MikroTik简单上网与阿里DDNS设置
简单上网
创建pppoe
/interface pppoe-client add name=pppoe-out1 interface=wan user=**** password=**** add-default-route=no use-peer-dns=no
注:*为宽带帐号与密码
创建路由
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1
创建DNS缓存
/ip dns set servers=223.5.5.5,119.29.29.29 allow-remote-requests=yes /ip dns static add name=ros.lan type=A address=192.168.99.1
注:address地址为你路由网关
Doh设置参考:点击访问
创建nat模式
/ip firewall address-list add list=Src_Nat address=192.168.99.0/24 dynamic=no /ip firewall nat add chain=srcnat src-address-list=Src_Nat out-interface=pppoe-out1 action=src-nat to-addresses=171.212.253.39 comment="Src_A" /ip firewall raw add chain=prerouting protocol=udp dst-port=53 in-interface=pppoe-out1 action=drop
注:to-addresses填你公网IP,无公网环境改为masquerade
创建Mss (双栈同时启用加载图片卡顿,解决办法)
例pppoe-out1拨号mtu=1480
(IPv4)Mss值计算方法是Mtu-40 即IP报头20 TCP报头20
(IPv6)Mss值计算方法是Mtu-60 即IPv6头部固定长度40 TCP报头20
IPv4
/ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="Chang Mss IPv4" passthrough=yes place-before=0
IPv6
/ipv6 firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1420 comment="Chang Mss IPv6" passthrough=yes place-before=0
创建ddns解析
/system scheduler add name=ddns interval=00:10:00 start-time=startup
脚本如下:
# 域名
:local domainName "域名";
# wan接口名称
:local wanInterface "pppoe-out1";
# 要使用的服务 (aliyun/dnspod)
:local service "aliyun";
# API接口 Access ID
:local accessID "***";
# API接口 Access Secret
:local accessSecret "***";
# 腾讯云 (dnspod) 设置
#
# 一般情况下无需设置此内容
# 服务器会自动识别 domainID 和 recordID
#
# 如一直提示 "当前域名无权限,请返回域名列表。"
# 则需要手动设置
:local domainID "";
:local recordID "";
# ==== 以下内容无需修改 ====
# =========================
:local publicIP;
:local dnsIP;
:local epicFail false;
# 获取当前外网IP
:do {
:local interfaceIP [ /ip address get [ find interface=$wanInterface ] address ];
:set $interfaceIP [ :pick $interfaceIP 0 [ :find $interfaceIP "/" ] ];
:if ($interfaceIP ~ "^(10|100|172|192)\\.") \
do={
:local fetchResult [/tool fetch url="http://ip.3322.net/" mode=http as-value output=user];
:set $publicIP ($fetchResult->"data")
:set $publicIP [ :pick $publicIP 0 [ :find $publicIP "\n" ] ];
:set $publicIP [ :toip $publicIP ]
} \
else={ \
:set $publicIP [ :toip $interfaceIP ];
}
} \
on-error {
:set $epicFail true;
:log error ("DDNS: Get public IP failed.");
}
# 获取当前解析的IP
:do {
:set $dnsIP [ :resolve $domainName ];
} \
on-error {
:set $epicFail true;
:log error ("DDNS: Resolve domain " . $domainName . " failed.");
}
# 如IP有变动,则更新解析
:if ($epicFail = false && $publicIP != $dnsIP) \
do={
:local callUrl ("https://ddns.vsean.net/ddns.php");
:local postData ("service=" . $service . "&domain=" . $domainName . "&access_id=" . $accessID . "&access_secret=" . $accessSecret . "&domain_id=" . $domainID . "&record_id=" . $recordID);
:local fetchResult [/tool fetch url=$callUrl mode=https http-method=post http-data=$postData as-value output=user];
:log info ("DDNS: " . $fetchResult->"data");
}
自动修改NAT To-address公网IP
:log warning "====================================="
#获取PPPoE接口IP
:log error "获取公网Telecom IP地址"
:global addold1
:global addnew1
:set addnew1 [/interface get [/interface find name="pppoe-out1"] running]
:if ($addnew1=true) do={
:set addold1 [/ip address get [/ip address find dynamic=yes interface="pppoe-out1"] address]
:set addold1 [:pick $addold1 0 ([:len $addold1 ] -3)]
/tool netwatch add host=$addold1 interval=00:00:10 timeout=1s comment=Ping_Public down-script="delay 6s
/interface disable pppoe-out1
delay 3s
/interface enable pppoe-out1";
delay 3s
/ip firewall nat set [/ip firewall nat find comment="Src_A"] to-address=$addold1
delay 3s
/ip firewall nat set [/ip firewall nat find comment="Full Cone"] dst-address=$addold1
delay 3s
/ip firewall nat set [/ip firewall nat find comment="Port_Nat"] dst-address=$addold1;
}
FullCone(NAT1)最新V7.11.2可以用
/ip firewall nat add action=endpoint-independent-nat chain=srcnat protocol=udp out-interface=pppoe-out1 place-before=0 comment=FullCone_Nat /ip firewall nat add action=endpoint-independent-nat chain=dstnat protocol=udp in-interface=pppoe-out1 place-before=0
快速硬件转发
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes protocol=tcp in-interface=pppoe-out1
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=no in-interface=pppoe-out1
/ip firewall filter add chain=forward action=accept connection-state=established,related
IPv6配置:点击查看
备份发送邮箱
#SMTP服务器设置
:local smtps "xxx"
#邮件端口设置
:local ports "xxx"
#寄件人账号
:local Mailings "xxx"
#寄件人密码
:local pass "xxx"
#收件人账号设置
:local recipient "xxx"
#寄件人账号设置
:local Collection "xxx"
#发送主题设置
:local Themes "MikroTik-漏油器备份"
#服务器名称设置
:local smtpp [:resolve $smtps]
#修改邮件服务器
/tool e-mail set server=$smtpp port=$ports from=$Collection user=$Collection password=$pass
#设定日期格式
:local date [/system clock get date]
:local time [/system clock get time]
#获取路由运行时间
:local ROSUptime [/system resource get uptime]
#获取公网IP
:local ddnsinterface "pppoe-cmcc"
:local ipssfn [ /ip address get [/ip address find interface=$ddnsinterface ] address ]
:global ipss [:pick $ipssfn 0 [:find $ipssfn "/" ] ]
#获取路由版本
:local ROSVersion [/system resource get version]
#获取路由ID
:local RouterName [/system identity get name]
#导出备份
/export show-sensitive file="MikroTik.rsc"
/system backup save dont-encrypt=yes name="MikroTik"
#延时继续
:delay 3
/tool e-mail send to=$recipient tls=yes from=$Mailings subject=$Themes body=("当前公网: ".$ipss."\n稳定运行: ".$ROSUptime."\n设备名称: ".$RouterName."\n版本信息: ".$ROSVersion."\n备份时间:".$date."-".$time) file=("MikroTik.rsc","MikroTik.backup")
#延时继续
:delay 3
#删除备份文件
/file remove ("MikroTik.rsc","MikroTik.backup")
#日志提醒
:log warning "系统数据已备份,邮件已发送至($recipient)"
常见问题FAQ
- 免费下载或者VIP会员专享资源能否直接商用?
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章
原始出处 、作者信息和本声明。否则将追究法律责任。
支付宝打赏
微信打赏
