Conectar-se

Esqueci minha senha

lateral
Estatísticas
Temos 31061 usuários registrados
O último usuário registrado atende pelo nome de Kennedy

Os nossos membros postaram um total de 38010 mensagens em 5736 assuntos

Regras mikrotik 3.xxmikrotik

Ir em baixo

Regras mikrotik 3.xxmikrotik

Mensagem por paulosantos em Qua 16 Maio - 16:08

ai galera um super pacotão de regras mikrotik 3.xx so copiar e colar bom para quem estar iniciando nesse ramo.


/ ip dns
set primary-dns=192.168.1.1 secondary-dns=8.8.8.8 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w

/ ip pool
add name="cliente local" ranges=10.0.2.1-10.0.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254

/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.2.1 scope=255 target-scope=10 \
comment="" disabled=no

se gostou agradeça se tiver regras ai e so compartilhar com a turma do forum.


/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
add src-address=10.0.0.0/24 action=allow comment="" disabled=no
add src-address=10.0.1.0/24 action=allow comment="" disabled=no


/ ip hotspot
add name="hotspot" interface=Clientes profile=hsprof idle-timeout=1d keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no


/ ip hotspot profile
add name="hsprof" hotspot-address=10.0.1.1 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:3128 \
smtp-server=0.0.0.0 login-by=mac,cookie,http-chap http-cookie-lifetime=1d split-user-domain=no use-radius=no

# ip address --------------------------
/ip address add address=192.168.0.1/24 interface=ether1
/ip address add address=10.10.10.2/24 interface=ether2
/ip address add address=11.11.11.2/24 interface=ether4

# interface pppoe-client ---------------
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether3 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether3 password=123123 profile=default service-name="" use-peer-dns=no user=123456
/interface pppoe-client add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether5 max-mru=1480 max-mtu=1480 mrru=disabled name=adsl_ether5 password=789798 profile=default service-name="" use-peer-dns=no user=789879

# ip dns --------------------------------
/ip dns set primary-dns=8.8.8.8
/ip dns set secondary-dns=8.8.4.4
/ip dns set allow-remote-requests=yes

# ip dns statico------------------------
/ip dns static add address=192.168.0.1 comment="" disabled=no name=192.168.0.1.cyberscan ttl=1d

# ip firewall Filter------------------------
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br disabled=no
/ip firewall filter add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br disabled=no
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether2 src-address=192.168.0.0/24
/ip firewall filter add action=accept chain=input disabled=no in-interface=!ether4 src-address=192.168.0.0/24

# ip firewall nat--------------------------
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether2
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether3
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether4
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=adsl_ether5

# ip firewall mangle------------------------

# LoopBack por link-------------------------
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK0 in-interface=ether1 new-connection-mark=Sites0 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites0 disabled=no in-interface=ether1 new-routing-mark=Rota0 passthrough=no
/ ip route add gateway=10.10.10.1 routing-mark=Rota0
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK1 in-interface=ether1 new-connection-mark=Sites1 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites1 disabled=no in-interface=ether1 new-routing-mark=Rota1 passthrough=no
/ ip route add gateway=adsl_ether3 routing-mark=Rota1
/ ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no dst-address-list=LINK2 in-interface=ether1 new-connection-mark=Sites2 passthrough=yes
/ ip firewall mangle add action=mark-routing chain=prerouting comment="" connection-mark=Sites2 disabled=no in-interface=ether1 new-routing-mark=Rota2 passthrough=no
/ ip route add gateway=11.11.11.1 routing-mark=Rota2

/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment="BRADESCO" disabled=no list=LINK0
/ip firewall address-list add address=200.220.186.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=200.220.178.0/24 comment="" disabled=no list=LINK0
/ip firewall address-list add address=64.38.29.0/24 comment="RapidShare" disabled=no list=LINK1
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=LINK1
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=LINK2
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=LINK2
# Fim LoopBack por link----------------------

/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LOADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALACED" disabled=no dst-address-list=loopback in-interface=ether1
/ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether2 new-connection-mark=ether2_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether3 new-connection-mark=adsl_ether3_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=ether4 new-connection-mark=ether4_conn passthrough=yes
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no in-interface=adsl_ether5 new-connection-mark=adsl_ether5_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether3_conn disabled=no new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=adsl_ether5_conn disabled=no new-routing-mark=to_adsl_ether5 passthrough=yes
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.10.10.0/24 in-interface=ether1
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=11.11.11.0/24 in-interface=ether1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether2_conn passthrough=yes per-connection-classifier=both-addresses:6/0
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/1
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether3_conn passthrough=yes per-connection-classifier=both-addresses:6/2
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/3
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=ether4_conn passthrough=yes per-connection-classifier=both-addresses:6/4
/ip firewall mangle add action=mark-connection connection-state=new chain=prerouting disabled=no dst-address-type=!local in-interface=ether1 new-connection-mark=adsl_ether5_conn passthrough=yes per-connection-classifier=both-addresses:6/5
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether2_conn disabled=no in-interface=ether1 new-routing-mark=to_ether2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether3_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether3 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ether4_conn disabled=no in-interface=ether1 new-routing-mark=to_ether4 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=adsl_ether5_conn disabled=no in-interface=ether1 new-routing-mark=to_adsl_ether5 passthrough=yes

# ip route----------------------------------
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_ether2 comment="Link0"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether3 routing-mark=to_adsl_ether3 comment="Link1"
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=11.11.11.1 routing-mark=to_ether4 comment="Link2"
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adsl_ether5 routing-mark=to_adsl_ether5 comment="Link3"
/ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 target-scope=10
/ip route add comment="Link1" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=adsl_ether3 scope=30 target-scope=10
/ip route add check-gateway=ping comment="Link2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=11.11.11.1 scope=30 target-scope=10
/ip route add comment="Link3" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=adsl_ether5 scope=30 target-scope=10

# ip firewall address-list-----------------------------
/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled=no list=loopback
/ip firewall address-list add address=201.7.176.0/20 comment="Vídeos - Globo" disabled=no list=loopback
/ip firewall address-list add address=208.84.247.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.154.56.0/24 comment="Vídeos - terratv" disabled=no list=loopback
/ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback
/ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no list=loopback
/ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no list=loopback

# /system script--------------------------------------
/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=yes;\r\ \n/ip route set [find comment="Link0"] disabled=yes;"
/system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=yes;\r\ \n/ip route set [find comment="Link1"] disabled=yes;"
/system script add name=Link2Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=yes;\r\ \n/ip route set [find comment="Link2"] disabled=yes;"
/system script add name=Link3Dow policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=yes;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=yes;\r\ \n/ip route set [find comment="Link3"] disabled=yes;"
/system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link0"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link0"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link0"] disabled=no;\r\ \n/ip route set [find comment="Link0"] disabled=no;"
/system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link1"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link1"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link1"] disabled=no;\r\ \n/ip route set [find comment="Link1"] disabled=no;"
/system script add name=Link2Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link2"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link2"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link2"] disabled=no;\r\ \n/ip route set [find comment="Link2"] disabled=no;"
/system script add name=Link3Up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\ /ip firewall filter set [find comment="Link3"] disabled=no;\r\ \n/ip firewall nat set [find comment="Link3"] disabled=no;\r\ \n/ip firewall mangle set [find comment="Link3"] disabled=no;\r\ \n/ip route set [find comment="Link3"] disabled=no;"


REGRAS PRONTAS E CONFIGURAÇÂO PRONTAS PARA 2 PLACAS DE REDES
/interface set ether2 name=OI.VELOX comment=internet
/interface set ether1 name=REDELOCAL comment=clientes
/ip dhcp-client set enabled=yes interface=OI.VELOX
/ ip address
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=REDELOCAL comment="" disabled=no
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=200.175.89.139 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip pool
add name="redelocal" ranges=192.168.2.2-192.168.2.254
add name="webbox" ranges=192.168.2.2-192.168.2.254
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 max.client-connecions=600 \
max.server-connectons=600
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=conexao-p2p passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conexao-p2p action=mark-packet \
new-packet-mark=PACOTES-P2P passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=OI.VELOX action=masquerade comment="NAT REDELOCAL \
PARA OI.VELOX" disabled=no
add chain=dstnat in-interface=REDELOCAL protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="PROXY" disabled=no
/ ip firewall filter
add chain=input in-interface=OI.VELOX protocol=tcp dst-port=3128 action=drop \
comment="BLOQUEIO PROXY EXTERNO" disabled=no
/ ip dhcp-client
add interface=OI.VELOX add-default-route=yes use-peer-dns=yes use-peer-ntp=yes \
comment="" disabled=no
/ ip dhcp-server
add name="SRVLOCAL" interface=REDELOCAL lease-time=4w2d address-pool=redelocal \
bootp-support=static add-arp=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 comment=""
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url="https://" action=deny comment="no cache dynamic https pages" \
disabled=no
/ queue tree
add name="P2P-IN" parent=global-in packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="P2P-OUT" parent=global-out packet-mark=PACOTES-P2P limit-at=0 \
queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no

paulosantos
Baby
Baby

Mensagens : 4
Pontos : 6
Reputação : 0
Data de inscrição : 25/03/2012
Idade : 29
Localização Localização : betim mg

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por cdanielboy em Qua 16 Maio - 17:05

Amigo não adianta ficar colocando mil regras se o leigo não sabe pra que funciona o certo seria vc montar uma video aula explicando detalhadamente o que cada regra faz, pude observer alguns trexos ai desnecessários mais como cada um faz sua configuração de acordo com sua nescessidade...... entaum fica a dica ai pra vc !!!!
avatar
cdanielboy
Power User
Power User

Mensagens : 1012
Pontos : 1336
Reputação : 270
Data de inscrição : 12/05/2011
Idade : 33
Localização Localização : belém

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por wilson-silva em Sab 11 Maio - 18:22

gostei... mais se fosse comentada cada uma seria de maior serventia para quem não manja muito de mk co eu. Tem umas que até sei para que serve, mais a maioria não sei para que serve, então não vou sair aplicando regras sem saber o que estou fazendo!!



pelomenos no comment poderia ter uma dica!

mais tá valendo na minha opinião!

wilson-silva
Baby
Baby

Mensagens : 16
Pontos : 24
Reputação : 0
Data de inscrição : 08/05/2013
Idade : 47
Localização Localização : são luis - maranhão

Voltar ao Topo Ir em baixo

Re: Regras mikrotik 3.xxmikrotik

Mensagem por speed.infor.net em Sab 11 Maio - 19:28

concordo plenamente , quanto menos regras o mk tiver , tera um melhor desempenho .. nao adianta encher o mk de regras sem saber pra que serve cada uma delas ,, isso so vai provocar mal funcionamento dependedendo do equipamento ,,
avatar
speed.infor.net
User
User

Mensagens : 181
Pontos : 271
Reputação : 32
Data de inscrição : 30/09/2012
Idade : 35
Localização Localização : gov valadares

Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum