端口映射规则,dst-address填写你的公网地址,乱写也可以,到后面会通过定时脚本自动更新
/ip firewall nat
add action=dst-nat chain=dstnat comment=nat- dst-address=11.22.33.44 \
dst-port= protocol=tcp to-addresses=192.168.88.235 to-ports=
add action=masquerade chain=srcnat src-address=192.168.88.0/
ip统计脚本
/ip firewall mangle
add action=add-src-to-address-list address-list=online address-list-timeout=\
none-static chain=prerouting comment="ip calc" dst-address-type="" \
dst-limit=,,dst-address/1m40s limit=,:packet src-address=\
192.168.88.0/ src-address-type="" time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat
需要的脚本
/system script
add dont-require-permissions=no name=set-nat-global-ip owner=mmc policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
global ipaddr [/ip address get [/ip address find interface=pppoe-out1] add\
ress]\r\
\n\r\
\n:set ipaddr [:pick \$ipaddr ([len \$ipaddr] -)]\r\
\n:global oldip [/ip firewall nat get [/ip firewall nat find comment=\"nat\
-\"] dst-address]\r\
\n\r\
\n:if (\$ipaddr != \$oldip) do={\r\
\n log info message=[/ip firewall nat set [/ip firewall nat find comment=\
\"nat-235\"] dst-address=\$ipaddr]\r\
\n}"
add dont-require-permissions=no name=ip-number owner=mmc policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local ipNumber \r\
\n:local onlineIPList online\r\
\n\r\
\n:foreach i in=[/ip firewall address-list find list=\$onlineIPList] do={\
\r\
\n :set ipNumber (\$ipNumber+)\r\
\n }\r\
\nlog warning message=(\"current \" . \$ipNumber . \" ips online\")"
定时器
/system scheduler
add interval=1m name=global-ip-sync on-event=":execute \"set-nat-global-ip\"" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct// start-time=::
add interval=1m name=ip-statistic on-event=":execute \"ip-number\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
pcq限速
/queue simple
add max-limit=50M/100M name=pcq1 queue=pcq-upload-default/pcq-download-default target=192.168.88.0/2
限制mac上网脚本
ip firewall filter add chain=forward src-mac-address=::::: action=drop