Ubnt EdgeRouter 路由器 双 WAN 中国移动策略路由配置案例

需求描述：1) 1 LAN + 2 WAN；LAN 口 eth0，WAN1 中国电信 eth1 (pppoe1)，WAN2 中国移动 eth2 (pppoe2)。
2) 默认 WAN1 承载全部负载，WAN2 只负责中国移动目标地址。3) WAN1 线路故障，WAN2 承载全部流量。WAN2 故障，WAN1 负载全部流量 (包括中国移动目标地址)。线路正常后自动恢复缺省策略。

如何使用 CLI 模式参考 EdgeOS 用户指南中文版 (第 91 页)：http://dl-cdn.ubnt.com.cn/qsg/EdgeOS_V19_UG_V02_CN.pdf

首先进入配置模式

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt#

如果不够熟悉，建议每个段落输入命令后都执行一次 commit 命令。

设置路由器的时区和 DNS 服务器。

set system time-zone Asia/Shanghai
set system name-server 223.5.5.5
set system name-server 223.6.6.6

配置 LAN 口 (eth0) IP 地址为 192.168.1.1/24，出厂默认配置已经包含，不需要执行这个命令。

set interfaces ethernet eth0 address 192.168.1.1/24

LAN 口启用 DHCP 服务器。
1) 地址池包括 192.168.1.31 到 192.168.1.250 共 220 个地址。
2) 192.168.1.2 到 192.168.1.30 和 192.168.1.251 到 192.168.1.254 保留静态分配。
3) 建议使用 223.5.5.5 和 223.6.6.6 阿里 DNS 服务器，不要使用运营商提供的 DNS 服务器 (非常重要)。
4) 动态地址租约改成 10 分钟。

set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.31 stop 192.168.1.250
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.5.5.5
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.6.6.6
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 600

创建 PPPoE 拨号接口。
1) eth1 口接电信光猫 (对应 pppoe1)
2) eth2 口接移动光猫 (对应 pppoe2)。
3) 缺省路由和 DNS 服务器获取关闭 (非常重要) 。

set interfaces ethernet eth1 pppoe 1 user-id user1
set interfaces ethernet eth1 pppoe 1 password pass1
set interfaces ethernet eth1 pppoe 1 default-route none
set interfaces ethernet eth1 pppoe 1 name-server none
set interfaces ethernet eth2 pppoe 2 user-id user2
set interfaces ethernet eth2 pppoe 2 password pass2
set interfaces ethernet eth2 pppoe 2 default-route none
set interfaces ethernet eth2 pppoe 2 name-server none

针对 pppoe1 和 pppoe2 启用地址伪装 (源地址 NAT)。

set service nat rule 5001 outbound-interface pppoe1
set service nat rule 5001 type masquerade
set service nat rule 5002 outbound-interface pppoe2
set service nat rule 5002 type masquerade

创建主路由表 main 的默认接口路由。pppoe1 的管理距离是 1，pppoe2 是 2，pppoe2 是备份路由。

set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe1 distance 1
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe2 distance 2

创建路由表 2 和默认接口路由，路由表 2 是从 pppoe2 接口出。

set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface pppoe2

创建中国移动地址列表 CMNET 共 62 条，数据来自 APNIC (亚太互联网络信息中心)。

set firewall group network-group CMNET network 211.103.0.0/17
set firewall group network-group CMNET network 211.140.0.0/15
set firewall group network-group CMNET network 211.136.0.0/14
set firewall group network-group CMNET network 61.236.0.0/15
set firewall group network-group CMNET network 211.142.0.0/17
set firewall group network-group CMNET network 218.204.0.0/15
set firewall group network-group CMNET network 218.200.0.0/14
set firewall group network-group CMNET network 211.143.0.0/16
set firewall group network-group CMNET network 211.142.128.0/17
set firewall group network-group CMNET network 221.172.0.0/14
set firewall group network-group CMNET network 222.32.0.0/11
set firewall group network-group CMNET network 221.130.0.0/15
set firewall group network-group CMNET network 218.206.0.0/15
set firewall group network-group CMNET network 221.176.0.0/13
set firewall group network-group CMNET network 123.64.0.0/11
set firewall group network-group CMNET network 122.64.0.0/11
set firewall group network-group CMNET network 117.128.0.0/10
set firewall group network-group CMNET network 118.204.0.0/14
set firewall group network-group CMNET network 120.90.0.0/15
set firewall group network-group CMNET network 120.192.0.0/10
set firewall group network-group CMNET network 114.208.0.0/14
set firewall group network-group CMNET network 115.104.0.0/14
set firewall group network-group CMNET network 115.180.0.0/14
set firewall group network-group CMNET network 112.0.0.0/10
set firewall group network-group CMNET network 110.96.0.0/11
set firewall group network-group CMNET network 110.192.0.0/11
set firewall group network-group CMNET network 111.0.0.0/10
set firewall group network-group CMNET network 183.192.0.0/10
set firewall group network-group CMNET network 223.112.0.0/14
set firewall group network-group CMNET network 223.116.0.0/15
set firewall group network-group CMNET network 223.120.0.0/13
set firewall group network-group CMNET network 223.64.0.0/11
set firewall group network-group CMNET network 223.96.0.0/12
set firewall group network-group CMNET network 101.144.0.0/12
set firewall group network-group CMNET network 36.192.0.0/11
set firewall group network-group CMNET network 36.128.0.0/10
set firewall group network-group CMNET network 39.128.0.0/10
set firewall group network-group CMNET network 103.3.128.0/22
set firewall group network-group CMNET network 103.20.112.0/22
set firewall group network-group CMNET network 103.21.176.0/22
set firewall group network-group CMNET network 43.247.240.0/22
set firewall group network-group CMNET network 43.251.244.0/22
set firewall group network-group CMNET network 45.121.68.0/22
set firewall group network-group CMNET network 103.61.156.0/22
set firewall group network-group CMNET network 103.61.160.0/22
set firewall group network-group CMNET network 45.121.72.0/22
set firewall group network-group CMNET network 103.62.24.0/22
set firewall group network-group CMNET network 45.121.172.0/22
set firewall group network-group CMNET network 45.121.176.0/22
set firewall group network-group CMNET network 45.122.100.0/22
set firewall group network-group CMNET network 45.122.96.0/22
set firewall group network-group CMNET network 45.122.96.0/21
set firewall group network-group CMNET network 103.62.208.0/22
set firewall group network-group CMNET network 103.62.204.0/22
set firewall group network-group CMNET network 45.123.152.0/22
set firewall group network-group CMNET network 103.192.0.0/22
set firewall group network-group CMNET network 45.124.36.0/22
set firewall group network-group CMNET network 103.192.144.0/22
set firewall group network-group CMNET network 103.193.140.0/22
set firewall group network-group CMNET network 45.125.24.0/22
set firewall group network-group CMNET network 43.239.172.0/22
set firewall group network-group CMNET network 103.35.104.0/22

创建 modify 策略 M，目标地址在 CMNET 列表中强制到路由表 2 (pppoe2)。

set firewall modify M rule 20 destination group network-group CMNET
set firewall modify M rule 20 action modify
set firewall modify M rule 20 modify table 2

应用 M 到 LAN 口 (eth0) 生效。

set interfaces ethernet eth0 firewall in modify M

最后保存和退出配置模式。

ubnt@ubnt# commit
[edit]
ubnt@ubnt# save Saving configuration to '/config/config.boot'... Done
[edit]