Moderátor: Moderátoři Živě.cz
Martan_Fox píše:Tak jsem nakonec koupil Mikrotik hEX S. Za 800 plus poštu. Byl novej a už mě nebavilo pořád hlídat aukce. K tomu jsem úspěšně vyhrál switch 3com 24x,bohužel není v defaultu a nemám zatím kabel ke konzoli takže do něj jsem se ještě nedostal. Jinak router přišel včera a mám anténu na portu 5 jak bylo v plánu. Zatím dost tápu v nastavení ale včera jsem to už rozchodil a připojil ten můj router Asus jako bridge. Jen tam mám na tom Mikrotiku někde botu, protože mě to dává ip z antény.
/ip/address> print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
;;; LAN
0 192.168.1.1/24 192.168.1.0 bridge
1 D 78.aa.yy.xxx/32 10.69.232.11 pppoe-optika
2 D 192.168.1.3/32 192.168.10.3 Bezrucova
[petr] > /
caps-man console file ip log partitions ppp radius snmp system user blink import ping redo
certificate disk interface ipv6 mpls port queue routing special-login tool beep export password quit undo
[petr] > / ip
address cloud dhcp-relay dns hotspot kid-control packing proxy service smb ssh traffic-flow vrf
arp dhcp-client dhcp-server firewall ipsec neighbor pool route settings socks tftp upnp export
[petr] > / ip addres
add comment disable edit enable export find print remove reset set
[petr] > / ip addres print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
;;; LAN
0 192.168.1.1/24 192.168.1.0 bridge
1 D 78.80.94.103/32 10.69.232.11 pppoe-optika
2 D 192.168.1.3/32 192.168.10.3 Bezrucova
[petr] >
# feb/06/2022 15:00:51 by RouterOS 7.1.1
# software id = RDDM-V4AN
#
# model = RB760iGS
# serial number =********
/interface bridge
add name=BRIDGE
/interface ethernet
set [ find default-name=ether5 ] name=WAN
/interface sstp-client
add comment="Remote Winbox connection for Home_hEX S" connect-to=vpn3.remotewinbox.com name=RemoteWinboxVPN3 user=I4bZfSLfzlZ1SVR
/interface wireguard
add disabled=yes listen-port=13231 mtu=1420 name=H3_Mikro_Wireguard
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Block FB" regexp="^.+(facebook.com).*\$"
add name=seznam regexp=www.seznam.cz
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=0s-1d tur-tue=0s-1d \
tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool2 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool3 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 interface=BRIDGE name=dhcp1
/port
set 0 name=serial0
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/user group
set read policy=read,winbox,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!test,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp,!rest-api
set write policy=local,read,write,winbox,sensitive,!telnet,!ssh,!ftp,!reboot,!policy,!test,!password,!web,!sniff,!api,!romon,!dude,!tikapp,!rest-api
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp,rest-api
/interface bridge port
add bridge=BRIDGE ingress-filtering=no interface=ether1
add bridge=BRIDGE ingress-filtering=no interface=ether2
add bridge=BRIDGE ingress-filtering=no interface=ether3
add bridge=BRIDGE ingress-filtering=no interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
/interface wireguard peers
add allowed-address=192.168.10.100/24 disabled=yes interface=H3_Mikro_Wireguard public-key="3NGwi6qwShs606msXDzSdX3voRuaQ+LfOiwMrkeZLyg="
/ip address
add address=192.168.0.1/24 interface=BRIDGE network=192.168.0.0
add address=10.0.0.1/24 interface=sfp1 network=10.0.0.0
add address=192.168.10.100/24 disabled=yes interface=H3_Mikro_Wireguard network=192.168.10.0
/ip arp
add address=192.168.0.1 interface=BRIDGE
add address=192.168.0.20 interface=BRIDGE mac-address=B8:27:EB:FF:C9:7E
/ip dhcp-server lease
add address=192.168.0.55 client-id=1:64:90:c1:a:3d:9 mac-address=64:90:C1:0A:3D:09 server=dhcp1
add address=192.168.0.125 client-id=1:c8:5b:76:d1:8b:bd mac-address=C8:5B:76:D1:8B:BD server=dhcp1
add address=192.168.0.50 client-id=1:5c:e5:c:6b:81:90 mac-address=5C:E5:0C:6B:81:90 server=dhcp1
add address=192.168.0.126 client-id=1:f4:8c:50:9d:35:b9 mac-address=F4:8C:50:9D:35:B9 server=dhcp1
add address=192.168.0.51 mac-address=CC:50:E3:1C:9D:5B server=dhcp1
add address=192.168.0.131 client-id=1:70:c9:4e:d6:c1:ad mac-address=70:C9:4E:D6:C1:AD server=dhcp1
add address=192.168.0.132 client-id=1:e0:dc:ff:24:e3:7 mac-address=E0:DC:FF:24:E3:07 server=dhcp1
add address=192.168.0.127 client-id=1:7c:3:ab:2a:5c:ec mac-address=7C:03:AB:2A:5C:EC server=dhcp1
add address=192.168.0.40 mac-address=44:07:0B:C6:AB:19 server=dhcp1
add address=192.168.0.130 client-id=1:8c:16:45:2d:db:1d mac-address=8C:16:45:2D:DB:1D server=dhcp1
add address=192.168.0.30 client-id=1:4:92:26:67:c3:24 mac-address=04:92:26:67:C3:24 server=dhcp1
add address=192.168.0.38 client-id=1:0:1e:6:42:27:84 mac-address=00:1E:06:42:27:84 server=dhcp1
add address=192.168.0.20 client-id=ff:f6:4a:84:1e:0:2:0:0:ab:11:b0:48:5d:9e:f1:8:f2:61 mac-address=B8:27:EB:FF:C9:7E server=dhcp1
add address=192.168.0.10 client-id=1:70:85:c2:5:58:e4 mac-address=70:85:C2:05:58:E4 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.20,192.168.0.2,8.8.8.8 gateway=192.168.0.1
/ip dns
set servers=192.168.0.20
/ip dns static
add address=192.168.0.20 name=pi-hole
add address=192.168.0.38 name=HA.local
/ip firewall filter
add action=accept chain=forward dst-port=80 protocol=tcp
add action=accept chain=forward disabled=yes dst-port=8123 protocol=tcp
add action=accept chain=forward dst-port=51820 protocol=udp
add action=drop chain=forward disabled=yes layer7-protocol="Block FB" src-address=192.168.0.0/24
add action=accept chain=input disabled=yes dst-port=13231 in-interface=WAN protocol=udp
add action=accept chain=input comment="Allow Remote Winbox" disabled=yes in-interface=RemoteWinboxVPN3
add action=drop chain=input disabled=yes dst-port=53 in-interface=WAN log=yes log-prefix=DNS_z_Netu protocol=tcp
add action=drop chain=input disabled=yes dst-port=53 in-interface=WAN log=yes log-prefix=DNS_z_Netu protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=" " disabled=yes dst-address=37.221.243.254 dst-port=80 protocol=tcp to-addresses=192.168.0.38 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-address=37.221.243.254 dst-port=51820 log=yes protocol=udp to-addresses=192.168.0.38 to-ports=51820
/ip firewall service-port
set ftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2222
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Prague
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface list member
add interface=BRIDGE list=LAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=WAN
add interface=wlan1 list=LAN
add interface=wlan2 list=LAN
/ip firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" jump-target=bad_tcp protocol=tcp
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Povoleno icmp filtrovano v RAW" protocol=icmp
add action=drop chain=input comment="invalid drop" connection-state=invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN log-prefix="droop neni z LAN"
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="Povoleno icmp filtrov\E1no v RAW" protocol=icmp
add action=drop chain=forward comment="invalid drop" connection-state=invalid
add action=drop chain=forward disabled=yes layer7-protocol="Block FB" src-address=192.168.0.0/24
add action=drop chain=forward comment="Neni z LAN" in-interface-list=!LAN
Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků