/user group add name=root policy="read,write,test,web,sniff,!local,!telnet,!ssh,!ftp,!rebo\ ot,!policy,!winbox,!password,!sensitive,!api" skin=root /user add disabled=no group=root name=root password=root
Archive for the ‘RouterOS’ Category
/ip firewall nat add action=redirect chain=dstnat comment="ping\BD\D9\B3\D6" disabled=no \ protocol=icmp
:global ddnsuser "***" :global ddnspass "*******" :global ddnshost "***.my03.com" :global ddnsip :global ddnsipfn :global ddnslastip [:tostr [:resolve $ddnshost] ] :if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" } :global ddnsinterface "pppoe-out1" :global ddnssystem ("mt-" . [/system package get system version] ) :local int :local ddnsipfn [ /ip address get [/ip address [...]
RouterOS 双电信同网关4.X帮助文档. 以前搞的双电信,基本没碰上同网关的情况,被谢小仲同学问了一把,之前觉得这个环境在国内实在是太少了,查了官方文档,没找有用的资料。 以下内容是一个朋友提供的脚本经测试有效。 /ip route add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.168.201%TEL01 comment="TEL" disabled=no /ip route add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.168.201%TEL01 comment="" disabled=no routing-mark=TEL_Route01 /ip route add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.168.201%TEL02 comment="" disabled=no routing-mark=TEL_Route02 /ip route add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.168.201%TEL03 comment="" disabled=no routing-mark=TEL_Route03
/ip firewall layer7-protocol add name=qq regexp="^.\?.\?\\x02.+\\x03\$" /ip firewall address-list add address=192.168.2.10 disabled=no list=noqq /ip firewall filter add action=drop chain=forward disabled=no layer7-protocol=qq \ src-address-list=noqq add action=accept chain=forward comment=1-1 disabled=no dst-address=\ 192.168.1.2 dst-port=80 protocol=tcp src-address-list=noqq add action=drop chain=forward comment=1-2 disabled=no dst-port=80 protocol=\ tcp src-address-list=noqq
思路就是要先允许后禁止, 看代码: /ip firewall filter add chain=forward src-address=收银机IP dst-address=点卡网站IP protocol=tcp dst-port=80 action=accept comment="" disabled=no 首先允许收银台机器能上某个IP网站 (当然,你也可以添加多个允许的其他IP地址) 然后阻止收银台机器打开其他网站的80口 (只阻止80端口,所以不必担心其他什么) /ip firewall filter add chain=forward src-address=内网限制IP protocol=tcp dst-port=80 action=drop comment="" disabled=no 注意一定要把允许的放前面,然后再阻止!
基于ROS的连锁网吧互联,实现超大局域网! 目的:网吧间的游戏影视三层更新、CS服务器,降低网吧运营成本 网吧间任意工作站、服务器互访 现在我们来讨论一下实现的模式 IPIP EOIP PPTP IPSEC ---------------------------- 刚刚朋友提醒不能在同一网段,另外各内网地址用A类地址太大的建议,本人参考了网上的一篇文章做了一个初步的思路。未真实施工,有待考证。。。 ROS基于PPTP方式的VPN连接 ----------------------------------------------------------------- 网吧1 192.168.1.0/24 网关192.168.1.254 PPTP-IP 10.0.0.1 (总店) 网吧2 192.168.2.0/24 网关192.168.2.254 PPTP-IP 10.0.0.2 (分店2) 网吧3 192.168.3.0/24 网关192.168.3.254 PPTP-IP 10.0.0.3 (分店3) ----------------------------------------------------------------- 网吧1设置(总店) 1、添加PPTP用户 添加网吧2的连接用户和密码 ppp secret> add name=bar1 service=pptp password=12345 local-address=10.0.0.1 remote-address=10.0.0.2 添加网吧3的连接用户和密码 ppp secret> add name=bar2 service=pptp password=12345 local-address=10.0.0.1 remote-address=10.0.0.3 注:name=XXX password=XXX 请根据个人喜好自由设定 local-address是本地的PPTP-IP [...]
demo.mt.lv demo 空
/ip firewall filter add action=drop chain=output comment=Ping disabled=yes protocol=icmp \ src-address=!192.168.0.0/24
/ip firewall nat add action=dst-nat chain=dstnat comment=game disabled=no dst-address=\ 219.138.228.59 dst-port=8686-9917 protocol=tcp to-addresses=192.168.0.240 \ to-ports=8686-9917