Mikrotik QOS script
[i=s] 本帖最後由 167pk 於 2014-11-8 06:30 編輯 [/i]:P
[attach]3389[/attach]
預設是
1) 100Mb 寬頻
2) PPPOE 連線
3) VOIP 設備是 OBi202
4) IPTV 設備是 Maige , MiBox, TV
5) VPN server IP Range 是 172.16.2.0/24 & 172.16.3.0/24
下載: [url=http://www.mediafire.com/view/9hji0p8jpj9gvi2/QOS.rsc]QOS script[/url][code]######Script Settings#######
:local WANUploadSpeed "100M"
:local WANDownloadSpeed "100M"
:local MAXUploadSpeed "95M"
:local MAXDownloadSpeed "95M"
:local WANInter "pppoe-out1"
########################
/ip firewall address-list
add address=192.168.88.0/24 list=Internal-Nets
add address=192.168.88.2 comment="OBi202 IP" list=VOIP
add address=172.16.3.0/24 comment="PPTP VPN IP Range" list=VPN-Nets
add address=172.16.2.0/24 comment="L2TP VPN IP Range" list=VPN-Nets
add address=192.168.88.10 comment="TV IP" list=IPTV
add address=192.168.88.11 comment="Maige IPTV IP" list=IPTV
add address=192.168.88.12 comment="MiBox IP" list=IPTV[/code] [i=s] 本帖最後由 167pk 於 2014-11-1 07:52 編輯 [/i]
[code]/ip firewall layer7-protocol
add name=speedtest-servers regexp="^.*(get|GET).+speedtest.*\$"
add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
rtane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitso\
up|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demono\
id|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|\
fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=netflix regexp="^.*(get|GET).+(netflix).*\$"
add name=mp4 regexp="^.*(get|GET).+\\.mp4.*\$"
add name=swf regexp="^.*(get|GET).+\\.swf.*\$"
add name=flv regexp="^.*(get|GET).+\\.flv.*\$"
add name=video regexp="^.*(get|GET).+(\\.3gp|\\.flv|\\.mkv|\\.mp4|netflix|\\.o\
gv|\\.swf|\\.webm).*\$"
add name=webm regexp="^.*(get|GET).+\\.webm.*\$"
add name=mkv regexp="^.*(get|GET).+\\.mkv.*\$"
add name=3gp regexp="^.*(get|GET).+\\.3gp.*\$"
add name=streaming regexp=videoplayback|video
add name=ogv regexp="^.*(get|GET).+\\.ogv.*\$"
/queue type
add kind=pfifo name=streaming-video-in pfifo-limit=500
add kind=pcq name=games-in-pcq pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=100k pcq-src-address6-mask=64 \
pcq-total-limit=750000
/queue tree
add max-limit=$WANDownloadSpeed name=in parent=global queue=default
add max-limit=$WANUploadSpeed name=out parent=global queue=default
add limit-at=500k max-limit=10M name=admin-in packet-mark=admin-in parent=in \
priority=1 queue=default
add limit-at=500k max-limit=10M name=voip-in packet-mark=voip-in parent=in \
priority=1 queue=default
add limit-at=500k max-limit=10M name=vpn-in packet-mark=vpn-in parent=in \
priority=2 queue=default
add limit-at=500k max-limit=$MAXDownloadSpeed name=gaming-in packet-mark=games-in parent=in \
priority=2 queue=games-in-pcq
add limit-at=5M max-limit=$MAXDownloadSpeed name=IPTV-in packet-mark=IPTV-in parent=in \
priority=3 queue=default
add limit-at=4M max-limit=$MAXDownloadSpeed name=streaming-video-in packet-mark=\
streaming-video-in parent=in priority=3 queue=streaming-video-in
add limit-at=500k max-limit=10M name=vpn-server-in packet-mark=vpn-server-in \
parent=in priority=3 queue=default
add limit-at=3M max-limit=$MAXDownloadSpeed name=http-in packet-mark=http-in parent=in \
priority=4 queue=default
add max-limit=$MAXDownloadSpeed name=download-in packet-mark=in parent=in queue=default
add limit-at=500k max-limit=10M name=admin-out packet-mark=admin-out parent=\
out priority=1 queue=default
add limit-at=500k max-limit=10M name=voip-out packet-mark=voip-out parent=out \
priority=1 queue=default
add limit-at=500k max-limit=$MAXUploadSpeed name=gaming-out packet-mark=games-out parent=\
out priority=2 queue=default
add limit-at=500k max-limit=10M name=vpn-out packet-mark=vpn-out parent=out \
priority=2 queue=default
add limit-at=500k max-limit=$MAXUploadSpeed name=IPTV-out packet-mark=IPTV-out parent=out \
priority=3 queue=default
