Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » MikroTik RouterOS (часть 4)

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR

articlebot (11-03-2019 21:34): продолжение в MikroTik RouterOS (часть 5)  Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

   

snelulex

Newbie
Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
[more]

Цитата:
конфиг надо видеть, телепатов нет

извиняюсь, исправляюсь
# sep/25/2017 13:18:25 by RouterOS 6.40.3
# model = 2011UiAS-2HnD
 
/interface bridge
add fast-forward=no name=br1-lan
/interface ethernet
set [ find default-name=ether1 ] name=eth1-wan
set [ find default-name=ether5 ] name=eth5-lan
set [ find default-name=ether6 ] name=eth6-lan
set [ find default-name=ether7 ] master-port=eth6-lan name=eth7-lan
set [ find default-name=ether8 ] master-port=eth6-lan name=eth8-lan
set [ find default-name=ether9 ] master-port=eth6-lan name=eth9-lan
set [ find default-name=ether10 ] master-port=eth6-lan name=eth10-lan
set [ find default-name=sfp1 ] name=wan
/ip neighbor discovery
set eth1-wan discover=no
set eth5-lan discover=no
set eth6-lan discover=no
set eth7-lan discover=no
set eth8-lan discover=no
set eth9-lan discover=no
set eth10-lan discover=no
set wan discover=no
/interface ethernet
set [ find default-name=ether2 ] master-port=eth5-lan name=eth2-lan \
    rx-flow-control=on tx-flow-control=on
set [ find default-name=ether3 ] master-port=eth5-lan name=eth3-lan
set [ find default-name=ether4 ] master-port=eth5-lan name=eth4-lan
/ip neighbor discovery
set eth2-lan discover=no
set eth3-lan discover=no
set eth4-lan discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=ххх \
    wpa2-pre-shared-key=ххх
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=wpa \
    supplicant-identity="" wpa-pre-shared-key=ххх \
    wpa2-pre-shared-key=ххх
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-onlyn country=russia disabled=no distance=indoors frequency=\
    2457 max-station-count=10 mode=ap-bridge multicast-helper=disabled name=\
    wlan security-profile=wpa tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11 wps-mode=disabled
/interface wireless nstreme
set wlan enable-polling=no
/ip pool
add name=dhcp ranges=192.168.10.100-192.168.10.200
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    br1-lan lease-time=8h name=dhcp
/queue interface
set eth1-wan queue=ethernet-default
set eth2-lan queue=ethernet-default
set eth3-lan queue=ethernet-default
set eth4-lan queue=ethernet-default
set eth5-lan queue=ethernet-default
set eth6-lan queue=ethernet-default
set eth7-lan queue=ethernet-default
set eth8-lan queue=ethernet-default
set eth9-lan queue=ethernet-default
set eth10-lan queue=ethernet-default
set wan queue=ethernet-default
set wlan queue=ethernet-default
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=br1-lan interface=eth5-lan
add bridge=br1-lan interface=wlan
add bridge=br1-lan interface=eth6-lan
/interface ovpn-server server
set certificate=ca.crt mode=ethernet netmask=32
/ip address
add address=192.168.10.1/24 interface=br1-lan network=192.168.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1-wan
/ip dhcp-server lease
add address=192.168.10.102 address-lists=wifi client-id=1:14:10:9f:db:71:bf \
    comment=MacBook mac-address=14:10:9F:DB:71:BF server=dhcp
add address=192.168.10.100 client-id=1:0:11:32:5d:29:eb comment=\
    "NAS Sinology" mac-address=00:11:32:5D:29:EB server=dhcp
add address=192.168.10.103 client-id=1:70:9e:29:41:34:aa comment=PS4 \
    mac-address=70:9E:29:41:34:AA server=dhcp
add address=192.168.10.101 address-lists=lan client-id=1:a8:20:66:2e:43:46 \
    comment=MacMini mac-address=A8:20:66:2E:43:46 server=dhcp
add address=192.168.10.104 client-id=1:ac:5f:3e:41:b5:e7 comment=Mobile \
    mac-address=AC:5F:3E:41:B5:E7 server=dhcp
add address=192.168.10.106 address-lists=wifi client-id=1:60:f1:89:57:84:13 \
    mac-address=60:F1:89:57:84:13 server=dhcp
add address=192.168.10.105 client-id=1:b0:65:bd:96:97:2b mac-address=\
    B0:65:BD:96:97:2B server=dhcp
add address=192.168.10.107 client-id=1:e0:f8:47:95:e8:44 mac-address=\
    E0:F8:47:95:E8:44 server=dhcp
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=\
    8.8.8.8,8.8.4.4,193.58.251.251,хх.ххх.хх.ххх,хх.ххх.хх.ххх gateway=\
    192.168.10.1 netmask=24 ntp-server=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,193.58.251.251
/ip firewall filter
add action=accept chain=input comment="Accept Ping " protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input comment="Accept Established / Related Input" \
    connection-state=established,related
add action=accept chain=input comment=\
    "Allow Management Input - 192.168.10.0/24" src-address=192.168.10.0/24
add action=drop chain=input comment="Drop Input" log=yes log-prefix=\
    "Input Drop"
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" \
    out-interface=eth1-wan src-address=192.168.10.0/24
add action=accept chain=forward dst-port=32400 in-interface=eth1-wan \
    protocol=tcp
add action=accept chain=forward dst-port=16881 in-interface=eth1-wan \
    protocol=tcp
add action=accept chain=forward dst-port=1194 in-interface=eth1-wan protocol=\
    udp
add action=drop chain=forward comment="Drop Forward"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=eth1-wan
add action=netmap chain=dstnat comment=PLEX dst-port=32400 in-interface=\
    eth1-wan protocol=tcp to-addresses=192.168.10.100 to-ports=32400
add action=netmap chain=dstnat comment=Torrents dst-port=16881 in-interface=\
