Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # feb/07/2016 09:51:08 by RouterOS 6.34.1
- # software id = AAAA-AA11
- #
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-isp1
- set [ find default-name=ether2 ] name=ether2-isp2
- set [ find default-name=ether3 ] name=ether3-LAN
- set [ find default-name=ether4 ] master-port=ether3-LAN name=ether4-LAN
- set [ find default-name=ether5 ] master-port=ether3-LAN name=ether5-LAN
- /ip neighbor discovery
- set ether1-isp1 discover=no
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=aes-128-cbc
- /ip pool
- add name=dhcp ranges=192.168.7.10-192.168.7.254
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=ether3-LAN lease-time=15m name=\
- default
- /ppp profile
- add change-tcp-mss=no name=PPPoE use-compression=no use-encryption=no \
- use-mpls=no use-upnp=no
- /interface pppoe-client
- add add-default-route=yes default-route-distance=8 disabled=no interface=\
- ether1-isp1 max-mru=1500 max-mtu=1500 mrru=1600 name=isp1-PPPoE \
- password=N/A profile=PPPoE service-name=isp1 user=Username
- /system logging action
- set 1 disk-file-name=log
- /ip settings
- set send-redirects=no
- /ip address
- add address=192.168.7.1/24 comment="LAN IP" interface=ether3-LAN network=\
- 192.168.7.0
- /ip dhcp-client
- add comment="isp2 DHCP" default-route-distance=7 dhcp-options=\
- hostname,clientid disabled=no interface=ether2-isp2 use-peer-dns=\
- no
- /ip dhcp-server network
- add address=192.168.7.0/24 comment="default configuration" dns-server=\
- 192.168.7.1 gateway=192.168.7.1 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=4.2.2.2,208.67.222.222
- /ip dns static
- add address=192.168.7.1 name=router
- /ip firewall address-list
- add address=192.168.7.250 list="isp1 IPs"
- /ip firewall filter
- add chain=input comment="Allow LAN" in-interface=ether3-LAN
- add chain=input comment="Allow router management" dst-port=\
- 8291,65109,8728,8729 protocol=tcp
- add chain=input comment="Allow ICMP" protocol=icmp
- add chain=input comment="Stateful Firewall" connection-state=\
- established,related
- add action=drop chain=input comment="Default Drop isp1" in-interface=\
- isp1-PPPoE
- add action=drop chain=input comment="Default Drop isp2" in-interface=\
- ether2-isp2
- /ip firewall mangle
- add action=mark-connection chain=prerouting comment=\
- "Mark route for new connection on isp1 link" connection-state=new \
- in-interface=isp1-PPPoE new-connection-mark=isp1
- add action=mark-routing chain=output comment=\
- "Mark route for local isp1 source out isp1 link" \
- connection-mark=isp1 new-routing-mark=isp1
- add action=mark-routing chain=prerouting comment="Mark isp1 NATted IP's" \
- new-routing-mark=isp1 passthrough=no src-address-list=\
- "isp1 IPs"
- /ip firewall nat
- add action=masquerade chain=srcnat comment="SNAT for isp1" \
- out-interface=isp1-PPPoE src-address=192.168.7.0/24
- add action=masquerade chain=srcnat comment="SNAT for isp2" \
- out-interface=ether2-isp2 src-address=192.168.7.0/24
- /ip route
- add check-gateway=ping comment=\
- "isp1 Table - isp1 Gateway (default)" distance=4 gateway=\
- 8.8.4.4 routing-mark=isp1
- add check-gateway=ping comment=\
- "isp1 Table - isp2 Gateway (backup)" distance=6 gateway=\
- 8.8.8.8 routing-mark=isp1
- add comment="Table for isp1 Static Gateway" distance=1 gateway=\
- 104.237.99.35 routing-mark=isp1-gw
- add comment="Table for isp2 Static Gateway" distance=1 gateway=\
- 71.1.96.1 routing-mark=isp2-gw
- add check-gateway=ping comment="Main Table - isp2 Gateway (default)" \
- distance=4 gateway=8.8.8.8
- add check-gateway=ping comment="Main Table - isp1 Gateway (backup)" \
- distance=6 gateway=8.8.4.4
- add comment="isp1 Gateway Check" distance=1 dst-address=8.8.4.4/32 \
- gateway=104.237.99.35 scope=10
- add comment="isp2 Gateway Check" distance=1 dst-address=8.8.8.8/32 \
- gateway=71.1.96.1 scope=10
- /ip route rule
- add dst-address=8.8.8.8/32 table=isp2-gw
- add dst-address=8.8.4.4/32 table=isp1-gw
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www address=192.168.7.0/24 port=8080
- set ssh port=65109
- /system clock
- set time-zone-name=America/Chicago
- /system ntp client
- set enabled=yes primary-ntp=107.170.242.27 secondary-ntp=129.250.35.250
- /system routerboard settings
- set cpu-frequency=720MHz protected-routerboot=disabled
- /system scheduler
- add interval=10s name=GWCheck-isp2 on-event=\
- "/system script run GWCheck-isp2" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=00:00:03
- add interval=10s name=GWCheck-isp1 on-event=\
- "/system script run GWCheck-isp1" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=00:00:03
- /system script
- add name=GWCheck-isp2 owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
- t to modify recursive route checks for failover with DHCP clients\r\
- \n\r\
- \n# Define Variables\r\
- \n:global \"DHCP_ISP_Name\" \"isp2\"\r\
- \n:global \"DHCP_ISP_IF_Name\" \"ether2-isp2\"\r\
- \n:global \"DHCP_ISP_Route_Check_Comment\" \"isp2 Gateway Check\"\r\
- \n:global \"DHCP_ISP_Route_Check_Comment2\" \"Table for isp2 Static\
- \_Gateway\"\r\
- \n\r\
- \n# Grab gateway IP of DHCP interface\r\
- \n:global \"DHCP_GW_IF\" [ /ip dhcp-client get [/ip dhcp-client find inter\
- face=\$\"DHCP_ISP_IF_Name\" status=\"bound\" ] gateway ]\r\
- \n\r\
- \n# Grab existing route check gateway\r\
- \n:global \"DHCP_Route_GW\" [ /ip route get [/ip route find comment=\$\"DH\
- CP_ISP_Route_Check_Comment\"] gateway ]\r\
- \n\r\
- \n# Update gateway check route if different\r\
- \n:if ( \$\"DHCP_GW_IF\" != \$\"DHCP_Route_GW\" ) do={\r\
- \n\t:log warning (\"Setting default gateway for interface:\" . \$\"DHCP_IS\
- P_IF_Name\" .\" to gateway:\" . \$\"DHCP_GW_IF\")\r\
- \n\t:local a [ /ip route find comment=\$\"DHCP_ISP_Route_Check_Comment\" ]\
- \r\
- \n\t:local b [ /ip route find comment=\$\"DHCP_ISP_Route_Check_Comment2\" \
- ]\r\
- \n\t/ip route set \$a gateway=\$\"DHCP_GW_IF\"\r\
- \n\t/ip route set \$b gateway=\$\"DHCP_GW_IF\"\r\
- \n}"
- add name=GWCheck-isp1 owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
- t to modify recursive route checks for failover with PPPoE clients\r\
- \n\r\
- \n# Define Variables\r\
- \n:global \"PPPoE_ISP_Name\" \"isp1 PPPOE\"\r\
- \n:global \"PPPoE_ISP_IF_Name\" \"isp1-PPPoE\"\r\
- \n:global \"PPPoE_ISP_Route_Check_Comment\" \"isp1 Gateway Check\"\r\
- \n:global \"PPPoE_ISP_Route_Check_Comment2\" \"Table for isp1 Static \
- Gateway\"\r\
- \n\r\
- \n# Grab gateway IP of PPPoE interface\r\
- \n:global \"PPPoE_GW_IF\" \r\
- \n/interface pppoe-client monitor [/interface pppoe-client find name=\$\"P\
- PPoE_ISP_IF_Name\" running=yes] once do={ :global \"PPPoE_GW_IF\" \$\"remo\
- te-address\" }\r\
- \n\r\
- \n# Grab existing route check gateway\r\
- \n:global \"PPPoE_Route_GW\" [ /ip route get [/ip route find comment=\$\"P\
- PPoE_ISP_Route_Check_Comment\"] gateway ]\r\
- \n\r\
- \n# Update gateway check route if different\r\
- \n:if ( \$\"PPPoE_GW_IF\" != \$\"PPPoE_Route_GW\" ) do={\r\
- \n\t:log warning (\"Setting default gateway for interface:\" . \$\"PPPoE_I\
- SP_IF_Name\" .\" to gateway:\" . \$\"PPPoE_GW_IF\")\r\
- \n\t:local a [ /ip route find comment=\$\"PPPoE_ISP_Route_Check_Comment\" \
- ]\r\
- \n\t:local b [ /ip route find comment=\$\"PPPoE_ISP_Route_Check_Comment2\"\
- \_]\r\
- \n\t/ip route set \$a gateway=\$\"PPPoE_GW_IF\"\r\
- \n\t/ip route set \$b gateway=\$\"PPPoE_GW_IF\"\r\
- \n}"
- /tool graphing interface
- add
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=ether2-isp2
- add interface=ether3-LAN
- add interface=ether4-LAN
- add interface=ether5-LAN
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=ether2-isp2
- add interface=ether3-LAN
- add interface=ether4-LAN
- add interface=ether5-LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement