端口映射规则,dst-address填写你的公网地址,乱写也可以,到后面会通过定时脚本自动更新
/ip firewall nat add action=dst-nat chain=dstnat comment=nat-235 dst-address=11.22.33.44 dst-port=21 protocol=tcp to-addresses=192.168.88.235 to-ports=21 add action=masquerade chain=srcnat src-address=192.168.88.0/22
ip统计脚本
/ip firewall mangle add action=add-src-to-address-list address-list=online address-list-timeout= none-static chain=prerouting comment="ip calc" dst-address-type="" dst-limit=1,5,dst-address/1m40s limit=1,5:packet src-address= 192.168.88.0/22 src-address-type="" time= 0s-1d,sun,mon,tue,wed,thu,fri,sat
需要的脚本
/system script add dont-require-permissions=no name=set-nat-global-ip owner=mmc policy= ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=": global ipaddr [/ip address get [/ip address find interface=pppoe-out1] add ress] :set ipaddr [:pick $ipaddr 0 ([len $ipaddr] -3)] :global oldip [/ip firewall nat get [/ip firewall nat find comment="nat -235"] dst-address] :if ($ipaddr != $oldip) do={ log info message=[/ip firewall nat set [/ip firewall nat find comment= "nat-235"] dst-address=$ipaddr] }" add dont-require-permissions=no name=ip-number owner=mmc policy= ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=": local ipNumber 0 :local onlineIPList online :foreach i in=[/ip firewall address-list find list=$onlineIPList] do={ :set ipNumber ($ipNumber+1) } log warning message=("current " . $ipNumber . " ips online")"
定时器
/system scheduler add interval=1m name=global-ip-sync on-event=":execute "set-nat-global-ip"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/16/2018 start-time=11:07:59 add interval=1m name=ip-statistic on-event=":execute "ip-number"" policy= ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
pcq限速
/queue simple
add max-limit=50M/100M name=pcq1 queue=pcq-upload-default/pcq-download-default target=192.168.88.0/2
限制mac上网脚本
ip firewall filter add chain=forward src-mac-address=00:00:00:00:00:00 action=drop