помогите с ограничением скорости (входящий)

Раздел для тех, кто начинает знакомиться с MikroTik
Правила форума
Как правильно оформить вопрос.
Прежде чем начать настройку роутера, представьте, как это работает. Попробуйте почитать статьи об устройстве интернет-сетей. Убедитесь, что всё, что Вы задумали выполнимо вообще и на данном оборудовании в частности.
Не нужно изначально строить Наполеоновских планов. Попробуйте настроить простейшую конфигурацию, а усложнения добавлять в случае успеха постепенно.
Пожалуйста, не игнорируйте правила русского языка. Отсутствие знаков препинания и неграмотность автора топика для многих гуру достаточный повод проигнорировать топик вообще.

1. Назовите технологию подключения (динамический DHCP, L2TP, PPTP или что-то иное)
2. Изучите темку "Действия до настройки роутера".
viewtopic.php?f=15&t=2083
3. Настройте согласно выбранного Вами мануала
4. Дочитайте мануал до конца и без пропусков, в 70% случаев люди просто не до конца читают статью и пропускают важные моменты.
5. Если не получается, в Winbox открываем терминал и вбиваем там /export hide-sensitive. Результат в топик под кат, интимные подробности типа личных IP изменить на другие, пароль забить звездочками.
6. Нарисуйте Вашу сеть, рисунок (схему) сюда. На словах может быть одно, в действительности другое.
gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

