Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. boa noite galera! ai vai mais uma comtribuisao minha! primeira configuraçao depois da instalaçao do mk!

    COMO PRIMERA MEDIDA, TEM QUE VER EM QUE ESTADO ESTAO AS INTERFACES, POIS PODEN ESTAR DESABILITADAS.


    [admin@MikroTik] > int
    [admin@MikroTik] interface> pr
    Flags: X - disabled, D - dynamic, R - running
    # NAME TYPE RX-RATE TX-RATE MTU
    0 R ether1 ether 0 0 1500
    1 X ether2 ether 0 0 1500
    [admin@MikroTik] interface>

    SE POR CASUALIDADE TIVER ALGUMA INTERFACE COM UM “X” COMO O CASO DA INTERFACE ether2 TEM QUE HABILITA-LA DA SIG. MANEIRA.

    [admin@MikroTik] interface> enable 1
    [admin@MikroTik] interface> pr
    Flags: X - disabled, D - dynamic, R - running
    # NAME TYPE RX-RATE TX-RATE MTU
    0 R ether1 ether 0 0 1500
    1 R ether2 ether 0 0 1500
    [admin@MikroTik] interface>

    DEFINA OS IP A CADA INTERFACE.

    [admin@MikroTik] > ip
    [admin@MikroTik] ip> add
    [admin@MikroTik] ip address> add address 200.222.35.33/30 interface ether2
    [admin@MikroTik] ip address> add address 192.168.0.1/24 interface ether1
    [admin@MikroTik] ip address> pr
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK BROADCAST INTERFACE
    0 200.222.35.33/30 200.222.35.32 200.222.35.35 ether2
    1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether1
    [admin@MikroTik] ip address>


    CRIAR A DEFAULT GATEWAY

    [admin@MikroTik] > ip
    [admin@MikroTik] ip> route
    [admin@MikroTik] ip route> add dst-address 0.0.0.0/0 gateway 200.222.35.34
    [admin@MikroTik] ip route> pr
    Flags: X - disabled, A - active, D - dynamic,
    C - connect, S - static, r - rip, b - bgp, o - ospf
    # DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
    0 ADC 192.168.0.0/24 192.168.0.1 ether1
    1 ADC 200.222.35.32/30 200.222.35.33 ether2
    2 A S 0.0.0.0/0 r 200.222.35.34 ether2
    [admin@MikroTik] ip route>

    UMA VEZ REALIZADO ISTO, VOCE DEVERIA PODER FAZER UM PING NO ROUTER E NO PC 192.168.0.3 E A QUALQUER IP DE INTERNET. (PARA CONFIRMAR QUE AMBAS INTERFACES ESTAO FUNCIONANDO CORRETAMENTE)



    CRIAR UM NAT PARA PODER TRANSMITIR INTERNET PARA RED INTERNA E QUE AS MESMAS PODER NAVEGAR.


    [admin@MikroTik] > ip
    [admin@MikroTik] ip> fir
    [admin@MikroTik] ip firewall> nat
    [admin@MikroTik] ip firewall nat>
    [admin@MikroTik] ip firewall nat> add chain=srcnat out-interf=ether2 action=masquerade
    [admin@MikroTik] ip firewall nat> pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat out-interface=ether2 action=masquerade
    [admin@MikroTik] ip firewall nat>

    CONFIGURAR EL SERVIÇO DE CACHE DE DNS

    [admin@MikroTik] ip> ..
    [admin@MikroTik] > ip
    [admin@MikroTik] ip> dns
    [admin@MikroTik] ip dns> pr
    primary-dns: 0.0.0.0
    secondary-dns: 0.0.0.0
    allow-remote-requests: no
    cache-size: 2048KiB
    cache-max-ttl: 1w
    cache-used: 16KiB

    COLOCAR OS IP DO SEU PROVEDOR EM LUGAR DOS DE ESEMPLO

    [admin@MikroTik] ip dns> set primary-dns=217.15.32.2 secondary-dns=200.45.191.35 allow-re
    mote=yes

    [admin@MikroTik] ip dns> pr
    primary-dns: 200.69.193.1
    secondary-dns: 200.69.193.2
    allow-remote-requests: yes
    cache-size: 2048KiB
    cache-max-ttl: 1w
    cache-used: 16KiB
    [admin@MikroTik] ip dns>

    SE SEU PC SE CONECTAR NA RED INTERNA COM O IP 192.168.0.3
    CONFIGURAR A PORTA DE ENLACE E O DNS PRIMARIO COM IP 192.168.0.1
    JA DEVERIA PODER NAVEGAR PERFEITAMENTE.

    SERIA MUITO BOM QUE TEUS CLIENTES SE CONECTEM A SUA RED VIA UMA CONEXAO COM PPPOE COMO SE FOSSE QUE CADA UM TIVESSE UM ADSL.

    PARA ISTO DEVERIA HABILITAR O SERVIÇO DE PPPOE , CRIAR UM POOL DE IP E CRIAR OS DISTINTOS PROFILE PARA DESIGNAÇAO DE DISTINTAS VELOCIDADES E POR ULTIMO O LOGIN PARA O USUARIO E A PASSWORD QUE SE USA A CADA USUARIO PARA PODER CONECTAR A RED E NAVEGAR.

  2. Otimo tuto, rapido e eficiente, para quem ta começando hehehe...

    Parabéns!



  3. Amigos gostaria de saber se este oadballance tem algum erro nas regras
    link1 192.16.1.1 na ether1 renomeada para (ether1-WAN1
    link2 192.168.2.1 na ether2 renomeada para (ether2-WAN2
    saida de link 192.168.88.1 na ether3 renomeada para (ether3-LAN1
    na ether4 esta com master port ether3 renomeada para (ether4-LAN2
    coloquei os ip dos clientes fixos atraves do arp
    troquei o nome verdadewiro dos meus clientes por apenas cliente e o mac coloquei tres casas com o mesmo 3F:E5:B3 para evitar problemas com algum malandro
    tem alumas regras do hotspot porem ele não esta ativado pq não funciona com o loadbalance pelo menos não consseguir fazer funcionar


    MikroTik RouterOS 6.9 copiado com o comando export no new terminal
    ----------------------------------------------------------------------------------------------------------------------------


    /interface ethernet
    set [ find default-name=ether1 ] name=ether1-WAN1
    set [ find default-name=ether2 ] name=ether2-WAN2
    set [ find default-name=ether3 ] arp=reply-only name=ether3-LAN1
    set [ find default-name=ether4 ] master-port=ether3-LAN1 name=ether4-LAN2


    /ip dhcp-server
    add disabled=no interface=ether3-LAN1 name=dhcp1


    /ip hotspot profile
    set [ find default=yes ] http-cookie-lifetime=7h
    /ip hotspot user profile
    set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=512K rate-limit=512k/512k session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=640K rate-limit=640k/640k session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=256K rate-limit=256k/256k session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=384K rate-limit=384k/384k session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=1M rate-limit=1m/1m session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=2M rate-limit=2m/2m session-timeout=7h \
    transparent-proxy=yes
    add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=7h name=710K rate-limit=710k/710k session-timeout=7h \
    transparent-proxy=yes


    /ip pool
    add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254


    /queue simple
    add dst=ether1-WAN1 name=LINK1 target=ether1-WAN1
    add dst=ether2-WAN2 name=LINK2 target=ether2-WAN2
    add comment=Netbook-cliente max-limit=1M/1M name=cliente target=192.168.88.5/32
    add comment=Celular-cliente max-limit=256k/256k name=cliente target=192.168.88.6/32
    add comment=Computador-cliente max-limit=1M/1M name=cliente target=192.168.88.7/32
    add comment=Computador-cliente max-limit=1M/1M name=cliente target=192.168.88.8/32
    add comment=Notebook-cliente max-limit=2M/2M name=cliente target=192.168.88.9/32
    add comment=Notebook-cliente max-limit=512k/512k name=cliente target=192.168.88.10/32
    add comment=Computador-cliente max-limit=512k/512k name=cliente target=192.168.88.11/32
    add comment=Computador-cliente max-limit=512k/512k name=cliente target=192.168.88.12/32
    add comment=Computador-cliente max-limit=512k/512k name=cliente target=192.168.88.13/32
    add comment=Computador-cliente max-limit=512k/512k name=cliente target=192.168.88.14/32
    add comment=Notebook-cliente max-limit=1M/1M name=cliente target=192.168.88.15/32
    add comment="Computador-cliente" max-limit=256k/256k name=cliente target=192.168.88.18/32
    add comment=Computador-cliente limit-at=640k/0 max-limit=710k/710k name=clienter target=192.168.88.19/32
    add max-limit=1M/1M name="cliente" target=192.168.88.20/32
    add comment=Computador-cliente max-limit=640k/640k name=cliente queue=default/default target=192.168.88.16/32 \
    total-queue=default
    add comment=Computador-cliente max-limit=512k/512k name=cliente queue=default/default target=192.168.88.17/32 \
    total-queue=default


    /ip address
    add address=192.168.88.1/24 interface=ether3-LAN1 network=192.168.88.0


    /ip arp
    add address=192.168.88.5 comment=Netbook-cliente interface=ether3-LAN1 mac-address=A0:F3:3F:E5:B3:59
    add address=192.168.88.6 comment=Celular-cliente interface=ether3-LAN1 mac-address=00:AA:3F:E5:B3:8A
    add address=192.168.88.7 comment=Computador-cliente interface=ether3-LAN1 mac-address=10:3F:E5:B3:68:22
    add address=192.168.88.8 comment=Computador-cliente interface=ether3-LAN1 mac-address=A0:3F:E5:B3:EB:00
    add address=192.168.88.9 comment=Notebook-cliente interface=ether3-LAN1 mac-address=00:1A:3F:8F:F8:E2
    add address=192.168.88.10 comment=Notebook-cliente disabled=yes interface=ether3-LAN1 mac-address=64:3F:E5:B3:FE:73
    add address=192.168.88.11 comment=Computador-cliente interface=ether3-LAN1 mac-address=08:3F:E5:B3:34:AF
    add address=192.168.88.12 comment=Computador-cliente interface=ether3-LAN1 mac-address=00:3F:E5:B3:6E:11
    add address=192.168.88.13 comment=Computador-cliente interface=ether3-LAN1 mac-address=00:3F:E5:B3:0E:EB
    add address=192.168.88.14 comment=Computador-cliente interface=ether3-LAN1 mac-address=3C:3F:E5:B3:5E:A3
    add address=192.168.88.15 comment=Notebook-cliente interface=ether3-LAN1 mac-address=48:02:3F:E5:B3:26
    add address=192.168.88.16 comment=Computador-cliente interface=ether3-LAN1 mac-address=00:3F:E5:B31:99
    add address=192.168.88.17 comment=Computador-cliente interface=ether3-LAN1 mac-address=64:3F:E5:B3:99:51
    add address=192.168.88.18 comment="Computador-cliente" interface=ether3-LAN1 mac-address=3F:E5:B3:06:A1:CA
    add address=192.168.88.19 comment=Computador-cliente interface=ether3-LAN1 mac-address=3F:E5:B3:A4:A0:94
    add address=192.168.88.20 comment="cliente" interface=ether3-LAN1 mac-address=00:3F:E5:B3:36:4C


    /ip dhcp-client
    add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1-WAN1
    add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether2-WAN2
    /ip dhcp-server network
    add address=192.168.88.0/24 dns-server=192.168.1.1,192.168.2.1 gateway=192.168.88.1


    /ip dns
    set allow-remote-requests=yes cache-size=4096KiB servers=200.222.145.85,200.149.55.142


    /ip firewall address-list
    add address=200.155.80.0-200.155.255.255 comment=BRADESCO list=LINK0
    add address=200.220.186.0/24 list=LINK0
    add address=200.220.178.0/24 list=LINK0


    /ip firewall connection tracking
    set tcp-established-timeout=10m


    /ip settings
    set accept-redirects=yes


    /ip firewall filter
    add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=velox.user.com.br
    add action=drop chain=forward comment="BLOQUEIO DE DNS REVERSO" content=speed.user.com.br
    add chain=input in-interface=!ether1-WAN1 src-address=192.168.88.0/24
    add chain=input in-interface=!ether2-WAN2 src-address=192.168.88.0/24


    /ip firewall mangle
    add action=mark-connection chain=prerouting connection-state=new dst-address-list=LINK0 in-interface=ether3-LAN1 \
    new-connection-mark=Sites0
    add action=mark-routing chain=prerouting connection-mark=Sites0 in-interface=ether3-LAN1 new-routing-mark=Rota0 \
    passthrough=no
    add action=mark-connection chain=prerouting connection-state=new in-interface=ether1-WAN1 new-connection-mark=ether1_conn
    add action=mark-connection chain=prerouting connection-state=new in-interface=ether2-WAN2 new-connection-mark=ether2_conn
    add action=mark-routing chain=output connection-mark=ether1_conn new-routing-mark=to_ether1
    add action=mark-routing chain=output connection-mark=ether2_conn new-routing-mark=to_ether2
    add chain=prerouting dst-address=192.168.2.0/24 in-interface=ether3-LAN1
    add chain=prerouting dst-address=192.168.1.0/24 in-interface=ether3-LAN1
    add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=ether3-LAN1 \
    new-connection-mark=ether1_conn per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=ether3-LAN1 \
    new-connection-mark=ether2_conn per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting connection-mark=ether1_conn in-interface=ether3-LAN1 new-routing-mark=to_ether1
    add action=mark-routing chain=prerouting connection-mark=ether2_conn in-interface=ether3-LAN1 new-routing-mark=to_ether2


    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=ether1-WAN1
    add action=masquerade chain=srcnat out-interface=ether2-WAN2 to-addresses=0.0.0.0


    /ip hotspot user
    add name=cliente password=master
    add name=cliente password=1215 profile=256K
    add name=cliente password=1248 profile=1M
    add name=cliente password=1225 profile=1M
    add name=cliente password=1214 profile=2M
    add name=cliente password=1217 profile=512K
    add name=cliente password=1226 profile=512K
    add name=cliente password=1235 profile=512K
    add name=cliente password=1244 profile=512K
    add name=cliente password=1283 profile=512K
    add name=cliente password=1236 profile=1M
    add name=cliente password=1229 profile=640K
    add name=cliente password=1280 profile=640K
    add name=cliente password=1236 profile=256K
    add name=cliente password=1247 profile=710K


    /ip hotspot walled-garden ip
    add action=accept disabled=no dst-port=20561 protocol=tcp
    add action=accept disabled=no dst-port=8291 protocol=tcp
    add action=accept disabled=no dst-address=192.168.88.1 dst-port=81 protocol=tcp


    /ip route
    add distance=1 gateway=192.168.2.1 routing-mark=Rota0
    add check-gateway=ping comment=Link0 distance=1 gateway=192.168.2.1 routing-mark=to_ether1
    add check-gateway=ping comment=Link1 distance=1 gateway=192.168.1.1 routing-mark=to_ether2
    add check-gateway=ping comment=Link0 distance=1 gateway=192.168.2.1
    add check-gateway=ping comment=Link1 distance=2 gateway=192.168.1.1


    /ip service
    set www port=81


    /ip upnp
    set allow-disable-external-interface=no


    /system clock
    set time-zone-name=America/Recife


    /system clock manual
    set dst-end="mar/10/2020 00:00:00" dst-start="mar/10/2014 00:00:00"






Tópicos Similares

  1. Converter regra linux para mikrotik
    Por Mahteus Zanchini no fórum Redes
    Respostas: 1
    Último Post: 18-05-2016, 06:58
  2. Regras de Firewall para Mikrotik
    Por renantrix no fórum Redes
    Respostas: 6
    Último Post: 08-09-2011, 10:00
  3. Regras Iptables para Mikrotik
    Por phorks no fórum Redes
    Respostas: 0
    Último Post: 11-05-2009, 07:27
  4. Regra firewall para portas 137, 138 e 139
    Por xandemartini no fórum Redes
    Respostas: 14
    Último Post: 07-06-2006, 21:16
  5. Respostas: 3
    Último Post: 27-03-2003, 12:17

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L