Mikrotik и Apple

Обсуждение ПО и его настройки
MZN
Сообщения: 34
Зарегистрирован: 13 сен 2017, 11:47

С некоторых пор прекратили работать. Причем все iPhonы и iPadы. Выгдядит это так, значок Wi-Fi появляется (тоже после плясок с бубном), но доступа в интернет, почту и другие онлайн ресурсы нет. Кто-нибудь с этим сталкивался? Роутер CRS125-24G-1S-2HnD-IN, прошивка - последняя 6.46beta28. Подскажите, а то жена и ребенок замучили.


Аватара пользователя
Vlad-2
Модератор
Сообщения: 2531
Зарегистрирован: 08 апр 2016, 19:19
Откуда: Петропавловск-Камчатский (п-ов Камчатка)
Контактная информация:

1) Вас не смущает слово "beta" в названии прошивки?
1.1) рекомендую бета-прошивки не использовать. (Вы же не интегратор, который "выжимает" из железа всё больше и больше).
1.2) перейдите на стабильную прошивку и думаю по крайне мере на 50% сэкономите себе сил, времени и нервов

2) По рассказам всё это как понятно, но хотелось бы увидеть именно настройки вифи-адаптера в микротике
(а точнее, тип его значений, там параметров не мало, и порой каждый важен, и зависят они друг от друга).
Почему не показали их (настройки) ?
2.1) адресацию айфон получает
2.2) а шлюз, днс?
ничего не меняли ещё и в этом направлении?
2.3) а НАТ/Маскарад не трогали?
2.4) трассировка работает с айфона/с мака? (по IP и/или по имени)(на внешние узлы конечно)?

Информации мало, поэтому советы пока и такие - обобщённые и наугад.



На работе(ах): 2xCCR1016-12G, RB3011UiAS и hAP lite (RB941)
Дома: CCR1016-12G, RBcAP2n (standalone), RB wAP LTE kit
Для тестов(под рукой): RB3011UiAS, hAP mini (RB931) и что-то ещё по мелочи
MTCNA
MTCRE
MZN
Сообщения: 34
Зарегистрирован: 13 сен 2017, 11:47

Спасибо.
1. У меня это возникло как-то сразу. И такая ситуация на всех прошивках. Вот сейчас поставил 6.45.3 - то же самое
1.1. Учту, но пока не помогает
1.2. Перешел - ноль эмоций
2. Если скажите какие и как их выдать - выложу
2.1. Они все получают IP, но с компа из той же сети не пингуются
2.2. Шлюз и DNS не менял, хотя иногда замена DNS на пару секунд дает Интернет, но потом он пропадает
2.3. Это не трогал точно
2.4. Я просто не знаю, как сделать трассировку с айфона...

И появился еще вопрос, на этом Микротике есть USB порт. К нему можно подключить Wi-Fi свисток и рабоать через него?


Аватара пользователя
Vlad-2
Модератор
Сообщения: 2531
Зарегистрирован: 08 апр 2016, 19:19
Откуда: Петропавловск-Камчатский (п-ов Камчатка)
Контактная информация:

MZN писал(а): 10 авг 2019, 23:30 Спасибо.
1. У меня это возникло как-то сразу. И такая ситуация на всех прошивках. Вот сейчас поставил 6.45.3 - то же самое
1.1. Учту, но пока не помогает
1.2. Перешел - ноль эмоций
НЕ видя настройки, говорить что работая на стабильной прошивке = всё равно
плохо, как-то преждевременно.
MZN писал(а): 10 авг 2019, 23:30 2. Если скажите какие и как их выдать - выложу
Я думал Вы уже не совсем на Вы с железкой !??! :-)
В Винбоксе нажимаете слева кнопку "New Terminal" и в окрывшемся окне подаёте команду:
export hide-sensitive
и роутер в этом окне выдаст все настройки - скопируйте все их
сюда, так будет предметный хоть разговор.
MZN писал(а): 10 авг 2019, 23:30 И появился еще вопрос, на этом Микротике есть USB порт. К нему можно подключить Wi-Fi свисток и рабоать через него?
Думаю на 95-98% что НЕТ.



На работе(ах): 2xCCR1016-12G, RB3011UiAS и hAP lite (RB941)
Дома: CCR1016-12G, RBcAP2n (standalone), RB wAP LTE kit
Для тестов(под рукой): RB3011UiAS, hAP mini (RB931) и что-то ещё по мелочи
MTCNA
MTCRE
MZN
Сообщения: 34
Зарегистрирован: 13 сен 2017, 11:47

Так я умею, хотя не могу сказать, что на ты. В терминале почти не работал. У меня ощущение, что так не весь конфиг выдается... Я удалил в начале огромный список блокируемых адресов от Spamhaus, Dshield, malc0de и мой (те, кто месяцами пытаются ломать). Вот:

