Mikrotik

(Różnice między wersjami)
Skocz do: nawigacji, wyszukiwania
(W odpowiednie miejsca należy wpisać odpowiednie dane (loginy, hasła, adresy IP))
Linia 5: Linia 5:
 
===Skrypt===
 
===Skrypt===
 
W odpowiednie miejsca należy wpisać odpowiednie dane (loginy, hasła, adresy IP)
 
W odpowiednie miejsca należy wpisać odpowiednie dane (loginy, hasła, adresy IP)
<pre># may/27/2013 11:20:45 by RouterOS 6.0rc13
+
<pre>/interface pppoe-server server
# software id = 2AQU-CN1X
+
add authentication=chap default-profile=default disabled=no interface=wlan14 \
#
+
     keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=\
/interface ethernet
+
    disabled one-session-per-host=yes service-name=testowy
set 0 name=ether1
+
 
set 1 name=ether2
+
set 2 name=ether3
+
/interface wireless
+
set 0 band=2ghz-b/g disabled=no frequency=2442 l2mtu=2290 mode=ap-bridge \
+
     name=wlan14 ssid=Mikrotok wireless-protocol=unspecified
+
/ip neighbor discovery
+
set wlan14 discover=no
+
/ip hotspot user profile
+
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
+
/ip pool
+
add name=dhcp_pool1 ranges=192.168.25.2-192.168.25.254
+
/ip dhcp-server
+
add address-pool=dhcp_pool1 disabled=no interface=wlan14 name=dhcp1
+
/port
+
set 0 name=serial0
+
 
/ppp profile
 
/ppp profile
set 0 local-address=78.31.88.252
+
set 0 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
/interface pppoe-server server
+
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
add authentication=chap disabled=no interface=wlan14 one-session-per-host=yes \
+
    local-address=IP_MIKROTIKA name=default only-one=default !outgoing-filter \
     service-name=testowy
+
    !rate-limit !remote-address !session-timeout use-compression=default \
/ip address
+
     use-encryption=default use-mpls=default use-vj-compression=default \
add address=78.31.88.252/24 interface=ether2 network=78.31.88.0
+
    !wins-server
add address=192.168.25.1/24 interface=wlan14 network=192.168.25.0
+
set 1 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
/ip dhcp-client
+
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
add dhcp-options=hostname,clientid disabled=no interface=ether2
+
    !local-address name=default-encryption only-one=default !outgoing-filter \
/ip dhcp-server network
+
    !rate-limit !remote-address !session-timeout use-compression=default \
add address=192.168.25.0/24 dns-server=78.31.90.58 gateway=192.168.25.1
+
    use-encryption=yes use-mpls=default use-vj-compression=default \
/ip dns
+
    !wins-server
set allow-remote-requests=yes servers=78.31.90.58
+
 
/ip dns static
+
/ppp aaa
add address=192.168.88.1 name=router
+
set accounting=yes interim-update=15m use-radius=yes
 +
 
 +
 
 
/ip firewall filter
 
/ip firewall filter
add action=jump chain=forward jump-target=ppp
+
add action=jump chain=forward !connection-bytes !connection-limit \
 +
    !connection-mark !connection-rate !connection-state !connection-type \
 +
    !content disabled=no !dscp !dst-address !dst-address-list \
 +
    !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
 +
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
 +
    jump-target=ppp !layer7-protocol !limit !nth !out-bridge-port \
 +
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
 +
    !port !priority !protocol !psd !random !routing-mark !routing-table \
 +
    !src-address !src-address-list !src-address-type !src-mac-address \
 +
    !src-port !tcp-flags !tcp-mss !time !ttl
 
add action=add-src-to-address-list address-list=przekierowanie \
 
add action=add-src-to-address-list address-list=przekierowanie \
     address-list-timeout=10m chain=przypominajka dst-address=!78.31.90.8
+
     address-list-timeout=10m chain=przypominajka !connection-bytes \
add chain=forward comment="Akceptujemy ruch dnsa" dst-port=53 protocol=udp \
+
    !connection-limit !connection-mark !connection-rate !connection-state \
     src-address-list=przekierowanie
+
    !connection-type !content disabled=no !dscp dst-address=!78.31.90.8 \
add chain=forward comment=\
+
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
     "Akceptujemy ruch o strony z komunikatem i do panelu usera" dst-address=\
+
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
     78.31.90.8 src-address-list=przekierowanie
+
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
 +
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
 +
    !port !priority !protocol !psd !random !routing-mark !routing-table \
 +
    !src-address !src-address-list !src-address-type !src-mac-address \
 +
    !src-port !tcp-flags !tcp-mss !time !ttl
 +
add action=accept chain=forward comment="Akceptujemy ruch dnsa" \
 +
    !connection-bytes !connection-limit !connection-mark !connection-rate \
 +
    !connection-state !connection-type !content disabled=no !dscp \
 +
    !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 \
 +
    !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
 +
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
 +
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
 +
    !per-connection-classifier !port !priority protocol=udp !psd !random \
 +
     !routing-mark !routing-table !src-address src-address-list=przekierowanie \
 +
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
 +
    !ttl
 +
add action=accept chain=forward comment=\
 +
     "Akceptujemy ruch o strony z komunikatem i do panelu usera" \
 +
    !connection-bytes !connection-limit !connection-mark !connection-rate \
 +
    !connection-state !connection-type !content disabled=no !dscp \
 +
    dst-address=IP_RADIUSA !dst-address-list !dst-address-type !dst-limit \
 +
     !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
 +
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
 +
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
 +
    !per-connection-classifier !port !priority !protocol !psd !random \
 +
    !routing-mark !routing-table !src-address src-address-list=przekierowanie \
 +
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
 +
    !ttl
 
add action=drop chain=forward comment=\
 
add action=drop chain=forward comment=\
     "Blokujemy ruch z komputer\F3w z komunikatami" src-address-list=\
+
     "Blokujemy ruch z komputer\F3w z komunikatami" !connection-bytes \
     przekierowanie
+
    !connection-limit !connection-mark !connection-rate !connection-state \
 +
    !connection-type !content disabled=no !dscp !dst-address \
 +
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
 +
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
 +
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
 +
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
 +
    !port !priority !protocol !psd !random !routing-mark !routing-table \
 +
    !src-address src-address-list=przekierowanie !src-address-type \
 +
     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
 +
 
 +
 
 
/ip firewall nat
 
/ip firewall nat
add action=redirect chain=dstnat comment=Przekierowanie dst-port=80 protocol=\
+
add action=redirect chain=dstnat comment=Przekierowanie !connection-bytes \
     tcp src-address-list=przekierowanie to-ports=8080
+
    !connection-limit !connection-mark !connection-rate !connection-type \
add action=masquerade chain=srcnat src-address=192.168.0.0/24
+
    !content disabled=no !dscp !dst-address !dst-address-list \
add action=masquerade chain=srcnat src-address=10.0.10.0/24
+
    !dst-address-type !dst-limit dst-port=80 !fragment !hotspot !icmp-options \
 +
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
 +
    !layer7-protocol !limit !nth !out-bridge-port !out-interface !packet-mark \
 +
     !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
 +
    !random !routing-mark !routing-table !src-address src-address-list=\
 +
    przekierowanie !src-address-type !src-mac-address !src-port !tcp-mss \
 +
    !time !to-addresses to-ports=8080 !ttl
 +
 
 +
 
 +
 
 
/ip proxy
 
/ip proxy
set enabled=yes max-cache-size=none src-address=78.31.88.252
+
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
 +
    cache-on-disk=no enabled=yes max-cache-object-size=2048KiB \
 +
    max-cache-size=none max-client-connections=600 max-fresh-time=3d \
 +
    max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=\
 +
    8080 serialize-connections=no src-address=IP_MIKROTIKA
 
/ip proxy access
 
/ip proxy access
add comment="Akceptujemy ruch do strony z komunikatem" dst-address=78.31.90.8
+
add action=allow comment="Akceptujemy ruch do strony z komunikatem" disabled=\
add comment="Ruch do mBank" dst-host=*.mbank.pl src-address=0.0.0.0/0
+
    no dst-address=IP_RADIUSA !dst-host dst-port="" !local-port !method !path \
add comment="Ruch do mBank" dst-host=*.mbank.com.pl src-address=0.0.0.0/0
+
    !redirect-to !src-address
add comment="Ruch do BZWBK" dst-host=*.centrum24.pl src-address=0.0.0.0/0
+
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
add comment="Ruch do BZWBK" dst-host=*.bzwbk.pl src-address=0.0.0.0/0
+
    *.mbank.pl dst-port="" !local-port !method !path !redirect-to \
add action=deny comment="Przekierowujemy ruch na adres url" dst-port=80 \
+
    src-address=0.0.0.0/0
    redirect-to=nowynet.ostrog.net/notification src-address=0.0.0.0/0
+
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
 +
    *.mbank.com.pl dst-port="" !local-port !method !path !redirect-to \
 +
    src-address=0.0.0.0/0
 +
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
 +
    *.centrum24.pl dst-port="" !local-port !method !path !redirect-to \
 +
    src-address=0.0.0.0/0
 +
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
 +
    *.bzwbk.pl dst-port="" !local-port !method !path !redirect-to \
 +
    src-address=0.0.0.0/0
 +
add action=deny comment="Przekierowujemy ruch na adres url" disabled=no \
 +
    !dst-address !dst-host dst-port=80 !local-port !method !path redirect-to=\
 +
    nowynet.ostrog.net/notification src-address=0.0.0.0/0
 
/ip proxy direct
 
/ip proxy direct
add action=deny src-address=0.0.0.0/0
+
add action=deny disabled=no !dst-address !dst-host dst-port="" !local-port \
/ip route
+
    !method !path src-address=0.0.0.0/0
add distance=1 gateway=78.31.88.254
+
 
/ip traffic-flow
+
set enabled=yes
+
/ip traffic-flow target
+
add address=78.31.90.8:12345 version=5
+
/ppp aaa
+
set interim-update=15m use-radius=yes
+
 
/radius
 
/radius
add address=78.31.90.8 secret=amen service=ppp
+
add accounting-backup=no accounting-port=1813 address=IP_RADIUSA \
/system clock
+
    authentication-port=1812 called-id="" disabled=no domain="" realm="" \
set time-zone-name=Europe/Warsaw
+
    secret=amen service=ppp timeout=300ms
/system logging
+
/radius incoming
add disabled=yes topics=radius
+
set accept=no port=3799
add disabled=yes topics=pppoe
+
 
add disabled=yes topics=ssh
+
add action=disk disabled=yes topics=debug
+
/system ntp client
+
set enabled=yes mode=unicast primary-ntp=78.31.90.8
+
/system routerboard settings
+
set cpu-frequency=533MHz
+
 
</pre>
 
</pre>
  
 
[[Kategoria:Urządzenia]]
 
[[Kategoria:Urządzenia]]

Wersja z 12:24, 18 cze 2013

Skrypt do konfiguracji urządzeń Mikrotik.

Konfiguracja Mikrotik

Skrypt

W odpowiednie miejsca należy wpisać odpowiednie dane (loginy, hasła, adresy IP) 

/interface pppoe-server server
add authentication=chap default-profile=default disabled=no interface=wlan14 \
    keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=\
    disabled one-session-per-host=yes service-name=testowy

/ppp profile
set 0 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
    local-address=IP_MIKROTIKA name=default only-one=default !outgoing-filter \
    !rate-limit !remote-address !session-timeout use-compression=default \
    use-encryption=default use-mpls=default use-vj-compression=default \
    !wins-server
set 1 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
    !local-address name=default-encryption only-one=default !outgoing-filter \
    !rate-limit !remote-address !session-timeout use-compression=default \
    use-encryption=yes use-mpls=default use-vj-compression=default \
    !wins-server

/ppp aaa
set accounting=yes interim-update=15m use-radius=yes


/ip firewall filter
add action=jump chain=forward !connection-bytes !connection-limit \
    !connection-mark !connection-rate !connection-state !connection-type \
    !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
    jump-target=ppp !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address !src-address-list !src-address-type !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !ttl
add action=add-src-to-address-list address-list=przekierowanie \
    address-list-timeout=10m chain=przypominajka !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=!78.31.90.8 \
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address !src-address-list !src-address-type !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !ttl
add action=accept chain=forward comment="Akceptujemy ruch dnsa" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 \
    !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=udp !psd !random \
    !routing-mark !routing-table !src-address src-address-list=przekierowanie \
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
    !ttl
add action=accept chain=forward comment=\
    "Akceptujemy ruch o strony z komunikatem i do panelu usera" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    dst-address=IP_RADIUSA !dst-address-list !dst-address-type !dst-limit \
    !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
    !per-connection-classifier !port !priority !protocol !psd !random \
    !routing-mark !routing-table !src-address src-address-list=przekierowanie \
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
    !ttl
add action=drop chain=forward comment=\
    "Blokujemy ruch z komputer\F3w z komunikatami" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address \
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address src-address-list=przekierowanie !src-address-type \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl


/ip firewall nat
add action=redirect chain=dstnat comment=Przekierowanie !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-type \
    !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-address-type !dst-limit dst-port=80 !fragment !hotspot !icmp-options \
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
    !layer7-protocol !limit !nth !out-bridge-port !out-interface !packet-mark \
    !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
    !random !routing-mark !routing-table !src-address src-address-list=\
    przekierowanie !src-address-type !src-mac-address !src-port !tcp-mss \
    !time !to-addresses to-ports=8080 !ttl



/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=yes max-cache-object-size=2048KiB \
    max-cache-size=none max-client-connections=600 max-fresh-time=3d \
    max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=\
    8080 serialize-connections=no src-address=IP_MIKROTIKA
/ip proxy access
add action=allow comment="Akceptujemy ruch do strony z komunikatem" disabled=\
    no dst-address=IP_RADIUSA !dst-host dst-port="" !local-port !method !path \
    !redirect-to !src-address
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
    *.mbank.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
    *.mbank.com.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
    *.centrum24.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
    *.bzwbk.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=deny comment="Przekierowujemy ruch na adres url" disabled=no \
    !dst-address !dst-host dst-port=80 !local-port !method !path redirect-to=\
    nowynet.ostrog.net/notification src-address=0.0.0.0/0
/ip proxy direct
add action=deny disabled=no !dst-address !dst-host dst-port="" !local-port \
    !method !path src-address=0.0.0.0/0

/radius
add accounting-backup=no accounting-port=1813 address=IP_RADIUSA \
    authentication-port=1812 called-id="" disabled=no domain="" realm="" \
    secret=amen service=ppp timeout=300ms
/radius incoming
set accept=no port=3799
Źródło „http://wiki2.net47.pl/index.php?title=Mikrotik&oldid=1459
Osobiste
Przestrzenie nazw
Warianty
Działania
Nawigacja
Konfiguracja Systemu
Szablony
API
PostgreSQL
Narzędzia
MENU