Надеюсь что все сделал правильно

 config
[admin@MikroTik] > export
# sep/08/2015 13:21:24 by RouterOS 6.30.2
# software id = Y7HZ-6UC1
#
/interface bridge
add admin-mac=D4:CA:6D:63:4B:B6 auto-mac=no mtu=1500 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors l2mtu=1600 mode=\
ap-bridge wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway rx-flow-control=on tx-flow-control=on
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local
set [ find default-name=sfp1 ] disabled=yes name=sfp1-gateway
/interface wireless nstreme
set wlan1 enable-polling=no framer-policy=dynamic-size
/ip neighbor discovery
set sfp1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=wwwwwwww \
wpa2-pre-shared-key=wwwwwwww
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=0.0.0.2-255.255.255.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=default
/ppp profile
add name=profilevpn
/queue simple
add name=MI priority=1/1 target=192.168.88.100/32,192.168.88.103/32,192.168.88.101/32
add name="\CF\D0\C8\CD\D2\C5\D0" priority=1/1 target=192.168.88.6/32 total-priority=2
add max-limit=5M/5M name="\CA\E8\F0\E8\EB\EB" target=\
192.168.88.113/32,192.168.88.114/32,192.168.88.18/32,192.168.88.21/32,192.168.88.20/32
add name=NAS target=192.168.88.14/32
add max-limit=2M/4M name="\CA\E8\F0\E8\EB\EB \ED\EE\F3\F2" target=192.168.88.102/32
add max-limit=1M/1M name=queue1 target=192.168.88.17/32
add burst-threshold=5M/5M burst-time=5s/5s disabled=yes max-limit=1M/1M name=kachalka target=ether1-gateway time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat
/system logging action
set 0 memory-lines=1
set 1 disk-lines-per-file=1
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local disabled=yes interface=ether1-gateway
/interface l2tp-server server
set enabled=yes
/interface pppoe-server server
add default-profile=profilevpn disabled=no interface=ether1-gateway max-mru=1480 max-mtu=1480 service-name=service1
/interface pptp-server server
set default-profile=profilevpn enabled=yes
/interface wireless access-list
add interface=wlan1 mac-address=78:E4:00:E3:6F:EC
add mac-address=74:45:8A:4A:76:35
add interface=wlan1 mac-address=14:10:9F:E4:6B:89
add interface=wlan1 mac-address=D8:E5:6D:89:7B:05
add mac-address=C4:46:19:1C:C8:FA
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA
/interface wireless connect-list
add interface=wlan1 mac-address=78:E4:00:E3:6F:EC security-profile=default
add interface=wlan1 mac-address=1C:C1:DE:C6:74:31 security-profile=default
add interface=wlan1 mac-address=68:9C:5E:B1:C5:D0 security-profile=default
add interface=wlan1 mac-address=14:10:9F:E4:6B:89 security-profile=default
add interface=wlan1 mac-address=00:E0:4C:13:DD:27 security-profile=default
add interface=wlan1 mac-address=18:FE:34:A0:9B:78 security-profile=default
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA security-profile=default
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2 network=192.168.88.0
add address=192.168.88.1 interface=wlan1 network=192.168.88.1
/ip arp
add address=192.168.88.111 comment="\F2\E5\EB\E5\F4\EE\ED \CC\C0\CA\D1" interface=bridge-local mac-address=68:9C:5E:B1:C5:D0
add address=192.168.88.100 comment=bell interface=bridge-local mac-address=78:E4:00:E3:6F:EC
add address=192.168.88.50 comment="\CC\C8\CD\C8 \CA\CE\CC\CF" interface=bridge-local mac-address=20:6A:8A:06:6B:C1
add address=192.168.88.101 comment="Lapkin \ED\EE\F3\F2" interface=bridge-local mac-address=00:E0:4C:13:DD:27
add address=192.168.88.6 comment="\CF\D0\C8\CD\D2\C5\D0 \D7\C5\D0\CD\CE \C1\C5\CB\DB\C9" interface=bridge-local mac-address=\
1C:C1:DE:C6:74:31
add address=192.168.88.114 interface=bridge-local mac-address=1C:E6:2B:48:86:89
add address=192.168.88.112 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.102 comment="\CA\C8\D0\C8\CB\CB \CD\CE\D3\D2" interface=bridge-local mac-address=14:10:9F:E4:6B:89
add address=192.168.88.16 interface=bridge-local mac-address=98:3B:16:1D:3A:EC
add address=192.168.88.14 interface=bridge-local mac-address=00:08:9B:C9:4B:95
add address=192.168.88.15 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.20 interface=bridge-local mac-address=48:59:29:ED:4A:1E
add address=10.100.27.1 interface=ether1-gateway mac-address=00:1B:21:B5:45:1C
add address=192.168.88.26 interface=bridge-local mac-address=5C:93:A2:21:36:C1
add address=192.168.88.18 interface=bridge-local mac-address=D8:E5:6D:AE:12:06
add address=192.168.88.19 interface=bridge-local mac-address=D8:E5:6D:89:7B:05
add address=192.168.88.13 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.65 interface=bridge-local mac-address=18:FE:34:A0:9B:78
add address=192.168.88.10 interface=bridge-local mac-address=C4:46:19:1C:C8:FA
add address=192.168.88.55 interface=bridge-local mac-address=B8:27:EB:9D:96:92
add address=192.168.88.12 interface=bridge-local mac-address=B8:27:EB:E4:84:30
add address=192.168.88.155 interface=bridge-local mac-address=B8:27:EB:E4:84:30
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.88.111 client-id="\D2\E5\EB\E5\F4\EE\ED \CC\E0\F5" mac-address=68:9C:5E:B1:C5:D0 server=default \
use-src-mac=yes
add address=192.168.88.100 client-id=1:78:e4:0:e3:6f:ec mac-address=78:E4:00:E3:6F:EC server=default use-src-mac=yes
add address=192.168.88.50 client-id=1:20:6a:8a:6:6b:c1 mac-address=20:6A:8A:06:6B:C1 server=default use-src-mac=yes
add address=192.168.88.101 client-id=1:0:e0:4c:13:dd:27 mac-address=00:E0:4C:13:DD:27 server=default use-src-mac=yes
add address=192.168.88.102 always-broadcast=yes client-id=1:14:10:9f:e4:6b:89 mac-address=14:10:9F:E4:6B:89 server=default \
use-src-mac=yes
add address=192.168.88.112 client-id="\EF\EB\E0\ED\F8\E5\F2\ED\E8\EA" mac-address=74:45:8A:4A:76:35 server=default \
use-src-mac=yes
add address=192.168.88.113 client-id=1:40:f3:8:2c:87:1 mac-address=40:F3:08:2C:87:01 server=default use-src-mac=yes
add address=192.168.88.103 client-id=1:0:23:15:42:bb:14 mac-address=00:23:15:42:BB:14 server=default use-src-mac=yes
add address=192.168.88.114 always-broadcast=yes client-id=1:1c:e6:2b:48:86:89 mac-address=1C:E6:2B:48:86:89 server=default \
use-src-mac=yes
add address=192.168.88.104 client-id=1:0:1e:65:d9:3f:54 mac-address=00:1E:65:D9:3F:54 server=default use-src-mac=yes
add address=192.168.88.16 client-id="\ED\E0\E2\E8\E3\E0\F2\EE\F0" mac-address=98:3B:16:1D:3A:EC server=default
add address=192.168.88.21 client-id=1:88:9f:fa:50:1a:94 mac-address=88:9F:FA:50:1A:94 server=default use-src-mac=yes
add address=192.168.88.17 client-id=1:20:68:9d:20:1b:46 insert-queue-before=first mac-address=20:68:9D:20:1B:46 rate-limit=5 \
server=default use-src-mac=yes
add address=192.168.88.14 client-id=1:0:8:9b:c9:4b:95 mac-address=00:08:9B:C9:4B:95 server=default use-src-mac=yes
add address=192.168.88.26 client-id=1:5c:93:a2:21:36:c1 mac-address=5C:93:A2:21:36:C1 server=default use-src-mac=yes
add address=192.168.88.19 mac-address=D8:E5:6D:89:7B:05 server=default use-src-mac=yes
add address=192.168.88.13 client-id=1:74:45:8a:4a:76:35 mac-address=74:45:8A:4A:76:35 server=default
