Entrar
Últimos assuntos
» Como pingar pelos dois links por bruno9988 Ter 20 Fev - 19:12
» BFW em paralelo com Mikrotik
por antoniogiga Qui 18 Jan - 1:40
» NAT MIKROTIK
por squall1808 Seg 8 Jan - 18:07
» Aumenta Lucro do provedor com Servidor de FILME - Dica como montar um " Netflix"
por bruno9988 Ter 19 Dez - 17:59
» hotspot conexao lenta
por brooklin_sul Seg 18 Dez - 1:04
» Acessar Radio e roteadores pelo Mikrotik
por antoniogiga Ter 15 Nov - 16:49
» [Resolvido]Balanceamento usando o Net Virtua ( Netcombo)
por antoniogiga Ter 15 Nov - 8:02
» whatsapp lento
por antoniogiga Ter 15 Nov - 8:00
» to de volta qual quer duvida soh chamar
por antoniogiga Ter 15 Nov - 7:58
» Firmware ApRouter em Radio - Chipset rtl8186!
por antoniogiga Dom 17 Jul - 18:02
» QoS por mac-address (ou IP amarrado) quando tenho 01 mikrotik + 05 routers
por rdnetwork Sex 4 Fev - 7:58
» Microtik - OpenVPN não conecta com 2 links 2 internet balanceados
por vagneroliveira Qui 3 Fev - 6:44
» Software gerenciamento ZTE C320
por lancecom Qui 18 Mar - 11:27
» Software Gerenciamento ZTE C320
por lancecom Seg 15 Mar - 17:21
» Gerenciador ZTE C320
por lancecom Seg 15 Mar - 17:20
Tópicos semelhantes
Top dos mais postadores
claudinhohw Network | ||||
morais2707 | ||||
cristiano.micros | ||||
cdanielboy | ||||
Sixagencia Networks | ||||
ZBTECK | ||||
dsdigital | ||||
BBD NET | ||||
Gerônimo | ||||
Marcelo |
Estatísticas
Temos 31889 usuários registradosO último membro registrado é ercb200
Os nossos membros postaram um total de 38284 mensagens em 5802 assuntos
Regras mikrotik 3.xxmikrotik
4 participantes
Página 1 de 1
Regras mikrotik 3.xxmikrotik
ai galera um super pacotão de regras mikrotik 3.xx so copiar e colar bom para quem estar iniciando nesse ramo.
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=8.8.8.8 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="cliente local" ranges=10.0.2.1-10.0.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.2.1 scope=255 target-scope=10 \
comment="" disabled=no
se gostou agradeça se tiver regras ai e so compartilhar com a turma do forum.
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add src-address=10.0.0.0/24 action=allow comment="" disabled=no
add src-address=10.0.1.0/24 action=allow comment="" disabled=no
/ ip hotspot
add name="hotspot" interface=Clientes profile=hsprof idle-timeout=1d keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
add name="hsprof" hotspot-address=10.0.1.1 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:3128 \
smtp-server=0.0.0.0 login-by=mac,cookie,http-chap http-cookie-lifetime=1d split-user-domain=no use-radius=no
# ip address --------------------------
/ip address add address=192.168.0.1/24 interface=ether1
/ip address add address=10.10.10.2/24 interface=ether2
/ip address add address=11.11.11.2/24 interface=ether4
# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether3 password=123123 profile=default service-name="" use-peer-dns=no user=123456
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether5 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether5 password=789798 profile=default service-name="" use-peer-dns=no user=789879
# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes
# ip dns statico------------------------
/ip dns static add address=192.168.0.1 comment="" disabled=no name=192.168.0.1.cyberscan ttl=1d
# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether2 src-address=192.168.0.0/24
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether4 src-address=192.168.0.0/24
# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether3
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether4
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether5
# ip firewall mangle------------------------
# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=ether1 new-connection-mark=Sites0 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=ether1 new-routing-mark=Rota0 passthrough=no
/ ip route add gateway=10.10.10.1 routing-mark=Rota0
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=ether1 new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=ether1 new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_ether3 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=ether1 new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=ether1 new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=11.11.11.1 routing-mark=Rota2
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
/ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------
/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether2 new-connection-mark=ether2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether4 new-connection-mark=ether4_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=no new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.10.10.0/24 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=11.11.11.0/24 in-interface=ether1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether2_conn passthrough=yes per-connection-classifier=both-addresses:6/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/3
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/4
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses:6/5
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether2_conn disabled=no in-interface=ether1 new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes
# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_ether2 comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether3 routing-mark=to_adsl_ether3 comment="Link1"
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=11.11.11.1 routing-mark=to_ether4 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether5 routing-mark=to_adsl_ether5 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_ether3 scope=30 target-scope=10
/ip route add check-gateway=ping comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=11.11.11.1 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_ether5 scope=30 target-scope=10
# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback
# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=yes;\r\ \n/ip route set [find comment="Link0"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=yes;\r\ \n/ip route set [find comment="Link1"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=yes;\r\ \n/ip route set [find comment="Link2"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=yes;\r\ \n/ip route set [find comment="Link3"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=no;\r\ \n/ip route set [find comment="Link0"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=no;\r\ \n/ip route set [find comment="Link1"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=no;\r\ \n/ip route set [find comment="Link2"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=no;\r\ \n/ip route set [find comment="Link3"] disabled=no;"
REGRAS PRONTAS E CONFIGURAÇÂO PRONTAS PARA 2 PLACAS DE REDES
/interface set ether2 name=OI.VELOX comment=internet
/interface set ether1 name=REDELOCAL comment=clientes
/ip dhcp-client set enabled=yes interface=OI.VELOX
/ ip address
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=REDELOCAL comment="" disabled=no
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=200.175.89.139 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="redelocal" ranges=192.168.2.2-192.168.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 max.client-connecions=600 \
max.server-connectons=600
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=conexao-p2p passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conexao-p2p action=mark-packet \
new-packet-mark=PACOTES-P2P passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=OI.VELOX action=masquerade comment="NAT REDELOCAL \
PARA OI.VELOX" disabled=no
add chain=dstnat in-interface=REDELOCAL protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="PROXY" disabled=no
/ ip firewall filter
add chain=input in-interface=OI.VELOX protocol=tcp dst-port=3128 action=drop \
comment="BLOQUEIO PROXY EXTERNO" disabled=no
/ ip dhcp-client
add interface=OI.VELOX add-default-route=yes use-peer-dns=yes use-peer-ntp=yes \
comment="" disabled=no
/ ip dhcp-server
add name="SRVLOCAL" interface=REDELOCAL lease-time=4w2d address-pool=redelocal \
bootp-support=static add-arp=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 comment=""
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url="https://" action=deny comment="no cache dynamic https pages" \
disabled=no
/ queue tree
add name="P2P-IN" parent=global-in packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="P2P-OUT" parent=global-out packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=8.8.8.8 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="cliente local" ranges=10.0.2.1-10.0.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.2.1 scope=255 target-scope=10 \
comment="" disabled=no
se gostou agradeça se tiver regras ai e so compartilhar com a turma do forum.
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add src-address=10.0.0.0/24 action=allow comment="" disabled=no
add src-address=10.0.1.0/24 action=allow comment="" disabled=no
/ ip hotspot
add name="hotspot" interface=Clientes profile=hsprof idle-timeout=1d keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
add name="hsprof" hotspot-address=10.0.1.1 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:3128 \
smtp-server=0.0.0.0 login-by=mac,cookie,http-chap http-cookie-lifetime=1d split-user-domain=no use-radius=no
# ip address --------------------------
/ip address add address=192.168.0.1/24 interface=ether1
/ip address add address=10.10.10.2/24 interface=ether2
/ip address add address=11.11.11.2/24 interface=ether4
# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether3 password=123123 profile=default service-name="" use-peer-dns=no user=123456
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether5 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether5 password=789798 profile=default service-name="" use-peer-dns=no user=789879
# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes
# ip dns statico------------------------
/ip dns static add address=192.168.0.1 comment="" disabled=no name=192.168.0.1.cyberscan ttl=1d
# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether2 src-address=192.168.0.0/24
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether4 src-address=192.168.0.0/24
# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether3
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether4
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether5
# ip firewall mangle------------------------
# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=ether1 new-connection-mark=Sites0 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=ether1 new-routing-mark=Rota0 passthrough=no
/ ip route add gateway=10.10.10.1 routing-mark=Rota0
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=ether1 new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=ether1 new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_ether3 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=ether1 new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=ether1 new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=11.11.11.1 routing-mark=Rota2
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
/ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------
/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether2 new-connection-mark=ether2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether4 new-connection-mark=ether4_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=no new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.10.10.0/24 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=11.11.11.0/24 in-interface=ether1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether2_conn passthrough=yes per-connection-classifier=both-addresses:6/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/3
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/4
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses:6/5
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether2_conn disabled=no in-interface=ether1 new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes
# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_ether2 comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether3 routing-mark=to_adsl_ether3 comment="Link1"
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=11.11.11.1 routing-mark=to_ether4 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether5 routing-mark=to_adsl_ether5 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_ether3 scope=30 target-scope=10
/ip route add check-gateway=ping comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=11.11.11.1 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_ether5 scope=30 target-scope=10
# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback
# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=yes;\r\ \n/ip route set [find comment="Link0"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=yes;\r\ \n/ip route set [find comment="Link1"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=yes;\r\ \n/ip route set [find comment="Link2"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=yes;\r\ \n/ip route set [find comment="Link3"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=no;\r\ \n/ip route set [find comment="Link0"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=no;\r\ \n/ip route set [find comment="Link1"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=no;\r\ \n/ip route set [find comment="Link2"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=no;\r\ \n/ip route set [find comment="Link3"] disabled=no;"
REGRAS PRONTAS E CONFIGURAÇÂO PRONTAS PARA 2 PLACAS DE REDES
/interface set ether2 name=OI.VELOX comment=internet
/interface set ether1 name=REDELOCAL comment=clientes
/ip dhcp-client set enabled=yes interface=OI.VELOX
/ ip address
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=REDELOCAL comment="" disabled=no
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=200.175.89.139 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="redelocal" ranges=192.168.2.2-192.168.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 max.client-connecions=600 \
max.server-connectons=600
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=conexao-p2p passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conexao-p2p action=mark-packet \
new-packet-mark=PACOTES-P2P passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=OI.VELOX action=masquerade comment="NAT REDELOCAL \
PARA OI.VELOX" disabled=no
add chain=dstnat in-interface=REDELOCAL protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="PROXY" disabled=no
/ ip firewall filter
add chain=input in-interface=OI.VELOX protocol=tcp dst-port=3128 action=drop \
comment="BLOQUEIO PROXY EXTERNO" disabled=no
/ ip dhcp-client
add interface=OI.VELOX add-default-route=yes use-peer-dns=yes use-peer-ntp=yes \
comment="" disabled=no
/ ip dhcp-server
add name="SRVLOCAL" interface=REDELOCAL lease-time=4w2d address-pool=redelocal \
bootp-support=static add-arp=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 comment=""
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url="https://" action=deny comment="no cache dynamic https pages" \
disabled=no
/ queue tree
add name="P2P-IN" parent=global-in packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="P2P-OUT" parent=global-out packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
paulosantos- Baby
- Mensagens : 4
Pontos : 6
Reputação : 0
Data de inscrição : 25/03/2012
Idade : 35
Localização : betim mg
Re: Regras mikrotik 3.xxmikrotik
Amigo não adianta ficar colocando mil regras se o leigo não sabe pra que funciona o certo seria vc montar uma video aula explicando detalhadamente o que cada regra faz, pude observer alguns trexos ai desnecessários mais como cada um faz sua configuração de acordo com sua nescessidade...... entaum fica a dica ai pra vc !!!!
cdanielboy- Power User
- Mensagens : 1012
Pontos : 1336
Reputação : 270
Data de inscrição : 12/05/2011
Idade : 39
Localização : belém
Re: Regras mikrotik 3.xxmikrotik
gostei... mais se fosse comentada cada uma seria de maior serventia para quem não manja muito de mk co eu. Tem umas que até sei para que serve, mais a maioria não sei para que serve, então não vou sair aplicando regras sem saber o que estou fazendo!!
pelomenos no comment poderia ter uma dica!
mais tá valendo na minha opinião!
pelomenos no comment poderia ter uma dica!
mais tá valendo na minha opinião!
wilson-silva- Baby
- Mensagens : 16
Pontos : 24
Reputação : 0
Data de inscrição : 08/05/2013
Idade : 53
Localização : são luis - maranhão
Re: Regras mikrotik 3.xxmikrotik
concordo plenamente , quanto menos regras o mk tiver , tera um melhor desempenho .. nao adianta encher o mk de regras sem saber pra que serve cada uma delas ,, isso so vai provocar mal funcionamento dependedendo do equipamento ,,
speed.infor.net- User
- Mensagens : 181
Pontos : 271
Reputação : 32
Data de inscrição : 30/09/2012
Idade : 41
Localização : gov valadares
Tópicos semelhantes
» Regras Para Mikrotik 5.18 - (Resolvido)
» MIKROTIK REGRAS PROTAS QOS
» Regras Iniciais - Firewall Mikrotik
» MIKROTIK REGRAS PROTAS QOS
» Regras Iniciais - Firewall Mikrotik
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|