Hvor/hvordan sjekker jeg det?
LOGG INN
... eller du kan registrere deg nå
707
251967
|
# model = RB5009UPr+S+ /interface bridge add name="bridge 1" protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=sfp-sfpplus1 ] mac-address=4C:C5:3E:C4:25:B0 /interface vlan add interface="bridge 1" name="guest vlan" vlan-id=88 add interface="bridge 1" name="main vlan" vlan-id=77 add interface="bridge 1" name="spynet vlan" vlan-id=66 add interface=sfp-sfpplus1 name="vlan altibox" vlan-id=102 /interface list add comment=defconf name=WAN add comment=defconf name=LAN add comment="Main vlan list for filtering" name="Main vlan list" /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add comment=Main name="main pool" ranges=192.168.77.20-192.168.77.250 add comment=Spynet name="spynet pool" ranges=192.168.66.20-192.168.66.250 add comment=Guest name="guest pool" ranges=192.168.88.2-192.168.88.250 /ip dhcp-server add address-pool="main pool" interface="main vlan" name="main dhcp" add address-pool="spynet pool" interface="spynet vlan" name="spynet dhcp" add address-pool="guest pool" interface="guest vlan" name="guest dhcp" /interface bridge port add bridge="bridge 1" comment=defconf interface=ether1 add bridge="bridge 1" comment=defconf interface=ether2 add bridge="bridge 1" comment=defconf interface=ether3 pvid=77 add bridge="bridge 1" comment=defconf interface=ether4 pvid=77 add bridge="bridge 1" interface=ether5 pvid=77 add bridge="bridge 1" interface=ether6 pvid=66 add bridge="bridge 1" interface=ether7 pvid=66 add bridge="bridge 1" interface=ether8 pvid=77 /ip neighbor discovery-settings set discover-interface-list=none protocol="" /interface bridge vlan add bridge="bridge 1" tagged="bridge 1,ether1,ether2" untagged=ether6,ether7 \ vlan-ids=66 add bridge="bridge 1" tagged="bridge 1,ether1,ether2" untagged=\ ether8,ether3,ether4,ether5 vlan-ids=77 add bridge="bridge 1" tagged="bridge 1,ether1,ether2" vlan-ids=88 /interface list member add comment=defconf interface="bridge 1" list=LAN add comment=defconf interface="vlan altibox" list=WAN add comment="main vlan" interface="main vlan" list=LAN add comment="spynet vlan" interface="spynet vlan" list=LAN add comment="Main vlan only list" interface="main vlan" list="Main vlan list" add comment="main vlan" interface="guest vlan" list=LAN /ip address add address=192.168.77.1/24 comment=Main interface="main vlan" network=\ 192.168.77.0 add address=192.168.66.1/24 comment=Spynet interface="spynet vlan" network=\ 192.168.66.0 add address=192.168.88.1/24 comment=Gjest interface="guest vlan" network=\ 192.168.88.0 /ip dhcp-client add comment=defconf interface="vlan altibox" use-peer-dns=no add disabled=yes interface=sfp-sfpplus1 /ip dhcp-server lease "" /ip dhcp-server network add address=192.168.66.0/24 comment="spynet dhcp" dns-server=192.168.66.11 \ gateway=192.168.66.1 netmask=24 add address=192.168.77.0/24 comment="main dhcp" dns-server=192.168.66.11 \ gateway=192.168.77.1 netmask=24 add address=192.168.88.0/24 comment="guest dhcp" dns-server=192.168.66.11 \ gateway=192.168.88.1 netmask=24 /ip dns set allow-remote-requests=yes servers=192.168.66.11 /ip dns static add address=192.168.77.1 comment=defconf name=router.lan /ip firewall ""
[admin@MikroTik] /ip/dhcp-client/print Flags: X, I, D - DYNAMIC Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS # INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ;;; defconf 0 vlan altibox no yes searching...
