1
JamesR 2015-02-27 15:40:18 +08:00
RB951Ui-2HnD,可以的,这个路由可跑满100兆。
我主要用它如下个目的: 1.GFWed 网站走 VPN,其余走本地网。 2.被 DNS 污染域名走 VPN 解析,其余本地解析。 3.几条VPN线路基于 Nth 负载均衡带宽叠加。 4.局域网按流量 PCQ 动态限速。 效果:手机,平板,电脑,不用任何设置,连上Wifi就能流畅看 Youtube (自动走VPN)看优酷(走本地)。建议先在虚拟机上试试 RouterOS,觉得可以再入。 官网页面: http://routerboard.com/RB951Ui-2HnD |
3
coolicer OP 国内哪里买
|
5
mhycy 2015-02-27 16:36:08 +08:00
|
6
efin 2015-02-27 16:50:07 +08:00
WNDR4300 可玩性高,OpenWRT装了各种功能都有。
我目前是AC68U+WNDR4300双路由,在4300上翻墙。 |
7
learnshare 2015-02-27 16:58:28 +08:00
淘宝上买的 4300,昨晚做了第一刷,不知道今天能否出点成果
|
9
Cola90 2015-02-27 18:44:21 +08:00 via Android
用着4300,如果不是有什么特殊要求的话,还是原厂固件好
|
10
JamesR 2015-03-02 17:05:25 +08:00 1
@coolicer 淘宝就有,或者自己拿旧电脑Ghost装一个,或者虚拟机装一个也行。
@yanest 1.自己总结一个被墙IP列表,例如Google的(我VPN在日本Linode机房,这些都是日本出口测得的,如果你是美国等其他VPN可能有差异): /ip firewall address-list add address=4.35.153.0/24 comment=Google disabled=no list=GFWed add address=64.233.187.0/24 comment=Google disabled=no list=GFWed add address=72.14.249.0/24 comment=Google disabled=no list=GFWed add address=74.125.0.0/16 comment=Google disabled=no list=GFWed add address=173.194.0.0/16 comment=Google disabled=no list=GFWed add address=194.122.81.0/24 comment=Google disabled=no list=GFWed add address=203.208.40.0/24 comment=Google disabled=no list=GFWed add address=203.208.46.0/24 comment=Google disabled=no list=GFWed add address=208.117.0.0/16 comment=Google disabled=no list=GFWed add address=209.85.228.0/24 comment=Google disabled=no list=GFWed add address=209.85.229.0/24 comment=Google disabled=no list=GFWed add address=209.116.150.0/24 comment=Google disabled=no list=GFWed add address=216.58.220.0/24 comment=Google disabled=no list=GFWed add address=216.239.32.0/24 comment=Google disabled=no list=GFWed add address=216.58.221.0/24 comment=Google disabled=no list=GFWed 2.自己总结一个被DNS污染域名或走VPN解析域名关键字列表。 /ip firewall layer7-protocol add name=To_Google_DNS regexp="google.com|googleapis.com|googlehosted.com|googlezip.net|goo\ gledrive.com|appspot.com|googleusercontent.com|ggpht.com|gstatic.com|googlesource.com|c\ hromium.org|android.com|googlecode.com|google.co.jp|googlelabs.com|gmail.com|goo.gl|goo\ gle-analytics.com|panoramio.com|twitter.com|tweetdeck.com|twimg.com|tinypic.com|twitpic\ .com|youtube.com|youtube-nocookie.com|ytimg.com|googlevideo.com|blogger.com|blogspot.co\ m|wordpress.com|wp.com|feeds.feedburner.com|facebook.com|facebook.net|fbcdn.net|tfbnw.n\ et|akamaihd.net|evernote.com|appspot.com|blogspot.com|blogcdn.com|feedly.com|flickr.com\ |yimg.com|staticflickr.com|wikimedia.org|wikipedia.com|nytimes.com|bbc.uk.co|6park.com|\ t66y.com|chinagfw.org|boxun.com|instagram.com|t.co|j.mp|img.ly|is.gd|ff.im" 3.masquerade好NAT,比如192.168.1.X,然后符合步骤2里的关键字的DNS解析走8.8.8.8或8.8.4.4。 /ip firewall nat add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24 add action=dst-nat chain=dstnat comment="To Google DNS 8.8.8.8" disabled=no \ dst-port=53 layer7-protocol=To_Google_DNS protocol=udp to-addresses=8.8.8.8 \ to-ports=53 add action=dst-nat chain=dstnat comment="To Google DNS 8.8.4.4" disabled=no \ dst-port=53 layer7-protocol=To_Google_DNS protocol=udp to-addresses=8.8.4.4 \ to-ports=53 4.基于Nth的4条VPN负载均衡,之所以这么做是因为我 VPN 商的 VPN 速度白天慢晚上快,如果线路速度快的话1条 VPN 线路即可。 /ip firewall mangle add action=mark-connection chain=prerouting comment=VPN_Nth1 connection-state=new \ disabled=no dst-address-list=GFWed in-interface=ether2-Lan new-connection-mark=\ VPN_Nth1 nth=4,1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=VPN_Nth1 disabled=no \ in-interface=ether2-Lan new-routing-mark=VPN1 passthrough=yes add action=mark-connection chain=prerouting comment=VPN_Nth2 connection-state=new \ disabled=no dst-address-list=GFWed in-interface=ether2-Lan new-connection-mark=\ VPN_Nth2 nth=4,2 passthrough=yes add action=mark-routing chain=prerouting connection-mark=VPN_Nth2 disabled=no \ in-interface=ether2-Lan new-routing-mark=VPN2 passthrough=yes add action=mark-connection chain=prerouting comment=VPN_Nth3 connection-state=new \ disabled=no dst-address-list=GFWed in-interface=ether2-Lan new-connection-mark=\ VPN_Nth3 nth=4,3 passthrough=yes add action=mark-routing chain=prerouting connection-mark=VPN_Nth3 disabled=no \ in-interface=ether2-Lan new-routing-mark=VPN3 passthrough=yes add action=mark-connection chain=prerouting comment=VPN_Nth4 connection-state=new \ disabled=no dst-address-list=GFWed in-interface=ether2-Lan new-connection-mark=\ VPN_Nth4 nth=4,4 passthrough=yes add action=mark-routing chain=prerouting connection-mark=VPN_Nth4 disabled=no \ in-interface=ether2-Lan new-routing-mark=VPN4 passthrough=yes 5.所有被墙IP,8.8.8.8和8.8.4.4走VPN。 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pptp-out1 \ routing-mark=VPN1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pptp-out2 \ routing-mark=VPN2 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pptp-out3 \ routing-mark=VPN3 scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pptp-out4 \ routing-mark=VPN4 scope=30 target-scope=10 add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=pptp-out1 scope=30 \ target-scope=10 add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=pptp-out1 scope=30 \ target-scope=10 全部OK。 附:1.我是参考这里找 Google 全部域名: https://github.com/zxdrive/imouto.host 2.参考这里批处理批量解析的: http://bbs.bathome.net/thread-20715-1-1.html 3. Google IP 解析出来放入 Excel 有7000+行,用 Excel “合并计算”合并重复的即可。 4.PCQ 动态限速参考《RouterOS全攻略》作者崔某某,上面有。 5.穿墙我参考的是http://hzitlm.blog.163.com/blog/static/1931720052014911105740366/ 不过里面masquerade做法不够完善,而且有端口回流问题,后面“被墙的域名解析走pptp vpn”也有写错,不过整体思路可参考。 6.基于Nth的4条VPN负载均衡,由于VPN比较稳定,没有设置断线检查,如果你VPN常常掉线,还需要加断线脚本。 |