RouterOS 基于 GEOIP 和 domain list 的自动分流实现
date
Feb 15, 2022
slug
routeros-auto-splitter
status
Published
tags
routeros
geoip
firewall
ipv6
summary
type
Post
实现思路
国内 IP 直连,国外 IP 走隧道
GEOIP List
国外网站 DNS 优化
Domain List
去广告
AD-Block Domain List
具体实现
远程地址不是 CN 的 打路由标签,重定向到 vpn 网关出去
chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=no dst-address-type=!local src-address-list=proxy-devices dst-address-list=!CN in-interface=lan log=no log-prefix=""拦截 指定 域名 udp dns 查询包 (通过 layer7-protocol),重定向到 vpn 8.8.8.8 获得最优的查询结果
/ip/firewall/mangle
chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=no layer7-protocol=custom-domain protocol=udp in-interface=lan dst-port=53 log=no log-prefix=""
/ip/firewall/nat
chain=dstnat action=dst-nat to-addresses=8.8.8.8 to-ports=53 protocol=udp routing-mark=vpn基于 dns 的广告屏蔽,按需添加到 /ip/dns/static
5 api.ad.xiaomi.com 127.0.0.1 1d
6 log.ad.xiaomi.com 127.0.0.1 1d
7 sdkconfig.ad.xiaomi.com 127.0.0.1 1d
8 track.ad.xiaomi.com 127.0.0.1 1d
9 zeus.ad.xiaomi.com 127.0.0.1 1d
10 data.mistat.india.xiaomi.com 127.0.0.1 1d
11 api.ad.intl.xiaomi.com 127.0.0.1 1d
12 diagnosis.ad.intl.xiaomi.com 127.0.0.1 1d
13 sdkconfig.ad.intl.xiaomi.com 127.0.0.1 1d
14 zeus.ad.intl.xiaomi.com 127.0.0.1 1d
15 data.mistat.intl.xiaomi.com 127.0.0.1 1d
16 data.mistat.rus.xiaomi.com 127.0.0.1 1d
17 mitv.tracking.intl.miui.com 127.0.0.1 1d
18 tracking.intl.miui.com 127.0.0.1 1dchange-mss 解决 MTU 大小问题导致的访问缓慢
chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp log=no log-prefix=""
chain=output action=change-mss new-mss=clamp-to-pmtu passthrough=no tcp-flags=syn protocol=tcp log=no log-prefix=""禁用国外的 ipv6 80 443 端口,阻止 ipv6 方式访问国外网站 (有些网站封锁国内的 IP 段)
;;; Drop all !CN ipv6 80 443 package
chain=forward action=reject reject-with=icmp-no-route protocol=tcp dst-address-list=!CN in-interface=lan dst-port=80,443 log=no log-prefix=""