Tuesday, May 31, 2016

2 WANS ''WAN-1 FOR PPPoE USERS''---''WAN-2 FOR HOTPSOT USERS''

4 comments



/interface ethernet
set [ find default-name=ether1 ] name=ether1-Wan1
set [ find default-name=ether2 ] name=ether2-Wan2
set [ find default-name=ether3 ] name=ether3-PPPoE
set [ find default-name=ether4 ] name=ether4-Hotspot
set [ find default-name=ether5 ] name=ether5
/ip address
add address=192.168.10.2/24 interface=ether1-Wan1 network=192.168.10.0
add address=192.168.11.2/24 interface=ether2-Wan2 network=192.168.11.0
add address=10.10.0.1/24 interface=ether3-PPPoE network=10.10.0.0
add address=192.168.50.1/24 interface=ether4-Hotspot network=192.168.50.0
/ip route
add distance=1 gateway=192.168.10.1
add distance=1 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat comment="WAN1 MASQUERADE" out-interface=ether1-Wan1
add action=masquerade chain=srcnat comment="WAN2 MASQUERADE" out-interface=ether2-Wan2
add action=masquerade chain=srcnat disabled=no src-address=\
    172.16.1.2-172.16.1.254
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.50.0/24
/ip firewall mangle
add action=mark-routing chain=prerouting comment="PPPoE GO THAROUGH WAN1" new-routing-mark=pppoe-wan1 src-address=172.16.1.2-172.16.1.254
add action=mark-routing chain=prerouting comment="HOTSPOT GO THAROUGH WAN2" new-routing-mark=hotspot-wan2 src-address=192.168.50.0/24
/ip route
add distance=1 gateway=192.168.10.1 routing-mark=pppoe-wan1
add distance=1 gateway=192.168.11.1 routing-mark=hotspot-wan2
/system note set note="Server Configuration By <HAMZA KHALIL> (www.itlearnweb.com)" show-at-login=yes
/ip pool
add name=ppp ranges=172.16.1.2-172.16.1.254
add name=hs-pool-4 ranges=192.168.50.2-192.168.50.254
: log warning "PPPoE setup is started by Hamza Khalil"
/interface pppoe-server server
add authentication=pap,chap default-profile=default disabled=no interface=\
    ether3-PPPoE keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=\
    disabled one-session-per-host=yes service-name=service1
/ppp profile
set 0 change-tcp-mss=yes dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name=default only-one=default remote-address=ppp use-compression=\
    default
add change-tcp-mss=default dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name=2MB only-one=yes rate-limit=500K/2M remote-address=ppp \
    use-compression=default
add change-tcp-mss=default dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name="my profile" only-one=default remote-address=ppp \
    use-compression=default
: log warning "PPPoE setup is completed by Hamza Khalil"
: log warning "Hotspot setup is starting by Hamza Khalil"
/ip hotspot profile
add dns-name=login.net hotspot-address=192.168.50.1 login-by=\
    http-chap,https,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \

    mac-cookie-timeout=3d
/ip dhcp-server
add address-pool=hs-pool-4 disabled=no interface=ether4 lease-time=1h name=\
    dhcp1
/ip hotspot
add address-pool=hs-pool-4 disabled=no interface=ether4 name=hotspot1 profile=\
    hsprof1
/ip dhcp-server network
add address=192.168.50.0/24 comment="hotspot network" gateway=192.168.50.1
: log warning "full setup is completed by Hamza Khalil"

