MikroTik RouterOS (часть 4) - [994] :: В помощь системному администратору

# jan/02/1970 07:20:56 by RouterOS 5.16
# software id = 8SJF-AM5D
#
/interface ethernet
set 0 name=WAN1_Z
set 1 name=WAN2_S
set 4 name=ether5-master
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN1_Z name=pppoe-out1 \
password=x use-peer-dns=yes user=x
/interface ethernet
set 2 master-port=ether5-master name=ether3-slave
set 3 master-port=ether5-master name=ether4-slave
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=for_eth3 ranges=192.168.90.10-192.168.90.250
add name=dhcp_pool1 ranges=192.168.90.2-192.168.90.254
/ip dhcp-server
add address-pool=default-dhcp interface=WAN2_S name=default
add address-pool=default-dhcp disabled=no interface=ether5-master lease-time=\
10m name=dhcp_for_lan
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether5-master
/ip dhcp-client
add comment="default configuration" default-route-distance=200 disabled=no \
interface=WAN2_S
/ip dhcp-server lease
add address=192.168.88.249 client-id=1:90:94:e4:f2:8f:fb mac-address=\
90:94:E4:F2:8F:FB server=dhcp_for_lan
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1,8.8.8.8 gateway=192.168.88.1
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=drop chain=input comment="drop dns flood" dst-port=53 protocol=udp
add chain=input comment="WinBox Access" dst-port=8291 protocol=tcp
add chain=input comment="WinBox Access" disabled=yes dst-port=22 protocol=tcp
add chain=input comment=3389 dst-port=3389 protocol=tcp
add chain=input comment=1234 dst-port=1234 protocol=tcp
add chain=input comment=58000 port=58000 protocol=tcp
add chain=input comment="ping access" protocol=icmp
add chain=input connection-state=related in-interface=pppoe-out1
add chain=input connection-state=established in-interface=pppoe-out1
add action=drop chain=input in-interface=pppoe-out1
add action=jump chain=forward in-interface=pppoe-out1 jump-target=customer
add chain=customer connection-state=established
add chain=customer connection-state=related
add action=drop chain=customer
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=WAN2_S

add action=netmap chain=dstnat comment="3389" \
dst-port=3389 protocol=tcp to-addresses=192.168.88.249 to-ports=3389

add action=dst-nat chain=dstnat comment="3389 pppoe" \
dst-address-type=local dst-port=3389 in-interface=pppoe-out1 protocol=tcp \
to-addresses=192.168.88.249 to-ports=3389

/ip neighbor discovery
set WAN1_Z disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=0.0.0.0/0
set winbox address=0.0.0.0/0
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=WAN1_Z type=external
add interface=WAN2_S type=internal
add interface=ether3-slave type=internal
add interface=ether4-slave type=internal
add interface=ether5-master type=internal
/tool mac-server
add disabled=no interface=WAN2_S
add disabled=no interface=ether3-slave
add disabled=no interface=ether4-slave
add disabled=no interface=ether5-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=WAN2_S
add interface=ether3-slave
add interface=ether4-slave
add interface=ether5-master

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
articlebot (11-03-2019 21:34): продолжение в MikroTik RouterOS (часть 5)	Версия для печати • Подписаться • Добавить в закладки
На первую страницу • к этому сообщению • к последнему сообщению