add limit-at=4M max-limit=$MAXUploadSpeed name=streaming-video-out packet-mark=\
streaming-video-out parent=out priority=3 queue=default
add limit-at=3M max-limit=$MAXUploadSpeed name=http-out packet-mark=http-out parent=out \
priority=4 queue=default
add max-limit=$MAXUploadSpeed name=upload-out packet-mark=out parent=out queue=default
add limit-at=500k max-limit=10M name=vpn-server-out packet-mark=\
vpn-server-out parent=out priority=3 queue=default
[/code] [i=s] 本帖最後由 167pk 於 2014-11-3 18:18 編輯 [/i]
[code]/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"Internal-Traffic mark-in" dst-address-list=Internal-Nets \
new-connection-mark=cm-internal-traffic-in src-address-list=Internal-Nets
add action=mark-packet chain=prerouting connection-mark=\
cm-internal-traffic-in new-packet-mark=internal-traffic passthrough=no
add action=mark-connection chain=postrouting comment=\
"Internal-Traffic mark-out" dst-address-list=Internal-Nets \
new-connection-mark=cm-internal-traffic-out src-address-list=\
Internal-Nets
add action=mark-packet chain=postrouting connection-mark=\
cm-internal-traffic-out new-packet-mark=internal-traffic passthrough=no
add action=mark-connection chain=forward comment="VPN Server mark-in" \
dst-address-list=VPN-Nets in-interface=$WANInter new-connection-mark=\
cm-vpn-server-in
add action=mark-packet chain=forward connection-mark=cm-vpn-server-in \
new-packet-mark=vpn-server-in passthrough=no
add action=mark-connection chain=postrouting comment="VPN Server mark-out" \
new-connection-mark=cm-vpn-server-out out-interface=$WANInter \
src-address-list=VPN-Nets
add action=mark-packet chain=postrouting connection-mark=cm-vpn-server-out \
new-packet-mark=vpn-server-out passthrough=no
add action=mark-connection chain=forward comment="IPTV mark-in" \
dst-address-list=IPTV in-interface=$WANInter new-connection-mark=\
cm-iptv-in
add action=mark-packet chain=forward connection-mark=cm-iptv-in \
new-packet-mark=IPTV-in passthrough=no
add action=mark-connection chain=postrouting comment="IPTV mark-out" \
new-connection-mark=cm-iptv-out out-interface=$WANInter \
src-address-list=IPTV
add action=mark-packet chain=postrouting connection-mark=cm-iptv-out \
new-packet-mark=IPTV-out passthrough=no
add action=mark-connection chain=prerouting comment="Admin mark-in" \
in-interface=$WANInter new-connection-mark=cm-admin-in port=53,161 \
protocol=udp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-admin-in port=25,53,110,143,465,587,993,995 \
protocol=tcp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-admin-in port=22-23,3389,5900,8291,8728-8729 \
protocol=tcp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-admin-in protocol=icmp
add action=mark-packet chain=prerouting connection-mark=cm-admin-in \
new-packet-mark=admin-in passthrough=no
add action=mark-connection chain=postrouting comment="Admin mark-out" \
new-connection-mark=cm-admin-out out-interface=$WANInter port=53,161 \
protocol=udp
add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
out-interface=$WANInter port=25,53,110,143,465,587,993,995 protocol=tcp
add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
out-interface=$WANInter port=22-23,3389,5900,8291,8728-8729 protocol=tcp
add action=mark-connection chain=postrouting new-connection-mark=cm-admin-out \
out-interface=$WANInter protocol=icmp
add action=mark-packet chain=postrouting connection-mark=cm-admin-out \
new-packet-mark=admin-out passthrough=no
add action=mark-connection chain=prerouting comment="Streaming Video mark-in" \
in-interface=$WANInter layer7-protocol=video new-connection-mark=\
cm-streaming-video-in
add action=mark-connection chain=prerouting in-interface=$WANInter \
layer7-protocol=streaming new-connection-mark=cm-streaming-video-in
