Scribd
Upload
72 views5 pages

Balanceo 7 Lineas Ppoe

This document contains configuration settings for a MikroTik router. It configures 7 PPPOE client interfaces for internet connections on ethernet ports 1-7. It sets up network address translation, firewall rules, and DHCP services to share the internet connections via a local network on ethernet port 10.

Uploaded by

Dario Rafael Lopez Fana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
72 views5 pages

Balanceo 7 Lineas Ppoe

This document contains configuration settings for a MikroTik router. It configures 7 PPPOE client interfaces for internet connections on ethernet ports 1-7. It sets up network address translation, firewall rules, and DHCP services to share the internet connections via a local network on ethernet port 10.

Uploaded by

Dario Rafael Lopez Fana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

# jan/18/2018 13:05:16 by RouterOS 6.40.

4
# software id = Z556-58AA
#
# model = CCR1016-12G
# serial number = 574B05177BB4
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=Fibra01
set [ find default-name=ether2 ] arp=proxy-arp comment=Fibra02
set [ find default-name=ether3 ] arp=proxy-arp comment=Fibra03
set [ find default-name=ether4 ] arp=proxy-arp comment=Fibra04
set [ find default-name=ether5 ] arp=proxy-arp comment=Fibra05
set [ find default-name=ether6 ] arp=proxy-arp comment=Fibra06
set [ find default-name=ether7 ] arp=proxy-arp comment=Fibra07
set [ find default-name=ether10 ] arp=proxy-arp comment=LAN

/interface pppoe-client
add disabled=no interface=ether1 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 name=pppoe-out1 password=8093824687 use-peer-dns=yes user=8093824687
add disabled=no interface=ether2 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 name=pppoe-out2 password=8097242309 use-peer-dns=yes user=8097242309
add disabled=no interface=ether3 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out3 password=8093824811 use-peer-dns=yes user=\
8093824811
add disabled=no interface=ether4 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out4 password=8097245061 use-peer-dns=yes user=\
8097245061
add disabled=no interface=ether5 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out5 password=8097245061 use-peer-dns=yes user=\
8097245061
add disabled=no interface=ether6 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out6 password=8097345277 use-peer-dns=yes user=\
8097345277
add disabled=no interface=ether7 keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out7 password=8097245061 use-peer-dns=yes user=\
8097245061

/ip neighbor discovery


set pppoe-out1 discover=no
set pppoe-out2 discover=no
set pppoe-out3 discover=no
set pppoe-out4 discover=no
set pppoe-out5 discover=no
set pppoe-out6 discover=no
set pppoe-out7 discover=no

/interface wireless security-profiles


set [ find default=yes ] supplicant-identity=MikroTik

/ip ipsec proposal


set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool
add name=dhcp_pool1 ranges=192.168.84.2-192.168.84.99

/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether10 lease-time=3d name=dhcp1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=192.168.84.1/24 interface=ether10 network=192.168.84.0

/ip dhcp-server network


add address=192.168.84.0/24 gateway=192.168.84.1

/ip dns
set allow-remote-requests=yes max-udp-packet-size=20000 servers=\
200.88.127.22,8.8.8.8,8.8.4.4,196.3.81.132

/ip firewall filter


add action=drop chain=input comment="Bloqueo webproxy externo" dst-port=8080 \
in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input comment="Bloqueo DNS cache externo" dst-port=53 \
in-interface=pppoe-out1 protocol=udp
add action=drop chain=input in-interface=pppoe-out1 packet-size=128-65535 \
protocol=icmp
add action=drop chain=input in-interface=pppoe-out1 protocol=icmp
add action=drop chain=input comment="Bloquear Ataques FTP" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="Proteccion VSC contra ataques via SSH" \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=input comment="Bloquear Ataques FTP" dst-port=66 \
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="Proteccion VSC contra ataques via SSH" \
dst-port=65 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=65 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=65 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=65 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=65 \
protocol=tcp

/ip firewall mangle


add action=mark-connection chain=input in-interface=pppoe-out1 \
new-connection-mark=pppoe-out1_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out2 \


new-connection-mark=pppoe-out2_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out3 \


new-connection-mark=pppoe-out3_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out4 \


new-connection-mark=pppoe-out4_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out5 \


new-connection-mark=pppoe-out5_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out6 \


new-connection-mark=pppoe-out6_conn passthrough=yes

add action=mark-connection chain=input in-interface=pppoe-out7 \


new-connection-mark=pppoe-out7_conn passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out1_conn \


new-routing-mark=to_pppoe-out1 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out2_conn \


new-routing-mark=to_pppoe-out2 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out3_conn \


new-routing-mark=to_pppoe-out3 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out4_conn \


new-routing-mark=to_pppoe-out4 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out5_conn \


new-routing-mark=to_pppoe-out5 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out6_conn \


new-routing-mark=to_pppoe-out6 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out7_conn \


new-routing-mark=to_pppoe-out7 passthrough=yes

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/0

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/1

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/2

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/3

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out5_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/4

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out6_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/5

add action=mark-connection chain=prerouting dst-address-type=!local \


in-interface=ether10 new-connection-mark=pppoe-out7_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:7/6

add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out1 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out2 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out3 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out4_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out4 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out5_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out5 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out6_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out6 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=pppoe-out7_conn \


in-interface=ether10 new-routing-mark=to_pppoe-out7 passthrough=yes

/ip firewall nat


add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=masquerade chain=srcnat out-interface=pppoe-out4
add action=masquerade chain=srcnat out-interface=pppoe-out5
add action=masquerade chain=srcnat out-interface=pppoe-out6
add action=masquerade chain=srcnat out-interface=pppoe-out7

/ip firewall service-port


set ftp ports=66

/ip route
add check-gateway=ping distance=3 gateway=pppoe-out3 routing-mark=\
to_pppoe-out3

add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=\


to_pppoe-out1
add check-gateway=ping distance=2 gateway=pppoe-out2 routing-mark=\
to_pppoe-out2

add check-gateway=ping distance=4 gateway=pppoe-out4 routing-mark=\


to_pppoe-out4

add check-gateway=ping distance=5 gateway=pppoe-out5 routing-mark=\


to_pppoe-out5

add check-gateway=ping distance=6 gateway=pppoe-out6 routing-mark=\


to_pppoe-out6

add check-gateway=ping distance=7 gateway=pppoe-out7 routing-mark=\


to_pppoe-out7

add check-gateway=ping distance=1 gateway=pppoe-out1


add check-gateway=ping distance=2 gateway=pppoe-out2
add check-gateway=ping distance=3 gateway=pppoe-out3
add check-gateway=ping distance=4 gateway=pppoe-out4
add check-gateway=ping distance=5 gateway=pppoe-out5
add check-gateway=ping distance=6 gateway=pppoe-out6
add check-gateway=ping distance=7 gateway=pppoe-out7

/ip service
set ftp port=66
set www port=83
set ssh port=65
set api disabled=yes

/system clock
set time-zone-name=America/Santo_Domingo

/system resource irq rps


set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether10 disabled=no

You might also like