Premetto che io sono nuovo nel mondo mikrotik , e non sono un esperto del settore come molti di voi sicuramente sarenno. Sono solo un cuocco appassionato di informatica
questa e la mia attuale configurazione al ristorante :
- Codice: Seleziona tutto
alberto@LaCelletta] > export
# feb/07/2018 11:42:04 by RouterOS 6.41
# software id = JYFW-ZS8P
#
# model = 951Ui-2HnD
# serial number = 6431052A7A61
/interface bridge
add admin-mac=E4:8D:8C:65:F8:BB auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] name=ether3-slave-local
set [ find default-name=ether4 ] name=ether4-slave-local
set [ find default-name=ether5 ] name=ether5-slave-local
/interface ovpn-client
add connect-to=xxxxxxxx mac-address=02:BB:96:8F:98:72 name=xxxxxxxx \
password=xxxxxx port=60000 user=xxxxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=russia distance=indoors \
frequency=auto mode=ap-bridge ssid=LaCelletta wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=LaCelletta \
wpa2-pre-shared-key=LaCelletta
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge-local name=default
/queue type
set 0 pfifo-limit=2000
add kind=pcq name=download-512kb pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=524288 pcq-src-address6-mask=64
add kind=pcq name=upload-512kb pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-rate=524288 pcq-src-address6-mask=64
add kind=pcq name=download-256kb pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=262144 pcq-src-address6-mask=64
add kind=pcq name=upload-256kb pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-rate=262144 pcq-src-address6-mask=64
/queue simple
add max-limit=17M/19M name="Main parent Queue" priority=1/1 queue=\
default/default target=192.168.0.0/24
add limit-at=2M/2M max-limit=10M/10M name=IPTV_SAMSUNG packet-marks=IPTV_packet \
parent="Main parent Queue" priority=2/2 queue=\
pcq-upload-default/pcq-download-default target=192.168.0.16/32
add limit-at=2M/2M max-limit=10M/10M name=router_cucina packet-marks=\
LAN_download_packet parent="Main parent Queue" priority=3/3 target=\
192.168.0.10/32
add limit-at=2M/2M max-limit=16M/18M name=ALL_Traffic packet-marks=\
LAN_download_packet parent="Main parent Queue" priority=4/4 queue=\
pcq-upload-default/pcq-download-default target=192.168.0.0/24
add max-limit=2M/512k name=ufficio parent="Main parent Queue" target=\
192.168.0.200/32
/interface bridge port
add bridge=bridge-local hw=no interface=ether2-master-local
add bridge=bridge-local hw=no interface=wlan1
add bridge=bridge-local hw=no interface=ether5-slave-local
add bridge=bridge-local hw=no interface=ether4-slave-local
add bridge=bridge-local hw=no interface=ether3-slave-local
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=ASSISTENZA list=discover
add interface=ether2-master-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether3-slave-local list=mactel
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.0.0
add address=xxxxxxx/24 interface=ether1-gateway network=xxxxxxxxxxxx
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server lease
add address=192.168.0.16 client-id=1:bc:14:85:15:99:64 comment="SAMSUNG TV" \
mac-address=BC:14:85:15:99:64 server=default
add address=192.168.0.10 client-id=1:90:ef:68:fb:49:a5 comment="router kitchen" \
mac-address=90:EF:68:FB:49:A5 server=default
add address=192.168.0.83 always-broadcast=yes client-id=1:c0:21:d:19:e4:b6 \
comment="tablet cristian" mac-address=C0:21:0D:19:E4:B6 server=default
add address=192.168.0.58 always-broadcast=yes client-id=1:50:82:d5:d8:a3:d5 \
comment="iPhone cristian" mac-address=50:82:D5:D8:A3:D5 server=default
add address=192.168.0.200 client-id=1:74:d4:35:df:f4:a2 comment="pc office" \
mac-address=74:D4:35:DF:F4:A2 server=default
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" gateway=192.168.0.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=62.152.51.2,62.152.42.2
/ip dns static
add address=192.168.0.1 name=router
/ip firewall address-list
add address=31.28.20.230 comment=office.spb.v7 list=trust
add address=31.28.20.238 comment=office.spb.l3 list=trust
add address=217.65.0.2 comment=office.msk list=trust
add address=31.28.20.194 comment=office.spb.v7 list=trust
add address=217.65.1.186 comment=zikkurat.spb list=trust
add address=217.65.1.206 comment=zikkurat.spb list=trust
add address=217.65.1.5 comment=zikkurat.msk list=trust
add address=217.65.1.158 comment=turtle.spb list=trust
add address=195.128.51.68 comment=mng_server.msk list=trust
add address=31.28.20.251 comment=lb.spb list=trust
add address=31.28.20.250 comment=lb.spb list=trust
add address=217.65.1.24 comment=lb.msk list=trust
add address=217.65.1.20 comment=lb.msk list=trust
add address=217.65.13.230 comment=cl1.spb list=trust
add address=31.28.20.190 comment=cl2.spb list=trust
add address=10.0.0.0/8 comment=private list=trust
add address=192.168.0.0/16 comment=private list=trust
add address=31.28.20.166 comment=cassiopeia.spb list=trust
add address=62.152.53.33 comment=wf2biz list=trust
