本文介绍两种实现内网IP分流及网页强制开启的方法。第一种方法通过设置防火墙规则实现对特定IP范围的数据包进行源地址标记,并在一定时间内避免重复强制开启。第二种方法则更简化,通过直接配置NAT规则将请求重定向到内网服务器。
二种方法都能实现跳转,
我的网络是内网IP分流,
/ip firewall mangle
add action=add-src-to-address-list address-list=src2 address-list-timeout=1s \
chain=prerouting comment=”” disabled=no dst-port=80 protocol=tcp \
src-address=192.168.0.105-192.168.0.107 src-address-list=!src1
add action=add-src-to-address-list address-list=src1 address-list-timeout=1m \
chain=prerouting comment=”” disabled=no dst-port=80 protocol=tcp \
src-address=192.168.0.105-192.168.0.107 src-address-list=src2
/ip firewall nat
add action=redirect chain=dstnat comment=”” disabled=no dst-port=80 protocol=\
tcp src-address-list=src2 to-ports=8080
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip proxy access
add action=deny comment=”” disabled=no dst-port=80 redirect-to=\
192.168.0.247/index.html
这方法的mangle的顺序别搞错。
另一方法
ROS首页强开配置
/ip firewall nat
add action=dst-nat chain=dstnat comment=ToAddress disabled=no dst-port=80 protocol=tcp src-address-list=src1 to-addresses=192.168.88.1 to-ports=80
/ip firewall mangle
add action=add-src-to-address-list address-list=src1 address-list-timeout=3s chain=prerouting comment=TimeOut1 disabled=no dst-port=80 protocol=tcp src-address-list=!src2
add action=add-src-to-address-list address-list=src2 address-list-timeout=3h chain=prerouting comment=TimeOut2 disabled=no dst-port=80 protocol=tcp src-address-list=src1
我的网络是内网IP分流,
/ip firewall mangle
add action=add-src-to-address-list address-list=src2 address-list-timeout=1s \
chain=prerouting comment=”” disabled=no dst-port=80 protocol=tcp \
src-address=192.168.0.105-192.168.0.107 src-address-list=!src1
add action=add-src-to-address-list address-list=src1 address-list-timeout=1m \
chain=prerouting comment=”” disabled=no dst-port=80 protocol=tcp \
src-address=192.168.0.105-192.168.0.107 src-address-list=src2
/ip firewall nat
add action=redirect chain=dstnat comment=”” disabled=no dst-port=80 protocol=\
tcp src-address-list=src2 to-ports=8080
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip proxy access
add action=deny comment=”” disabled=no dst-port=80 redirect-to=\
192.168.0.247/index.html
这方法的mangle的顺序别搞错。
另一方法
ROS首页强开配置
/ip firewall nat
add action=dst-nat chain=dstnat comment=ToAddress disabled=no dst-port=80 protocol=tcp src-address-list=src1 to-addresses=192.168.88.1 to-ports=80
/ip firewall mangle
add action=add-src-to-address-list address-list=src1 address-list-timeout=3s chain=prerouting comment=TimeOut1 disabled=no dst-port=80 protocol=tcp src-address-list=!src2
add action=add-src-to-address-list address-list=src2 address-list-timeout=3h chain=prerouting comment=TimeOut2 disabled=no dst-port=80 protocol=tcp src-address-list=src1
建议使用第二种方法,简单减少CPU负担
备注:
1,192.168.88.1为内网首页强开WEB服务器IP。
2,强开3秒,强开过的IP在3小时内不会再强开。时间可以自行修改。
1,192.168.88.1为内网首页强开WEB服务器IP。
2,强开3秒,强开过的IP在3小时内不会再强开。时间可以自行修改。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
