API tools faq
paste
budiana

mikrotik 1

budiana
May 30th, 2012
922
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 12.57 KB | None | 0 0
raw download clone embed print report
  1. 192.168.1.1/24 (ether1-local) (Mikrotik)
  2. 192.168.4.254/24 (ether3-Proxy) (Ubuntu)
  3. 192.168.2.1/24 (ether5-Out) (Modem)
  4. xx.xx.xx.xx/xx (pppoe client) (Speedy) (Add Default Route)
  5.  
  6.  
  7.  
  8.  
  9. add chain=srcnat action=masquerade out-interface=ether5-Out comment="Masquerade"
  10. add chain=srcnat action=masquerade out-interface=Speedy
  11.  
  12. add chain=dstnat action=redirect to-ports=53 protocol=tcp in-interface=ether1-local dst-port=53 \
  13. comment="Transparent DNS"
  14. add chain=dstnat action=redirect to-ports=53 protocol=udp in-interface=ether1-local dst-port=53
  15. add chain=dstnat action=redirect to-ports=53 protocol=tcp in-interface=ether3-Proxy dst-port=53
  16. add chain=dstnat action=redirect to-ports=53 protocol=udp in-interface=ether3-Proxy dst-port=53
  17. add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=3128 protocol=tcp \
  18. src-address-list="Squid Allowed" dst-address-list=!ProxyBypass in-interface=ether1-local dst-port=80 \
  19. comment="Transparent Proxy"
  20.  
  21. add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=22 protocol=tcp in-interface=Speedy \
  22. dst-port=2222 comment="Redirect"
  23. add chain=dstnat action=dst-nat to-addresses=192.168.4.254 to-ports=80 protocol=tcp in-interface=Speedy \
  24. dst-port=81
  25. add chain=dstnat action=dst-nat to-addresses=192.168.2.1 to-ports=80 protocol=tcp in-interface=Speedy \
  26. dst-port=8081
  27.  
  28. IP Address List
  29.  
  30. Squid Allowed = 192.168.1.0/24
  31. ProxyBypass = 68.71.46.227 (Rohan XOR)
  32.  
  33. Layer 7
  34.  
  35. # NAME REGEXP
  36. 0 Video http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
  37. 1 Cache HIT http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(x-cache: hit)
  38.  
  39. MANGLE
  40.  
  41.  
  42. add chain=postrouting action=mark-connection new-connection-mark=con-HIT passthrough=yes \
  43. protocol=tcp out-interface=ether1-local src-port=3128 dscp=12 comment="Proxy Loss"
  44. add chain=postrouting action=mark-connection new-connection-mark=con-HIT passthrough=yes \
  45. protocol=tcp layer7-protocol=Cache HIT out-interface=ether1-local src-port=3128
  46. add chain=prerouting action=mark-packet new-packet-mark=HIT passthrough=no connection-mark=con-HIT
  47.  
  48. add chain=prerouting action=mark-connection new-connection-mark=con-bypass passthrough=yes \
  49. protocol=tcp dst-port=445,22,139,4899,554,8291 comment="Bypass"
  50. add chain=prerouting action=mark-connection new-connection-mark=con-bypass passthrough=yes \
  51. protocol=udp dst-port=53,123
  52. add chain=prerouting action=mark-packet new-packet-mark=bypass passthrough=no connection-mark=con-bypass
  53.  
  54. add chain=prerouting action=jump jump-target=Warnet in-interface=ether1-local \
  55. connection-mark=!con-facebook comment="Warnet"
  56. add chain=Warnet action=mark-connection new-connection-mark=con-user passthrough=yes \
  57. protocol=!icmp in-interface=ether1-local connection-mark=!con-streaming
  58.  
  59. add chain=postrouting action=mark-connection new-connection-mark=con-streaming passthrough=yes \
  60. layer7-protocol=Video out-interface=ether1-local comment="Streaming"
  61.  
  62. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  63. protocol=tcp in-interface=ether1-local dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Game"
  64. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  65. protocol=tcp in-interface=ether1-local dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451
  66. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  67. protocol=tcp in-interface=ether1-local dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822
  68. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  69. protocol=tcp in-interface=ether1-local dst-port=47611,16666,20000,5105,29000,18901-18909,9015
  70. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  71. protocol=udp in-interface=ether1-local src-port=27005,27015
  72. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  73. protocol=udp in-interface=ether1-local dst-port=27005-27020,13055,7800-7900,12060-12070
  74. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  75. protocol=udp in-interface=ether1-local dst-port=8005-8010,9068,1293,1479,9401,9600,30000
  76. add chain=prerouting action=mark-connection new-connection-mark=con-game passthrough=yes \
  77. protocol=udp in-interface=ether1-local dst-port=14009-14030,42051-42052,40000-40050,13000-13080
  78.  
  79. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  80. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=static.ak.connect.facebook.com comment="Facebook"
  81. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  82. protocol=tcp in-interface=ether1-local dst-port=80,443 connection-mark=!con-fb.game content=.twitter.com
  83. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  84. protocol=tcp dst-address-list=bypass in-interface=ether1-local dst-port=80,443 connection-mark=!con-fb.game content=.facebook.com
  85. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  86. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=pixel.facebook.com
  87. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  88. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=static.ak.facebook.com
  89. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  90. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=.static.ak.fbcdn.net
  91. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  92. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=creative.ak.fbcdn.net
  93. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  94. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=connect.facebook.net
  95. add chain=prerouting action=mark-connection new-connection-mark=con-facebook passthrough=yes \
  96. protocol=tcp in-interface=ether1-local connection-mark=!con-fb.game content=.channel.facebook.com
  97.  
  98. addchain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  99. protocol=tcp in-interface=ether1-local dst-port=9339,843,8890,4000,5050,7020-7030 comment="FacebookGames"
  100. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  101. protocol=tcp in-interface=ether1-local content=apps.facebook.com
  102. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  103. protocol=tcp in-interface=ether1-local content=.ninjasaga.com
  104. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  105. protocol=tcp in-interface=ether1-local content=.castle.zgncdn.com
  106. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  107. protocol=tcp in-interface=ether1-local content=.static.zynga.com
  108. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  109. protocol=tcp in-interface=ether1-local content=.static.zgncdn.com
  110. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  111. protocol=tcp in-interface=ether1-local content=.empire.zynga.com
  112. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  113. protocol=tcp in-interface=ether1-local content=.poker.zynga.com
  114. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  115. protocol=tcp in-interface=ether1-local content=.castle.zynga.com
  116. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  117. protocol=tcp in-interface=ether1-local content=.farmville.com
  118. add chain=prerouting action=mark-connection new-connection-mark=con-fb.game passthrough=yes \
  119. protocol=tcp in-interface=ether1-local content=.farmville.zgncdn.com
  120.  
  121. add chain=prerouting action=mark-packet new-packet-mark=user passthrough=no packet-mark=!HIT \
  122. connection-mark=con-user comment="Mark Packet"
  123. add chain=prerouting action=mark-packet new-packet-mark=streaming passthrough=no packet-mark=!HIT \
  124. connection-mark=con-streaming
  125. add chain=prerouting action=mark-packet new-packet-mark=game passthrough=no packet-mark=!HIT \
  126. connection-mark=con-game
  127. add chain=prerouting action=mark-packet new-packet-mark=facebook passthrough=no packet-mark=!HIT \
  128. connection-mark=con-facebook
  129. add chain=prerouting action=mark-packet new-packet-mark=fb-game passthrough=no packet-mark=!HIT \
  130. connection-mark=con-fb.game
  131.  
  132. add chain=forward action=mark-connection new-connection-mark=con-proxy passthrough=yes \
  133. in-interface=ether3-Proxy out-interface=Speedy comment="Proxy Inet Connection"
  134. add chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no connection-mark=con-proxy
  135.  
  136.  
  137. Queue
  138.  
  139. - Queue Type
  140.  
  141. Code:
  142.  
  143.    name="up-htb" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0
  144.    pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128
  145.    pcq-dst-address6-mask=128
  146.  
  147.    name="down-htb" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0
  148.    pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128
  149.    pcq-dst-address6-mask=128
  150.  
  151.    name="up-64k" kind=pcq pcq-rate=64k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0
  152.    pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128
  153.    pcq-dst-address6-mask=128
  154.  
  155.    name="down-300k" kind=pcq pcq-rate=300k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0
  156.    pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128
  157.    pcq-dst-address6-mask=128
  158.  
  159.  
  160.  
  161. name="Download" parent=global-out limit-at=0 priority=8 max-limit=2048k burst-limit=0 burst-threshold=0 burst-time=0s
  162.  
  163. name="DownUser" parent=Download limit-at=750k priority=2 max-limit=1500k burst-limit=1600k burst-threshold=750k burst-time=10s
  164. name="Facebook" parent=DownUser packet-mark=facebook limit-at=250k queue=down-htb priority=3 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s name="FacebookGames" parent=DownUser packet-mark=fb-game limit-at=250k queue=down-htb priority=4 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s name="User" parent=DownUser packet-mark=user limit-at=750k queue=down-300k priority=5 max-limit=1200k burst-limit=0 burst-threshold=0 burst-time=0s name="Streaming" parent=DownUser packet-mark=streaming limit-at=250k queue=down-htb priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
  165. name="DownGames" parent=Download packet-mark=game limit-at=512k queue=down-htb priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
  166.  
  167. name="Upload" parent=Speedy limit-at=0 priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
  168.  
  169. name="UpUser" parent=Upload limit-at=150k priority=2 max-limit=350k burst-limit=0 burst-threshold=0 burst-time=0s
  170. name="UpFacebook" parent=UpUser packet-mark=facebook limit-at=75k queue=up-htb priority=3 max-limit=100k burst-limit=0 burst-threshold=0 burst-time=0s name="UpFacebookGames" parent=UpUser packet-mark=fb-game limit-at=75k queue=up-htb priority=4 max-limit=126k burst-limit=0 burst-threshold=0 burst-time=0s name="UserUp" parent=UpUser packet-mark=user limit-at=150k queue=up-64k priority=5 max-limit=200k burst-limit=0 burst-threshold=0 burst-time=0s
  171. name="UpGames" parent=Upload packet-mark=game limit-at=150k queue=up-htb priority=1 max-limit=350k burst-limit=0 burst-threshold=0 burst-time=0s
  172.  
  173. name="ProxyHit" parent=global-out packet-mark=HIT limit-at=100M queue=default priority=8 max-limit=100M burst-limit=0 burst-threshold=0 burst-time=0s
  174.  
  175. name="ProxyDown" parent=ether3-Proxy packet-mark=proxy limit-at=750k queue=default priority=8 max-limit=1500k burst-limit=1600k burst-threshold=750k burst-time=10s
  176.  
  177. name="ProxyUp" parent=Upload packet-mark=proxy limit-at=150k queue=up-htb priority=1 max-limit=250k burst-limit=0 burst-threshold=0 burst-time=0s
  178.  
  179. name="Bypass" parent=global-out packet-mark=bypass limit-at=100M queue=default priority=8 max-limit=100M burst-limit=0 burst-threshold=0 burst-time=0s
  180.  
  181.  
  182. System Script
  183.  
  184. - SquidDown
  185. /ip fi na dis num=6
  186.  
  187. - SquidUp
  188. /ip fi na ena num=6
  189.  
  190. Tool Netwatch
  191.  
  192. Host : 192.168.4.254
  193. Interval : 00:00:10
  194. Timeout : 25
  195. Up : SquidUp
  196. Down : SquidDown
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!