✅ 通用基础配置:
| 功能 | 状态 |
|---|---|
| PPPoE 拨号 | ✅ |
| LAN DHCP 分配 | ✅ |
| 上网 NAT | ✅ |
| 防火墙保护 | ✅ |
| udpxy IPTV | ✅ 只要旁路由 IGMP 请求发出 |
| OpenWrt 可用 | ✅ 作为旁路由接 IPTV |
🧱 一、系统基础设置
# 设置系统标识
/system identity set name=MyRouter
# 设置管理员密码(改为你自己的)
/user set admin password=你的安全密码
# 设置时区 & SNTP 同步
/system clock set time-zone-name=Asia/Shanghai
/system ntp client set enabled=yes primary-ntp=202.112.10.36 secondary-ntp=210.72.145.44🌐 二、重命名 + 桥接 + LAN 设置(LAN)
# ---------- 接口重命名 ----------
/interface ethernet
set [find default-name=ether1] name=ETH0
set [find default-name=ether2] name=ETH1
set [find default-name=ether3] name=ETH2
set [find default-name=ether4] name=ETH3
set [find default-name=ether5] name=ETH4
set [find default-name=ether6] name=ETH5
# 假设 ETH5 接光猫用于 PPPoE 拨号
# ---------- 创建桥接接口 ----------
/interface bridge
add name=bridge1 comment="LAN Bridge"
# ---------- 添加 LAN 口进 bridge ----------
/interface bridge port
add interface=ETH0 bridge=bridge1
add interface=ETH1 bridge=bridge1
add interface=ETH2 bridge=bridge1
add interface=ETH3 bridge=bridge1
add interface=ETH4 bridge=bridge1
# 保留 ETH5 给光猫拨号,不加入桥
# ---------- 给 bridge 分配 IP ----------
/ip address add address=10.10.10.1/24 interface=bridge1🚀 三、PPPoE 拨号设置(WAN)
# 创建 PPPoE 客户端(假设 ether5 直连光猫)
/interface pppoe-client
add name=pppoe-out1 interface=ether5 user=你的拨号账号 password=你的拨号密码 add-default-route=yes use-peer-dns=yes disabled=no🔥 四、NAT(源地址伪装)
/ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade comment="NAT:LAN 出口伪装"🔐 五、防火墙基础规则
/ip firewall filter
# 允许已建立、相关连接
add chain=input connection-state=established,related action=accept comment="允许已建立连接"
add chain=forward connection-state=established,related action=accept comment="转发:已建立连接"
# 拒绝无效连接
add chain=input connection-state=invalid action=drop comment="拒绝无效连接"
add chain=forward connection-state=invalid action=drop comment="转发:拒绝无效连接"
# 允许 LAN 访问路由器
add chain=input in-interface=bridge1 action=accept comment="允许 LAN 访问路由器"
# 拒绝 WAN 访问路由器
add chain=input in-interface=pppoe-out1 action=drop comment="拒绝 WAN 登录"
# 允许 LAN → WAN 上网
add chain=forward in-interface=bridge1 out-interface=pppoe-out1 action=accept comment="允许 LAN 上网"
# 拒绝 WAN → LAN
add chain=forward in-interface=pppoe-out1 out-interface=bridge1 action=drop comment="拒绝外网访问内网"📺 六、IGMP Proxy(给 IPTV/udpxy 用)
/ip igmp-proxy interface
add interface=pppoe-out1 upstream=yes
add interface=bridge1 upstream=no
/ip firewall filter
add chain=forward protocol=igmp action=accept comment="允许 IGMP"
add chain=forward dst-address=224.0.0.0/4 action=accept comment="允许组播流"
add chain=forward in-interface=bridge1 out-interface=pppoe-out1 protocol=igmp action=accept comment="允许 IGMP 请求"
add chain=forward in-interface=pppoe-out1 out-interface=bridge1 dst-address=224.0.0.0/4 action=accept comment="允许 WAN → LAN 组播"
# 启用 bridge 防火墙控制
/interface bridge settings set use-ip-firewall=yes
/interface bridge set bridge1 igmp-snooping=no📶 七、DHCP 服务(LAN 地址分配)
/ip pool add name=lan-pool ranges=10.10.10.100-10.10.10.200
/ip dhcp-server
add name=lan-dhcp interface=bridge1 address-pool=lan-pool disabled=no
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1 dns-server=114.114.114.114,223.5.5.5------bash
🧪 八、调试建议(抓包、日志)
# 抓包查看是否有组播
/tool sniffer quick interface=bridge1 ip-address=224.0.0.0/4
# 查看防火墙日志
/log print