所属类别：技术博客

文章作者：走尽天涯路

特别推荐：免费发布信息 承包关键词~~抢爆了！^HOT!

++++++++++++++++++++++++++++++++++++++++++++++要是安全性要求比较高的话，可以参考相关防火墙规则设置，本文只是做简单的配置，目的只是想说清路由配置的原理或者说最基本的规则。——————仅供学习，希望得到各个朋友能多指点++++++++++++++++++++++++++++++++++++++++++++++MikroTik RouterOS 2.8.26MikroTik WinBox ConsoleDownload and run the RouterOS GUI client.WinBox has optional command line arguments:winbox [ [ []]]RouterOS Terminal ConsoleTelnet to the router and use the ASCII Terminal Console.MikroTik RouterOS Reference ManualReference Manual is available on the router.Additional documentation is available at http://www.mikrotik.com/documentation.htmlMIKROTIK ROUTER SOFTWARE END-USER LICENCE AGREEMENT+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++说明：clin003 是路由的具有full权限的管理员！lan 和 net 只是为啦方便区分内网和外网网卡才改动的，可以用[clin003@MikroTik] ip firewall src-nat> /interface set ether1 name=lan[clin003@MikroTik] ip firewall src-nat> /interface set ether2 name=net如果不确定那个网卡是ether1那个是ether2可以用[clin003@MikroTik] ip firewall src-nat> /interface ethernet disable ether1[clin003@MikroTik] ip firewall src-nat> /interface ethernet blink ether1ERROR: interface is disabled这说明ether1已经没有工作，可以用[clin003@MikroTik] ip firewall src-nat> /interface ethernet blink ether2看看哪个网卡的灯亮确定网卡和（ether*）的对应关系首先保证网卡是工作状态，可以用 interface print查看，“R”________________________________________________________________________[clin003@MikroTik] > interface printFlags: X - disabled, D - dynamic, R - running# NAME TYPE RX-RATE TX-RATE MTU0 R lan ether 0 0 15001 R net ether 0 0 1500________________________________________________________________+++++++++++++++++++++++++++++++++++++++++++++++++++++++设置路由器ip地址________________________________________________________________[clin003@MikroTik] ip address> add address61.53.2.54/27interface net[clin003@MikroTik] ip address> add address 192.168.0.1/24 interface lan[clin003@MikroTik] ip address> printFlags: X - disabled, I - invalid, D - dynamic# ADDRESS NETWORK BROADCAST INTERFACE061.53.2.54/27 61.53.2.32 61.53.2.63 net1192.168.0.1/24 192.168.0.0 192.168.0.255 lan________________________________________________________________+++++++++++++++++++++++++++++++++++++++++++++++++++++++查看当前路由表_______________________________________________________________[clin003@MikroTik] ip address> .. route printFlags: X - disabled, I - invalid, D - dynamic, J - rejected,C - connect, S - static, r - rip, o - ospf, b - bgp# DST-ADDRESS G GATEWAY DISTANCE INTERFACE0 DC 192.168.0.0/24 r 0.0.0.0 0 lan1 DC 61.53.2.32/27 r 0.0.0.0 0 net__________________________________________________________________++++++++++++++++++++++++++++++++++++++++++++++++++++++++++添加默认网关然后查看路由表<注意不能添加相同的dst-address，就是说 192.168.0.1/24 和 192.168.0.100/24 是在同一个网段，不能同时添加进路由表，但是可以给同一个网段的地址设置多个不同的网关地址。>，如果想删除错误的设置可以用remove number （就是flag前面的序号）___________________________________________________________________[clin003@MikroTik] ip address> .. route add gateway=61.53.2.62[clin003@MikroTik] ip address> .. route printFlags: X - disabled, I - invalid, D - dynamic, J - rejected,C - connect, S - static, r - rip, o - ospf, b - bgp# DST-ADDRESS G GATEWAY DISTANCE INTERFACE0 DC 192.168.0.0/24 r 0.0.0.0 0 lan1 DC 61.53.2.32/27 r 0.0.0.0 0 net2 S 0.0.0.0/0 r 61.53.2.62 1 net______________________________________________________________________++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++现在可以使用ping 测试下网络连接情况。(一个网内地址，一个网外地址，都能正常ping通说明正常)_____________________________________________________________________[clin003@MikroTik] ip address> /ping 192.168.0.100192.168.0.100 64 byte ping: ttl=64 time<1 ms192.168.0.100 64 byte ping: ttl=64 time<1 ms192.168.0.100 64 byte ping: ttl=64 time<1 ms3 packets transmitted, 3 packets received, 0% packet lossround-trip min/avg/max = 0/0.0/0 ms[clin003@MikroTik] ip address> /ping 202.102.233.3202.102.233.3 64 byte ping: ttl=125 time<1 ms202.102.233.3 64 byte ping: ttl=125 time<1 ms202.102.233.3 64 byte ping: ttl=125 time<1 ms3 packets transmitted, 3 packets received, 0% packet lossround-trip min/avg/max = 0/0.0/0 ms_____________________________________________________________________++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++现在内网的除啦路由的其他机子还不能连入外网，需要在firewall nat 里添加一条 规则_____________________________________________________________________[clin003@MikroTik] ip firewall src-nat> add action=masquerade[clin003@MikroTik] ip firewall src-nat> printFlags: X - disabled, I - invalid, D - dynamic0 action=masquerade______________________________________________________________________+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++如果想对外隐藏内网机子可以这样添加这条规则______________________________________________________________________[clin003@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=net[clin003@MikroTik] ip firewall nat> printFlags: X - disabled, I - invalid, D - dynamic0 chain=srcnat out-interface=net action=masquerade_________________________________________________________________________++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++其实说啦这么多，就做啦三件事1：配制路由器的正确ip地址2：设置默认网关3：设置路由器对从外网和内网到达的包的处理规则++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++下面是一个对应的网络结构图：路由同时充当内网的网关发表于 @ 2006年09月20日 17:04:00评论(loading...AddFeedbackCountStack("1254113"))编辑新一篇:网络桌面，要是这样的话未来普通用户上网其不是不用硬盘啦！（未来普通人用的操作系统雏形）旧一篇:xuri网吧开机脚本

....