add address=192.168.88.20 client-id=1:48:59:29:ed:4a:1e mac-address=48:59:29:ED:4A:1E server=default
add address=192.168.88.10 client-id=1:c4:46:19:1c:c8:fa mac-address=C4:46:19:1C:C8:FA server=default
add address=192.168.88.55 mac-address=B8:27:EB:9D:96:92 server=default use-src-mac=yes
add address=192.168.88.155 mac-address=B8:27:EB:E4:84:30 server=default use-src-mac=yes
add address=192.168.88.12 client-id=1:30:75:12:e0:d5:3c mac-address=30:75:12:E0:D5:3C server=default
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
add address=192.168.88.1/32 gateway=192.168.88.1 netmask=32
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.88.6 list=PRINTER
add list=TELEFON
add address=192.168.88.1 list=Pro4itali
/ip firewall filter
add action=drop chain=forward disabled=yes out-interface=ether1-gateway
add action=drop chain=forward disabled=yes protocol=udp
add action=add-dst-to-address-list address-list=del address-list-timeout=1m chain=input in-interface=ether1-gateway protocol=\
tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=udp
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="for dns" disabled=yes dst-port=53 protocol=udp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"Port scanners to list " protocol=tcp psd=21,3s,3,1 src-address=!192.168.88.100
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"NMAP FIN Stealth scan" protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"FIN/PSH/URG scan" protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address=!192.168.88.100 src-address-list="port scanners"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=3h chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat disabled=yes dst-limit=1,5,dst-address limit=1,5 log=yes log-prefix=s protocol=tcp src-port=\
80 to-ports=8085
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=135 protocol=udp to-addresses=192.168.88.14 to-ports=135
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=14888 protocol=tcp to-addresses=192.168.88.14 to-ports=\
14888
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=139 protocol=tcp to-addresses=192.168.88.14 to-ports=139
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=445 protocol=tcp to-addresses=192.168.88.14 to-ports=445
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=445 protocol=udp to-addresses=192.168.88.14 to-ports=445
add action=masquerade chain=srcnat comment="default configuration" out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=8080 protocol=tcp to-addresses=192.168.88.14 to-ports=8080
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=5555 protocol=tcp to-addresses=192.168.88.55 to-ports=80
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=1555 protocol=tcp to-addresses=192.168.88.155 to-ports=80
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=3333 protocol=tcp to-addresses=192.168.88.55 to-ports=22
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=1333 protocol=tcp to-addresses=192.168.88.155 to-ports=22
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=80 protocol=tcp to-addresses=192.168.88.14 to-ports=80
add action=dst-nat chain=dstnat dst-port=9000 protocol=tcp to-addresses=192.168.88.14 to-ports=9000
add action=dst-nat chain=dstnat dst-port=3306 log=yes protocol=tcp to-addresses=192.168.88.14 to-ports=3306
add action=dst-nat chain=dstnat dst-port=3306 protocol=udp to-addresses=192.168.88.14 to-ports=3306
/ip firewall service-port
set ftp disabled=yes
/ip proxy
set cache-path=web-proxy1 enabled=yes port=8085
/ip route
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
/ip service
set telnet disabled=yes
set www port=88
set ssh address=192.168.88.100/32 disabled=yes
set www-ssl disabled=no
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/lcd
set default-screen=stat-slideshow read-only-mode=yes
/lcd interface
set sfp1-gateway disabled=yes
set ether5 disabled=yes
set ether6-master-local disabled=yes
set ether7-slave-local disabled=yes
set ether8-slave-local disabled=yes
set ether9-slave-local disabled=yes
/lcd interface pages
set 0 interfaces=ether1-gateway,ether2,ether3,ether4,ether5,wlan1
/ppp secret
add name=admin password=admin service=pptp
/snmp
set contact=q enabled=yes location=q trap-generators=interfaces trap-interfaces=all
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+04:00
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=echo topics=info
/system ntp client
set enabled=yes primary-ntp=83.143.51.50
/system scheduler
add interval=1d name=schedule1 on-event="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
\n:local Eaccount \"gaga@gmail.com\";\r\
\n:local pass \"1974\";\r\
\n:local backupfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
\n}\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=oct/17/2013 start-time=14:39:59
add disabled=yes interval=10s name=IPwork on-event="/system script run script4" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/21/2015 start-time=14:57:18
add disabled=yes interval=10s name=IPdream on-event="/system script run script5" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/21/2015 start-time=14:58:50
/system script
add name=script2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
\n:local Eaccount \"gag@gmail.com\";\r\
\n:local pass \"19\";\r\
\n:local backupfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
\n}\r\
\n"
add name=script3 owner=admin policy=ftp,read,write,policy,test,password,sniff,sensitive source="/system reboot"
add name=script4 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:local y [/ip arp find mac-address=xx:xx:xx:xx:xx:xx];\r\
\n:if ( \$y!=\"\") do={\r\
\n:log warning \"This comp online!\";\r\
\n/tool e-mail send from=\"gag@gmail.com\" to=gag@gmail.com server=smtp.gmail.com port=465 user=gag@gmai\
l.com password=19 start-tls=yes subject=(\"IP work\") body=(\"This comp online! \" . [/system clock get time] . \
\" \" . [/system clock get date]);\r\
\n:delay 30;\r\
\n/system scheduler enable IPwork;\r\
\n/system scheduler disable IPdream;\r\
\n}\r\
\n} "
add name=script5 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:local y [/ip arp find mac-address=xx:xx:xx:xx:xx:xx];\r\
\n:if ( \$y=\"\") do={\r\
\n:log warning \"This comp online!\";\r\
\n/tool e-mail send from=\"gag@gmail.com\" to=gag@gmail.com server=smtp.gmail.com port=465 user=gag@gmai\
l.com password=19 start-tls=yes subject=(\"IP work\") body=(\"This comp online! \" . [/system clock get time] . \
\" \" . [/system clock get date]);\r\
\n:delay 30;\r\
\n/system scheduler enable IPdream;\r\
\n/system scheduler disable IPwork;\r\
\n}\r\
\n} "
/tool graphing interface
add interface=wlan1
add interface=ether2
add interface=bridge-local
add interface=ether1-gateway
/tool graphing queue
add
/tool graphing resource
add allow-address=192.168.88.14/32
/tool romon port
add
/tool sniffer
set file-limit=10000KiB file-name=12 filter-interface=bridge-local memory-limit=10000KiB
/tool traffic-monitor
add interface=ether1-gateway name=tmon1 threshold=0
add interface=ether2 name=tmon2 threshold=0


