Welcome to Yumao′s Blog.
環境:
設備WRT1200AC
使用WAN口連接PPPoE走電信出口
然後使用VLAN劃出LAN1口做WAN2口連接PPPoE走移動出口
LAN網段爲172.20.20.192/26 GW254
爲了能正常的使用miniupnp進行端口映射
所以采用打標+策略路由方式進行策略路由
規劃內容如下
1.默認走電信出口 DHCP下發網段172.20.20.220-172.20.20.250
2.手動DHCP分配172.20.20.195-172.20.20.219 走移動出口
3.劫持移動出口UDP解析轉發至移動服務器
操作如下
1.添加兩個PPPoE接口 去掉WAN2的默認路由以及默認DNS開關
>vi /etc/config/network
config interface 'wan'
option ifname 'eth1.2'
option proto 'pppoe'
option username 'ct_user'
option password 'ct_pass'
option ipv6 'auto'
option keepalive '0'
config interface 'wan2'
option proto 'pppoe'
option ifname 'eth0.3'
option username 'cm_user'
option password 'cm_pass'
option defaultroute '0'
option keepalive '0'
option peerdns '0'
option delegate '0'
option ipv6 '0'
設置DNS的下發範圍
>vi /etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option force '1'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
option start '220'
option limit '30'
重啓network服務之後 默認電信出口即可使用
2.使用opkg安裝ipset套件
然後建立腳本如下
>vi /root/cmcc.sh #!/bin/sh #預留網段 ipset -! -R <<-EOF || return 1 create LOCAL_RULES hash:net hashsize 64 maxelem 25 add LOCAL_RULES 0.0.0.0/8 add LOCAL_RULES 10.0.0.0/8 add LOCAL_RULES 100.64.0.0/10 add LOCAL_RULES 127.0.0.0/8 add LOCAL_RULES 169.254.0.0/16 add LOCAL_RULES 172.16.0.0/12 add LOCAL_RULES 192.0.0.0/24 add LOCAL_RULES 192.0.2.0/24 add LOCAL_RULES 192.31.196.0/24 add LOCAL_RULES 192.52.193.0/24 add LOCAL_RULES 192.88.99.0/24 add LOCAL_RULES 192.168.0.0/16 add LOCAL_RULES 192.175.48.0/24 add LOCAL_RULES 198.18.0.0/15 add LOCAL_RULES 198.51.100.0/24 add LOCAL_RULES 203.0.113.0/24 add LOCAL_RULES 224.0.0.0/4 add LOCAL_RULES 240.0.0.0/4 add LOCAL_RULES 255.255.255.255 EOF #CMCC出口本地網段 ipset -! -R <<-EOF || return 1 create CMCC_RULES hash:net hashsize 64 maxelem 30 add CMCC_RULES 172.20.20.195 add CMCC_RULES 172.20.20.196 add CMCC_RULES 172.20.20.197 add CMCC_RULES 172.20.20.198 add CMCC_RULES 172.20.20.199 add CMCC_RULES 172.20.20.200 add CMCC_RULES 172.20.20.201 add CMCC_RULES 172.20.20.202 add CMCC_RULES 172.20.20.203 add CMCC_RULES 172.20.20.204 add CMCC_RULES 172.20.20.205 add CMCC_RULES 172.20.20.206 add CMCC_RULES 172.20.20.207 add CMCC_RULES 172.20.20.208 add CMCC_RULES 172.20.20.209 add CMCC_RULES 172.20.20.210 add CMCC_RULES 172.20.20.211 add CMCC_RULES 172.20.20.212 add CMCC_RULES 172.20.20.213 add CMCC_RULES 172.20.20.214 add CMCC_RULES 172.20.20.215 add CMCC_RULES 172.20.20.216 add CMCC_RULES 172.20.20.217 add CMCC_RULES 172.20.20.218 add CMCC_RULES 172.20.20.219 EOF #DNS劫持 iptables -t nat -N CMCC iptables -t nat -A CMCC -p udp --dport 53 -j DNAT --to-destination 211.140.13.188 iptables -t nat -I PREROUTING -m set --match-set CMCC_RULES src -j CMCC #數據包打標 iptables -t mangle -N CMCC iptables -t mangle -A CMCC -m set --match-set LOCAL_RULES dst -j RETURN iptables -t mangle -A CMCC -j MARK --set-mark 210 iptables -t mangle -I PREROUTING -m set --match-set CMCC_RULES src -j CMCC exit 0
給予腳本可以執行權限
>chmod +x /root/cmcc.sh
然後添加到開機自動啓動項
>vi /etc/rc.local #!/bin/sh -e # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. /root/cmcc.sh exit 0
3.給移動的DNS添加靜態路由
>vi /etc/config/network
config route
option interface 'wan2'
option target '211.140.13.188'
option netmask '255.255.255.255'
4.給PPPoE接口添加自動策略路由
>vi /etc/ppp/ip-up.d/cmcc #!/bin/sh ip route flush table 210 ip route add default dev pppoe-wan2 table 210 ip rule add fwmark 210 table 210 exit 0
添加可執行權限完成
>chmod +x /etc/ppp/ip-up.d/cmcc
5.手動設置設備IP爲 172.20.20.210/172.20.20.220
測試出口IP分別爲 移動/電信
DNS解析正常 結束