DOWNLOAD BACKUP FILE AND SCRIPT

Tuesday, May 24, 2016

Block Hotspot Shield And Other VPN Ports

7 comments

/ip firewall address-list
add address=157.56.106.0/24 list=HotspotShield-itlearnweb
add address=157.56.144.0/24 list=HotspotShield-itlearnweb
add address=198.144.116.0/24 list=HotspotShield-itlearnweb
add address=204.14.77.0/24 list=HotspotShield-itlearnweb
add address=204.14.0.0/16 list=HotspotShield-itlearnweb
add address=205.164.34.0/24 list=HotspotShield-itlearnweb
add address=209.73.0.0/16 list=HotspotShield-itlearnweb
add address=212.118.232.0/24 list=HotspotShield-itlearnweb
add address=216.172.138.0/24 list=HotspotShield-itlearnweb
add address=216.172.0.0/16 list=HotspotShield-itlearnweb
add address=46.0.0.0/8 list=HotspotShield-itlearnweb
add address=66.171.229.0/24 list=HotspotShield-itlearnweb
add address=68.68.107.0/24 list=HotspotShield-itlearnweb
add address=68.68.108.0/24 list=HotspotShield-itlearnweb
add address=69.22.168.0/24 list=HotspotShield-itlearnweb
add address=69.22.170.0/24 list=HotspotShield-itlearnweb
add address=74.115.0.0/16 list=HotspotShield-itlearnweb
add address=94.245.121.0/24 list=HotspotShield-itlearnweb
add address=69.22.185.0/24 list=HotspotShield-itlearnweb
add address=174.129.0.0/16 list=HotspotShield-itlearnweb
add address=216.172.135.0/24 list=HotspotShield-itlearnweb
add address=67.220.0.0/16 list=HotspotShield-itlearnweb
add address=50.0.0.0/8 list=HotspotShield-itlearnweb
add address=79.125.0.0/16 list=HotspotShield-itlearnweb
add address=75.101.0.0/16 list=HotspotShield-itlearnweb
add address=176.56.0.0/16 list=HotspotShield-itlearnweb
add address=54.75.0.0/16 list=HotspotShield-itlearnweb
add address=54.161.0.0/16 list=HotspotShield-itlearnweb
add address=199.188.0.0/16 list=HotspotShield-itlearnweb
add address=64.55.144.0/24 list=HotspotShield-itlearnweb
add address=54.192.201.0/24 list=HotspotShield-itlearnweb
add address=173.245.64.0/24 list=HotspotShield-itlearnweb
add address=209.107.208.0/24 list=HotspotShield-itlearnweb
add address=209.107.208.0/24 list=HotspotShield-itlearnweb
add address=66.160.196.0/24 list=HotspotShield-itlearnweb
add address=68.68.108.0/24 list=HotspotShield-itlearnweb
add address=216.151.191.0/24 list=HotspotShield-itlearnweb
add address=85.237.211.0/24 list=HotspotShield-itlearnweb
add address=68.68.107.0/24 list=HotspotShield-itlearnweb
add address=206.223.118.0/24 list=HotspotShield-itlearnweb
add address=72.52.92.0/24 list=HotspotShield-itlearnweb
add address=64.71.150.0/24 list=HotspotShield-itlearnweb
add address=72.13.93.0/24 list=HotspotShield-itlearnweb
add address=68.68.109.0/24 list=HotspotShield-itlearnweb
add address=69.31.103.0/24 list=HotspotShield-itlearnweb
add address=205.164.34.0/24 list=HotspotShield-itlearnweb
add address=216.151.191.0/24 list=HotspotShield-itlearnweb
add address=173.245.64.0/24 list=HotspotShield-itlearnweb
/ip firewall filter
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Addresses /www.itlearnweb.com" src-address-list=\
    HotspotShield-itlearnweb
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Ports /www.itlearnweb.com" dst-port=\
    5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
    protocol=tcp
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Ports /www.itlearnweb.com" dst-port=\
    5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
    protocol=udp
add action=drop chain=forward comment=\
    "Block Other VPN Ports (PPTP,L2TP,IPSec)/www.itlearnweb.com" dst-port=\
    1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment=\
    "Block Other VPN Ports (PPTP,L2TP,IPSec)/www.itlearnweb.com" dst-port=\
    1701,1723,47,4500,500 protocol=tcp


DOWNLOAD%20FULL%20SCRIPTS

Sunday, May 15, 2016

Simple Bandwidth Sharing With ''DHCP & QUEUE''

0 comments

First we configure DHCP fellow this post and configure ''DHCP SERVER''

Now we will setup Bandwidth Control (2M/300K per user)

/queue typeadd kind=pcq name=PCQ-DOW pcq-classifier=dst-address pcq-dst-address6-mask=64 \    pcq-rate=2M pcq-src-address6-mask=64add kind=pcq name=PCQ-UP pcq-classifier=src-address pcq-dst-address6-mask=64 \    pcq-rate=300k pcq-src-address6-mask=64
 /queue simpleadd comment="2MB PER USER " name=PCQ-2MB queue=PCQ-UP/PCQ-DOW target=\    192.168.10.0/24

Monday, May 9, 2016

EoIP Tunnel Configuration (Transparent Bridge)

1 comments

An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.
Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
  • The EoIP interface appears as an Ethernet interface under the interface list.
  • This interface supports all features of an Ethernet interface. IP addresses and other tunnels may be run over the interface.
  • The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
  • Maximal count of EoIP tunnels is 65536.
####Server Side####
/interface eoip add remote-address=10.10.0.4 tunnel-id=100 name=10.10.0.4-Branch2
/interface pppoe-server server add authentication=pap,chap disabled=no interface=10.10.0.30-Branch2 one-session-per-host=yes service-name=service2

####2nd Branch####
/interface eoip add remote-address=10.10.0.1 tunnel-id=100 name=Main-Branch
/interface bridge
add name=access
/interface bridge port
add bridge=access interface=ether2
add bridge=access interface=ether3
add bridge=access interface=ether4
add bridge=access interface=ether5
add bridge=access interface=Main-Branch
/ip address
add address=10.10.0.4/24 interface=ether1 network=10.10.0.0
add address=192.168.100.1/24 interface=access network=192.168.100.0

Result For Example Server_Side

Result For Example Other_Side

Sunday, May 8, 2016

Multiple Servers (DHCP, Hotspot & PPPoE) in one RB

1 comments
/interface ethernet
set [ find default-name=ether1 ] comment="Wan Network"
set [ find default-name=ether2 ] comment="Dhcp Server"
set [ find default-name=ether3 ] comment="Hotspot Server"
set [ find default-name=ether4 ] comment="PPPoE Server"
/ip address
add address=192.168.1.10/24 comment="Wan Network" interface=ether1 network=\
    192.168.1.0
add address=10.10.0.1/24 comment="PPP Network" interface=ether4 network=\
    10.10.0.0
add address=192.168.2.1/24 comment="DHCP Network" interface=ether2 network=\
    192.168.2.0
add address=192.168.3.1/24 comment="Hotspot Network" interface=ether3 \
    network=192.168.3.0
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=192.168.1.1
/ip pool
add name=hs-pool-3 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=ppp ranges=172.16.2.254-172.168.1.2
/ip dhcp-server
add address-pool=hs-pool-3 disabled=no interface=ether3 lease-time=1h name=\
    dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp2
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 comment="hotspot network" gateway=192.168.3.1
/ip hotspot
add address-pool=hs-pool-3 disabled=no interface=ether3 name=hotspot1 \
    profile=hsprof1
/ip hotspot profile
add dns-name=login.net hotspot-address=192.168.3.1 login-by=\
    http-chap,https,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=1Mb \
    rate-limit=300K/1M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=2Mb \
    rate-limit=300K/2M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=4Mb \
    rate-limit=1M/4M transparent-proxy=yes
/ip hotspot user
add name=admin password=admin
/interface pppoe-server server
add authentication=pap,chap disabled=no interface=ether4 \
    one-session-per-host=yes service-name=service1
/ppp profile
add local-address=10.10.0.1 name=1Mb only-one=yes rate-limit=300K/1M \
    remote-address=ppp
add local-address=10.10.0.1 name=2Mb only-one=yes rate-limit=300K/2M \
    remote-address=ppp
add local-address=10.10.0.1 name=4Mb only-one=yes rate-limit=1M/4M \
    remote-address=ppp
/ppp secret
add name=test password=test profile=4Mb service=p
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.3.0/24
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.2.2-192.168.2.254
add action=masquerade chain=srcnat comment="masqu
    src-address=172.16.1.2-172.16.2.254

DONLOAD%20SCRIPTS%20%20%26%20BACKUP%20FILE

Saturday, May 7, 2016

High Priority For Videos 4Mb Per User

15 comments


/ip firewall layer7-protocol
add name=youtube regexp="^.+(youtube|googlevideo.com).*\$"

/ip firewall mangle
add action=mark-packet chain=prerouting layer7-protocol=youtube new-packet-mark=youtube-pack passthrough=no

/queue simple
add max-limit=100M/100M name=all target=""
add max-limit=256k/256k name=pc parent=all target=192.168.50.252/32
/queue type
add kind=pcq name=Youtube-Dow-4Mb pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name=Youtube-Up-4Mb pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
/queue simple
add name=youtube packet-marks=youtube-pack parent=all queue=Youtube-Up-4Mb/Youtube-Dow-4Mb target=""



Wednesday, May 4, 2016

DHCP SERVER

2 comments
/interface ethernet
set [find default-name=ether1 ] name=ether1
set [find default-name=ether2 ] name=ether2
set [find default-name=ether3 ] name=ether3
set [find default-name=ether4 ] name=ether4
set [find default-name=ether5 ] name=ether5
set [ find default-name=ether2 ] master-port=ether5
set [ find default-name=ether3 ] master-port=ether5
set [ find default-name=ether4 ] master-port=ether5
set [ find default-name=ether1 ] comment="WAN NETWORK"
set [ find default-name=ether5 ] comment="DHCP SERVER"
/ip address
add address=192.168.1.10/24 comment="WAN NETWORK" interface=ether1 \
    network=192.168.1.0
add address=192.168.10.1/24 comment="DHCP SERVER NETWORK" interface=ether5 \
    network=192.168.10.0
/ip route
add distance=1 gateway=192.168.1.1
/ip dns
set servers=192.168.1.1,8.8.4.4
/ip pool
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether5 name=dhcp3
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip firewall nat
add action=masquerade chain=srcnat comment="DHCP SERVER MASQUERADE" \
    src-address=192.168.10.2-192.168.10.254 to-addresses=0.0.0.0

DOWNLOAD FULL SCRIPTS