MikroTik RouterOS 是将标准的PC电脑变成功能强大的路由器,添加标准的PC网络接口卡能增强路由器的功能。MikroTik RouterOS基于路由、PPPoE认证、Web认证、流量控制、Web-proxy、专业无线 等于一身,可以根据需要增加或删除相应的功能,是许多路由器所无法实现的。同时MikroTik RouterBOARD专门为RouterOS设计的路由硬件,能稳定的应用在各种网络环境中。这些都是胡扯,干货在后面.

10M光缆上网限速设置(小包优先+带宽均分)

# #广域网IP

/ip address add address="xxx.xxx.xxx.xxx/255.255.255.252" interface=WAN comment="Wan Ip"

#共享上网NAT规则

/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.8.0/255.255.255.0

#添加路由规则

/ip route add gateway=xxx.xxx.xxx.xxx

#小包优先

/ip firewall mangle
add chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=p2p_conn action=mark-packet    new-packet-mark=p2p passthrough=yes comment="" disabled=no
add chain=forward connection-mark=!p2p_conn action=mark-packet    new-packet-mark=general passthrough=yes comment="" disabled=no
add chain=forward packet-size=32-512 action=mark-packet new-packet-mark=small    passthrough=yes comment="" disabled=no
add chain=forward packet-size=512-1200 action=mark-packet new-packet-mark=big    passthrough=yes comment="" disabled=no
/queue tree
add name="p2p1" parent=WAN packet-mark=p2p limit-at=400000 queue=default priority=8 max-limit=400000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="p2p2" parent=LAN packet-mark=p2p limit-at=400000 queue=default   priority=8 max-limit=400000 burst-limit=0 burst-threshold=0 burst-time=0s   disabled=no
add name="ClassA" parent=LAN packet-mark="" limit-at=0 queue=default   priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0   burst-time=0s disabled=no
add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default   priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s   disabled=no
add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default   priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s   disabled=no
add name="Leaf2" parent=ClassB packet-mark=big  limit-at=0 queue=default   priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s   disabled=no
add name="Leaf3" parent=ClassB packet-mark=small limit-at=0 queue=default   priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s   disabled=no

#带宽均分

/ip firewall mangle add chain=forward src-address=192.168.8.0/24 \
  action=mark-connection new-connection-mark=users-con
/ip firewall mangle add connection-mark=users-con action=mark-packet \
  new-packet-mark=users chain=forward
/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address
/queue tree
add name="Download" parent=LAN packet-mark="" limit-at=0 queue=default priority=8 max-limit=10M burst-limit=0 burst-threshold=0 burst-time=0s
add parent=Download packet-mark=users limit-at=0 queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
add name="Upload" parent=WAN packet-mark="" limit-at=0 queue=default priority=8 max-limit=9M burst-limit=0 burst-threshold=0 burst-time=0s
add parent=Upload packet-mark=users limit-at=0 queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

#不确定上下行时使用

########################################################################################
###add parent=LAN packet-mark=users limit-at=0 queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
###add parent=WAN packet-mark=users limit-at=0 queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
########################################################################################

#上传速度限制800k/8,下载速度2400k/8

:for aaa from 1 to 253 do={/queue simple add name=("PC_" . $aaa) dst-address=("192.168.8." . $aaa) max-limit=2400000/800000 interface=all disabled=no}

ROS设置时间同步

设置时间同步:

system ntp client set mode=unicast primary-ntp=210.72.145.44 secondary-ntp=210.72.145.44 enabled=yes

设置当前时间(年月日与时区(time-zone)中国时区为:+08:00):

system clock set time-zone=+08:00 time=17:42:26 date=Sep/25/2007

说明:
210.72.145.44是中国国家授时中心的时间服务器IP地址,建议使用此IP。

中国时区为:+08:00 不设置则会出现同步后时间时区不对而造成时间至前几小时

也可通过WinBox的system选项中clock和ntp client分别设置

ROS常用脚本

限制每台机最大线程数

:for kuka from 1 to 254 do={/ip firewall filter add chain=forward src-address=("192.168.0." . $kuka) protocol=tcp connection-limit=50,32 action=drop}

端口映射

ip firewall nat add chain=dstnat dst-address=(119.97.239.74) protocol=tcp dst-port=80 to-addresses=(192.168.8.8) to-ports=80 action=dst-nat

封端口号

/ ip firewall filter
add chain forward protocol tcp dst-po 8000 act drop comment="Blockade 8000 port"

封IP脚步

/ ip firewall filter
add chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade single ip"

绑定ARP(mac绑定)

:foreach kuka in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$kuka]

解除绑定的MAC

:foreach kuka in [/ip arp find] do={/ip arp remove $kuka}

参考

据说是两个很牛X的脚本,适用于ROS 3.30版本

Ros-p2p_pcq_l7脚本_800元牛x版

Ros神本_2011-04_最新版

官网

Routeos官方网站(英文)
Routeos国内代理-成都网大