/ip address
add address=10.5.50.1/24 disabled=no interface=Local network=10.5.50.0
add address=10.5.50.1/24 disabled=no interface=Local network=10.5.50.0
/ip pool
add name=dhcp_pool1 ranges=10.5.50.2-10.5.50.254
add name=dhcp_pool1 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=4w2d name=dhcp1
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=4w2d name=dhcp1
/ip dhcp-server config
set store-leases-disk=never
set store-leases-disk=never
/ip dhcp-server network
add address=10.5.50.0/24 dhcp-option="" dns-server="" gateway=10.5.50.1 \
ntp-server="" wins-server=""
add address=10.5.50.0/24 dhcp-option="" dns-server="" gateway=10.5.50.1 \
ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=20000KiB max-udp-packet-size=512 servers=\
203.99.163.203,182.176.39.17
set allow-remote-requests=yes cache-max-ttl=1w cache-size=20000KiB max-udp-packet-size=512 servers=\
203.99.163.203,182.176.39.17
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_wan3 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_wan4 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out5 routing-mark=to_wan5 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=pppoe-out5 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_wan3 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_wan4 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out5 routing-mark=to_wan5 scope=30 \
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=pppoe-out5 scope=30 target-scope=10
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=drop chain=input comment="Blok Open Proxy User"disabled=no \
dst-port=3128,8080,3229 in-interface=pppoe-out1 protocol=tcp src-address=\
0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out2 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out3 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out4 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out5 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="Block Bogus IP Address" disabled=no \
src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=drop chain=input comment="Blok Open Proxy User"disabled=no \
dst-port=3128,8080,3229 in-interface=pppoe-out1 protocol=tcp src-address=\
0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out2 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out3 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out4 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=no dst-port=3128,8080,3229 in-interface=\
pppoe-out5 protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="Block Bogus IP Address" disabled=no \
src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 \
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 \
new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 \
new-connection-mark=wan3_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out4 \
new-connection-mark=wan4_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out5 \
new-connection-mark=wan5_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 \
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 \
new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 \
new-connection-mark=wan3_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out4 \
new-connection-mark=wan4_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out5 \
new-connection-mark=wan5_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no \
new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no \
new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wan3_conn disabled=no \
new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=output connection-mark=wan4_conn disabled=no \
new-routing-mark=to_wan4 passthrough=yes
add action=mark-routing chain=output connection-mark=wan5_conn disabled=no \
new-routing-mark=to_wan5 passthrough=yes
new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no \
new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wan3_conn disabled=no \
new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=output connection-mark=wan4_conn disabled=no \
new-routing-mark=to_wan4 passthrough=yes
add action=mark-routing chain=output connection-mark=wan5_conn disabled=no \
new-routing-mark=to_wan5 passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan5_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/4
in-interface=Local new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
in-interface=Local new-connection-mark=wan5_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/4
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no \
in-interface=Local new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no \
in-interface=Local new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=no \
in-interface=Local new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_conn disabled=no \
in-interface=Local new-routing-mark=to_wan4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5_conn disabled=no \
in-interface=Local new-routing-mark=to_wan5 passthrough=yes
in-interface=Local new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no \
in-interface=Local new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=no \
in-interface=Local new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_conn disabled=no \
in-interface=Local new-routing-mark=to_wan4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5_conn disabled=no \
in-interface=Local new-routing-mark=to_wan5 passthrough=yes
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2
add action=accept chain=prerouting disabled=no in-interface=pppoe-out3
add action=accept chain=prerouting disabled=no in-interface=pppoe-out4
add action=accept chain=prerouting disabled=no in-interface=pppoe-out5
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2
add action=accept chain=prerouting disabled=no in-interface=pppoe-out3
add action=accept chain=prerouting disabled=no in-interface=pppoe-out4
add action=accept chain=prerouting disabled=no in-interface=pppoe-out5
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out4 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out5 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out4 \
src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out5 \
src-address=10.5.50.0/24
No comments:
Post a Comment