RouterOS(以下简称ROS)的vrrp的mac地址是固定的,不能修改,一般都是00:00:5E:00:01:01开始,所以对于很多运营商来说只要封掉00:00:5E:00:xx:xx段MAC就可以封掉多拨。
对于实体机ROS来说,可以通过Bridge的方法来修改vrrp mac地址,网上也一般是这种方法。
操作方法:
一、建一个外网的bridge。(这边演示ether3是外网网卡)
Winbox -> Bridge -> + -> OK(默认就可以)
Ports -> + -> Interface选择外网网口,这边是ether3,确定
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether3
二、设置vrrp以及pppoe拨号连接
参考我以前的文章《RouterOS通过VRRP实现单线多拨以及PCC负载均衡》中的设置,这边就不详细写了
/interface vrrp add interface=bridge1 name=vrrp1 vrid=1 add interface=bridge1 name=vrrp2 vrid=2 add interface=bridge1 name=vrrp3 vrid=3 /interface pppoe-client add interface=vrrp1 name=pppoe-out1 password=xxxx user=xxxx add interface=vrrp2 name=pppoe-out2 password=xxxx user=xxxx add interface=vrrp3 name=pppoe-out3 password=xxxx user=xxxx /ip address add address=192.168.10.254/24 interface=bridge1 network=192.168.10.0 add address=192.168.10.1/24 interface=vrrp1 network=192.168.10.0 add address=192.168.10.2/24 interface=vrrp2 network=192.168.10.0 add address=192.168.10.3/24 interface=vrrp3 network=192.168.10.0 |
三、通过Bridge MAC NAT来修改vrrp的mac地址
1、首先开启Bridge的防火墙
Bridge -> Settings,勾上Use IP Firewall,点击ok
2、把vrrp修改为你需要的mac地址,有几条vrrp做几条(这边只做一条)
vrrp1的mac地址是00:00:5E:00:01:01,我拨号需要的mac地址是C4:D9:87:44:03:63
Bridge -> NAT -> +,Chain选择 srcnat,Src. Mac Address地址填入vrrp1的mac地址00:00:5E:00:01:01,Src. Mac Mask默认即可
点击Action选项卡,Action选择src-nat,To Mac Address填入需要的mac地址C4:D9:87:44:03:63,确定
Bridge -> NAT -> +,Chain选择 dstnat,Dst. Mac Address地址填入需要的mac地址C4:D9:87:44:03:63,Dst. Mac Mask默认即可
点击Action选项卡,Action选择dst-nat,To Mac Address填入vrrp1的mac地址00:00:5E:00:01:01,确定
/interface bridge settings set use-ip-firewall=yes /interface bridge nat add action=dst-nat chain=dstnat dst-mac-address=C4:D9:87:44:03:63/FF:FF:FF:FF:FF:FF to-dst-mac-address=00:00:5E:00:01:01 add action=src-nat chain=srcnat src-mac-address=00:00:5E:00:01:01/FF:FF:FF:FF:FF:FF to-src-mac-address=C4:D9:87:44:03:63 |