Код: Выделить всё

/ip firewall filter
add action=accept chain=input comment="Accept 8728" dst-port=8728 protocol=tcp
add action=drop chain=input comment="pptp protection" in-interface=ISP \
    protocol=tcp src-address-list="ppp black"
add action=drop chain=input comment=\
    "Drop new connections from blacklisted IP's to this router" \
    connection-state=new in-interface=ISP src-address-list=blacklist
add action=drop chain=input comment="Drop bl" src-address-list=bl
add action=drop chain=forward comment="Drop bl" src-address-list=bl
add action=add-src-to-address-list address-list=WAKENAS address-list-timeout=\
    none-dynamic chain=input comment="For WakeNAS" dst-port=60001 protocol=tcp
add action=add-src-to-address-list address-list=WAKEMIKE address-list-timeout=\
    none-dynamic chain=input comment="For WakeMike" dst-port=60002 protocol=tcp
add action=accept chain=forward comment="Allow WoL" dst-address=192.168.1.0/24 \
    dst-port=9 out-interface=bridge-local protocol=udp src-port=""
add action=accept chain=input comment="Accept iWinbox" dst-port=8291 \
    in-interface=ISP protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
    established
add action=accept chain=input comment="default configuration" connection-state=\
    related
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ISP
add action=accept chain=forward comment="default configuration" \
    connection-state=established
add action=accept chain=forward comment="Accept forward for NAS FTP" \
    dst-address-list=!192.168.1.14 dst-port=20,22,221,55536-55543 in-interface=\
    ISP log=yes log-prefix=ftp protocol=tcp
add action=accept chain=forward comment="default configuration" \
    connection-state=related
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    192.168.0.0/16
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes \
    in-interface=ISP
add action=accept chain=input connection-state=related disabled=yes \
    in-interface=ISP
add action=accept chain=input dst-port=1723 in-interface=ISP protocol=tcp
add action=drop chain=input in-interface=ISP
add action=jump chain=forward disabled=yes in-interface=ISP jump-target=\
    customer
add action=accept chain=customer connection-state=established disabled=yes
add action=accept chain=customer connection-state=related disabled=yes
add action=drop chain=customer disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="For broadcast WoL" dst-port=9 \
    protocol=udp to-addresses=192.168.1.254 to-ports=9
add action=dst-nat chain=dstnat comment=NAS_FTP_outside dst-port=221 protocol=\
    tcp to-addresses=192.168.1.14 to-ports=221
add action=dst-nat chain=dstnat dst-port=55536-55543 protocol=tcp to-addresses=\
    192.168.1.14 to-ports=55536-55543
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=221 \
    protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=\
    55536-55543 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ISP
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
    src-address=192.168.89.0/24
add action=accept chain=srcnat comment="accept 8728" dst-port=8728 protocol=tcp
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add comment=Olga disabled=yes distance=1 dst-address=192.168.2.0/24 gateway=\
    10.10.0.2
add comment=Eugene disabled=yes distance=1 dst-address=192.168.3.0/24 gateway=\
    10.10.0.3
/ip service
set telnet address=192.168.1.15/32
set ftp port=221
set winbox address=0.0.0.0/0
/ip smb
set allow-guests=no comment=MikeGroup domain=HOME
/ip smb users
add name=Mike read-only=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ISP type=external
add interface=ether2 type=internal
add interface=ether3 type=internal
add interface=ether4 type=internal
add interface=ether5 type=internal
add interface=ether6 type=internal
add interface=ether7 type=internal
add interface=ether8-slave-local type=internal
add interface=ether9 type=internal
add interface=ether10 type=internal
add interface=ether11 type=internal
add interface=ether12 type=internal
add interface=ether13 type=internal
add interface=ether14 type=internal
add interface=ether15-slave-local type=internal
add interface=ether16-slave-local type=internal
add interface=ether17-slave-local type=internal
add interface=ether18-slave-local type=internal
add interface=ether19-slave-local type=internal
add interface=ether20-slave-local type=internal
add interface=ether21-slave-local type=internal
add interface=ether22-slave-local type=internal
add interface=ether23-slave-local type=internal
add interface=ether24-slave-local type=internal
add interface=bridge-local type=internal
/ipv6 address
add address=::d6ca:6dff:fefe:3e2d eui-64=yes from-pool=ONLMv6 interface=\
    bridge-local
/ipv6 dhcp-client
add add-default-route=yes interface=ISP pool-name=ONLMv6 request=address,prefix
/ipv6 firewall filter
add action=drop chain=input comment="\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E2\F1\E5\
    \_\AB\ED\E5\EF\F0\E0\E2\E8\EB\FC\ED\FB\E5\BB \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF" \
    connection-state=invalid
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\E5 \
    \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF" \
    connection-state=established,related in-interface=ISP
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\
    \E5 \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF" \
    connection-state=established,related in-interface=ISP out-interface=\
    bridge-local
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\EF\
    \E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
    limit=50,5:packet protocol=icmpv6
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\EF\
    \E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
    limit=50,5:packet protocol=icmpv6
add action=accept chain=input comment="\F0\E0\E7\F0\E5\F8\E8\F2\FC \F1\EE\E5\E4\
    \E8\ED\E5\ED\E8\FF \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 \EF\EE \EF\F0\EE\F2\
    \EE\EA\EE\EB\F3 UDP \ED\E0 \EF\EE\F0\F2 546 - \E1\E5\E7 \FD\F2\EE\E3\EE \EF\
    \F0\E0\E2\E8\EB\E0 \ED\E5 \EF\EE\EB\F3\F7\E8v \E0\E4\F0\E5\F1 IPv6 \EF\EE DH\
    CPv6 \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 " dst-port=546 in-interface=ISP \
    protocol=udp
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \E2\F1\
    \E5 \E8\E7 \EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8 \E2 \C8\ED\F2\E5\F0\ED\
    \E5\F2" in-interface=bridge-local out-interface=ISP
add action=drop chain=input comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E2\
    \F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
add action=drop chain=forward comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \
    \E2\F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
/lcd
set default-screen=stats-all time-interval=hour
/metarouter interface
add dynamic-bridge=bridge-local dynamic-mac-address=02:D4:38:CD:C7:32 type=\
    dynamic virtual-machine=mr1 vm-mac-address=02:5E:11:79:BD:06
/ppp secret
add disabled=yes name=vpn
add disabled=yes name=Olga remote-address=10.10.0.2
add disabled=yes name=Eugene remote-address=10.10.0.3
/snmp
set enabled=yes trap-interfaces=ether13
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set dst-end="jun/07/2018 00:00:00" dst-start="jun/07/2018 00:00:00" time-zone=\
    +03:00
/system identity
set name=MT
/system logging
add topics=wireless
/system ntp client
set enabled=yes primary-ntp=81.88.210.197 secondary-ntp=24.56.178.140
/system ntp server
set enabled=yes
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=2d name=DDNSNOIP on-event=DDNS_NO_IP policy=read,write,test \
    start-time=startup
add name=WAKENAS on-event=":local WAKENAS [/ip firewall address-list find where \
    list=\"WAKENAS\"]\r\
    \n:if (\$WAKENAS!=\"\") do={\r\
    \n/tool wol mac=00:11:32:37:97:57 interface=bridge-local\r\
    \n/ip firewall address-list remove [find where list=\"WAKENAS\"]\r\
    \n}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=WAKEMIKE on-event=":local WAKEMIKE [/ip firewall address-list find wher\
    e list=\"WAKEMIKE\"]\r\
    \n:if (\$WAKEMIKE!=\"\") do={\r\
    \n/tool wol mac=00:1F:BC:0E:17:CA interface=bridge-local\r\
    \n/ip firewall address-list remove [find where list=\"WAKEMIKE\"]\r\
    \n}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=OpenBL on-event="/system scheduler add comment=\"Download o\
    penbl list_Apply openbl List\" interval=3d name=\"Download and Apply OpenBL_\
    List\" on-event=DownloadOpenBL_ReplaceOpenBL start-date=jan/01/1970 start-ti\
    me=00:35:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=Spamhaus on-event="# Schedule the download and application \
    of the spamhaus list\r\
    \n/system scheduler add comment=\"Download spamhaus list_Apply spamhaus List\
    \" interval=3d name=\"DownloadSpamhausList and ApplySpamhausList\" on-event=\
    DownloadSpamhaus_ReplaceSpamhaus start-date=jan/01/1970 start-time=00:40:04" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=dshield.org on-event="/system scheduler add comment=\"Downl\
    oadDShieldList_InstallDShieldList\" interval=3d name=\"Download and Apply ds\
    hield_List\" on-event=Download_dshield_Replace_dshield start-date=jan/01/197\
    0 start-time=00:45:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=malc0de.com on-event="# Schedule the download and applicati\
    on of the malc0de list\r\
    \n/system scheduler add comment=\"Download and Apply malc0de list\" interval\
    =3d name=\"Downloadmalc0deList_Installmalc0deList\" on-event=Download_malc0d\
    e_Replace_malc0de start-date=jan/01/1970 start-time=00:50:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add comment="Download spamhaus list_Apply spamhaus List" interval=3d name=\