/interface/ethernet/monitor sfp-sfpplus1 name: sfp-sfpplus1 status: link-ok auto-negotiation: done rate: 1Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: link-partner-advertising: sfp-module-present: yes sfp-rx-loss: no sfp-tx-fault: no sfp-type: SFP-or-SFP+ sfp-connector-type: SC sfp-link-length-sm: 10km sfp-vendor-name: Tsuhan sfp-vendor-part-number: THMPRS-3511-10A sfp-vendor-revision: A sfp-vendor-serial: F21012103757 sfp-manufacturing-date: 21-01-20 sfp-wavelength: 1310nm sfp-temperature: 44C sfp-supply-voltage: 3.307V
/ip firewall address-list add address=192.168.77.1-192.168.77.254 comment=Trusted list=Trusted add address=192.168.66.1-192.168.66.254 comment="Untrusted spynet" list=\ Untrusted add address=192.168.88.1-192.168.88.254 comment="Untrusted guest" list=\ Untrusted add address=192.168.66.1-192.168.66.254 comment="Untrusted spynet" list=\ "Untrusted spynet" add address=192.168.88.1-192.168.88.254 comment="Untrusted guest" list=\ "Untrusted guest" /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \ protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \ dst-address=127.0.0.1 add action=drop chain=input comment="Nekt spynet og gjest til winbox" \ disabled=yes dst-port=7777 in-interface="!main vlan" protocol=tcp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yes add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=accept chain=forward comment="Tillat guest til pihole dns" \ dst-address=192.168.66.11 in-interface="guest vlan" add action=accept chain=forward comment=\ "Tillat trusted vlan til untrusted vlan" dst-address-list=Untrusted \ src-address-list=Trusted add action=accept chain=forward comment="Tillat guest til wan" \ out-interface-list=WAN src-address-list="Untrusted guest" add action=drop chain=forward comment="Nekt gjest til andre" \ dst-address-list="!Untrusted guest" src-address-list="Untrusted guest" add action=accept chain=forward comment="Tillat pi-hole - wan" \ out-interface-list=WAN src-address=192.168.66.11 add action=accept chain=forward comment="Tillat roomba - wan" disabled=yes \ out-interface-list=WAN src-address=192.168.66.248 add action=accept chain=forward comment="Tillat home assistant - wan" \ out-interface-list=WAN src-address=192.168.66.12 add action=accept chain=forward comment="Tillat pow-u - wan" \ out-interface-list=WAN src-address=192.168.66.13 add action=accept chain=forward comment="Tillat TV - wan" out-interface-list=\ WAN src-address=192.168.66.15 add action=accept chain=forward comment="Tillat catcam - wan" \ out-interface-list=WAN src-address=192.168.66.16 add action=drop chain=forward comment="Nekt spynet til alt" dst-address-list=\ "!Untrusted spynet" src-address-list="Untrusted spynet" add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=accept chain=input comment="Allow main vlan full access gammel" \ disabled=yes in-interface="main vlan" add action=drop chain=input comment="Dropp all other gammel" disabled=yes add action=drop chain=input comment="Block ping from internet gammel" \ disabled=yes in-interface-list=WAN protocol=icmp add action=drop chain=forward comment="Deny spynet to others gammel" \ disabled=yes in-interface="spynet vlan" out-interface="!spynet vlan" add action=drop chain=forward comment="Blokker spynet - wan gammel" disabled=\ yes in-interface="spynet vlan" out-interface-list=WAN add action=drop chain=forward comment="Drop all other gammel" disabled=yes /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN
/ip firewall address-list add address=192.168.77.1-192.168.77.254 comment=Trusted list=Trusted add address=192.168.66.1-192.168.66.254 comment="Untrusted spynet" list=\ Untrusted add address=192.168.88.1-192.168.88.254 comment="Untrusted guest" list=\ Untrusted add address=192.168.66.1-192.168.66.254 comment="Untrusted spynet" list=\ "Untrusted spynet" add address=192.168.88.1-192.168.88.254 comment="Untrusted guest" list=\ "Untrusted guest" /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \ protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \ dst-address=127.0.0.1 add action=drop chain=input comment="Nekt spynet og gjest til winbox" \ disabled=yes dst-port=7777 in-interface="!main vlan" protocol=tcp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yes add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=accept chain=forward comment="Tillat guest til pihole dns" \ dst-address=192.168.66.11 in-interface="guest vlan" add action=accept chain=forward comment=\ "Tillat trusted vlan til untrusted vlan" dst-address-list=Untrusted \ src-address-list=Trusted add action=accept chain=forward comment="Tillat guest til wan" \ out-interface-list=WAN src-address-list="Untrusted guest" add action=drop chain=forward comment="Nekt gjest til andre" \ dst-address-list="!Untrusted guest" src-address-list="Untrusted guest" add action=accept chain=forward comment="Tillat pi-hole - wan" \ out-interface-list=WAN src-address=192.168.66.11 add action=accept chain=forward comment="Tillat roomba - wan" disabled=yes \ out-interface-list=WAN src-address=192.168.66.248 add action=accept chain=forward comment="Tillat home assistant - wan" \ out-interface-list=WAN src-address=192.168.66.12 add action=accept chain=forward comment="Tillat pow-u - wan" \ out-interface-list=WAN src-address=192.168.66.13 add action=accept chain=forward comment="Tillat TV - wan" out-interface-list=\ WAN src-address=192.168.66.15 add action=accept chain=forward comment="Tillat catcam - wan" \ out-interface-list=WAN src-address=192.168.66.16 add action=drop chain=forward comment="Nekt spynet til alt" dst-address-list=\ "!Untrusted spynet" src-address-list="Untrusted spynet" add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=accept chain=input comment="Allow main vlan full access gammel" \ disabled=yes in-interface="main vlan" add action=drop chain=input comment="Dropp all other gammel" disabled=yes add action=drop chain=input comment="Block ping from internet gammel" \ disabled=yes in-interface-list=WAN protocol=icmp add action=drop chain=forward comment="Deny spynet to others gammel" \ disabled=yes in-interface="spynet vlan" out-interface="!spynet vlan" add action=drop chain=forward comment="Blokker spynet - wan gammel" disabled=\ yes in-interface="spynet vlan" out-interface-list=WAN add action=drop chain=forward comment="Drop all other gammel" disabled=yes /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN
|