Аватара пользователя
podarok66
Модератор
Сообщения: 4355
Зарегистрирован: 11 фев 2012, 18:49
Откуда: МО

М-да, неоднозначно. Возникли вопросы, целый ряд. Например, почему вот тут куча маршрутов идентичных?
 Роуты

Код: Выделить всё

/ip route
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1
add disabled=yes distance=1 gateway=10.88.34.1

Потом вот тут NAT мне как бы непонятно почему to-addresses=0.0.0.0:
 NAT

Код: Выделить всё

/ip firewall nat
...
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
...

В фильтрах тоже часть правил смысла не имеют, потому что по умолчанию у нас все разрешено, а вы там что-то разрешили для форварда и ... всё. Звучит как " я разрешаю то-то, а затем... всё разрешено"
Потом, зачем Вам это, вроде бу туннелей не строите:
 Tunnel

Код: Выделить всё

/interface l2tp-server server
set enabled=yes
/interface pppoe-server server
add default-profile=profilevpn disabled=no interface=ether1-gateway max-mru=1480 max-mtu=1480 service-name=service1
/interface pptp-server server
set default-profile=profilevpn enabled=yes

И эту строку не пойму:

Код: Выделить всё

/ip dhcp-server network add address=192.168.88.1/32 gateway=192.168.88.1 netmask=32

Как бы надо причесать конфигурацию, а то и неясно, куда и что потечет при таком раскладе...


Мануалы изучил и нигде не ошибся? Фаервол отключил? Очереди погасил? Витая пара проверена? ... Тогда Netinstal'ом железку прошей и настрой ее заново. Что, все равно не фурычит? Тогда к нам. Если не подскажем, хоть посочувствуем...
gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

как бы я с вами полностью согласен.
бреда много. вот я и хочу в нем разобраться
вот откуда берется вот это
/ip route
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
add distance=1 gateway=10.88.34.1
я вообще не понимаю.

как правильно расположить фильтры какие есть?

нашел где убрать 10,88,34,1
закрыл фильтры.
посмотрите чего получилось.не нашел где тунель убрать
 
[admin@MikroTik] > export
# sep/08/2015 14:43:54 by RouterOS 6.30.2
# software id = Y7HZ-6UC1
#
/interface bridge
add admin-mac=D4:CA:6D:63:4B:B6 auto-mac=no mtu=1500 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors l2mtu=1600 mode=\
ap-bridge wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway rx-flow-control=on tx-flow-control=on
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local
set [ find default-name=sfp1 ] disabled=yes name=sfp1-gateway
/interface wireless nstreme
set wlan1 enable-polling=no framer-policy=dynamic-size
/ip neighbor discovery
set sfp1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=wwwwwwww \
wpa2-pre-shared-key=wwwwwwww
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=0.0.0.2-255.255.255.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=default
/ppp profile
add name=profilevpn
/queue simple
add name=MI priority=1/1 target=192.168.88.100/32,192.168.88.103/32,192.168.88.101/32
add name="\CF\D0\C8\CD\D2\C5\D0" priority=1/1 target=192.168.88.6/32 total-priority=2
add max-limit=5M/5M name="\CA\E8\F0\E8\EB\EB" target=\
192.168.88.113/32,192.168.88.114/32,192.168.88.18/32,192.168.88.21/32,192.168.88.20/32
add name=NAS target=192.168.88.14/32
add max-limit=2M/4M name="\CA\E8\F0\E8\EB\EB \ED\EE\F3\F2" target=192.168.88.102/32
add max-limit=1M/1M name=queue1 target=192.168.88.17/32
add burst-threshold=5M/5M burst-time=5s/5s disabled=yes max-limit=1M/1M name=kachalka target=ether1-gateway time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat
/system logging action
set 0 memory-lines=1
set 1 disk-lines-per-file=1
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local disabled=yes interface=ether1-gateway
/interface l2tp-server server
set enabled=yes
/interface pppoe-server server
add default-profile=profilevpn disabled=no interface=ether1-gateway max-mru=1480 max-mtu=1480 service-name=service1
/interface pptp-server server
set default-profile=profilevpn enabled=yes
/interface wireless access-list
add interface=wlan1 mac-address=78:E4:00:E3:6F:EC
add mac-address=74:45:8A:4A:76:35
add interface=wlan1 mac-address=14:10:9F:E4:6B:89
add interface=wlan1 mac-address=D8:E5:6D:89:7B:05
add mac-address=C4:46:19:1C:C8:FA
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA
/interface wireless connect-list
add interface=wlan1 mac-address=78:E4:00:E3:6F:EC security-profile=default
add interface=wlan1 mac-address=1C:C1:DE:C6:74:31 security-profile=default
add interface=wlan1 mac-address=68:9C:5E:B1:C5:D0 security-profile=default
add interface=wlan1 mac-address=14:10:9F:E4:6B:89 security-profile=default
add interface=wlan1 mac-address=00:E0:4C:13:DD:27 security-profile=default
add interface=wlan1 mac-address=18:FE:34:A0:9B:78 security-profile=default
add interface=wlan1 mac-address=C4:46:19:1C:C8:FA security-profile=default
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2 network=192.168.88.0
add address=192.168.88.1 interface=wlan1 network=192.168.88.1
/ip arp
add address=192.168.88.111 comment="\F2\E5\EB\E5\F4\EE\ED \CC\C0\CA\D1" interface=bridge-local mac-address=68:9C:5E:B1:C5:D0
add address=192.168.88.100 comment=bell interface=bridge-local mac-address=78:E4:00:E3:6F:EC
add address=192.168.88.50 comment="\CC\C8\CD\C8 \CA\CE\CC\CF" interface=bridge-local mac-address=20:6A:8A:06:6B:C1
add address=192.168.88.101 comment="Lapkin \ED\EE\F3\F2" interface=bridge-local mac-address=00:E0:4C:13:DD:27
add address=192.168.88.6 comment="\CF\D0\C8\CD\D2\C5\D0 \D7\C5\D0\CD\CE \C1\C5\CB\DB\C9" interface=bridge-local mac-address=\
1C:C1:DE:C6:74:31
add address=192.168.88.114 interface=bridge-local mac-address=1C:E6:2B:48:86:89
add address=192.168.88.112 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.102 comment="\CA\C8\D0\C8\CB\CB \CD\CE\D3\D2" interface=bridge-local mac-address=14:10:9F:E4:6B:89
add address=192.168.88.16 interface=bridge-local mac-address=98:3B:16:1D:3A:EC
add address=192.168.88.14 interface=bridge-local mac-address=00:08:9B:C9:4B:95
add address=192.168.88.15 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.20 interface=bridge-local mac-address=48:59:29:ED:4A:1E
add address=10.100.27.1 interface=ether1-gateway mac-address=00:1B:21:B5:45:1C
add address=192.168.88.26 interface=bridge-local mac-address=5C:93:A2:21:36:C1
add address=192.168.88.18 interface=bridge-local mac-address=D8:E5:6D:AE:12:06
add address=192.168.88.19 interface=bridge-local mac-address=D8:E5:6D:89:7B:05
add address=192.168.88.13 interface=bridge-local mac-address=74:45:8A:4A:76:35
add address=192.168.88.65 interface=bridge-local mac-address=18:FE:34:A0:9B:78
add address=192.168.88.10 interface=bridge-local mac-address=C4:46:19:1C:C8:FA
add address=192.168.88.55 interface=bridge-local mac-address=B8:27:EB:9D:96:92
add address=192.168.88.12 interface=bridge-local mac-address=B8:27:EB:E4:84:30
add address=192.168.88.155 interface=bridge-local mac-address=B8:27:EB:E4:84:30
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.88.111 client-id="\D2\E5\EB\E5\F4\EE\ED \CC\E0\F5" mac-address=68:9C:5E:B1:C5:D0 server=default \
use-src-mac=yes
add address=192.168.88.100 client-id=1:78:e4:0:e3:6f:ec mac-address=78:E4:00:E3:6F:EC server=default use-src-mac=yes
add address=192.168.88.50 client-id=1:20:6a:8a:6:6b:c1 mac-address=20:6A:8A:06:6B:C1 server=default use-src-mac=yes
add address=192.168.88.101 client-id=1:0:e0:4c:13:dd:27 mac-address=00:E0:4C:13:DD:27 server=default use-src-mac=yes
add address=192.168.88.102 always-broadcast=yes client-id=1:14:10:9f:e4:6b:89 mac-address=14:10:9F:E4:6B:89 server=default \
use-src-mac=yes
add address=192.168.88.112 client-id="\EF\EB\E0\ED\F8\E5\F2\ED\E8\EA" mac-address=74:45:8A:4A:76:35 server=default \
use-src-mac=yes
add address=192.168.88.113 client-id=1:40:f3:8:2c:87:1 mac-address=40:F3:08:2C:87:01 server=default use-src-mac=yes
add address=192.168.88.103 client-id=1:0:23:15:42:bb:14 mac-address=00:23:15:42:BB:14 server=default use-src-mac=yes
add address=192.168.88.114 always-broadcast=yes client-id=1:1c:e6:2b:48:86:89 mac-address=1C:E6:2B:48:86:89 server=default \
use-src-mac=yes
add address=192.168.88.104 client-id=1:0:1e:65:d9:3f:54 mac-address=00:1E:65:D9:3F:54 server=default use-src-mac=yes
add address=192.168.88.16 client-id="\ED\E0\E2\E8\E3\E0\F2\EE\F0" mac-address=98:3B:16:1D:3A:EC server=default
add address=192.168.88.21 client-id=1:88:9f:fa:50:1a:94 mac-address=88:9F:FA:50:1A:94 server=default use-src-mac=yes
add address=192.168.88.17 client-id=1:20:68:9d:20:1b:46 insert-queue-before=first mac-address=20:68:9D:20:1B:46 rate-limit=5 \
server=default use-src-mac=yes
add address=192.168.88.14 client-id=1:0:8:9b:c9:4b:95 mac-address=00:08:9B:C9:4B:95 server=default use-src-mac=yes
add address=192.168.88.26 client-id=1:5c:93:a2:21:36:c1 mac-address=5C:93:A2:21:36:C1 server=default use-src-mac=yes
add address=192.168.88.19 mac-address=D8:E5:6D:89:7B:05 server=default use-src-mac=yes
add address=192.168.88.13 client-id=1:74:45:8a:4a:76:35 mac-address=74:45:8A:4A:76:35 server=default
add address=192.168.88.20 client-id=1:48:59:29:ed:4a:1e mac-address=48:59:29:ED:4A:1E server=default
add address=192.168.88.10 client-id=1:c4:46:19:1c:c8:fa mac-address=C4:46:19:1C:C8:FA server=default
add address=192.168.88.55 mac-address=B8:27:EB:9D:96:92 server=default use-src-mac=yes
add address=192.168.88.155 mac-address=B8:27:EB:E4:84:30 server=default use-src-mac=yes
add address=192.168.88.12 client-id=1:30:75:12:e0:d5:3c mac-address=30:75:12:E0:D5:3C server=default
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
add address=192.168.88.1/32 gateway=192.168.88.1 netmask=32
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.88.6 list=PRINTER
add list=TELEFON
add address=192.168.88.1 list=Pro4itali
/ip firewall filter
add action=drop chain=forward disabled=yes out-interface=ether1-gateway
add action=drop chain=forward disabled=yes protocol=udp
add action=add-dst-to-address-list address-list=del address-list-timeout=1m chain=input in-interface=ether1-gateway protocol=\
tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=udp
add chain=forward comment="default configuration" connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=forward comment="default configuration" connection-state=established disabled=yes
add chain=forward comment="for dns" disabled=yes dst-port=53 protocol=udp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"Port scanners to list " protocol=tcp psd=21,3s,3,1 src-address=!192.168.88.100
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"NMAP FIN Stealth scan" protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=\
"FIN/PSH/URG scan" protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" \
protocol=tcp src-address=!192.168.88.100 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address=!192.168.88.100 src-address-list="port scanners"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=3h chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=\
established,new dst-port=22 protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat disabled=yes dst-limit=1,5,dst-address limit=1,5 log=yes log-prefix=s protocol=tcp src-port=\
80 to-ports=8085
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=135 protocol=udp to-addresses=192.168.88.14 to-ports=135
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=14888 protocol=tcp to-addresses=192.168.88.14 to-ports=\
14888
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=139 protocol=tcp to-addresses=192.168.88.14 to-ports=139
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=445 protocol=tcp to-addresses=192.168.88.14 to-ports=445
