SHARE
TWEET

Untitled

a guest Sep 11th, 2019 171 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # sep/11/2019 08:59:18 by RouterOS 6.45.5
  2. # software id =
  3. #
  4. #
  5. #
  6.  
  7.  
  8. /interface bridge
  9. add name=LanBridge
  10.  
  11.  
  12. /interface ethernet
  13. set [ find default-name=ether1 ] comment="Port For ISP1"
  14. set [ find default-name=ether2 ] comment="Port For ISP2"
  15.  
  16.  
  17. /interface pppoe-client
  18. add add-default-route=yes comment=ISP2-PPPoE-Client default-route-distance=10 \
  19.     disabled=no interface=ether1 name=ISP1 password=123456Ss user=user2
  20. add comment="ISP1-PPPoE Client" disabled=no interface=ether2 name=ISP2 \
  21.     password=123456Aa user=user1
  22.  
  23.  
  24. /interface list
  25. add comment="For Internet" name=WAN
  26. add comment="For Local Area" name=LAN
  27.  
  28.  
  29. /interface wireless security-profiles
  30. set [ find default=yes ] supplicant-identity=MikroTik
  31.  
  32.  
  33. /ip pool
  34. add name=dhcp_pool0 ranges=192.168.12.10-192.168.12.199
  35.  
  36.  
  37. /ip dhcp-server
  38. add address-pool=dhcp_pool0 disabled=no interface=LanBridge name=dhcp1
  39.  
  40.  
  41. /interface bridge port
  42. add bridge=LanBridge interface=ether3
  43. add bridge=LanBridge interface=ether4
  44.  
  45.  
  46. /ip neighbor discovery-settings
  47. set discover-interface-list=WAN
  48.  
  49.  
  50. /interface list member
  51. add interface=ISP2 list=WAN
  52. add interface=ISP1 list=WAN
  53.  
  54.  
  55. /ip address
  56. add address=192.168.12.200/24 interface=LanBridge network=192.168.12.0
  57.  
  58.  
  59. /ip dhcp-server lease
  60. add address=192.168.12.199 mac-address=50:00:00:03:00:00 server=dhcp1
  61.  
  62.  
  63. /ip dhcp-server network
  64. add address=192.168.12.0/24 dns-server=192.168.12.200 gateway=192.168.12.200
  65.  
  66.  
  67. /ip dns
  68. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
  69.  
  70.  
  71. /ip firewall address-list
  72. add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
  73. add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
  74. add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=\
  75.     BOGONS
  76. add address=127.0.0.0/8 comment=Loopback list=BOGONS
  77. add address=169.254.0.0/16 comment="Link Local" list=BOGONS
  78. add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
  79. add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
  80. add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
  81. add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
  82. add address=198.18.0.0/15 comment=\
  83.     "Network Interconnect Device Benchmark Testing" list=BOGONS
  84. add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
  85. add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
  86. add address=224.0.0.0/4 comment=Multicast list=BOGONS
  87. add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
  88. add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
  89. add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
  90.  
  91.  
  92. /ip firewall filter
  93. add action=accept chain=input comment="Related Established Untracked Allow" \
  94.     connection-state=established,related,untracked
  95. add action=accept chain=input comment="ICMP from ALL" protocol=icmp
  96. add action=drop chain=input comment="All other WAN Drop" in-interface-list=\
  97.     WAN
  98. add action=accept chain=forward comment=\
  99.     "Established, Related, Untracked allow" connection-state=\
  100.     established,related,untracked
  101. add action=drop chain=forward comment="Invalid drop" connection-state=invalid
  102. add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
  103.     connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  104.  
  105.  
  106.  
  107.  
  108.  
  109. /ip firewall mangle
  110. # Метим соединения от каждого их провайдеров
  111.  
  112. #Метим соединения  от провайдера 1
  113. add action=mark-connection chain=prerouting connection-mark=no-mark \
  114.     connection-state=new in-interface=ISP1 new-connection-mark=\
  115.     isp1-Connection passthrough=no
  116.  
  117. #Метим соединения от провайдера 2
  118. add action=mark-connection chain=prerouting connection-mark=no-mark \
  119.     connection-state=new in-interface=ISP2 new-connection-mark=\
  120.     isp2-Connection passthrough=no
  121.  
  122.  
  123.  
  124. #Добавляем роут-метки, отправляя тем самым все с соотвествующую таблицу маршрутизации
  125.  
  126. #роут метка для провайдера 1
  127. add action=mark-routing chain=prerouting connection-mark=isp1-Connection \
  128.     dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=main \
  129.     passthrough=no
  130.  
  131.  
  132. #роут метка для провайдера 2
  133. add action=mark-routing chain=prerouting connection-mark=isp2-Connection \
  134.     dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=ISP-2 \
  135.     passthrough=no
  136.  
  137.  
  138. #роут метка для провайдера 1 для трафика самого микрота
  139. add action=mark-routing chain=output connection-mark=isp1-Connection \
  140.     new-routing-mark=main passthrough=yes
  141. #роут метка для провайдера 2 для трафика самого микрота
  142. add action=mark-routing chain=output connection-mark=isp2-Connection \
  143.     new-routing-mark=ISP-2 passthrough=yes
  144.  
  145.  
  146. /ip firewall nat
  147. add action=masquerade chain=srcnat out-interface=ISP1
  148. add action=masquerade chain=srcnat out-interface=ISP2
  149.  
  150. #дст нат, корректно работающий через любого из провайдеров
  151. add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
  152.     tcp to-addresses=192.168.12.199
  153.  
  154.  
  155. /ip route
  156. add comment="Atlant Route Table With Mark" distance=20 gateway=ISP2 \
  157.     routing-mark=ISP-2
  158. add distance=20 gateway=ISP2
  159.  
  160.  
  161. /system identity
  162. set name=Office
  163. /tool mac-server
  164. set allowed-interface-list=LAN
  165. /tool mac-server mac-winbox
  166. set allowed-interface-list=LAN
  167. /tool romon
  168. set enabled=yes
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top