Mikrotik

(Różnice między wersjami)
Skocz do: nawigacji, wyszukiwania
Linia 138: Linia 138:
  
 
</pre>
 
</pre>
 +
 +
===Automatyczne zapisywanie backupów===
 +
W celu uruchomienia automatycznego generowanai backupów z urządzeń Mikrotik należy odpowiednio ustawić zmienne systemowe:
 +
[[MIKROTIK_Backup_Sciezka]]
 +
MIKROTIK_Backup_Typ
 +
MIKROTIK_Backup_Zapis
  
 
[[Kategoria:Urządzenia]]
 
[[Kategoria:Urządzenia]]

Wersja z 14:34, 30 paź 2014

Skrypt do konfiguracji urządzeń Mikrotik.

Spis treści

Konfiguracja Mikrotik

INFORMACJA

Moduł MIKROTIK działa poprawnie od wersji RouterOS 5.26, poniżej tej wersji mogą występować problemy z odczytem informacji.

Skrypt

W miejsce IP_MIKROTIKA oraz IP_RADIUSA należy podać swoje dane.

/interface pppoe-server server
add authentication=chap default-profile=default disabled=no interface=wlan14 \
    keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=\
    disabled one-session-per-host=yes service-name=testowy

/ppp profile
set 0 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
    local-address=IP_MIKROTIKA name=default only-one=default !outgoing-filter \
    !rate-limit !remote-address !session-timeout use-compression=default \
    use-encryption=default use-mpls=default use-vj-compression=default \
    !wins-server
set 1 address-list="" !bridge !bridge-path-cost !bridge-port-priority \
    change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter \
    !local-address name=default-encryption only-one=default !outgoing-filter \
    !rate-limit !remote-address !session-timeout use-compression=default \
    use-encryption=yes use-mpls=default use-vj-compression=default \
    !wins-server

/ppp aaa
set accounting=yes interim-update=15m use-radius=yes


/ip firewall filter
add action=jump chain=forward !connection-bytes !connection-limit \
    !connection-mark !connection-rate !connection-state !connection-type \
    !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
    jump-target=ppp !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address !src-address-list !src-address-type !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !ttl
add action=add-src-to-address-list address-list=przekierowanie \
    address-list-timeout=10m chain=przypominajka !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=!IP_RADIUSA \
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address !src-address-list !src-address-type !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !ttl
add action=accept chain=forward comment="Akceptujemy ruch dnsa" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 \
    !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=udp !psd !random \
    !routing-mark !routing-table !src-address src-address-list=przekierowanie \
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
    !ttl
add action=accept chain=forward comment=\
    "Akceptujemy ruch o strony z komunikatem i do panelu usera" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    dst-address=IP_RADIUSA !dst-address-list !dst-address-type !dst-limit \
    !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
    !ingress-priority !ipv4-options !layer7-protocol !limit !nth \
    !out-bridge-port !out-interface !p2p !packet-mark !packet-size \
    !per-connection-classifier !port !priority !protocol !psd !random \
    !routing-mark !routing-table !src-address src-address-list=przekierowanie \
    !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
    !ttl
add action=drop chain=forward comment=\
    "Blokujemy ruch z komputer\F3w z komunikatami" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address \
    !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
    !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
    !ipv4-options !layer7-protocol !limit !nth !out-bridge-port \
    !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !psd !random !routing-mark !routing-table \
    !src-address src-address-list=przekierowanie !src-address-type \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl


/ip firewall nat
add action=redirect chain=dstnat comment=Przekierowanie !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-type \
    !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-address-type !dst-limit dst-port=80 !fragment !hotspot !icmp-options \
    !in-bridge-port !in-interface !ingress-priority !ipv4-options \
    !layer7-protocol !limit !nth !out-bridge-port !out-interface !packet-mark \
    !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
    !random !routing-mark !routing-table !src-address src-address-list=\
    przekierowanie !src-address-type !src-mac-address !src-port !tcp-mss \
    !time !to-addresses to-ports=8080 !ttl



/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=yes max-cache-object-size=2048KiB \
    max-cache-size=none max-client-connections=600 max-fresh-time=3d \
    max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=\
    8080 serialize-connections=no src-address=IP_MIKROTIKA
/ip proxy access
add action=allow comment="Akceptujemy ruch do strony z komunikatem" disabled=\
    no dst-address=IP_RADIUSA !dst-host dst-port="" !local-port !method !path \
    !redirect-to !src-address
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
    *.mbank.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do mBank" disabled=no !dst-address dst-host=\
    *.mbank.com.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
    *.centrum24.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=allow comment="Ruch do BZWBK" disabled=no !dst-address dst-host=\
    *.bzwbk.pl dst-port="" !local-port !method !path !redirect-to \
    src-address=0.0.0.0/0
add action=deny comment="Przekierowujemy ruch na adres url" disabled=no \
    !dst-address !dst-host dst-port=80 !local-port !method !path redirect-to=\
    nowynet.ostrog.net/notification src-address=0.0.0.0/0
/ip proxy direct
add action=deny disabled=no !dst-address !dst-host dst-port="" !local-port \
    !method !path src-address=0.0.0.0/0

/radius
add accounting-backup=no accounting-port=1813 address=IP_RADIUSA \
    authentication-port=1812 called-id="" disabled=no domain="" realm="" \
    secret=amen service=ppp timeout=300ms
/radius incoming
set accept=no port=3799

Automatyczne zapisywanie backupów

W celu uruchomienia automatycznego generowanai backupów z urządzeń Mikrotik należy odpowiednio ustawić zmienne systemowe: MIKROTIK_Backup_Sciezka MIKROTIK_Backup_Typ MIKROTIK_Backup_Zapis

Osobiste
Przestrzenie nazw
Warianty
Działania
Nawigacja
Konfiguracja Systemu
Szablony
API
PostgreSQL
Narzędzia
MENU