snelulex
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору [more] Цитата: конфиг надо видеть, телепатов нет | извиняюсь, исправляюсь # sep/25/2017 13:18:25 by RouterOS 6.40.3 # model = 2011UiAS-2HnD /interface bridge add fast-forward=no name=br1-lan /interface ethernet set [ find default-name=ether1 ] name=eth1-wan set [ find default-name=ether5 ] name=eth5-lan set [ find default-name=ether6 ] name=eth6-lan set [ find default-name=ether7 ] master-port=eth6-lan name=eth7-lan set [ find default-name=ether8 ] master-port=eth6-lan name=eth8-lan set [ find default-name=ether9 ] master-port=eth6-lan name=eth9-lan set [ find default-name=ether10 ] master-port=eth6-lan name=eth10-lan set [ find default-name=sfp1 ] name=wan /ip neighbor discovery set eth1-wan discover=no set eth5-lan discover=no set eth6-lan discover=no set eth7-lan discover=no set eth8-lan discover=no set eth9-lan discover=no set eth10-lan discover=no set wan discover=no /interface ethernet set [ find default-name=ether2 ] master-port=eth5-lan name=eth2-lan \ rx-flow-control=on tx-flow-control=on set [ find default-name=ether3 ] master-port=eth5-lan name=eth3-lan set [ find default-name=ether4 ] master-port=eth5-lan name=eth4-lan /ip neighbor discovery set eth2-lan discover=no set eth3-lan discover=no set eth4-lan discover=no /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\ tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \ unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=ххх \ wpa2-pre-shared-key=ххх add authentication-types=wpa-psk,wpa2-psk eap-methods="" \ management-protection=allowed mode=dynamic-keys name=wpa \ supplicant-identity="" wpa-pre-shared-key=ххх \ wpa2-pre-shared-key=ххх /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ band=2ghz-onlyn country=russia disabled=no distance=indoors frequency=\ 2457 max-station-count=10 mode=ap-bridge multicast-helper=disabled name=\ wlan security-profile=wpa tx-power-mode=all-rates-fixed \ wireless-protocol=802.11 wps-mode=disabled /interface wireless nstreme set wlan enable-polling=no /ip pool add name=dhcp ranges=192.168.10.100-192.168.10.200 /ip dhcp-server add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\ br1-lan lease-time=8h name=dhcp /queue interface set eth1-wan queue=ethernet-default set eth2-lan queue=ethernet-default set eth3-lan queue=ethernet-default set eth4-lan queue=ethernet-default set eth5-lan queue=ethernet-default set eth6-lan queue=ethernet-default set eth7-lan queue=ethernet-default set eth8-lan queue=ethernet-default set eth9-lan queue=ethernet-default set eth10-lan queue=ethernet-default set wan queue=ethernet-default set wlan queue=ethernet-default /tool user-manager customer set admin access=\ own-routers,own-users,own-profiles,own-limits,config-payment-gw /interface bridge port add bridge=br1-lan interface=eth5-lan add bridge=br1-lan interface=wlan add bridge=br1-lan interface=eth6-lan /interface ovpn-server server set certificate=ca.crt mode=ethernet netmask=32 /ip address add address=192.168.10.1/24 interface=br1-lan network=192.168.10.0 /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=eth1-wan /ip dhcp-server lease add address=192.168.10.102 address-lists=wifi client-id=1:14:10:9f:db:71:bf \ comment=MacBook mac-address=14:10:9F:DB:71:BF server=dhcp add address=192.168.10.100 client-id=1:0:11:32:5d:29:eb comment=\ "NAS Sinology" mac-address=00:11:32:5D:29:EB server=dhcp add address=192.168.10.103 client-id=1:70:9e:29:41:34:aa comment=PS4 \ mac-address=70:9E:29:41:34:AA server=dhcp add address=192.168.10.101 address-lists=lan client-id=1:a8:20:66:2e:43:46 \ comment=MacMini mac-address=A8:20:66:2E:43:46 server=dhcp add address=192.168.10.104 client-id=1:ac:5f:3e:41:b5:e7 comment=Mobile \ mac-address=AC:5F:3E:41:B5:E7 server=dhcp add address=192.168.10.106 address-lists=wifi client-id=1:60:f1:89:57:84:13 \ mac-address=60:F1:89:57:84:13 server=dhcp add address=192.168.10.105 client-id=1:b0:65:bd:96:97:2b mac-address=\ B0:65:BD:96:97:2B server=dhcp add address=192.168.10.107 client-id=1:e0:f8:47:95:e8:44 mac-address=\ E0:F8:47:95:E8:44 server=dhcp /ip dhcp-server network add address=192.168.10.0/24 dns-server=\ 8.8.8.8,8.8.4.4,193.58.251.251,хх.ххх.хх.ххх,хх.ххх.хх.ххх gateway=\ 192.168.10.1 netmask=24 ntp-server=192.168.10.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,193.58.251.251 /ip firewall filter add action=accept chain=input comment="Accept Ping " protocol=icmp add action=accept chain=forward protocol=icmp add action=accept chain=input comment="Accept Established / Related Input" \ connection-state=established,related add action=accept chain=input comment=\ "Allow Management Input - 192.168.10.0/24" src-address=192.168.10.0/24 add action=drop chain=input comment="Drop Input" log=yes log-prefix=\ "Input Drop" add action=accept chain=forward connection-state=established,related add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" \ out-interface=eth1-wan src-address=192.168.10.0/24 add action=accept chain=forward dst-port=32400 in-interface=eth1-wan \ protocol=tcp add action=accept chain=forward dst-port=16881 in-interface=eth1-wan \ protocol=tcp add action=accept chain=forward dst-port=1194 in-interface=eth1-wan protocol=\ udp add action=drop chain=forward comment="Drop Forward" /ip firewall nat add action=masquerade chain=srcnat out-interface=eth1-wan add action=netmap chain=dstnat comment=PLEX dst-port=32400 in-interface=\ eth1-wan protocol=tcp to-addresses=192.168.10.100 to-ports=32400 add action=netmap chain=dstnat comment=Torrents dst-port=16881 in-interface=\ eth1-wan protocol=tcp to-addresses=192.168.10.100 to-ports=16881 add