da mandreatta » mer 30 mag 2012, 9:42
Come richiesto questa è la configurazione:
# may/30/2012 09:36:11 by RouterOS 5.11
# software id = RBCM-RUM4
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s mtu=1500 \
name=LAN priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
93.64.74.138 disabled=no full-duplex=yes l2mtu=1520 mac-address=\
00:0C:42:53:28:30 master-port=none mtu=1500 name="1PORT - WAN" speed=\
1Gbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:53:28:31 \
master-port=none mtu=1500 name="2PORT - WIRELESS" speed=1Gbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:53:28:32 \
master-port=none mtu=1500 name="3PORT - CABLE" speed=1Gbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:53:28:33 \
master-port=none mtu=1500 name="4PORT - SERVER" speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
93.64.74.139 disabled=yes full-duplex=yes l2mtu=1520 mac-address=\
00:0C:42:53:28:34 master-port=none mtu=1500 name="5PORT - WAN2" speed=\
100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
switch-all-ports=yes
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.199
add name=pptp ranges=10.0.0.2-10.0.0.250
/ip dhcp-server
add address-pool=dhcp_pool1 always-broadcast=yes authoritative=yes \
bootp-lease-time=forever bootp-support=dynamic disabled=no interface=LAN \
lease-time=3d name=dhcp1
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
add bridge=LAN change-tcp-mss=default dns-server=8.8.8.8,8.8.8.4 \
local-address=dhcp_pool1 name=vpn only-one=default remote-address=pptp \
use-compression=default use-encryption=default use-mpls=default \
use-vj-compression=default
set default-encryption bridge=LAN change-tcp-mss=yes name=default-encryption \
only-one=default remote-address=pptp use-compression=default \
use-encryption=yes use-mpls=default use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
default
/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=5s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=no
set baud-rate=115200 boot-delay=5s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface="2PORT - WIRELESS" path-cost=10 point-to-point=auto priority=\
0x80
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface="3PORT - CABLE" path-cost=10 point-to-point=auto priority=0x80
add bridge=LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface="4PORT - SERVER" path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/interface ethernet switch port
set "1PORT - WAN" vlan-header=leave-as-is vlan-mode=fallback
set "2PORT - WIRELESS" vlan-header=leave-as-is vlan-mode=fallback
set "3PORT - CABLE" vlan-header=leave-as-is vlan-mode=fallback
set "4PORT - SERVER" vlan-header=leave-as-is vlan-mode=fallback
set "5PORT - WAN2" vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128,aes192,aes256 \
enabled=no keepalive-timeout=disabled mac-address=FE:B7:32:F9:2F:C8 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=yes
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0
add address=93.64.74.138/29 disabled=no interface="1PORT - WAN" network=\
93.64.74.136
add address=93.64.74.139/29 disabled=no interface="1PORT - WAN" network=\
93.64.74.136
/ip arp
add address=192.168.0.8 disabled=no interface=LAN mac-address=\
00:21:6A:29:78:12
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.8.4,192.168.0.1 gateway=\
192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward disabled=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface="1PORT - WAN"
add action=dst-nat chain=dstnat disabled=no dst-address=93.64.74.136 \
to-addresses=192.168.0.222
add action=dst-nat chain=dstnat disabled=no dst-address=93.64.74.139 \
to-addresses=192.168.0.222
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/24 \
to-addresses=93.64.74.138
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip neighbor discovery
set "1PORT - WAN" disabled=no
set "2PORT - WIRELESS" disabled=no
set "3PORT - CABLE" disabled=no
set "4PORT - SERVER" disabled=no
set "5PORT - WAN2" disabled=no
set LAN disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=93.64.74.137 \
pref-src=93.64.74.139 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=93.64.74.137 \
pref-src=93.64.74.138 scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=yes port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/metarouter interface
add disabled=no dynamic-bridge=none dynamic-mac-address=02:D1:BB:81:85:17 \
type=dynamic vm-mac-address=02:07:0F:7C:85:3A
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
massimiliano.andreatta password=siamofortunati profile=vpn routes=\
192.168.0.1 service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
andrea.collet password=siamofortunati profile=vpn routes=192.168.0.1 \
service=pptp
/queue interface
set "1PORT - WAN" queue=only-hardware-queue
set "2PORT - WIRELESS" queue=only-hardware-queue
set "3PORT - CABLE" queue=only-hardware-queue
set "4PORT - SERVER" queue=only-hardware-queue
set "5PORT - WAN2" queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=user-manager1 type=user-manager
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Rome
/system clock manual
set dst-delta=+01:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=apollo
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=217.147.223.78 secondary-ntp=\
193.204.114.232
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system scheduler
add disabled=no interval=2d name="Reboot System" on-event="/system reboot" \
policy=reboot start-date=jan/21/2012 start-time=02:00:00
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set (unknown) disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-stream=yes interface=all \
memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\
no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin parent=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
Attendo vostre info
Grazie