add action=dst-nat chain=dstnat dst-address=0.0.0.0/0 dst-port=445 protocol=udp to-addresses=192.168.88.14 to-ports=445
add action=masquerade chain=srcnat comment="default configuration" out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=8080 protocol=tcp to-addresses=192.168.88.14 to-ports=8080
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=5555 protocol=tcp to-addresses=192.168.88.55 to-ports=80
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=1555 protocol=tcp to-addresses=192.168.88.155 to-ports=80
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=3333 protocol=tcp to-addresses=192.168.88.55 to-ports=22
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=1333 protocol=tcp to-addresses=192.168.88.155 to-ports=22
add action=dst-nat chain=dstnat dst-address=10.100.27.111 dst-port=80 protocol=tcp to-addresses=192.168.88.14 to-ports=80
add action=dst-nat chain=dstnat dst-port=9000 protocol=tcp to-addresses=192.168.88.14 to-ports=9000
add action=dst-nat chain=dstnat dst-port=3306 log=yes protocol=tcp to-addresses=192.168.88.14 to-ports=3306
add action=dst-nat chain=dstnat dst-port=3306 protocol=udp to-addresses=192.168.88.14 to-ports=3306
/ip firewall service-port
set ftp disabled=yes
/ip proxy
set cache-path=web-proxy1 enabled=yes port=8085
/ip service
set telnet disabled=yes
set www port=88
set ssh address=192.168.88.100/32 disabled=yes
set www-ssl disabled=no
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/lcd
set default-screen=stat-slideshow read-only-mode=yes
/lcd interface
set sfp1-gateway disabled=yes
set ether5 disabled=yes
set ether6-master-local disabled=yes
set ether7-slave-local disabled=yes
set ether8-slave-local disabled=yes
set ether9-slave-local disabled=yes
/lcd interface pages
set 0 interfaces=ether1-gateway,ether2,ether3,ether4,ether5,wlan1
/ppp secret
add name=admin password=admin service=pptp
/snmp
set contact=q enabled=yes location=q trap-generators=interfaces trap-interfaces=all
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+04:00
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=echo topics=info
/system ntp client
set enabled=yes primary-ntp=83.143.51.50
/system scheduler
add interval=1d name=schedule1 on-event="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
\n:local Eaccount \"gag@gmail.com\";\r\
\n:local pass \"19\";\r\
\n:local backupfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
\n}\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=oct/17/2013 start-time=14:39:59
add disabled=yes interval=10s name=IPwork on-event="/system script run script4" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/21/2015 start-time=14:57:18
add disabled=yes interval=10s name=IPdream on-event="/system script run script5" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/21/2015 start-time=14:58:50
/system script
add name=script2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
\n:local Eaccount \"gag@gmail.com\";\r\
\n:local pass \"19\";\r\
\n:local backupfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
\n}\r\
\n"
add name=script3 owner=admin policy=ftp,read,write,policy,test,password,sniff,sensitive source="/system reboot"
add name=script4 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:local y [/ip arp find mac-address=xx:xx:xx:xx:xx:xx];\r\
\n:if ( \$y!=\"\") do={\r\
\n:log warning \"This comp online!\";\r\
\n/tool e-mail send from=\"gagarin74@gmail.com\" to=gag@gmail.com server=smtp.gmail.com port=465 user=gag@gmai\
l.com password=19 start-tls=yes subject=(\"IP work\") body=(\"This comp online! \" . [/system clock get time] . \
\" \" . [/system clock get date]);\r\
\n:delay 30;\r\
\n/system scheduler enable IPwork;\r\
\n/system scheduler disable IPdream;\r\
\n}\r\
\n} "
add name=script5 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:local y [/ip arp find mac-address=xx:xx:xx:xx:xx:xx];\r\
\n:if ( \$y=\"\") do={\r\
\n:log warning \"This comp online!\";\r\
\n/tool e-mail send from=\"gag@gmail.com\" to=gag@gmail.com server=smtp.gmail.com port=465 user=gag@gmai\
l.com password=19 start-tls=yes subject=(\"IP work\") body=(\"This comp online! \" . [/system clock get time] . \
\" \" . [/system clock get date]);\r\
\n:delay 30;\r\
\n/system scheduler enable IPdream;\r\
\n/system scheduler disable IPwork;\r\
\n}\r\
\n} "
/tool graphing interface
add interface=wlan1
add interface=ether2
add interface=bridge-local
add interface=ether1-gateway
/tool graphing queue
add
/tool graphing resource
add allow-address=192.168.88.14/32
/tool romon port
add
/tool sniffer
set file-limit=10000KiB file-name=12 filter-interface=bridge-local memory-limit=10000KiB
/tool traffic-monitor
add interface=ether1-gateway name=tmon1 threshold=0
add interface=ether2 name=tmon2 threshold=0
[admin@MikroTik] >


summit
Сообщения: 64
Зарегистрирован: 14 мар 2014, 07:20

а что за адрес 10.100.27.111 и почему для него в НАТе проброшены порты?
может ноги растут именно оттуда?


gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

summit писал(а):а что за адрес 10.100.27.111 и почему для него в НАТе проброшены порты?
может ноги растут именно оттуда?


это,как я понимаю ip адрес выданный провайдером по dhcp
https://yadi.sk/i/8D235zSQiwrQc
Вот лицевая страничка Mikrotik


gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

gagarin74 писал(а):
summit писал(а):а что за адрес 10.100.27.111 и почему для него в НАТе проброшены порты?
может ноги растут именно оттуда?


это,как я понимаю ip адрес выданный провайдером по dhcp
https://yadi.sk/i/8D235zSQiwrQc
Вот лицевая страничка Mikrotik

И соответственно первоначальная просьба была "зарезать" все пакеты по скорости которые входят из лан провайдера в домашнию лан . А именно с 10.100.27.* (кроме 10.100.27.111). Как то так . Или я не прав ?
Нафига мне чужой трафик который сидит каким то боком на 10.100.27.111?
Обращался к провайдеру. Ответ простой -или к Вам с вопросами или меняйте роутер который купите у нас.


summit
Сообщения: 64
Зарегистрирован: 14 мар 2014, 07:20

кто-то из сети провайдера бомбит вас запросами
есть два варианта:
1. это торрент клиент что-то качает
2. кто-то пытается к вам пробиться
что бы выяснить что конкретно происходит нужно видеть к какому порту идет обращение, поставьте галочку Port в torch


gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

ну как то так. естественно я в данный момент не могу отловить конкретно загрузку порта.

https://yadi.sk/i/RMOkJco7iwzCc

так я с самого начало (смотрите шапку),прошу помочь заблокировать эту всю фуйню.


vqd
Модератор
Сообщения: 3605
Зарегистрирован: 26 сен 2013, 14:20
Откуда: НСК
Контактная информация:

Судя по последнему скриншоту решение проблемы во втором сообщении данной ветки.

Просто эти 2 правила на самый верх поднимите и будет вам счастье

И еще... Микротик - это не та железка которая настраивается "методом тыка" Лучше составе ТЗ и наймите спеца


Есть интересная задача и бюджет? http://mikrotik.site
gagarin74
Сообщения: 16
Зарегистрирован: 07 янв 2013, 10:48

vqd писал(а):Судя по последнему скриншоту решение проблемы во втором сообщении данной ветки.

Просто эти 2 правила на самый верх поднимите и будет вам счастье

И еще... Микротик - это не та железка которая настраивается "методом тыка" Лучше составе ТЗ и наймите спеца



Вот правила которые заведены

https://yadi.sk/i/aqzS3JRqix6xx

Что куда передвинуть ? :)


Ответить