    "DownloadSpamhausList and ApplySpamhausList" on-event=\
    DownloadSpamhaus_ReplaceSpamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:40:04
add comment="Download openbl list_Apply openbl List" interval=3d name=\
    "Download and Apply OpenBL_List" on-event=DownloadOpenBL_ReplaceOpenBL \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:35:04
add comment=DownloadDShieldList_InstallDShieldList interval=3d name=\
    "Download and Apply dshield_List" on-event=Download_dshield_Replace_dshield \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:45:04
add comment="Download and Apply malc0de list" interval=3d name=\
    Downloadmalc0deList_Installmalc0deList on-event=\
    Download_malc0de_Replace_malc0de policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:50:04
add interval=2d name=no-ip_ddns_update policy=read,write,test start-date=\
    dec/28/2018 start-time=03:51:17
/system script
add dont-require-permissions=no name=DDNS_NO_IP owner=admin policy=\
    read,write,test source=":local inetinterface value=\"ISP\";\r\
    \n\r\
    \n:local noipuser \"Mike1st\";\r\
    \n\r\
    \n:local noippass \"dxubq0cl\";\r\
    \n\r\
    \n:local noiphost \"mz1.ddns.net\";\r\
    \n\r\
    \n:local dnsurl value=\"http://dynupdate.no-ip.com/nic/update\?myip=\";\r\
    \n\r\
    \n:local currentIP;\r\
    \n\r\
    \n:global previousIP [:resolve \$noiphost];\r\
    \n\r\
    \n:if ([/interface get \$inetinterface value-name=running] = true) do={\r\
    \n\r\
    \n:set \$currentIP value=[/ip address get [find where interface=\$inetinterf\
    ace] address];\r\
    \n\r\
    \n:for i from=([:len \$currentIP] - 1) to=0 do={\r\
    \n\r\
    \n:if ([:pick \$currentIP \$i] = \"/\") do={\r\
    \n\r\
    \n:set \$currentIP value=[:pick \$currentIP 0 \$i];\r\
    \n\r\
    \n}\r\
    \n\r\
    \n}\r\
    \n\r\
    \n:if (\$currentIP != \$previousIP) do={\r\
    \n\r\
    \n:log info message=(\"No-IP: Current IP: \".\$currentIP.\" is not equal to \
    previous IP: \".\$previousIP.\", update needed\");\r\
    \n\r\
    \n:set \$previousIP value=\$currentIP;\r\
    \n\r\
    \n:log info message=(\"No-IP: Sending update for \".\$noiphost);\r\
    \n\r\
    \n/tool fetch url=(\$dnsurl.\$currentIP.\"&hostname=\".\$noiphost) user=\$no\
    ipuser password=\$noippass mode=http keep-result=no;\r\
    \n\r\
    \n:log info message=(\"No-IP: Host \".\$noiphost.\" updated on No-IP with IP\
    \_\".\$currentIP);\r\
    \n\r\
    \n} else={\r\
    \n\r\
    \n:log info message=(\"No-IP: Previous IP \".\$previousIP.\" is equal to cur\
    rent IP: \".\$previousIP.\", no update needed\");\r\
    \n\r\
    \n}\r\
    \n\r\
    \n} else={\r\
    \n\r\
    \n:log info message=(\"No-IP: \".\$inetinterface.\" is not currently running\
    , so therefore will not update.\");\r\
    \n\r\
    \n}"
add dont-require-permissions=no name=OpenBL owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# S\
    cript which will download the OpenBL list as a text file & Script which will\
    \_Remove old OpenBL records and add new one\r\
    \n/system script add name=\"DownloadOpenBL_ReplaceOpenBL\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
    \n/import file-name=openbl.rsc;\r\
    \n:log info \"Removed old OpenBL records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=Spamhouse owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# S\
    cript which will download the drop list as a text file & Script which will R\
    emove old Spamhaus list and add new one\r\
    \n/system script add name=\"DownloadSpamhaus_ReplaceSpamhaus\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=dshield.org owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# S\
    cript which will download the drop list as a text file & Script which will R\
    emove old dshield list and add new one\r\
    \n/system script add name=\"Download_dshield_Replace_dshield\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=malc0de.com owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# S\
    cript which will download the malc0de list as a text file & Script which wil\
    l Remove old malc0de list and add new one\r\
    \n/system script add name=\"Download_malc0de_Replace_malc0de\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=DownloadOpenBL_ReplaceOpenBL owner=admin \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
    \n/import file-name=openbl.rsc;\r\
    \n:log info \"Removed old OpenBL records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=DownloadSpamhaus_ReplaceSpamhaus owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=Download_dshield_Replace_dshield owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=Download_malc0de_Replace_malc0de owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n"
add dont-require-permissions=no name="WoL 1st" owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "toolwol interface=Mike3rd-yellow-master-local mac=34-97-F6-5A-43-7C"
add dont-require-permissions=no name=no-ip_ddns_update owner=admin policy=\
    read,write,test source="# No-IP automatic Dynamic DNS update\r\
    \n\r\
    \n#--------------- Change Values in this section to match your setup -------\
    -----------\r\
    \n\r\
    \n# No-IP User account info\r\
    \n:local noipuser \"Mike1st\"\r\
    \n:local noippass \"dxubq0cl\"\r\
    \n\r\
    \n# Set the hostname or label of network to be updated.\r\
    \n# Hostnames with spaces are unsupported. Replace the value in the quotatio\
    ns below with your host names.\r\
    \n# To specify multiple hosts, separate them with commas.\r\
    \n:local noiphost \"mznas.ddns.net\", \"mz1.ddns.net\", \"mz2.ddns.net\"\r\
    \n\r\
    \n# Change to the name of interface that gets the dynamic IP address\r\
    \n:local inetinterface \"ISP\"\r\
    \n\r\
    \n#-------------------------------------------------------------------------\
    -----------\r\
    \n# No more changes need\r\
    \n\r\
    \n:global previousIP\r\
    \n\r\
    \n:if ([/interface get \$inetinterface value-name=running]) do={\r\
    \n# Get the current IP on the interface\r\
    \n   :local currentIP [/ip address get [find interface=\"\$inetinterface\" d\
    isabled=no] address]\r\
    \n\r\
    \n# Strip the net mask off the IP address\r\
    \n   :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
    \n       :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
    \n           :set currentIP [:pick \$currentIP 0 \$i]\r\
    \n       } \r\
    \n   }\r\
    \n\r\
    \n   :if (\$currentIP != \$previousIP) do={\r\
    \n       :log info \"No-IP: Current IP \$currentIP is not equal to previous \
    IP, update needed\"\r\
    \n       :set previousIP \$currentIP\r\
    \n\r\
    \n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Require\
    d since \? is a special character in commands.\r\
    \n       :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curren\
    tIP\"\r\
    \n       :local noiphostarray\r\
    \n       :set noiphostarray [:toarray \$noiphost]\r\
    \n       :foreach host in=\$noiphostarray do={\r\
    \n           :log info \"No-IP: Sending update for \$host\"\r\
    \n           /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuser \
    password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host . \"\
    .txt\")\r\
    \n           :log info \"No-IP: Host \$host updated on No-IP with IP \$curre\
    ntIP\"\r\
    \n       }\r\
    \n   }  else={\r\
    \n       :log info \"No-IP: Previous IP \$previousIP is equal to current IP,\
    \_no update needed\"\r\
    \n   }\r\
    \n} else={\r\
    \n   :log info \"No-IP: \$inetinterface is not currently running, so therefo\
    re will not update.\"\r\
    \n}\r\
    \n\r\
    \n\r\
    \n3. Create a new scheduler entry to run this script every 5 mins.\r\
    \n\r\
    \n/system scheduler add comment=\"Update No-IP DDNS\" disabled=no interval=5\
    m \\\r\
    \nname=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test\r\
    \n\r\
    \n--riverron 03:18, 18 March 2012 (UTC)\r\
    \n\r\
    \n\r\
    \nAlternative script.\r\
    \n\r\
    \nAlternative script uses DNS Resolve and is based on an documentation http:\
    //wiki.mikrotik.com/wiki/Manual:Scripting-examples and documentation No-IP D\
    NS Update API http://www.no-ip.com/integrate/request\r\
    \n\r\
    \nCan be modified for use with other Dynamic DNS services supported ReST API\
    .\r\
    \n\r\
    \n\r\
    \n##############Script Settings##################\r\
    \n\r\
    \n:local NOIPUser \"no-ip.com LOGIN\"\r\
    \n:local NOIPPass \"no-ip.com PASSWORD\"\r\
    \n:local WANInter \"MikroTik Router WAN Interface Name\"\r\
    \n\r\
    \n###############################################\r\
    \n\r\
    \n:local NOIPDomain \"\$NOIPUser.no-ip.org\"\r\
    \n:local IpCurrent [/ip address get [find interface=\$WANInter] address];\r\
    \n:for i from=( [:len \$IpCurrent] - 1) to=0 do={ \r\
    \n  :if ( [:pick \$IpCurrent \$i] = \"/\") do={ \r\
    \n    :local NewIP [:pick \$IpCurrent 0 \$i];\r\
    \n    :if ([:resolve \$NOIPDomain] != \$NewIP) do={\r\
    \n      /tool fetch mode=http user=\$NOIPUser password=\$NOIPPass url=\"http\
    ://dynupdate.no-ip.com/nic/update\\3Fhostname=\$NOIPDomain&myip=\$NewIP\" ke\
    ep-result=no\r\
    \n      :log info \"NO-IP Update: \$NOIPDomain - \$NewIP\"\r\
    \n     }\r\
    \n   } \r\
    \n}"
/system watchdog
set auto-send-supout=yes send-email-from=router send-email-to=\
    mikezimn@gmail.com send-smtp-server=smtp.gmail.com watch-address=8.8.8.8
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add
/tool user-manager database
set db-path=user-manager1
Последний раз редактировалось MZN 11 авг 2019, 08:55, всего редактировалось 1 раз.


