ROS双线使用不同DNS

ros 5.23-5.24
广电+电信双线设置分流设置
Wan1 ip 10.254.0.8/255.255.255.0 网关为10.254.0.1 DNS为10.254.115.9
Wan2 ip 172.16.0.10/255.255.255.0 网关为 172.16.0.1 DNS为202.103.44.150
Lan ip 192.168.0.1/255.255.254.0 (子网扩大了1位包含了0和1两个网段)


环境Wan1 为广电 ， Wan2 为电信 Lan口 为内网接口
设置达到的效果为 192.168.0.2-192.168.0.254 走广电线路使用广电DNS， 192.168.1.1-192.168.1.254 走电信线路走电信DNS。
1.添加内外网ip
[admin@NETMAY] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; added by setup
192.168.0.1/23 192.168.0.0 LAN
1 ;;; added by setup
10.254.0.8/24 10.254.0.0 WAN1
2 ;;; added by setup
172.16.0.10/24 172.16.0.0 WAN2

2.添加标记 标记分流的ip
[admin@NETMAY] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=GD passthrough=yes
src-address=192.168.0.2-192.168.0.252

1 chain=prerouting action=mark-routing new-routing-mark=DX passthrough=yes
src-address=192.168.1.1-192.168.1.254


3.添加外网网关(注意标记)
[admin@NETMAY] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE RoutingMark
0 A S ;;; added by setup
0.0.0.0/0 10.254.0.1 1 GD
1 A S ;;; added by setup
0.0.0.0/0 172.16.0.1 1 DX
2 ADC 10.254.0.0/24 10.254.0.8 WAN1 0
3 ADC 172.168.0.0/24 172.16.0.10 WAN2 0
4 ADC 192.168.0.0/23 192.168.0.1 LAN 0



4添加伪装 和DNS劫持
[admin@NETMAY] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/23

1 chain=dstnat action=dst-nat to-addresses=202.103.44.150 to-ports=53
protocol=udp src-address=192.168.1.0/24 dst-address=192.168.0.1 dst-port=53

2 chain=dstnat action=dst-nat to-addresses=10.254.115.9 to-ports=53
protocol=udp src-address=192.168.0.0/24 dst-address=192.168.0.1 dst-port=53

完成