ROS 3.30版本多ADSL PCC负载均衡下的端口映射

一、首先PCC的设置：假如是3线接入
先标记链接：
第1线：/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=conn-out1 passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses-and-ports:3/0
第2线：/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=conn-out2 passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses-and-ports:3/1
第3线：/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=conn-out3 passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses-and-ports:3/2
再标记路由：
第1线：/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=1-router passthrough=no src-address=192.168.0.0/24 connection-mark=conn-out1
第2线：/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=2-router passthrough=no src-address=192.168.0.0/24 connection-mark=conn-out2
第3线：/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=3-router passthrough=no src-address=192.168.0.0/24 connection-mark=conn-out3

二、PCC做完后做策略路由：3条线分别添加
第1线：/ip route adddst-address=0.0.0.0/0 gateway=pppoe-out1 check-gateway=ping type=unicast distance=1 scope=30 target-scope=10 routing-mark=1-router
第2线：/ip route adddst-address=0.0.0.0/0 gateway=pppoe-out2 check-gateway=ping type=unicast distance=1 scope=30 target-scope=10 routing-mark=2-router
第3线：/ip route adddst-address=0.0.0.0/0 gateway=pppoe-out3 check-gateway=ping type=unicast distance=1 scope=30 target-scope=10 routing-mark=3-router

三、关键的ROS映射的设置,主要在3个地方：
1：将192.168.0.22（要映射的内网服务器的ip）的连接标记为conn-out1,走1-router,也就是pppoe-out1.
/ip firewall mangle add chain=preroutingaction=mark-connection new-connection-mark=conn-out1 passthrough=no src-address=192.168.0.22

2： 将TCP端口1840映射到192.168.0.22的1840. （这个1840端口是3389端口，为了安全被我用注册表修改器改了）路由对外的端口可以自定义只要没占用的都可以，对内的机器的端口要根据机器来定
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.0.22 to-ports=1840 protocol=tcp dst-port=1840

3 ：设置route规则,将192.168.0.22锁定1-router.
/ip route rule addsrc-address=192.168.0.22 routing-mark=1-routeter interface=wan1 action=lookup table=1-router

同理映射其他的端口和机器，要映射的机器的ip在步骤三、1和三、3内添加一次就可以了，要改服务和端口只要在三、2内添加和更改端口就可以了。

至于动态的IP例如ADSL拨号的网络环境 可以在要映射出去的机器上安装花生壳和3322.noip之类的域名解析客户端，通过域名解析处理。