add address=84.253.145.243 comment=office.spb.v7 list=trust
add address=194.88.104.7 list=IPTV_servers
add address=185.76.10.52 list=IPTV_servers
add address=89.101.219.195 comment="support from Ireland (Alvaro)" list=trust
add address=46.151.8.17 comment="support from Ireland (Alvaro)" list=trust
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established,related
add action=accept chain=input comment=accept_telnet dst-port=23 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_ssh dst-port=4421 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_ssh dst-port=4422 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_ssh dst-port=4423 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_web dst-port=8080 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_web dst-port=8081 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_web dst-port=8082 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_tftp dst-port=69 protocol=udp \
src-address-list=trust
add action=accept chain=input comment=accept_ftp dst-port=21 protocol=udp \
src-address-list=trust
add action=accept chain=input comment=accept_snmp dst-port=161 protocol=udp \
src-address-list=trust
add action=accept chain=input comment=accept_ssh dst-port=4422 protocol=tcp \
src-address-list=trust
add action=accept chain=input comment=accept_winbox dst-port=8291 protocol=tcp \
src-address-list=trust
add action=drop chain=input comment=accept_winbox dst-port=8291 in-interface=\
ether1-gateway protocol=tcp src-address-list=trust
add action=accept chain=input comment=accept_api dst-port=8728 protocol=tcp \
src-address-list=trust
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=IPTV_servers \
in-interface=bridge-local log-prefix=IPTV-LOG new-connection-mark=IPTV \
passthrough=yes src-address=192.168.0.16
add action=mark-connection chain=forward dst-address=192.168.0.16 log-prefix=\
IPTV-LOG new-connection-mark=IPTV out-interface=bridge-local passthrough=\
yes src-address-list=IPTV_servers
add action=mark-connection chain=prerouting dst-address-list=IPTV_servers \
in-interface=bridge-local log-prefix=IPTV-LOG new-connection-mark=IPTV \
passthrough=yes src-address=192.168.0.0/24
add action=mark-connection chain=forward dst-address=192.168.0.0/24 log-prefix=\
IPTV-LOG new-connection-mark=IPTV out-interface=bridge-local passthrough=\
yes src-address-list=IPTV_servers
add action=mark-connection chain=prerouting dst-address-list=!IPTV_servers \
in-interface=bridge-local new-connection-mark=LAN_Download passthrough=yes \
src-address=192.168.0.0/24
add action=mark-connection chain=forward dst-address=192.168.0.0/24 \
new-connection-mark=LAN_Download out-interface=bridge-local passthrough=yes \
src-address-list=!IPTV_servers
add action=mark-packet chain=forward connection-mark=IPTV new-packet-mark=\
IPTV_packet out-interface=bridge-local passthrough=no
add action=mark-packet chain=prerouting connection-mark=LAN_Download \
in-interface=bridge-local new-packet-mark=LAN_download_packet passthrough=\
no
add action=mark-packet chain=forward connection-mark=LAN_Download \
new-packet-mark=LAN_download_packet out-interface=bridge-local passthrough=\
no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="Cameras TCP" dst-port=37777 protocol=\
tcp to-addresses=192.168.0.250 to-ports=37777
add action=dst-nat chain=dstnat comment="Cameras HTTP" dst-port=4001 protocol=\
tcp to-addresses=192.168.0.250 to-ports=80
add action=dst-nat chain=dstnat comment=Server disabled=yes dst-port=4025 \
protocol=tcp to-addresses=192.168.0.200 to-ports=8080
/ip route
add distance=1 gateway=xxxxxxxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080
set ssh port=4422
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=LaCelletta
/system leds
set 5 interface=wlan1
/tool graphing interface
add
/tool graphing queue
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[alberto@LaCelletta] >
Dunque il mio problema e che ho impostato le seguenti queue ma non funzionano. Ovvero se io scarico un file sul pc che ha max download 512k il file viene scaricato a 2M . Penso ci sia qualcosa che non va
- Codice: Seleziona tutto
/queue simple
add max-limit=17M/19M name="Main parent Queue" priority=1/1 queue=\
default/default target=192.168.0.0/24
add limit-at=2M/2M max-limit=10M/10M name=IPTV_SAMSUNG packet-marks=IPTV_packet \
parent="Main parent Queue" priority=2/2 queue=\
pcq-upload-default/pcq-download-default target=192.168.0.16/32
add limit-at=2M/2M max-limit=10M/10M name=router_cucina packet-marks=\
LAN_download_packet parent="Main parent Queue" priority=3/3 target=\
192.168.0.10/32
add limit-at=2M/2M max-limit=16M/18M name=ALL_Traffic packet-marks=\
LAN_download_packet parent="Main parent Queue" priority=4/4 queue=\
pcq-upload-default/pcq-download-default target=192.168.0.0/24
add max-limit=2M/512k name=ufficio parent="Main parent Queue" target=\
192.168.0.200/32
Non so se ho sbagliato qualcosa io nelle queue ho manca qualce altro settaggio
Grazie in anticipo per l'aiuto
