MikroTik简单上网与阿里DDNS设置
简单上网
创建pppoe
/interface pppoe-client add name=pppoe-out1 interface=wan user=**** password=**** add-default-route=no use-peer-dns=no
注:*为宽带帐号与密码
创建路由
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1
创建DNS缓存
/ip dns set servers=223.5.5.5,119.29.29.29 allow-remote-requests=yes /ip dns static add name=ros.lan type=A address=192.168.99.1
注:address地址为你路由网关
Doh设置参考:点击访问
创建nat模式
/ip firewall address-list add list=Src_Nat address=192.168.99.0/24 dynamic=no /ip firewall nat add chain=srcnat src-address-list=Src_Nat out-interface=pppoe-out1 action=src-nat to-addresses=171.212.253.39 comment="Src_A" /ip firewall raw add chain=prerouting protocol=udp dst-port=53 in-interface=pppoe-out1 action=drop
注:to-addresses填你公网IP,无公网环境改为masquerade
创建Mss (双栈同时启用加载图片卡顿,解决办法)
例pppoe-out1拨号mtu=1480
(IPv4)Mss值计算方法是Mtu-40 即IP报头20 TCP报头20
(IPv6)Mss值计算方法是Mtu-60 即IPv6头部固定长度40 TCP报头20
IPv4
/ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="Chang Mss IPv4" passthrough=yes place-before=0
IPv6
/ipv6 firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1420 comment="Chang Mss IPv6" passthrough=yes place-before=0
创建ddns解析
/system scheduler add name=ddns interval=00:10:00 start-time=startup
脚本如下:
# 域名 :local domainName "域名"; # wan接口名称 :local wanInterface "pppoe-out1"; # 要使用的服务 (aliyun/dnspod) :local service "aliyun"; # API接口 Access ID :local accessID "***"; # API接口 Access Secret :local accessSecret "***"; # 腾讯云 (dnspod) 设置 # # 一般情况下无需设置此内容 # 服务器会自动识别 domainID 和 recordID # # 如一直提示 "当前域名无权限,请返回域名列表。" # 则需要手动设置 :local domainID ""; :local recordID ""; # ==== 以下内容无需修改 ==== # ========================= :local publicIP; :local dnsIP; :local epicFail false; # 获取当前外网IP :do { :local interfaceIP [ /ip address get [ find interface=$wanInterface ] address ]; :set $interfaceIP [ :pick $interfaceIP 0 [ :find $interfaceIP "/" ] ]; :if ($interfaceIP ~ "^(10|100|172|192)\\.") \ do={ :local fetchResult [/tool fetch url="http://ip.3322.net/" mode=http as-value output=user]; :set $publicIP ($fetchResult->"data") :set $publicIP [ :pick $publicIP 0 [ :find $publicIP "\n" ] ]; :set $publicIP [ :toip $publicIP ] } \ else={ \ :set $publicIP [ :toip $interfaceIP ]; } } \ on-error { :set $epicFail true; :log error ("DDNS: Get public IP failed."); } # 获取当前解析的IP :do { :set $dnsIP [ :resolve $domainName ]; } \ on-error { :set $epicFail true; :log error ("DDNS: Resolve domain " . $domainName . " failed."); } # 如IP有变动,则更新解析 :if ($epicFail = false && $publicIP != $dnsIP) \ do={ :local callUrl ("https://ddns.vsean.net/ddns.php"); :local postData ("service=" . $service . "&domain=" . $domainName . "&access_id=" . $accessID . "&access_secret=" . $accessSecret . "&domain_id=" . $domainID . "&record_id=" . $recordID); :local fetchResult [/tool fetch url=$callUrl mode=https http-method=post http-data=$postData as-value output=user]; :log info ("DDNS: " . $fetchResult->"data"); }
自动修改NAT To-address公网IP
:log warning "=====================================" #获取PPPoE接口IP :log error "获取公网Telecom IP地址" :global addold1 :global addnew1 :set addnew1 [/interface get [/interface find name="pppoe-out1"] running] :if ($addnew1=true) do={ :set addold1 [/ip address get [/ip address find dynamic=yes interface="pppoe-out1"] address] :set addold1 [:pick $addold1 0 ([:len $addold1 ] -3)] /tool netwatch add host=$addold1 interval=00:00:10 timeout=1s comment=Ping_Public down-script="delay 6s /interface disable pppoe-out1 delay 3s /interface enable pppoe-out1"; delay 3s /ip firewall nat set [/ip firewall nat find comment="Src_A"] to-address=$addold1 delay 3s /ip firewall nat set [/ip firewall nat find comment="Full Cone"] dst-address=$addold1 delay 3s /ip firewall nat set [/ip firewall nat find comment="Port_Nat"] dst-address=$addold1; }
FullCone(NAT1)最新V7.11.2可以用
/ip firewall nat add action=endpoint-independent-nat chain=srcnat protocol=udp out-interface=pppoe-out1 place-before=0 comment=FullCone_Nat /ip firewall nat add action=endpoint-independent-nat chain=dstnat protocol=udp in-interface=pppoe-out1 place-before=0
快速硬件转发
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes protocol=tcp in-interface=pppoe-out1
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=no in-interface=pppoe-out1
/ip firewall filter add chain=forward action=accept connection-state=established,related
IPv6配置:点击查看
备份发送邮箱
#SMTP服务器设置
:local smtps "xxx"
#邮件端口设置
:local ports "xxx"
#寄件人账号
:local Mailings "xxx"
#寄件人密码
:local pass "xxx"
#收件人账号设置
:local recipient "xxx"
#寄件人账号设置
:local Collection "xxx"
#发送主题设置
:local Themes "MikroTik-漏油器备份"
#服务器名称设置
:local smtpp [:resolve $smtps]
#修改邮件服务器
/tool e-mail set server=$smtpp port=$ports from=$Collection user=$Collection password=$pass
#设定日期格式
:local date [/system clock get date]
:local time [/system clock get time]
#获取路由运行时间
:local ROSUptime [/system resource get uptime]
#获取公网IP
:local ddnsinterface "pppoe-cmcc"
:local ipssfn [ /ip address get [/ip address find interface=$ddnsinterface ] address ]
:global ipss [:pick $ipssfn 0 [:find $ipssfn "/" ] ]
#获取路由版本
:local ROSVersion [/system resource get version]
#获取路由ID
:local RouterName [/system identity get name]
#导出备份
/export show-sensitive file="MikroTik.rsc"
/system backup save dont-encrypt=yes name="MikroTik"
#延时继续
:delay 3
/tool e-mail send to=$recipient tls=yes from=$Mailings subject=$Themes body=("当前公网: ".$ipss."\n稳定运行: ".$ROSUptime."\n设备名称: ".$RouterName."\n版本信息: ".$ROSVersion."\n备份时间:".$date."-".$time) file=("MikroTik.rsc","MikroTik.backup")
#延时继续
:delay 3
#删除备份文件
/file remove ("MikroTik.rsc","MikroTik.backup")
#日志提醒
:log warning "系统数据已备份,邮件已发送至($recipient)"
常见问题FAQ
- 免费下载或者VIP会员专享资源能否直接商用?
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章
原始出处 、作者信息和本声明。否则将追究法律责任。