Аватара пользователя
Vlad-2
Модератор
Сообщения: 2531
Зарегистрирован: 08 апр 2016, 19:19
Откуда: Петропавловск-Камчатский (п-ов Камчатка)
Контактная информация:

Мда....всё тяжко. :sh_ok:

1) данных настроек по ВиФи не вижу
2) Что у Вас там за конфиг? У Вас там что, режете часть сайтов? Прокся? IPv6 и файрвол на нём?
(я в шоке, у меня в организации на более мощном железе такова нет).
3) Я хочу напомнить, у Вас Свичь с функцией маршрутизатора, а не 8-16 ядерный проф.железка.
3.1) Ваш свитч хоть живой ? Нагрузка на CPU какая?
3.2) ААА-метароутер? Что Вы делаете на нём?
3.3) при настройки UPnP надо принимать внимание что условно локальное, а что внешнее,
если у Вас порты в бридже(не увидел какие и в каком), то тогда надо бридж - как логический
интерфейс описывать, а не каждый порт.
3.4) зачем NoIP DNS ? У Микротика есть служба/сервис CLOUD - присваивается постоянное имя роутеру,
и оно доступно всегда, при динамическом реальном (внешнем) адресе?

4) делайте так:

Код: Выделить всё

export hide-sensitive file=MyCFG-110819
так у Вас весь конфиг сохраниться в файл MyCFG-110819
4.1) В Винбоксе открываете Files (там этот файл будет) и мышкой на рабочий стол переносите
4.2) открываете уже на рабочем столе этот конфиг Блокнотом и удаляете там все Ваши скрипты и аналитику скриптовую
4.3) и сам конфиг (основу всю) сюда выложите (не забыв выделить его сначала и в конце - тегами "code")



На работе(ах): 2xCCR1016-12G, RB3011UiAS и hAP lite (RB941)
Дома: CCR1016-12G, RBcAP2n (standalone), RB wAP LTE kit
Для тестов(под рукой): RB3011UiAS, hAP mini (RB931) и что-то ещё по мелочи
MTCNA
MTCRE
MZN
Сообщения: 34
Зарегистрирован: 13 сен 2017, 11:47

1. Конфиг выложил
2. Да, часть сайтов режу, надоедает, когда с одного IP неделями идет подбор пароля. Прокси нет, Ipv6 и файрволл есть
3.1. Свич живой, нагрузка на проц - 8-12%
3.2. AAA-метароутер - остался от предыдущих опытов - буду благодарен, если подскажете как убрать
3.3.
при настройки UPnP надо принимать внимание что условно локальное, а что внешнее,
если у Вас порты в бридже(не увидел какие и в каком), то тогда надо бридж - как логический
интерфейс описывать, а не каждый порт.
. Вот это не понял, опять же, подскажите что и как - сделаю.
3.4. Это я знаю, но там длинное и незапоминающееся имя. В приципе, могу убрать

Код: Выделить всё

# aug/11/2019 07:46:31 by RouterOS 6.45.3
# software id = NFEK-29UA
#
# model = CRS125-24G-1S-2HnD
# serial number = 49C6020C9CD3
/interface bridge
add admin-mac=D4:CA:6D:FE:3E:2D auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] l2mtu=4064 mac-address=D4:CA:6D:FE:3E:2B \
    mtu=4000 name=ISP rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] comment=Mike1st-2 l2mtu=4064 mtu=4000 \
    rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether3 ] comment=NAS l2mtu=4064 mtu=4000 \
    rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether4 ] comment=AP9630 l2mtu=4064 mtu=4000 \
    rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether5 ] comment=Vova rx-flow-control=on speed=\
    100Mbps tx-flow-control=on
set [ find default-name=ether6 ] comment="Red on Eugene table" speed=100Mbps
set [ find default-name=ether7 ] comment=Mike3rd-yellow rx-flow-control=auto \
    speed=100Mbps tx-flow-control=auto
set [ find default-name=ether8 ] name=ether8-slave-local rx-flow-control=auto \
    speed=100Mbps tx-flow-control=auto
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] comment=printer speed=100Mbps
set [ find default-name=ether11 ] speed=100Mbps
set [ find default-name=ether12 ] comment="USB server" speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] comment="LG TV" rx-flow-control=on speed=\
    100Mbps tx-flow-control=on
set [ find default-name=ether15 ] comment=Mike1stN-1 name=ether15-slave-local \
    speed=100Mbps
set [ find default-name=ether16 ] comment="TV set" name=ether16-slave-local \
    rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether17 ] disabled=yes name=ether17-slave-local \
    speed=100Mbps
set [ find default-name=ether18 ] disabled=yes name=ether18-slave-local \
    speed=100Mbps
set [ find default-name=ether19 ] disabled=yes name=ether19-slave-local \
    speed=100Mbps
set [ find default-name=ether20 ] disabled=yes name=ether20-slave-local \
    speed=100Mbps
set [ find default-name=ether21 ] disabled=yes name=ether21-slave-local \
    speed=100Mbps
set [ find default-name=ether22 ] disabled=yes name=ether22-slave-local \
    speed=100Mbps
set [ find default-name=ether23 ] disabled=yes name=ether23-slave-local \
    speed=100Mbps
set [ find default-name=ether24 ] disabled=yes name=ether24-slave-local \
    rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=sfp1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
    name=sfp1-slave-local
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia \
    default-authentication=no disabled=no distance=indoors frequency=auto \
    hw-protection-mode=rts-cts mode=ap-bridge ssid=MZN tx-power-mode=\
    all-rates-fixed wireless-protocol=802.11 wmm-support=enabled
/interface list
add name=mactel
add name=mac-winbox
add exclude=dynamic name=discover
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge-local name=default
/metarouter
add disabled=yes name=mr1
/ppp profile
set *FFFFFFFE local-address=dhcp remote-address=dhcp use-compression=no \
    use-encryption=no use-ipv6=no use-mpls=no
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9
add bridge=bridge-local interface=ether10
add bridge=bridge-local interface=ether11
add bridge=bridge-local interface=ether12
add bridge=bridge-local interface=ether13
add bridge=bridge-local interface=ether14
add bridge=bridge-local interface=ether15-slave-local
add bridge=bridge-local interface=ether16-slave-local
add bridge=bridge-local interface=ether17-slave-local
add bridge=bridge-local interface=ether18-slave-local
add bridge=bridge-local interface=ether19-slave-local
add bridge=bridge-local interface=ether20-slave-local
add bridge=bridge-local interface=ether21-slave-local
add bridge=bridge-local interface=ether22-slave-local
add bridge=bridge-local interface=ether23-slave-local
add bridge=bridge-local interface=ether24-slave-local
add bridge=bridge-local interface=sfp1-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/ipv6 settings
set max-neighbor-entries=1024
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
    all wan-interface-list=all
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6 list=mactel
add interface=ether5 list=mac-winbox
add interface=ether7 list=mactel
add interface=ether8-slave-local list=mactel
add interface=ether6 list=mac-winbox
add interface=ether9 list=mactel
add interface=ether7 list=mac-winbox
add interface=ether10 list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether11 list=mactel
add interface=ether9 list=mac-winbox
add interface=ether12 list=mactel
add interface=ether10 list=mac-winbox
add interface=ether13 list=mactel
add interface=ether11 list=mac-winbox
add interface=ether14 list=mactel
add interface=ether12 list=mac-winbox
add interface=ether15-slave-local list=mactel
add interface=ether13 list=mac-winbox
add interface=ether16-slave-local list=mactel
add interface=ether14 list=mac-winbox
add interface=ether17-slave-local list=mactel
add interface=ether15-slave-local list=mac-winbox
add interface=ether18-slave-local list=mactel
add interface=ether16-slave-local list=mac-winbox
add interface=ether19-slave-local list=mactel
add interface=ether17-slave-local list=mac-winbox
add interface=ether20-slave-local list=mactel
add interface=ether18-slave-local list=mac-winbox
add interface=ether21-slave-local list=mactel
add interface=ether19-slave-local list=mac-winbox
add interface=ether22-slave-local list=mactel
add interface=ether20-slave-local list=mac-winbox
add interface=ether23-slave-local list=mactel
add interface=ether21-slave-local list=mac-winbox
add interface=ether22-slave-local list=mac-winbox
add interface=ether23-slave-local list=mac-winbox
add interface=ether24-slave-local list=mactel
add interface=ether24-slave-local list=mac-winbox
add interface=sfp1-slave-local list=mactel
add interface=wlan1 list=mactel
add interface=sfp1-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8-slave-local list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=ether11 list=discover
add interface=ether12 list=discover
add interface=ether13 list=discover
add interface=ether14 list=discover
add interface=ether15-slave-local list=discover
add interface=ether16-slave-local list=discover
add interface=ether17-slave-local list=discover
add interface=ether18-slave-local list=discover
add interface=ether19-slave-local list=discover
add interface=ether20-slave-local list=discover
add interface=ether21-slave-local list=discover
add interface=ether22-slave-local list=discover
add interface=ether23-slave-local list=discover
add interface=ether24-slave-local list=discover
add interface=sfp1-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=ISP list=WAN
/interface pptp-server server
set authentication=mschap2 default-profile=default keepalive-timeout=5
/interface sstp-server server
set default-profile=default-encryption
/interface wireless access-list
add comment=T61 interface=wlan1 mac-address=00:1F:3B:B5:DF:9B
add comment="USB Server" interface=wlan1 mac-address=00:0E:3B:68:02:45
add comment="Julia NB" interface=wlan1 mac-address=F4:B7:E2:D0:2E:A7
add comment="PIXMA MG3540" interface=wlan1 mac-address=D8:49:2F:83:8B:28
add comment="Olga iph6" interface=wlan1 mac-address=D4:F4:6F:77:E1:39
add comment=G850F interface=wlan1 mac-address=48:5A:3F:45:F3:5E vlan-mode=\
    no-tag
add comment=Xperia disabled=yes interface=wlan1 mac-address=44:74:6C:4B:FC:75 \
    vlan-mode=no-tag
add comment="Eugene ZTE Nubia Z11 mini S" interface=wlan1 mac-address=\
    DC:F0:90:8B:CF:71 vlan-mode=no-tag
add comment="iPad 3mini" interface=wlan1 mac-address=6C:94:F8:C1:FB:7B \
    vlan-mode=no-tag
add comment="SAM PLANSHET ULIA" interface=wlan1 mac-address=D4:AE:05:43:A8:F1 \
    vlan-mode=no-tag
add comment="Jul SAM Ph" interface=wlan1 mac-address=C8:D7:B0:6C:1F:44 \
    vlan-mode=no-tag
add comment="NAT SAM Ph" interface=wlan1 mac-address=88:75:98:57:6F:6B \
    vlan-mode=no-tag
add comment="Luda iPad" interface=wlan1 mac-address=08:E6:89:AF:23:13 \
    vlan-mode=no-tag
add comment="Asus on main" interface=wlan1 mac-address=10:7B:44:57:B7:E8 \
    vlan-mode=no-tag
add comment="My 2nd Alpha" mac-address=F4:09:D8:9D:8A:AC vlan-mode=no-tag
add comment=Note8 interface=wlan1 mac-address=B8:D7:AF:74:68:0C vlan-mode=\
    no-tag
add comment=UliPh6s interface=wlan1 mac-address=FC:B6:D8:A2:97:A7 vlan-mode=\
    no-tag
add authentication=no comment="Luda iPh" forwarding=no mac-address=\
    58:E2:8F:6E:1E:97 signal-range=-1..120 vlan-mode=no-tag
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=ether2 \
    network=192.168.1.0
/ip arp
add address=192.168.1.254 comment="Broadcast for WoL" interface=bridge-local \
    mac-address=FF:FF:FF:FF:FF:FF
add address=192.168.1.14 comment=NAS1 interface=bridge-local mac-address=\
    00:11:32:37:97:57
add address=192.168.1.15 comment=MikeL2 interface=bridge-local mac-address=\
    00:1F:BC:0E:17:CA
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ISP
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=2606:4700:4700::1001
/ip dns static
add address=192.168.1.1 name=router
add address=1.0.0.1 name=Cloudflare2
add address=1.1.1.1 name=Cloudflare1
/ip firewall address-list
add list=blacklist
... вырезано
/ip firewall filter
add action=accept chain=input comment="Accept 8728" dst-port=8728 protocol=\
    tcp
add action=drop chain=input comment="pptp protection" in-interface=ISP \
    protocol=tcp src-address-list="ppp black"
add action=drop chain=input comment=\
    "Drop new connections from blacklisted IP's to this router" \
    connection-state=new in-interface=ISP src-address-list=blacklist
add action=drop chain=input comment="Drop bl" src-address-list=bl
add action=drop chain=forward comment="Drop bl" src-address-list=bl
add action=add-src-to-address-list address-list=WAKENAS address-list-timeout=\
    none-dynamic chain=input comment="For WakeNAS" dst-port=60001 protocol=\
    tcp
add action=add-src-to-address-list address-list=WAKEMIKE \
    address-list-timeout=none-dynamic chain=input comment="For WakeMike" \
    dst-port=60002 protocol=tcp
add action=accept chain=forward comment="Allow WoL" dst-address=\
    192.168.1.0/24 dst-port=9 out-interface=bridge-local protocol=udp \
    src-port=""
add action=accept chain=input comment="Accept iWinbox" dst-port=8291 \
    in-interface=ISP protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established
add action=accept chain=input comment="default configuration" \
    connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ISP
add action=accept chain=forward comment="default configuration" \
    connection-state=established
add action=accept chain=forward comment="Accept forward for NAS FTP" \
    dst-address-list=!192.168.1.14 dst-port=20,22,221,55536-55543 \
    in-interface=ISP log=yes log-prefix=ftp protocol=tcp
add action=accept chain=forward comment="default configuration" \
    connection-state=related
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
    192.168.0.0/16
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes \
    in-interface=ISP
add action=accept chain=input connection-state=related disabled=yes \
    in-interface=ISP
add action=accept chain=input dst-port=1723 in-interface=ISP protocol=tcp
add action=drop chain=input in-interface=ISP
add action=jump chain=forward disabled=yes in-interface=ISP jump-target=\
    customer
add action=accept chain=customer connection-state=established disabled=yes
add action=accept chain=customer connection-state=related disabled=yes
add action=drop chain=customer disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="For broadcast WoL" dst-port=9 \
    protocol=udp to-addresses=192.168.1.254 to-ports=9
add action=dst-nat chain=dstnat comment=NAS_FTP_outside dst-port=221 \
    protocol=tcp to-addresses=192.168.1.14 to-ports=221
add action=dst-nat chain=dstnat dst-port=55536-55543 protocol=tcp \
    to-addresses=192.168.1.14 to-ports=55536-55543
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=221 \
    protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=\
    55536-55543 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ISP
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
    src-address=192.168.89.0/24
add action=accept chain=srcnat comment="accept 8728" dst-port=8728 protocol=\
    tcp
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add comment=Olga disabled=yes distance=1 dst-address=192.168.2.0/24 gateway=\
    10.10.0.2
add comment=Eugene disabled=yes distance=1 dst-address=192.168.3.0/24 \
    gateway=10.10.0.3
/ip service
set telnet address=192.168.1.15/32
set ftp port=221
set winbox address=0.0.0.0/0
/ip smb
set allow-guests=no comment=MikeGroup domain=HOME
/ip smb users
add name=Mike read-only=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ISP type=external
add interface=ether2 type=internal
add interface=ether3 type=internal
add interface=ether4 type=internal
add interface=ether5 type=internal
add interface=ether6 type=internal
add interface=ether7 type=internal
add interface=ether8-slave-local type=internal
add interface=ether9 type=internal
add interface=ether10 type=internal
add interface=ether11 type=internal
add interface=ether12 type=internal
add interface=ether13 type=internal
add interface=ether14 type=internal
add interface=ether15-slave-local type=internal
add interface=ether16-slave-local type=internal
add interface=ether17-slave-local type=internal
add interface=ether18-slave-local type=internal
add interface=ether19-slave-local type=internal
add interface=ether20-slave-local type=internal
add interface=ether21-slave-local type=internal
add interface=ether22-slave-local type=internal
add interface=ether23-slave-local type=internal
add interface=ether24-slave-local type=internal
add interface=bridge-local type=internal
/ipv6 address
add address=::d6ca:6dff:fefe:3e2d eui-64=yes from-pool=ONLMv6 interface=\
    bridge-local
/ipv6 dhcp-client
add add-default-route=yes interface=ISP pool-name=ONLMv6 request=\
    address,prefix
/ipv6 firewall filter
add action=drop chain=input comment="\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E2\F1\
    \E5 \AB\ED\E5\EF\F0\E0\E2\E8\EB\FC\ED\FB\E5\BB \F1\EE\E5\E4\E8\ED\E5\ED\E8\
    \FF" connection-state=invalid
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\
    \E5 \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF\
    " connection-state=established,related in-interface=ISP
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\
    \E5 \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF\
    " connection-state=established,related in-interface=ISP out-interface=\
    bridge-local
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\EF\
    \E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
    limit=50,5:packet protocol=icmpv6
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\
    \EF\E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
    limit=50,5:packet protocol=icmpv6
add action=accept chain=input comment="\F0\E0\E7\F0\E5\F8\E8\F2\FC \F1\EE\E5\
    \E4\E8\ED\E5\ED\E8\FF \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 \EF\EE \EF\F0\
    \EE\F2\EE\EA\EE\EB\F3 UDP \ED\E0 \EF\EE\F0\F2 546 - \E1\E5\E7 \FD\F2\EE\E3\
    \EE \EF\F0\E0\E2\E8\EB\E0 \ED\E5 \EF\EE\EB\F3\F7\E8v \E0\E4\F0\E5\F1 IPv6 \
    \EF\EE DHCPv6 \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 " dst-port=546 \
    in-interface=ISP protocol=udp
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \E2\F1\
    \E5 \E8\E7 \EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8 \E2 \C8\ED\F2\E5\F0\ED\
    \E5\F2" in-interface=bridge-local out-interface=ISP
add action=drop chain=input comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \
    \E2\F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
add action=drop chain=forward comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC\
    \_\E2\F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
/lcd
set default-screen=stats-all time-interval=hour
/metarouter interface
add dynamic-bridge=bridge-local dynamic-mac-address=02:D4:38:CD:C7:32 type=\
    dynamic virtual-machine=mr1 vm-mac-address=02:5E:11:79:BD:06
/ppp secret
add disabled=yes name=vpn
add disabled=yes name=Olga remote-address=10.10.0.2
add disabled=yes name=Eugene remote-address=10.10.0.3
/snmp
set enabled=yes trap-interfaces=ether13
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set dst-end="jun/07/2018 00:00:00" dst-start="jun/07/2018 00:00:00" \
    time-zone=+03:00
/system identity
set name=MT
/system logging
add topics=wireless
/system ntp client
set enabled=yes primary-ntp=81.88.210.197 secondary-ntp=24.56.178.140
/system ntp server
set enabled=yes
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=2d name=DDNSNOIP on-event=DDNS_NO_IP policy=read,write,test \
    start-time=startup
add name=WAKENAS on-event=":local WAKENAS [/ip firewall address-list find wher\
    e list=\"WAKENAS\"]\r\
    \n:if (\$WAKENAS!=\"\") do={\r\
    \n/tool wol mac=00:11:32:37:97:57 interface=bridge-local\r\
    \n/ip firewall address-list remove [find where list=\"WAKENAS\"]\r\
    \n}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=WAKEMIKE on-event=":local WAKEMIKE [/ip firewall address-list find wh\
    ere list=\"WAKEMIKE\"]\r\
    \n:if (\$WAKEMIKE!=\"\") do={\r\
    \n/tool wol mac=00:1F:BC:0E:17:CA interface=bridge-local\r\
    \n/ip firewall address-list remove [find where list=\"WAKEMIKE\"]\r\
    \n}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=OpenBL on-event="/system scheduler add comment=\"Download\
    \_openbl list_Apply openbl List\" interval=3d name=\"Download and Apply Op\
    enBL_List\" on-event=DownloadOpenBL_ReplaceOpenBL start-date=jan/01/1970 s\
    tart-time=00:35:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=Spamhaus on-event="# Schedule the download and applicatio\
    n of the spamhaus list\r\
    \n/system scheduler add comment=\"Download spamhaus list_Apply spamhaus Li\
    st\" interval=3d name=\"DownloadSpamhausList and ApplySpamhausList\" on-ev\
    ent=DownloadSpamhaus_ReplaceSpamhaus start-date=jan/01/1970 start-time=00:\
    40:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=dshield.org on-event="/system scheduler add comment=\"Dow\
    nloadDShieldList_InstallDShieldList\" interval=3d name=\"Download and Appl\
    y dshield_List\" on-event=Download_dshield_Replace_dshield start-date=jan/\
    01/1970 start-time=00:45:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=1d name=malc0de.com on-event="# Schedule the download and applica\
    tion of the malc0de list\r\
    \n/system scheduler add comment=\"Download and Apply malc0de list\" interv\
    al=3d name=\"Downloadmalc0deList_Installmalc0deList\" on-event=Download_ma\
    lc0de_Replace_malc0de start-date=jan/01/1970 start-time=00:50:04" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add comment="Download spamhaus list_Apply spamhaus List" interval=3d name=\
    "DownloadSpamhausList and ApplySpamhausList" on-event=\
    DownloadSpamhaus_ReplaceSpamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:40:04
add comment="Download openbl list_Apply openbl List" interval=3d name=\
    "Download and Apply OpenBL_List" on-event=DownloadOpenBL_ReplaceOpenBL \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:35:04
add comment=DownloadDShieldList_InstallDShieldList interval=3d name=\
    "Download and Apply dshield_List" on-event=\
    Download_dshield_Replace_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:45:04
add comment="Download and Apply malc0de list" interval=3d name=\
    Downloadmalc0deList_Installmalc0deList on-event=\
    Download_malc0de_Replace_malc0de policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=dec/22/2018 start-time=00:50:04
add interval=2d name=no-ip_ddns_update policy=read,write,test start-date=\
    dec/28/2018 start-time=03:51:17
/system script
add dont-require-permissions=no name=DDNS_NO_IP owner=admin policy=\
    read,write,test source=":local inetinterface value=\"ISP\";\r\
    \n\r\
    \n:local noipuser \"Mike1st\";\r\
    \n\r\
    \n:local noippass \"dxubq0cl\";\r\
    \n\r\
    \n:local noiphost \"mz1.ddns.net\";\r\
    \n\r\
    \n:local dnsurl value=\"http://dynupdate.no-ip.com/nic/update\?myip=\";\r\
    \n\r\
    \n:local currentIP;\r\
    \n\r\
    \n:global previousIP [:resolve \$noiphost];\r\
    \n\r\
    \n:if ([/interface get \$inetinterface value-name=running] = true) do={\r\
    \n\r\
    \n:set \$currentIP value=[/ip address get [find where interface=\$inetinte\
    rface] address];\r\
    \n\r\
    \n:for i from=([:len \$currentIP] - 1) to=0 do={\r\
    \n\r\
    \n:if ([:pick \$currentIP \$i] = \"/\") do={\r\
    \n\r\
    \n:set \$currentIP value=[:pick \$currentIP 0 \$i];\r\
    \n\r\
    \n}\r\
    \n\r\
    \n}\r\
    \n\r\
    \n:if (\$currentIP != \$previousIP) do={\r\
    \n\r\
    \n:log info message=(\"No-IP: Current IP: \".\$currentIP.\" is not equal t\
    o previous IP: \".\$previousIP.\", update needed\");\r\
    \n\r\
    \n:set \$previousIP value=\$currentIP;\r\
    \n\r\
    \n:log info message=(\"No-IP: Sending update for \".\$noiphost);\r\
    \n\r\
    \n/tool fetch url=(\$dnsurl.\$currentIP.\"&hostname=\".\$noiphost) user=\$\
    noipuser password=\$noippass mode=http keep-result=no;\r\
    \n\r\
    \n:log info message=(\"No-IP: Host \".\$noiphost.\" updated on No-IP with \
    IP \".\$currentIP);\r\
    \n\r\
    \n} else={\r\
    \n\r\
    \n:log info message=(\"No-IP: Previous IP \".\$previousIP.\" is equal to c\
    urrent IP: \".\$previousIP.\", no update needed\");\r\
    \n\r\
    \n}\r\
    \n\r\
    \n} else={\r\
    \n\r\
    \n:log info message=(\"No-IP: \".\$inetinterface.\" is not currently runni\
    ng, so therefore will not update.\");\r\
    \n\r\
    \n}"
add dont-require-permissions=no name=OpenBL owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the OpenBL list as a text file & Script which\
    \_will Remove old OpenBL records and add new one\r\
    \n/system script add name=\"DownloadOpenBL_ReplaceOpenBL\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
    \n/import file-name=openbl.rsc;\r\
    \n:log info \"Removed old OpenBL records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=Spamhouse owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the drop list as a text file & Script which w\
    ill Remove old Spamhaus list and add new one\r\
    \n/system script add name=\"DownloadSpamhaus_ReplaceSpamhaus\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=dshield.org owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the drop list as a text file & Script which w\
    ill Remove old dshield list and add new one\r\
    \n/system script add name=\"Download_dshield_Replace_dshield\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=malc0de.com owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the malc0de list as a text file & Script whic\
    h will Remove old malc0de list and add new one\r\
    \n/system script add name=\"Download_malc0de_Replace_malc0de\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n}"
add dont-require-permissions=no name=DownloadOpenBL_ReplaceOpenBL owner=admin \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
    \n/import file-name=openbl.rsc;\r\
    \n:log info \"Removed old OpenBL records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=DownloadSpamhaus_ReplaceSpamhaus owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=Download_dshield_Replace_dshield owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=Download_malc0de_Replace_malc0de owner=\
    admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n:delay 40;\r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n"
add dont-require-permissions=no name="WoL 1st" owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "toolwol interface=Mike3rd-yellow-master-local mac=34-97-F6-5A-43-7C"
add dont-require-permissions=no name=no-ip_ddns_update owner=admin policy=\
    read,write,test source="# No-IP automatic Dynamic DNS update\r\
    \n\r\
    \n#--------------- Change Values in this section to match your setup -----\
    -------------\r\
    \n\r\
    \n# No-IP User account info\r\
    \n:local noipuser \"Mike1st\"\r\
    \n:local noippass \"dxubq0cl\"\r\
    \n\r\
    \n# Set the hostname or label of network to be updated.\r\
    \n# Hostnames with spaces are unsupported. Replace the value in the quotat\
    ions below with your host names.\r\
    \n# To specify multiple hosts, separate them with commas.\r\
    \n:local noiphost \"mznas.ddns.net\", \"mz1.ddns.net\", \"mz2.ddns.net\"\r\
    \n\r\
    \n# Change to the name of interface that gets the dynamic IP address\r\
    \n:local inetinterface \"ISP\"\r\
    \n\r\
    \n#-----------------------------------------------------------------------\
    -------------\r\
    \n# No more changes need\r\
    \n\r\
    \n:global previousIP\r\
    \n\r\
    \n:if ([/interface get \$inetinterface value-name=running]) do={\r\
    \n# Get the current IP on the interface\r\
    \n   :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
    \_disabled=no] address]\r\
    \n\r\
    \n# Strip the net mask off the IP address\r\
    \n   :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
    \n       :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
    \n           :set currentIP [:pick \$currentIP 0 \$i]\r\
    \n       } \r\
    \n   }\r\
    \n\r\
    \n   :if (\$currentIP != \$previousIP) do={\r\
    \n       :log info \"No-IP: Current IP \$currentIP is not equal to previou\
    s IP, update needed\"\r\
    \n       :set previousIP \$currentIP\r\
    \n\r\
    \n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
    red since \? is a special character in commands.\r\
    \n       :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
    entIP\"\r\
    \n       :local noiphostarray\r\
    \n       :set noiphostarray [:toarray \$noiphost]\r\
    \n       :foreach host in=\$noiphostarray do={\r\
    \n           :log info \"No-IP: Sending update for \$host\"\r\
    \n           /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
    r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
    . \".txt\")\r\
    \n           :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
    rentIP\"\r\
    \n       }\r\
    \n   }  else={\r\
    \n       :log info \"No-IP: Previous IP \$previousIP is equal to current I\
    P, no update needed\"\r\
    \n   }\r\
    \n} else={\r\
    \n   :log info \"No-IP: \$inetinterface is not currently running, so there\
    fore will not update.\"\r\
    \n}\r\
    \n\r\
    \n\r\
    \n3. Create a new scheduler entry to run this script every 5 mins.\r\
    \n\r\
    \n/system scheduler add comment=\"Update No-IP DDNS\" disabled=no interval\
    =5m \\\r\
    \nname=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test\
    \r\
    \n\r\
    \n--riverron 03:18, 18 March 2012 (UTC)\r\
    \n\r\
    \n\r\
    \nAlternative script.\r\
    \n\r\
    \nAlternative script uses DNS Resolve and is based on an documentation htt\
    p://wiki.mikrotik.com/wiki/Manual:Scripting-examples and documentation No-\
    IP DNS Update API http://www.no-ip.com/integrate/request\r\
    \n\r\
    \nCan be modified for use with other Dynamic DNS services supported ReST A\
    PI.\r\
    \n\r\
    \n\r\
    \n##############Script Settings##################\r\
    \n\r\
    \n:local NOIPUser \"no-ip.com LOGIN\"\r\
    \n:local NOIPPass \"no-ip.com PASSWORD\"\r\
    \n:local WANInter \"MikroTik Router WAN Interface Name\"\r\
    \n\r\
    \n###############################################\r\
    \n\r\
    \n:local NOIPDomain \"\$NOIPUser.no-ip.org\"\r\
    \n:local IpCurrent [/ip address get [find interface=\$WANInter] address];\
    \r\
    \n:for i from=( [:len \$IpCurrent] - 1) to=0 do={ \r\
    \n  :if ( [:pick \$IpCurrent \$i] = \"/\") do={ \r\
    \n    :local NewIP [:pick \$IpCurrent 0 \$i];\r\
    \n    :if ([:resolve \$NOIPDomain] != \$NewIP) do={\r\
    \n      /tool fetch mode=http user=\$NOIPUser password=\$NOIPPass url=\"ht\
    tp://dynupdate.no-ip.com/nic/update\\3Fhostname=\$NOIPDomain&myip=\$NewIP\
    \" keep-result=no\r\
    \n      :log info \"NO-IP Update: \$NOIPDomain - \$NewIP\"\r\
    \n     }\r\
    \n   } \r\
    \n}"
/system watchdog
set auto-send-supout=yes send-email-from=router send-email-to=\
    mikezimn@gmail.com send-smtp-server=smtp.gmail.com watch-address=8.8.8.8
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add
/tool user-manager database
set db-path=user-manager1
Но с WI-Fi точно что-то не в порядке - я не смог подцепить USB свисток с компа - он вообще не видит сеть...


Ca6ko
Сообщения: 1484
Зарегистрирован: 23 ноя 2018, 11:08
Откуда: Харкiв

Первое что могу предположить это wifi автоматом встало на 13 канал, который некоторые устройства часто не видят установите в ручную частоту 2412 и проверьте.
Второе неправильно настроен security-profile видимо меняли настройки остались хвосты, вот так должно быть при wpa2-psk:

Код: Выделить всё

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik  wpa2-pre-shared-key=12345678


1-е Правило WiFi - Везде где только можно откажитесь от WiFi!
2-е Правило WiFi -Устройство, которое пользователь не носит с собой постоянно, должно подключаться кабелем!!

Микротики есть разные: черные, белые, красные. Но все равно хочется над чем нибудь заморочится.
MZN
Сообщения: 34
Зарегистрирован: 13 сен 2017, 11:47

Ca6ko писал(а): 11 авг 2019, 09:12 Первое что могу предположить это wifi автоматом встало на 13 канал, который некоторые устройства часто не видят установите в ручную частоту 2412 и проверьте.
Второе неправильно настроен security-profile видимо меняли настройки остались хвосты, вот так должно быть при wpa2-psk:

Код: Выделить всё

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik  wpa2-pre-shared-key=12345678
Спасибо, сделал. Кроме того, что iphone перестал получать IP, ничего не изменилось.


Ca6ko
Сообщения: 1484
Зарегистрирован: 23 ноя 2018, 11:08
Откуда: Харкiв

Разбираться в Вашем конфиге....
У Вас задержка на авторизацию по DHCP 2 сек для чего? попробуйте отключить.(поставить yes)

Телефон Luda iPh заблокирован в адрес листе
Попробуйте отключить записи адрес листе
Учитывая смену прошивок Curent Firmware и Upgrate Firmware совпадают?


1-е Правило WiFi - Везде где только можно откажитесь от WiFi!
2-е Правило WiFi -Устройство, которое пользователь не носит с собой постоянно, должно подключаться кабелем!!

Микротики есть разные: черные, белые, красные. Но все равно хочется над чем нибудь заморочится.
Ответить