action=netmap chain=dstnat comment=VPN dst-port=1194 in-interface=\ eth1-wan protocol=udp to-addresses=192.168.10.100 to-ports=1194 add action=netmap chain=dstnat comment=PS4 dst-port=80 in-interface=eth1-wan \ protocol=tcp to-addresses=192.168.10.103 to-ports=80 add action=netmap chain=dstnat dst-port=443 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=443 add action=netmap chain=dstnat dst-port=465 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=465 add action=netmap chain=dstnat dst-port=993 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=993 add action=netmap chain=dstnat dst-port=1935 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=1935 add action=netmap chain=dstnat dst-port=2805-2899 in-interface=eth1-wan \ protocol=tcp to-addresses=192.168.10.103 to-ports=2805-2899 add action=netmap chain=dstnat dst-port=3478 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=3478 add action=netmap chain=dstnat dst-port=3479 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=3479 add action=netmap chain=dstnat dst-port=3480 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=3480 add action=netmap chain=dstnat dst-port=5223 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=5223 add action=netmap chain=dstnat dst-port=6667 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=6667 add action=netmap chain=dstnat dst-port=8080 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=8080 add action=netmap chain=dstnat dst-port=9293 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=9293 add action=netmap chain=dstnat dst-port=9295 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=9295 add action=netmap chain=dstnat dst-port=9309 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=9309 add action=netmap chain=dstnat dst-port=3478 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=3478 add action=netmap chain=dstnat dst-port=3479 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=3479 add action=netmap chain=dstnat dst-port=9293 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9293 add action=netmap chain=dstnat dst-port=9296 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9296 add action=netmap chain=dstnat dst-port=9297 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9297 add action=netmap chain=dstnat dst-port=9303 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9303 add action=netmap chain=dstnat dst-port=9306 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9306 add action=netmap chain=dstnat dst-port=9307 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9307 add action=netmap chain=dstnat dst-port=9308 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9308 add action=netmap chain=dstnat dst-port=9309 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=9309 add action=netmap chain=dstnat comment=EA dst-port=9988 in-interface=eth1-wan \ protocol=tcp to-addresses=192.168.10.103 to-ports=9988 add action=netmap chain=dstnat dst-port=10000-10100 in-interface=eth1-wan \ protocol=tcp to-addresses=192.168.10.103 to-ports=10000-10100 add action=netmap chain=dstnat dst-port=17502 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=17502 add action=netmap chain=dstnat dst-port=42127 in-interface=eth1-wan protocol=\ tcp to-addresses=192.168.10.103 to-ports=42127 add action=netmap chain=dstnat dst-port=3659 in-interface=eth1-wan protocol=\ udp to-addresses=192.168.10.103 to-ports=3659 add action=netmap chain=dstnat dst-port=14000-14016 in-interface=eth1-wan \ protocol=udp to-addresses=192.168.10.103 to-ports=14000-14016 /ip service set telnet disabled=yes set ftp disabled=yes set www address=192.168.10.0/24 port=9999 set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ip upnp set enabled=yes show-dummy-rule=no /ip upnp interfaces add interface=br1-lan type=internal add interface=eth1-wan type=external /lcd set backlight-timeout=never default-screen=stats-all read-only-mode=yes /lcd interface set wan disabled=yes set eth6-lan disabled=yes set eth7-lan disabled=yes set eth8-lan disabled=yes set eth9-lan disabled=yes set eth10-lan disabled=yes /system clock set time-zone-name=Europe/Moscow /system identity set name=FoxMikroTik /system lcd set contrast=0 enabled=no port=parallel type=24x4 /system lcd page set time disabled=yes display-time=5s set resources disabled=yes display-time=5s set uptime disabled=yes display-time=5s set packets disabled=yes display-time=5s set bits disabled=yes display-time=5s set version disabled=yes display-time=5s set identity disabled=yes display-time=5s set br1-lan disabled=yes display-time=5s set wlan disabled=yes display-time=5s set wan disabled=yes display-time=5s set eth1-wan disabled=yes display-time=5s set eth2-lan disabled=yes display-time=5s set eth3-lan disabled=yes display-time=5s set eth4-lan disabled=yes display-time=5s set eth5-lan disabled=yes display-time=5s set eth6-lan disabled=yes display-time=5s set eth7-lan disabled=yes display-time=5s set eth8-lan disabled=yes display-time=5s set eth9-lan disabled=yes display-time=5s set eth10-lan disabled=yes display-time=5s /system ntp client set enabled=yes primary-ntp=хх.ххх.хх.ххх secondary-ntp=хх.ххх.хх.ххх /tool graphing interface add allow-address=192.168.10.0/24 /tool graphing queue add allow-address=192.168.10.0/24 /tool graphing resource add allow-address=192.168.10.0/24 /tool mac-server set [ find default=yes ] disabled=yes add interface=br1-lan /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=br1-lan /tool user-manager database set db-path=user-manager | Всего записей: 6 | Зарегистр. 24-09-2017 | Отправлено: 14:32 25-09-2017 | Исправлено: snelulex, 14:35 25-09-2017 |
|