Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # sep/11/2019 08:59:18 by RouterOS 6.45.5
- # software id =
- #
- #
- #
- /interface bridge
- add name=LanBridge
- /interface ethernet
- set [ find default-name=ether1 ] comment="Port For ISP1"
- set [ find default-name=ether2 ] comment="Port For ISP2"
- /interface pppoe-client
- add add-default-route=yes comment=ISP2-PPPoE-Client default-route-distance=10 \
- disabled=no interface=ether1 name=ISP1 password=123456Ss user=user2
- add comment="ISP1-PPPoE Client" disabled=no interface=ether2 name=ISP2 \
- password=123456Aa user=user1
- /interface list
- add comment="For Internet" name=WAN
- add comment="For Local Area" name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=dhcp_pool0 ranges=192.168.12.10-192.168.12.199
- /ip dhcp-server
- add address-pool=dhcp_pool0 disabled=no interface=LanBridge name=dhcp1
- /interface bridge port
- add bridge=LanBridge interface=ether3
- add bridge=LanBridge interface=ether4
- /ip neighbor discovery-settings
- set discover-interface-list=WAN
- /interface list member
- add interface=ISP2 list=WAN
- add interface=ISP1 list=WAN
- /ip address
- add address=192.168.12.200/24 interface=LanBridge network=192.168.12.0
- /ip dhcp-server lease
- add address=192.168.12.199 mac-address=50:00:00:03:00:00 server=dhcp1
- /ip dhcp-server network
- add address=192.168.12.0/24 dns-server=192.168.12.200 gateway=192.168.12.200
- /ip dns
- set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
- /ip firewall address-list
- add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
- add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
- add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=\
- BOGONS
- add address=127.0.0.0/8 comment=Loopback list=BOGONS
- add address=169.254.0.0/16 comment="Link Local" list=BOGONS
- add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
- add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
- add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
- add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
- add address=198.18.0.0/15 comment=\
- "Network Interconnect Device Benchmark Testing" list=BOGONS
- add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
- add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
- add address=224.0.0.0/4 comment=Multicast list=BOGONS
- add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
- add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
- add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
- /ip firewall filter
- add action=accept chain=input comment="Related Established Untracked Allow" \
- connection-state=established,related,untracked
- add action=accept chain=input comment="ICMP from ALL" protocol=icmp
- add action=drop chain=input comment="All other WAN Drop" in-interface-list=\
- WAN
- add action=accept chain=forward comment=\
- "Established, Related, Untracked allow" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="Invalid drop" connection-state=invalid
- add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
- connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
- /ip firewall mangle
- # Метим соединения от каждого их провайдеров
- #Метим соединения от провайдера 1
- add action=mark-connection chain=prerouting connection-mark=no-mark \
- connection-state=new in-interface=ISP1 new-connection-mark=\
- isp1-Connection passthrough=no
- #Метим соединения от провайдера 2
- add action=mark-connection chain=prerouting connection-mark=no-mark \
- connection-state=new in-interface=ISP2 new-connection-mark=\
- isp2-Connection passthrough=no
- #Добавляем роут-метки, отправляя тем самым все с соотвествующую таблицу маршрутизации
- #роут метка для провайдера 1
- add action=mark-routing chain=prerouting connection-mark=isp1-Connection \
- dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=main \
- passthrough=no
- #роут метка для провайдера 2
- add action=mark-routing chain=prerouting connection-mark=isp2-Connection \
- dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=ISP-2 \
- passthrough=no
- #роут метка для провайдера 1 для трафика самого микрота
- add action=mark-routing chain=output connection-mark=isp1-Connection \
- new-routing-mark=main passthrough=yes
- #роут метка для провайдера 2 для трафика самого микрота
- add action=mark-routing chain=output connection-mark=isp2-Connection \
- new-routing-mark=ISP-2 passthrough=yes
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface=ISP1
- add action=masquerade chain=srcnat out-interface=ISP2
- #дст нат, корректно работающий через любого из провайдеров
- add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
- tcp to-addresses=192.168.12.199
- /ip route
- add comment="Atlant Route Table With Mark" distance=20 gateway=ISP2 \
- routing-mark=ISP-2
- add distance=20 gateway=ISP2
- /system identity
- set name=Office
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
- /tool romon
- set enabled=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement