Router OS是一家拉脱维亚的公司开发的路由操作系统,是基于Linux核心开发,兼容x86 PC的路由软件,并通过该软件将标准的PC电脑变成专业路由器。在国内早期最大的使用人群是网吧、小区宽带和企业网络管理。

不管从功能,还是性能方面Ros已经超过了许多中端路由器,随着Ros在国内越来越多的人接受,从最开始的网吧多线路与流控和小区宽带,到后来的VPN应用和企业网络管理,还是当前Ros的WLAN无线应用,都在不断冲击整个网络行业!在2005年后出现了几款类似的软件路由系统,虽然从个别方面比起Ros优越,但整体上仍然难以超越。

不管是功能性还是稳定性都是非常强大,所以我自己的宽带拨号也是使用它,只不过我是把这个系统安装在ESXI上面,初装Ros系统后需要了解以下的基础常用命令。

ROS基础常用命令

1、查看网卡接口: /interface print
2、给网口添加IP地址: /ip address add address=192.168.1.254/24 interface=ether1
3、移除接口IP地址:  /ip address remove 0
4、重启系统:  /system reboot
5、关闭系统:  /system shutdown
6、恢复原始状态:  /system reset
7、查看IP配置:  /ip export    或 /ip address print
8、查看授权:  /system license print

在线终端统计

在Ros里面添加个内网终端在线统计功能,需要在Ros里面的New Terminal里面运行以下代码如下:

/ip firewall address-list add address=10.0.0.0/24 disabled=no list=OnLineClient
/ip firewall mangle add chain=prerouting src-address-list=lan action=add-src-to-address-list address-list="Online" address-list-timeout=1m  comment="\D4\DA\CF\DF\D3\C3\BB\A7" disabled=no

/system schedule add interval=00:10:00 name="Online Status" on-event=":global s 0\r\
\n:foreach i in=[/ip firewall address-list find list=Online] do={:set s ($s+1)}\r\
\n:log warning (\$s .' ' . 'Online')" policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=00:00:00

#这里需要注意把 address=10.0.0.0/24 对应替换到自己的内网段。

实际上运行这段代码之后,只要内网在线的终端都会出现在Ros的IP-Firewall-Address Lists里面。

在System-Scheduler里面会多出定时任务:

定时任务里面的代码如下:

:global s 0
:foreach i in=[/ip firewall address-list find list=Online] do={:set s ($s+1)}
:log warning ( $s ." " . "Online")

这样十分钟之后就可以在Log日子里面看到在线终端提示信息:

Queues带宽控制

Queue(队列)是RouterOS针对数据流的QoS功能菜单,包括了simple queue和queue tree两个主要数据流带宽控制功能,Queue流控用于对网络接口数据流发送和接收数据进行控制。传输流量被控制在指定的范围值内,即传输的流量只能小于或等于这个值,反之超过的流量将会被丢弃或延迟发送。

Ros虽然强大,但是对于新手来说流控不是那么容易实现,这里一段流控代码,是L7+大小包的流控脚本,没有HTB限速,可以根据自己情况调整,经测试使用效果还不错:

