Login

Esqueci minha senha

lateral
Estatísticas
Temos 29284 usuários registrados
O último usuário registrado atende pelo nome de hugo--esteves

Os nossos membros postaram um total de 37314 mensagens em 5568 assuntos

Regras mikrotik 3.xxmikrotik

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Regras mikrotik 3.xxmikrotik

Mensagem por paulosantos em Qua 16 Maio - 16:08

ai galera um super pacotão de regras mikrotik 3.xx so copiar e colar bom para quem estar iniciando nesse ramo.


/ ip dns
set primary-dns=192.168.1.1 secondary-dns=8.8.8.8 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w

/ ip pool
add name="cliente local" ranges=10.0.2.1-10.0.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254

/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.2.1 scope=255 target-scope=10 \
comment="" disabled=no

se gostou agradeça se tiver regras ai e so compartilhar com a turma do forum.


/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add src-address=10.0.0.0/24 action=allow comment="" disabled=no
add src-address=10.0.1.0/24 action=allow comment="" disabled=no


/ ip hotspot
add name="hotspot" interface=Clientes profile=hsprof idle-timeout=1d keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no


/ ip hotspot profile
add name="hsprof" hotspot-address=10.0.1.1 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:3128 \
smtp-server=0.0.0.0 login-by=mac,cookie,http-chap http-cookie-lifetime=1d split-user-domain=no use-radius=no

# ip address --------------------------
/ip address add address=192.168.0.1/24 interface=ether1
/ip address add address=10.10.10.2/24 interface=ether2
/ip address add address=11.11.11.2/24 interface=ether4

# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether3 password=123123 profile=default service-name="" use-peer-dns=no user=123456
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether5 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether5 password=789798 profile=default service-name="" use-peer-dns=no user=789879

# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes

# ip dns statico------------------------
/ip dns static add address=192.168.0.1 comment="" disabled=no name=192.168.0.1.cyberscan ttl=1d

# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether2 src-address=192.168.0.0/24
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether4 src-address=192.168.0.0/24

# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether3
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether4
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether5

# ip firewall mangle------------------------

# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=ether1 new-connection-mark=Sites0 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=ether1 new-routing-mark=Rota0 passthrough=no
/ ip route add gateway=10.10.10.1 routing-mark=Rota0
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=ether1 new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=ether1 new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_ether3 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=ether1 new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=ether1 new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=11.11.11.1 routing-mark=Rota2

/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
/ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------

/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether2 new-connection-mark=ether2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether4 new-connection-mark=ether4_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=no new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.10.10.0/24 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=11.11.11.0/24 in-interface=ether1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether2_conn passthrough=yes per-connection-classifier=both-addresses:6/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/3
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/4
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses:6/5
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether2_conn disabled=no in-interface=ether1 new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes

# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_ether2 comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether3 routing-mark=to_adsl_ether3 comment="Link1"
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=11.11.11.1 routing-mark=to_ether4 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether5 routing-mark=to_adsl_ether5 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_ether3 scope=30 target-scope=10
/ip route add check-gateway=ping comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=11.11.11.1 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_ether5 scope=30 target-scope=10

# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback

# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=yes;\r\ \n/ip route set [find comment="Link0"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=yes;\r\ \n/ip route set [find comment="Link1"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=yes;\r\ \n/ip route set [find comment="Link2"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=yes;\r\ \n/ip route set [find comment="Link3"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=no;\r\ \n/ip route set [find comment="Link0"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=no;\r\ \n/ip route set [find comment="Link1"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=no;\r\ \n/ip route set [find comment="Link2"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=no;\r\ \n/ip route set [find comment="Link3"] disabled=no;"


REGRAS PRONTAS E CONFIGURAÇÂO PRONTAS PARA 2 PLACAS DE REDES
/interface set ether2 name=OI.VELOX comment=internet
/interface set ether1 name=REDELOCAL comment=clientes
/ip dhcp-client set enabled=yes interface=OI.VELOX
/ ip address
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=REDELOCAL comment="" disabled=no
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=200.175.89.139 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="redelocal" ranges=192.168.2.2-192.168.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 max.client-connecions=600 \
max.server-connectons=600
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=conexao-p2p passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conexao-p2p action=mark-packet \
new-packet-mark=PACOTES-P2P passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=OI.VELOX action=masquerade comment="NAT REDELOCAL \
PARA OI.VELOX" disabled=no
add chain=dstnat in-interface=REDELOCAL protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="PROXY" disabled=no
/ ip firewall filter
add chain=input in-interface=OI.VELOX protocol=tcp dst-port=3128 action=drop \
comment="BLOQUEIO PROXY EXTERNO" disabled=no
/ ip dhcp-client
add interface=OI.VELOX add-default-route=yes use-peer-dns=yes use-peer-ntp=yes \
comment="" disabled=no
/ ip dhcp-server
add name="SRVLOCAL" interface=REDELOCAL lease-time=4w2d address-pool=redelocal \
bootp-support=static add-arp=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 comment=""
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url="https://" action=deny comment="no cache dynamic https pages" \
disabled=no
/ queue tree
add name="P2P-IN" parent=global-in packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="P2P-OUT" parent=global-out packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no

paulosantos
Baby
Baby

Mensagens : 4
Pontos : 6
Reputação : 0
Data de inscrição : 25/03/2012
Idade : 28
Localização Localização : betim mg

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por cdanielboy em Qua 16 Maio - 17:05

Amigo não adianta ficar colocando mil regras se o leigo não sabe pra que funciona o certo seria vc montar uma video aula explicando detalhadamente o que cada regra faz, pude observer alguns trexos ai desnecessários mais como cada um faz sua configuração de acordo com sua nescessidade...... entaum fica a dica ai pra vc !!!!

cdanielboy
Power User
Power User

Mensagens : 1012
Pontos : 1333
Reputação : 267
Data de inscrição : 12/05/2011
Idade : 32
Localização Localização : belém

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por wilson-silva em Sab 11 Maio - 18:22

gostei... mais se fosse comentada cada uma seria de maior serventia para quem não manja muito de mk co eu. Tem umas que até sei para que serve, mais a maioria não sei para que serve, então não vou sair aplicando regras sem saber o que estou fazendo!!



pelomenos no comment poderia ter uma dica!

mais tá valendo na minha opinião!

wilson-silva
Baby
Baby

Mensagens : 16
Pontos : 24
Reputação : 0
Data de inscrição : 08/05/2013
Idade : 46
Localização Localização : são luis - maranhão

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por speed.infor.net em Sab 11 Maio - 19:28

concordo plenamente , quanto menos regras o mk tiver , tera um melhor desempenho .. nao adianta encher o mk de regras sem saber pra que serve cada uma delas ,, isso so vai provocar mal funcionamento dependedendo do equipamento ,,

speed.infor.net
User
User

Mensagens : 181
Pontos : 271
Reputação : 32
Data de inscrição : 30/09/2012
Idade : 34
Localização Localização : gov valadares

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por Conteúdo patrocinado Hoje à(s) 21:26


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum