MikroTik RouterOS (часть 4) - [1635] :: В помощь системному администратору

[admin@MikroTik] > /export
# feb/01/2017 14:12:02 by RouterOS 6.38
# software id = PVUB-BNAT
#
/interface bridge
add admin-mac=D4:CA:6D:07:6C:37 auto-mac=no mtu=1500 name=bridge-local
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=russia disabled=no distance=indoors frequency=auto mode=ap-bridge \
ssid=jant wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] name=ether5_arenda
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys \
wpa-pre-shared-key=abcde2015 wpa2-pre-shared-key=abcde2015
add name=profile
add management-protection=allowed mode=static-keys-optional name=gwifi
/interface wireless
add disabled=no mac-address=D6:CA:6D:07:6C:3B master-interface=wlan1 mode=\
ap-bridge name=wlan2 security-profile=gwifi ssid=jant_free
/ip firewall layer7-protocol
add name=social regexp="^.+(vk.com|vkontakte|odnoklassniki|odnoklasniki|facebook|\
fall-in-love|loveplanet|fotostrana|my.mail.ru|gilmon|.teamviewer.com).*\$"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.30-192.168.1.254
add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.254
add name=pool_arenda ranges=192.168.89.2-192.168.89.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge-local name=\
default
add address-pool=dhcp_pool1 disabled=no interface=wlan2 name=dhcp1
/queue simple
add max-limit=1M/1M name=gwifi target=10.10.10.0/24
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge1 interface=ether5_arenda
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.1.0
add address=10.10.10.1/24 interface=ether2-master-local network=10.10.10.0
add address=192.168.89.1/24 interface=ether5_arenda network=192.168.89.0
/ip arp
add address=192.168.1.2 interface=bridge-local mac-address=50:E5:49:CE:B7:45
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no \
interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.1.2 always-broadcast=yes client-id=1:50:e5:49:ce:b7:45 \
comment="Gluharev. PC" mac-address=50:E5:49:CE:B7:45 server=default
add address=192.168.1.12 comment="Gluharev. Phone" mac-address=0C:1D:AF:C6:B5:2E \
server=default
add address=192.168.1.6 always-broadcast=yes client-id=1:E8:DE:27:01:DA:FF \
comment="Romanov. PC" mac-address=E8:DE:27:01:DA:FF server=default
add address=192.168.1.10 client-id=0:0:b:4f:d5:a8:7b:0:0:0 comment=Verifone \
mac-address=00:0B:4F:D5:A8:7B server=default
add address=192.168.1.20 client-id=1:98:4B:E1:3A:2C:24 comment=\
"Printer HP CP1525n" mac-address=98:4B:E1:3A:2C:24 server=default
add address=192.168.1.19 client-id=1:A4:5D:36:62:B5:79 comment="Printer HP M425" \
mac-address=A4:5D:36:62:B5:79 server=default
add address=192.168.1.7 comment=Server mac-address=D8:50:E6:B9:B4:44 server=\
default
add address=192.168.1.8 always-broadcast=yes client-id=1:0:21:97:6:e6:4b \
comment="Osipov. PC" mac-address=00:21:97:06:E6:4B server=default
add address=192.168.1.18 client-id=1:c4:43:8f:b0:c1:cf comment="Osipov. Phone" \
mac-address=C4:43:8F:B0:C1:CF server=default
add address=192.168.1.5 always-broadcast=yes client-id=1:0:1d:7d:94:af:f4 \
comment="Shramko. PC" mac-address=00:1D:7D:94:AF:F4 server=default
add address=192.168.1.11 client-id=1:0:17:31:ce:d6:52 comment="Strelkov. PC" \
mac-address=00:17:31:CE:D6:52 server=default
add address=192.168.1.9 comment="Merenkov. PC" mac-address=D0:27:88:73:39:7E \
server=default
add address=192.168.1.17 client-id=1:b0:ec:71:b0:1b:bd comment="Merenkov. Phone" \
mac-address=B0:EC:71:B0:1B:BD server=default
add address=192.168.1.3 always-broadcast=yes client-id=1:1c:6f:65:4a:0:fa \
comment="Halyapina. PC" mac-address=1C:6F:65:4A:00:FA server=default
add address=192.168.1.21 client-id=1:60:21:c0:68:1d:92 comment="Strelkov. Phone" \
mac-address=60:21:C0:68:1D:92 server=default
add address=192.168.1.13 comment="Halyapina. Phone" mac-address=\
5C:B5:24:D4:29:AB server=default
add address=192.168.1.14 comment="Isaev. Phone" mac-address=7C:61:93:99:02:7F \
server=default
add address=192.168.1.4 always-broadcast=yes client-id=1:0:1f:e2:59:f0:e6 \
comment="Isaev. PC" mac-address=00:1F:E2:59:F0:E6 server=default
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=192.168.1.0/24 comment="default configuration" dns-server=\
192.168.1.1 gateway=192.168.1.1 netmask=24
add address=192.168.89.0/24 dns-server=192.168.89.1 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.10.1 name=router
/ip firewall filter
add action=drop chain=forward disabled=yes layer7-protocol=social
add action=reject chain=input comment="block DNS" dst-port=53 in-interface=\
ether1-gateway protocol=udp reject-with=icmp-network-unreachable
add action=accept chain=forward dst-port=8080 in-interface=ether1-gateway \
protocol=tcp
add action=accept chain=forward dst-port=80 in-interface=ether1-gateway \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.1.2 to-ports=80
add action=dst-nat chain=dstnat dst-port=8080 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.1.1 to-ports=80
add action=dst-nat chain=dstnat comment=PostgreSQL dst-port=5555 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.1.7 to-ports=5432
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="\D0\EE\EC\E0\ED\EE\E2. Radmin" \
dst-port=4906 in-interface=ether1-gateway protocol=tcp to-addresses=\
192.168.1.6 to-ports=4906
add action=dst-nat chain=dstnat comment="Radmin. crank" dst-port=4902 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.2 to-ports=\
4902
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.1.7 to-ports=80
add action=dst-nat chain=dstnat comment="\D1\E5\F0\E2\E5\F0. RDP" dst-port=4444 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.7 to-ports=\
3389
add action=netmap chain=dstnat comment="Radmin. Server" dst-port=4907 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.7 to-ports=\
4907
add action=netmap chain=dstnat comment=FTP dst-port=21 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.1.7 to-ports=21
add action=masquerade chain=srcnat comment="FTP local masq" dst-address=\
192.168.1.7 dst-port=21 protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="FTP local" dst-address-type=local \
dst-port=21 in-interface=bridge-local protocol=tcp to-addresses=192.168.1.7
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Yekaterinburg
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=10.100.12.15 secondary-ntp=37.139.41.250
/system routerboard settings
# Warning: memory overclocked
set init-delay=0s
/tool romon port
add
[admin@MikroTik] >

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
articlebot (11-03-2019 21:34): продолжение в MikroTik RouterOS (часть 5)	Версия для печати • Подписаться • Добавить в закладки
На первую страницу • к этому сообщению • к последнему сообщению