classic.ISPforum.cz

Ahojte, nedavno som sa pytal ako nastavit queue tree pre neznamych zakaznikov. pouzil som pravidlo:
/ip firewall mangle
add action=mark-packet chain=forward comment=_192.168.116.0/24 disabled=no new-packet-mark=_192.168.116.0/24_UP passthrough=no src-address=192.168.116.0/24
add action=mark-packet chain=forward comment=_192.168.116.0/24 disabled=no dst-address=192.168.116.0/24 new-packet-mark=_192.168.116.0/24_D passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=64k name=_192.168.116.0/24_UP packet-mark=_192.168.116.0/24_UP parent="xxxx" \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=64k name=_192.168.116.0/24_D packet-mark=_192.168.116.0/24_D parent="xxxx" \
priority=8 queue=default

cize neznamych zakaznikov mam orezanych na 64k, ale rad by som im aj zobrazil hlasku, ze maju neznamu ip, nech kontaktuju hotline. takto mam omanglovanych zatial asi 6 subnetov, bude ich podstatne viac. Da sa urobit jedno dst-nat pravidlo uz s mojimi aktualnymi manglovackami? pripadne do tej manglovacky pridat nieco, co budem moct pouzit?

diky

Takze opet, toto pravidlo pred ty dve co delaji zarez

/ip firewall mangle

dd action=add-src-to-address-list address-list=Zarez address-list-timeout=0s chain=forward comment="Log Zarezu" disabled=no protocol=tcp src-address=\
192.168.0.0/16 tcp-flags=syn

a pote pridat toto
/ip firewall nat
add action=dst-nat chain=dstnat comment="Presmerovani zarezu" disabled=no dst-port=80 protocol=tcp src-address-list=Zarez to-addresses=\
192.168.0.253 to-ports=80


192.168.0.253 je adresa web serveru kde je umistena ona stranka co se jim ma zobrazovat