齐齐奔跑 -- 骑士威科技

# by RouterOS 2.9.xx
# by HTTP://blog.77run.com Alex

# 添加本地连接配置
/ip address add address=192.168.1.254/255.255.255.0 interface=ether1 comment=lan

# 设置DNS缓存
/ip dns set primary-dns=202.96.134.133 secondary-dns=202.96.128.68 allow-remote-requests=yes

# 设置MSS值为1440
/ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440

# 添加ADSL1的pppoe-out1帐户密码并取取消自动添加网关及DNS
/interface pppoe-client add name="pppoe-out1" interface=ether2 user="adsl1@163.gd" password="blog.77run.com" add-default-route=no disabled=no

# 激活pppoe-out1拨号
/interface pppoe-client enable pppoe-out1

# 添加一个临时的pppoe-out1的IP地址及网关,此IP会由脚本自动检测来实现自动更新
/ip address add address=58.58.58.1/32 interface=pppoe-out1 comment="1"
/ip route add gateway=58.58.58.1 routing-mark=1 comment="1"

# 对pppoe-out1进行标记
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/255.255.255.0 connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=1 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/255.255.255.0 connection-mark=1 action=mark-routing new-routing-mark=1 passthrough=no disabled=no

# 配置pppoe-out1数据转发共享及标记,其中的IP地址会由脚本自动检测来实现自动更新
/ip firewall nat add chain=srcnat connection-mark=1 action=src-nat to-addresses=58.58.58.1 to-ports=0-65535 comment="1" disabled=no

# 添加ADSL1的pppoe-out2帐户密码并取取消自动添加网关及DNS
/interface pppoe-client add name="pppoe-out2" interface=ether3 user="adsl2@163.gd" password="blog.77run.com" add-default-route=no disabled=no

# 激活pppoe-out2拨号
/interface pppoe-client enable pppoe-out2

# 添加一个临时的pppoe-out2的IP地址及网关,此IP会由脚本自动检测来实现自动更新
/ip address add address=58.58.58.2/32 interface=pppoe-out2 comment="2"
/ip route add gateway=58.58.58.2 routing-mark=2 comment="2"

# 对pppoe-out2进行标记
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/255.255.255.0 connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=2 passthrough=yes disabled=no
/ip firewall mangle add chain=prerouting src-address=10.10.10.0/255.255.255.0 connection-mark=2 action=mark-routing new-routing-mark=2 passthrough=no disabled=no

# 配置pppoe-out2数据转发共享及标记,其中的IP地址会由脚本自动检测来实现自动更新
/ip firewall nat add chain=srcnat connection-mark=2 action=src-nat to-addresses=58.58.58.2 to-ports=0-65535 comment="2" disabled=no

# 批量增加限速规则
:for 77run from 2 to 253 do={/queue simple add name=($77run) dst-address=(10.10.10. . $77run) limit-at=0/0 max-limit=508576/84800 interface=all priority=8 queue=default/default burst-limit=1508400/145760 burst-threshold=255360/53840 burst-time=5s/5s total-queue=default time=8h30m-23h59m,mon,tue,wed,thu,fri,sat,sun disabled=no}

# 网段限制TCP连接数70个
/ ip firewall filter add chain=forward src-address=10.10.10.0/255.255.255.0 src-address-list=!77runTcpList protocol=tcp connection-limit=70,32 action=drop comment="TCP\C1\AC\BD\D3\CA\FD\CF\DE\D6\C6\CE\AA:70"

# 以下两个IP不进行限制TCP连接
/ ip firewall address-list add address=10.10.10.250 list=77runTcpList disabled=no
/ ip firewall address-list add address=10.10.10.252 list=77runTcpList disabled=no

# 创建PPPOE地址池
/ ip pool add name=PPPoE_Pool ranges=10.10.10.2-10.10.10.254

#创建PPPOE服务
/ interface pppoe-server server add service-name=PPPoE_Server interface=ether1 one-session-per-host=yes disabled=no

#创建PPPOE服务用户规则
/ ppp profile add name="PPPoE_Profile" local-address=10.10.10.1 remote-address=PPPoE_Pool use-compression=yes use-vj-compression=yes use-encryption=yes change-tcp-mss=no only-one=yes dns-server=202.96.134.133,202.96.128.68

# 添加PPPOE帐户
/ ppp secret
add name="sz201@163.gd" service=pppoe caller-id="" password="sz201369" \
profile=PPPoE_Profile remote-address=10.10.10.21 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz202@163.gd" service=pppoe caller-id="" password="sz202369" \
profile=PPPoE_Profile remote-address=10.10.10.22 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz203@163.gd" service=pppoe caller-id="" password="sz203369" \
profile=PPPoE_Profile remote-address=10.10.10.23 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz204@163.gd" service=pppoe caller-id="" password="sz204369" \
profile=PPPoE_Profile remote-address=10.10.10.24 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz205@163.gd" service=pppoe caller-id="" password="sz205369" \
profile=PPPoE_Profile remote-address=10.10.10.25 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz206@163.gd" service=pppoe caller-id="" password="sz206369" \
profile=PPPoE_Profile remote-address=10.10.10.26 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz207@163.gd" service=pppoe caller-id="" password="sz207369" \
profile=PPPoE_Profile remote-address=10.10.10.27 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz208@163.gd" service=pppoe caller-id="" password="sz208369" \
profile=PPPoE_Profile remote-address=10.10.10.28 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz209@163.gd" service=pppoe caller-id="" password="sz209369" \
profile=PPPoE_Profile remote-address=10.10.10.29 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no
add name="sz210@163.gd" service=pppoe caller-id="" password="sz210369" \
profile=PPPoE_Profile remote-address=10.10.10.30 routes="" limit-bytes-in=0 \
limit-bytes-out=0 comment="" disabled=no

:local assign-address
:local new-address
:local status
:local x
:set x 2
:for i from=1 to=$x do={
:set status [/interface get [/interface find name=("pppoe-out" . $i)] running]
:if ($status=true) do={
:set new-address [/ip address get [/ip address find dynamic=yes interface=("pppoe-out" . $i)] address]
:set new-address [:pick $new-address 0 ([:len $new-address] -3)]
:set assign-address [/ip address get [/ip address find dynamic=no interface=("pppoe-out" . $i)] address]
:set assign-address [:pick $assign-address 0 ([:len $assign-address] -3)]
:if ($assign-address != $new-address) do={ /ip address set [/ip address find comment=$i] address=$new-address network=$new-address broadcast=$new-address
/ip route set [/ip route find comment=$i] gateway=$new-address
/ip fir nat set [/ip fir nat find comment=$i] to-addresses=$new-address
/ip route set [/ip route find comment=$i] gateway=$new-address
}
}
}