cd\u590d\u5373\u53ef\u3002\u4e5f\u53ef\u4ee5\u901a\u8fc7terminal\u8bbe\u7f6e\uff1a<\/p>\n<ol>\n<li>\/ip firewall mangle<\/li>\n<li>add action=mark-connection chain=prerouting \\<\/li>\n<li>comment=c102 dst-address-type=!local new-connection-mark=c102 \\<\/li>\n<li>per-connection-classifier=both-addresses:4\/0 \\<\/li>\n<li>src-address=10.0.0.0\/8<\/li>\n<li><\/li>\n<li>add action=mark-routing chain=prerouting connection-mark=c102 \\<\/li>\n<li>new-routing-mark=route-c102 src-address=10.0.0.0\/8<\/li>\n<li><\/li>\n<li>\/ip firewall nat<\/li>\n<li>add chain=srcnat connection-mark=c102 action=masquerade<\/li>\n<\/ol>\n<p><strong>\u6548\u679c<\/strong><\/p>\n<p>\u5b8c\u6210\u540e\u6d4b\u8bd5\u591a\u7ebf\u7a0b\u4e0b\u8f7d\uff0c10G\u7684\u6587\u4ef6\u4f7f\u752840\u79d2\u5b8c\u6210\u4e0b\u8f7d\uff0c\u5e73\u5747\u901f\u7387245MB\/s\uff0c\u5e73\u5747\u5e26\u5bbd1.96Gbps\uff1b\u6700\u9ad8\u901f\u7387437MB\/s\uff0c\u5e26\u5bbd\u7ea63.5Gbps\uff1a<\/p>\n<ol>\n<li>[root@lxc-test ~]# axel -n 100 https:\/\/speed.hetzner.de\/10GB.bin<\/li>\n<li>&#8212;&#8212;-<\/li>\n<li>Connection 0 finished<\/li>\n<li>Downloaded 10000.0 megabytes in 40 seconds. (251086.72 KB\/s)<\/li>\n<\/ol>\n<p>\u901f\u5ea6\u867d\u7136\u8d85\u8fc7\u4e86\u5355\u7ebf\u5e26\u5bbd\uff0c\u53ef\u80fd\u53d7\u9650\u4e8e\u4e0b\u8f7d\u6e90\u7684\u5e26\u5bbd\u6240\u4ee5\u6ca1\u6709\u8fbe\u5230\u7406\u8bba\u76845Gbps\u3002<\/p>\n<p>\u67e5\u770bconnection\u53ef\u4ee5\u770b\u5230\u5206\u6d41\u5230\u4e86\u4e0d\u540c\u7684\u7f51\u5173\uff1a<br \/>\n<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"115\" class=\"wp-image-4634\" src=\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/12\/table-description-automatically-generated.png\" alt=\"Table\n\nDescription automatically generated\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>RouterOS\u7684CHR P10\u7248\u5b9e\u73b0\u591a\u7ebf\u5206\u6d41+IPIP\u901a\u9053\u5efa\u7acb\u3002 \u914d\u7f6e\u8be6\u60c5 \u7f51\u7edc\u6784\u67b6 CHR\u8f6f\u8def\u7531\uff1a \u5343\u5146\u516c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-4632","post","type-post","status-publish","format-standard","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/4632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4632"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/4632\/revisions"}],"predecessor-version":[{"id":4635,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/4632\/revisions\/4635"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}