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-streaming-video-in port=554,1935 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cm-streaming-video-in \
new-packet-mark=streaming-video-in passthrough=no
add action=mark-connection chain=postrouting comment=\
"Streaming Video mark-out" layer7-protocol=video new-connection-mark=\
cm-streaming-video-out out-interface=$WANInter
add action=mark-connection chain=postrouting layer7-protocol=streaming \
new-connection-mark=cm-streaming-video-out out-interface=$WANInter
add action=mark-connection chain=postrouting new-connection-mark=\
cm-streaming-video-out out-interface=$WANInter port=554,1935 protocol=\
tcp
add action=mark-packet chain=postrouting connection-mark=\
cm-streaming-video-out new-packet-mark=streaming-video-out passthrough=no
add action=mark-connection chain=prerouting comment="http mark-in" \
connection-bytes=0-512000 in-interface=$WANInter new-connection-mark=\
cm-http-in port=80,443,8008,8080,8443 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cm-http-in \
new-packet-mark=http-in passthrough=no
add action=mark-connection chain=postrouting comment="http mark-out" \
connection-bytes=0-512000 new-connection-mark=cm-http-out out-interface=\
$WANInter port=80,443,8008,8080,8443 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=cm-http-out \
new-packet-mark=http-out passthrough=no[/code] [i=s] 本帖最後由 167pk 於 2014-11-1 07:53 編輯 [/i]
[code]add action=mark-connection chain=prerouting comment="xbox live mark" \
new-connection-mark=cm-games-in port=3074 protocol=tcp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-games-in port=88,3074,3544,4500 protocol=udp
add action=mark-connection chain=prerouting comment="steam mark-in" \
new-connection-mark=cm-games-in port=27014-27050 protocol=tcp
add action=mark-connection chain=prerouting dst-address-list=Internal-Nets \
in-interface=$WANInter new-connection-mark=cm-games-in port=\
4380,28960,27000-27030 protocol=udp
add action=mark-connection chain=prerouting comment="ps3 online mark" \
new-connection-mark=cm-games-in port=5223 protocol=tcp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-games-in port=3478,3479,3658 protocol=udp
add action=mark-connection chain=prerouting comment="wii online mark" \
new-connection-mark=cm-games-in port=28910,29900-29901,29920 protocol=tcp
add action=mark-packet chain=prerouting comment="games packet mark-in" \
connection-mark=cm-games-in new-packet-mark=games-in passthrough=no
add action=mark-connection chain=postrouting comment="steam mark-out" \
new-connection-mark=cm-games-out out-interface=$WANInter port=\
53,1500,3005,3101,3478,4379-4380,27000-27030,28960 protocol=udp \
src-address-list=Internal-Nets
add action=mark-packet chain=postrouting comment="games packet mark-out" \
connection-mark=cm-games-out new-packet-mark=games-out passthrough=no
add action=mark-connection chain=forward comment="VOIP mark-in" \
dst-address-list=VOIP in-interface=$WANInter new-connection-mark=\
cm-voip-in
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-voip-in port=3478,3784,4080,5060-5061,5223 \
protocol=tcp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-voip-in port=3784,5004,5060-5061,9987,16348-16798 \
protocol=udp
add action=mark-packet chain=prerouting connection-mark=cm-voip-in \
new-packet-mark=voip-in passthrough=no
add action=mark-connection chain=postrouting comment="VOIP mark-out" \
new-connection-mark=cm-voip-out out-interface=$WANInter \
src-address-list=VOIP
add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
out-interface=$WANInter port=3478,3784,4080,5060-5061,5223 protocol=tcp
add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
out-interface=$WANInter port=3784,5004,5060-5061,9987,16348-16798 \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=cm-voip-out \
new-packet-mark=voip-out passthrough=no
add action=mark-connection chain=prerouting comment="VPN mark-in" \
in-interface=$WANInter new-connection-mark=cm-vpn-in protocol=gre
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-vpn-in protocol=ipsec-esp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-vpn-in protocol=ipsec-ah
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-vpn-in port=500,1701,4500 protocol=udp
add action=mark-connection chain=prerouting in-interface=$WANInter \
new-connection-mark=cm-vpn-in port=1723 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=cm-vpn-in \
new-packet-mark=vpn-in passthrough=no
add action=mark-connection chain=postrouting comment="VPN mark-out" \
new-connection-mark=cm-vpn-out out-interface=$WANInter protocol=gre
add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
out-interface=$WANInter protocol=ipsec-esp
add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
out-interface=$WANInter protocol=ipsec-ah
add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
out-interface=$WANInter port=500,1701,4500 protocol=udp
add action=mark-connection chain=postrouting new-connection-mark=cm-vpn-out \
out-interface=$WANInter port=1723 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=cm-vpn-out \
new-packet-mark=vpn-out passthrough=no
add action=mark-connection chain=prerouting comment="ALL in" in-interface=\
$WANInter new-connection-mark=cm-in
add action=mark-packet chain=prerouting connection-mark=cm-in \
new-packet-mark=in passthrough=no
add action=mark-connection chain=postrouting comment="ALL out" \
new-connection-mark=cm-out out-interface=$WANInter
add action=mark-packet chain=postrouting connection-mark=cm-out \
new-packet-mark=out passthrough=no[/code] 哗噻!CHing厉害,真的要花点时间才能明白。 :$
VOIP 果度應咁才符合大家的需要
禾用DSCP是就自己 :P[code]add action=mark-connection chain=forward comment="VOIP mark-in" \
dst-address-list=VOIP in-interface=pppoe-out1 new-connection-mark=\
cm-voip-in
add action=mark-connection chain=prerouting in-interface=pppoe-out1 \
new-connection-mark=cm-voip-in port=3478,3784,4080,5060-5061,5223 \
protocol=tcp
add action=mark-connection chain=prerouting in-interface=pppoe-out1 \
new-connection-mark=cm-voip-in port=3784,5004,5060-5061,9987,16348-16798 \
protocol=udp
add action=mark-packet chain=prerouting connection-mark=cm-voip-in \
new-packet-mark=voip-in passthrough=no
add action=mark-connection chain=postrouting comment="VOIP mark-out" \
new-connection-mark=cm-voip-out out-interface=pppoe-out1 \
src-address-list=VOIP
add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
out-interface=pppoe-out1 port=3478,3784,4080,5060-5061,5223 protocol=tcp
add action=mark-connection chain=postrouting new-connection-mark=cm-voip-out \
out-interface=pppoe-out1 port=3784,5004,5060-5061,9987,16348-16798 \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=cm-voip-out \
new-packet-mark=voip-out passthrough=no[/code] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=39650&ptid=6438]6#[/url] [i]167pk[/i] [/b]
想请教CHing一句,你从哪里知道上面的信息?还有你自己会编RouterOS的scripts?如果是的话,你用什么书(PDF)来学些呢? [i=s] 本帖最後由 167pk 於 2014-11-3 15:24 編輯 [/i]
:$ 自學
沒看過RouterOS的書
如懂linux 應不太難, 因RouterOS 係用LINUX做基礎
我主要用佢的來改
[url]http://gregsowell.com/?p=4665[/url]
因佢有好多地方錯, 要自己修改 明白,看来我也要抓紧在RouterOS学习。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=39680&ptid=6438]9#[/url] [i]角色[/i] [/b]
先學好CCNA, 基本上大同小異. argee{:4_93:}
[quote]回復 角色
先學好CCNA, 基本上大同小異.
[size=2][color=#999999]雯雯 發表於 2014-11-3 23:15[/color] [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=39682&ptid=6438][img]http://www.telecom-cafe.com/forum/images/common/back.gif[/img][/url][/size][/quote] 無network底, 見到就煩....
基本功能用住先!
有空再研究, 多謝ching 分享! 請教在 RB750G V6.35.4 無法設max-limit為$WANDownloadSpeed
請問我需要改那裡才可以正確執行,謝謝
/queue tree> add max-limit=$WANDownloadSpeed name=in parent=global queue=default
invalid value for max-limit, an integer required
頁:
[1]