/ip firewall layer7-protocol
add name=Tencent_qq regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
    05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
    0B/x7D/x98/x38/xE4.+"
add name=Tencent_qqgame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
    \\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
    x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
add name=PPStream regexp="^.\?.\?\\c.+\\c"
add name=QQMusic regexp=\
    "(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=QQLive regexp="(^get.+\\video.\?\\qq.+\\flv|^\\xFE.\?.\?.\?.\?\\xD3|^\
    get.+\\video.\?\\qq.+\\mp4)"
add name=Kugou regexp=\
    "(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
add name=Http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
    nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
    .[019]"
add name=Http-img regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
add name=Http-web regexp=\
    "\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
add name=NetTV regexp=\
    "^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
add name=File regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z|\\.gho|\\.pdf\
    |\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
add name=QQsp regexp="(^\\x03.\?\\xE1\\x8D|^\\x02\\x02|^\\x04\\x1E)"
add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
    0-9][\\x01-\?a-z]*[\\x02-\\x06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\\\
    x01-\\x10\\x1c][\\x01\\x03\\x04\\xFF]"
add name=Http-jpg regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"
/ip firewall address-list
add address=10.0.0.0/24 list=OnLineClient
/ip firewall filter
add action=drop chain=input dst-port=22 protocol=tcp
/ip firewall mangle
add action=change-ttl chain=forward new-ttl=set:128
add action=change-mss chain=forward new-mss=1440 protocol=tcp tcp-flags=syn \
    tcp-mss=1441-65535
add action=mark-connection chain=forward comment="DNS\BA\CDICMP" \
    layer7-protocol=DNS new-connection-mark=dns&icmp
add action=mark-connection chain=forward new-connection-mark=dns&icmp \
    protocol=icmp
add action=mark-packet chain=forward connection-mark=dns&icmp \
    new-packet-mark=DNS&ICMP_up passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward connection-mark=dns&icmp \
    dst-address-list=OnLineClient new-packet-mark=DNS&ICMP_down passthrough=\
    no
add action=mark-connection chain=forward comment=http layer7-protocol=Http \
    new-connection-mark=http
add action=mark-connection chain=forward layer7-protocol=Http-web \
    new-connection-mark=http
add action=mark-connection chain=forward layer7-protocol=Http-jpg \
    new-connection-mark=http
add action=mark-connection chain=forward layer7-protocol=Http-img \
    new-connection-mark=http
add action=mark-packet chain=forward connection-mark=http dst-address-list=\
    OnLineClient new-packet-mark=http_down passthrough=no
add action=mark-packet chain=forward connection-mark=http new-packet-mark=\
    http_up passthrough=no src-address-list=OnLineClient
add action=mark-connection chain=forward comment="\B4\F3\D0\A1\B0\FC 0-511" \
    new-connection-mark=small511_conn packet-size=0-511 protocol=tcp \
    src-port=!80
add action=mark-connection chain=forward new-connection-mark=small511_conn \
    packet-size=0-511 protocol=udp
add action=mark-packet chain=forward connection-mark=small511_conn \
    new-packet-mark=small511_u packet-size=128-511 passthrough=no \
    src-address-list=OnLineClient
add action=mark-packet chain=forward connection-mark=small511_conn \
    new-packet-mark=small511_d packet-size=128-511 passthrough=no
add action=mark-connection chain=forward comment=vido layer7-protocol=NetTV \
    new-connection-mark=vido
add action=mark-connection chain=forward layer7-protocol=PPStream \
    new-connection-mark=vido
add action=mark-connection chain=forward layer7-protocol=QQLive \
    new-connection-mark=vido
add action=mark-packet chain=forward connection-mark=vido dst-address-list=\
    OnLineClient new-packet-mark=vido_down passthrough=no
add action=mark-packet chain=forward connection-mark=vido new-packet-mark=\
    vidio_up passthrough=no src-address-list=OnLineClient
add action=mark-connection chain=forward comment=file layer7-protocol=File \
    new-connection-mark=file
add action=mark-connection chain=forward layer7-protocol=QQMusic \
    new-connection-mark=file
add action=mark-connection chain=forward layer7-protocol=Kugou \
    new-connection-mark=file
add action=mark-packet chain=forward connection-mark=file dst-address-list=\
    OnLineClient new-packet-mark=file_down passthrough=no
add action=mark-packet chain=forward new-packet-mark=file_up passthrough=no \
    src-address-list=OnLineClient
add action=mark-connection chain=forward comment=\
    "\B4\F3\D0\A1\B0\FC 1301-1500" new-connection-mark=big1500_conn \
    packet-size=1301-1500
add action=mark-packet chain=forward connection-mark=big1500_conn \
    new-packet-mark=big1500_u packet-size=1301-1500 passthrough=no \
    src-address-list=OnLineClient
add action=mark-packet chain=forward connection-mark=big1500_conn \
    dst-address-list=OnLineClient new-packet-mark=big1500_d packet-size=\
    1301-1500 passthrough=no
add action=mark-connection chain=forward comment=other new-connection-mark=\
    other
add action=mark-packet chain=forward connection-mark=other dst-address-list=\
    OnLineClient new-packet-mark=other_down passthrough=no
add action=mark-packet chain=forward comment="\BD\E1\CA\F8" connection-mark=\
    other new-packet-mark=other_up passthrough=no src-address-list=\
    OnLineClient

/queue type
add kind=pcq name=0m_down pcq-classifier=dst-address pcq-total-limit=10000
add kind=pcq name=0m_up pcq-classifier=src-address pcq-total-limit=10000
/queue tree
add name=down parent=global queue=default
add name=icmp@dns_down packet-mark=DNS&ICMP_down parent=down priority=1 \
    queue=0m_down
add name=http_down packet-mark=http_down parent=down priority=3 queue=0m_down
add name=vido packet-mark=vido_down parent=down priority=5 queue=0m_down
add name=file packet-mark=file_down parent=down priority=7 queue=0m_down
add name=other packet-mark=other_down parent=down priority=4 queue=0m_down
add name=up parent=global queue=default
add name=icmp&dns_up packet-mark=DNS&ICMP_up parent=up priority=1 queue=0m_up
add name=http_up packet-mark=http_up parent=up priority=3 queue=0m_up
add name=vido_up packet-mark=vidio_up parent=up priority=5 queue=0m_up
add name=file_up packet-mark=file_up parent=up priority=7 queue=0m_up
add name=other_up packet-mark=other_up parent=up priority=4 queue=0m_up
add name=big_packet packet-mark=big1500_d parent=down priority=6 queue=\
    0m_down
add name=small_packet packet-mark=small511_d parent=down priority=2 queue=\
    0m_down
add name=small_packet_up packet-mark=small511_u parent=up priority=2 queue=\
    0m_up

/queue interface
set Wan queue=default

# 注意:address=10.0.0.0/24 这里要替换成自己的内网段,最后的set Wan queue=default 这里的Wan需要对应替换成自己的wan口名字。

一样需要在Ros里面的New Terminal里面运行以上脚本代码,运行完之后,会在Ros的Firewall和Queues里面会自动设置好流控方案。

这样就把Queque流控简单设置好了,这样内网段用户看视频、下载文件、玩游戏等等互不干扰影响。

参考资料