    eth1-wan protocol=tcp to-addresses=192.168.10.100 to-ports=16881
add action=netmap chain=dstnat comment=VPN dst-port=1194 in-interface=\
    eth1-wan protocol=udp to-addresses=192.168.10.100 to-ports=1194
add action=netmap chain=dstnat comment=PS4 dst-port=80 in-interface=eth1-wan \
    protocol=tcp to-addresses=192.168.10.103 to-ports=80
add action=netmap chain=dstnat dst-port=443 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=443
add action=netmap chain=dstnat dst-port=465 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=465
add action=netmap chain=dstnat dst-port=993 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=993
add action=netmap chain=dstnat dst-port=1935 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=1935
add action=netmap chain=dstnat dst-port=2805-2899 in-interface=eth1-wan \
    protocol=tcp to-addresses=192.168.10.103 to-ports=2805-2899
add action=netmap chain=dstnat dst-port=3478 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=3478
add action=netmap chain=dstnat dst-port=3479 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=3479
add action=netmap chain=dstnat dst-port=3480 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=3480
add action=netmap chain=dstnat dst-port=5223 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=5223
add action=netmap chain=dstnat dst-port=6667 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=6667
add action=netmap chain=dstnat dst-port=8080 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=8080
add action=netmap chain=dstnat dst-port=9293 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=9293
add action=netmap chain=dstnat dst-port=9295 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=9295
add action=netmap chain=dstnat dst-port=9309 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=9309
add action=netmap chain=dstnat dst-port=3478 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=3478
add action=netmap chain=dstnat dst-port=3479 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=3479
add action=netmap chain=dstnat dst-port=9293 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9293
add action=netmap chain=dstnat dst-port=9296 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9296
add action=netmap chain=dstnat dst-port=9297 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9297
add action=netmap chain=dstnat dst-port=9303 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9303
add action=netmap chain=dstnat dst-port=9306 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9306
add action=netmap chain=dstnat dst-port=9307 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9307
add action=netmap chain=dstnat dst-port=9308 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9308
add action=netmap chain=dstnat dst-port=9309 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=9309
add action=netmap chain=dstnat comment=EA dst-port=9988 in-interface=eth1-wan \
    protocol=tcp to-addresses=192.168.10.103 to-ports=9988
add action=netmap chain=dstnat dst-port=10000-10100 in-interface=eth1-wan \
    protocol=tcp to-addresses=192.168.10.103 to-ports=10000-10100
add action=netmap chain=dstnat dst-port=17502 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=17502
add action=netmap chain=dstnat dst-port=42127 in-interface=eth1-wan protocol=\
    tcp to-addresses=192.168.10.103 to-ports=42127
add action=netmap chain=dstnat dst-port=3659 in-interface=eth1-wan protocol=\
    udp to-addresses=192.168.10.103 to-ports=3659
add action=netmap chain=dstnat dst-port=14000-14016 in-interface=eth1-wan \
    protocol=udp to-addresses=192.168.10.103 to-ports=14000-14016
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.10.0/24 port=9999
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=br1-lan type=internal
add interface=eth1-wan type=external
/lcd
set backlight-timeout=never default-screen=stats-all read-only-mode=yes
/lcd interface
set wan disabled=yes
set eth6-lan disabled=yes
set eth7-lan disabled=yes
set eth8-lan disabled=yes
set eth9-lan disabled=yes
set eth10-lan disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=FoxMikroTik
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set br1-lan disabled=yes display-time=5s
set wlan disabled=yes display-time=5s
set wan disabled=yes display-time=5s
set eth1-wan disabled=yes display-time=5s
set eth2-lan disabled=yes display-time=5s
set eth3-lan disabled=yes display-time=5s
set eth4-lan disabled=yes display-time=5s
set eth5-lan disabled=yes display-time=5s
set eth6-lan disabled=yes display-time=5s
set eth7-lan disabled=yes display-time=5s
set eth8-lan disabled=yes display-time=5s
set eth9-lan disabled=yes display-time=5s
set eth10-lan disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp=хх.ххх.хх.ххх secondary-ntp=хх.ххх.хх.ххх
/tool graphing interface
add allow-address=192.168.10.0/24
/tool graphing queue
add allow-address=192.168.10.0/24
/tool graphing resource
add allow-address=192.168.10.0/24
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=br1-lan
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=br1-lan
/tool user-manager database
set db-path=user-manager

Всего записей: 6 | Зарегистр. 24-09-2017 | Отправлено: 14:32 25-09-2017 | Исправлено: snelulex, 14:35 25-09-2017
   

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » MikroTik RouterOS (часть 4)
articlebot (11-03-2019 21:34): продолжение в MikroTik RouterOS (часть 5)


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru