Monday, October 13, 2014

2 Wan+Hotspot 

/ip address
add address=192.168.0.1/24 disabled=no interface=Local network=192.168.0.0
add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0

/ip pool
add name=hs-pool ranges=192.168.0.30-192.168.0.254
add name=pppoe-pool ranges=192.168.0.30-192.168.0.253

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=20480KiB \
    max-udp-packet-size=10240 servers=8.8.8.8,8.8.4.4

/ip dhcp-server
add address-pool=hs-pool authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=Local lease-time=1h name=dhcp1

/ip dhcp-server config
set store-leases-disk=5m

/ip dhcp-server network
add address=192.168.0.0/24 comment="hotspot network" dhcp-option="" \
    dns-server="" gateway=192.168.0.1 ntp-server="" wins-server=""


/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
add dns-name=login.wifitech.com.pk hotspot-address=192.168.0.1 html-directory=hotspot \
    http-proxy=0.0.0.0:0 login-by=http-chap name=hotspot rate-limit=\
    "256K/1M 256K/1500K 256K/1200K 30/30 8 256K/1M" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no

/ip hotspot
add address-pool=hs-pool addresses-per-mac=1 disabled=no idle-timeout=5m \
    interface=Local keepalive-timeout=none name=hotspot profile=hotspot
/ip hotspot user profile
add address-pool=hs-pool advertise=no idle-timeout=none keepalive-timeout=2m \
    name="Student D" open-status-page=http-login rate-limit=\
    "200K/512K 200K/850K 200K/600K 30/30 8 200K/512K" shared-users=1 \
    status-autorefresh=1m transparent-proxy=yes


/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-packet chain=output disabled=no dscp=4 new-packet-mark=\
    cache-hits passthrough=no
add action=mark-connection chain=input disabled=no hotspot=auth in-interface=\
    Local new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no hotspot=auth in-interface=\
    Local new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no \
    hotspot=auth new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no \
    hotspot=auth new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 \
    hotspot=auth in-interface=Local
add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 \
    hotspot=auth in-interface=Local
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
    !local hotspot=auth in-interface=Local new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
    !local hotspot=auth in-interface=Local new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
    no hotspot=auth in-interface=Local new-routing-mark=to_WAN1 passthrough=\
    yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
    no hotspot=auth in-interface=Local new-routing-mark=to_WAN2 passthrough=\
    yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
    to-ports=8080
add action=accept chain=pre-hotspot disabled=no dst-address-type=!local \
    hotspot=auth
add action=masquerade chain=srcnat disabled=no out-interface=Local
add action=masquerade chain=srcnat disabled=no out-interface=Local
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.0.0/24 to-addresses=0.0.0.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 scope=30 target-scope=10
/system identity
set name="Powered By Wifitech"
Posted by at No comments:
Labels:

4 Wan Loadblancing 

/ip address
 add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0
 add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
 add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0
 add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0
 add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0


/ip firewall mangle
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes

add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255

add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

/ip firewall nat
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255

/ip route
 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10
Posted by at No comments:
Labels:

pppoe 

/ip address
add address=192.168.0.1/24 comment=LAN disabled=no interface=LAN network=192.168.0.0
add address=192.168.1.2/24 comment=WAN disabled=no interface=WAN network=192.168.1.0

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10

/ip pool add name=pppoe-users-pool ranges=192.168.0.3-192.168.0.253

/interface pppoe-server server
 add authentication=pap default-profile=default disabled=no interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=adeelkml.com

/ppp profile add change-tcp-mss=default dns-server=8.8.8.8 local-address=192.168.0.1 name=pppoe-profile only-one=yes remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default

/ip firewall nat add action=masquerade chain=srcnat disabled=no src-address=192.168.0.1-192.168.0.255

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8

/ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=adeel password=1234 profile=pppoe-profile routes="" service=pppoe
Posted by at No comments:
Labels:

2 Wan Loadbalancing 

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
Posted by at No comments:
Labels:

Skype script 

/ip firewall layer7-protocol
add name=skypenack regexp="[\\\\|\\xd5]"
/ip firewall mangle
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
chain=forward disabled=no layer7-protocol=skypenack packet-size=39 \
protocol=udp
add action=mark-connection chain=forward connection-rate=0-50k disabled=no \
new-connection-mark=conn_skype passthrough=yes protocol=udp \
src-address-list=skype
add action=mark-connection chain=forward connection-rate=0-50k disabled=no \
dst-address-list=skype new-connection-mark=conn_skype passthrough=yes \
protocol=udp
add action=mark-packet chain=forward connection-mark=conn_skype disabled=no \
new-packet-mark=skype passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skpehits packet-mark=skype parent=global-out priority=8 \
queue=default
Posted by at No comments:
Labels:

Mikrotik Clock 

/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+05:00

/system ntp client
set enabled=yes mode=unicast primary-ntp=82.165.36.179 secondary-ntp=0.0.0.0
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)