Pages - Menu

Tuesday, May 31, 2016

2 WANS ''WAN-1 FOR PPPoE USERS''---''WAN-2 FOR HOTPSOT USERS''




/interface ethernet
set [ find default-name=ether1 ] name=ether1-Wan1
set [ find default-name=ether2 ] name=ether2-Wan2
set [ find default-name=ether3 ] name=ether3-PPPoE
set [ find default-name=ether4 ] name=ether4-Hotspot
set [ find default-name=ether5 ] name=ether5
/ip address
add address=192.168.10.2/24 interface=ether1-Wan1 network=192.168.10.0
add address=192.168.11.2/24 interface=ether2-Wan2 network=192.168.11.0
add address=10.10.0.1/24 interface=ether3-PPPoE network=10.10.0.0
add address=192.168.50.1/24 interface=ether4-Hotspot network=192.168.50.0
/ip route
add distance=1 gateway=192.168.10.1
add distance=1 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat comment="WAN1 MASQUERADE" out-interface=ether1-Wan1
add action=masquerade chain=srcnat comment="WAN2 MASQUERADE" out-interface=ether2-Wan2
add action=masquerade chain=srcnat disabled=no src-address=\
    172.16.1.2-172.16.1.254
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.50.0/24
/ip firewall mangle
add action=mark-routing chain=prerouting comment="PPPoE GO THAROUGH WAN1" new-routing-mark=pppoe-wan1 src-address=172.16.1.2-172.16.1.254
add action=mark-routing chain=prerouting comment="HOTSPOT GO THAROUGH WAN2" new-routing-mark=hotspot-wan2 src-address=192.168.50.0/24
/ip route
add distance=1 gateway=192.168.10.1 routing-mark=pppoe-wan1
add distance=1 gateway=192.168.11.1 routing-mark=hotspot-wan2
/system note set note="Server Configuration By <HAMZA KHALIL> (www.itlearnweb.com)" show-at-login=yes
/ip pool
add name=ppp ranges=172.16.1.2-172.16.1.254
add name=hs-pool-4 ranges=192.168.50.2-192.168.50.254
: log warning "PPPoE setup is started by Hamza Khalil"
/interface pppoe-server server
add authentication=pap,chap default-profile=default disabled=no interface=\
    ether3-PPPoE keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=0 mrru=\
    disabled one-session-per-host=yes service-name=service1
/ppp profile
set 0 change-tcp-mss=yes dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name=default only-one=default remote-address=ppp use-compression=\
    default
add change-tcp-mss=default dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name=2MB only-one=yes rate-limit=500K/2M remote-address=ppp \
    use-compression=default
add change-tcp-mss=default dns-server=10.10.0.1,192.168.10.1 local-address=\
    10.10.0.1 name="my profile" only-one=default remote-address=ppp \
    use-compression=default
: log warning "PPPoE setup is completed by Hamza Khalil"
: log warning "Hotspot setup is starting by Hamza Khalil"
/ip hotspot profile
add dns-name=login.net hotspot-address=192.168.50.1 login-by=\
    http-chap,https,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \

    mac-cookie-timeout=3d
/ip dhcp-server
add address-pool=hs-pool-4 disabled=no interface=ether4 lease-time=1h name=\
    dhcp1
/ip hotspot
add address-pool=hs-pool-4 disabled=no interface=ether4 name=hotspot1 profile=\
    hsprof1
/ip dhcp-server network
add address=192.168.50.0/24 comment="hotspot network" gateway=192.168.50.1
: log warning "full setup is completed by Hamza Khalil"

DOWNLOAD BACKUP FILE AND SCRIPT

at 4 comments:

Tuesday, May 24, 2016

Block Hotspot Shield And Other VPN Ports


/ip firewall address-list
add address=157.56.106.0/24 list=HotspotShield-itlearnweb
add address=157.56.144.0/24 list=HotspotShield-itlearnweb
add address=198.144.116.0/24 list=HotspotShield-itlearnweb
add address=204.14.77.0/24 list=HotspotShield-itlearnweb
add address=204.14.0.0/16 list=HotspotShield-itlearnweb
add address=205.164.34.0/24 list=HotspotShield-itlearnweb
add address=209.73.0.0/16 list=HotspotShield-itlearnweb
add address=212.118.232.0/24 list=HotspotShield-itlearnweb
add address=216.172.138.0/24 list=HotspotShield-itlearnweb
add address=216.172.0.0/16 list=HotspotShield-itlearnweb
add address=46.0.0.0/8 list=HotspotShield-itlearnweb
add address=66.171.229.0/24 list=HotspotShield-itlearnweb
add address=68.68.107.0/24 list=HotspotShield-itlearnweb
add address=68.68.108.0/24 list=HotspotShield-itlearnweb
add address=69.22.168.0/24 list=HotspotShield-itlearnweb
add address=69.22.170.0/24 list=HotspotShield-itlearnweb
add address=74.115.0.0/16 list=HotspotShield-itlearnweb
add address=94.245.121.0/24 list=HotspotShield-itlearnweb
add address=69.22.185.0/24 list=HotspotShield-itlearnweb
add address=174.129.0.0/16 list=HotspotShield-itlearnweb
add address=216.172.135.0/24 list=HotspotShield-itlearnweb
add address=67.220.0.0/16 list=HotspotShield-itlearnweb
add address=50.0.0.0/8 list=HotspotShield-itlearnweb
add address=79.125.0.0/16 list=HotspotShield-itlearnweb
add address=75.101.0.0/16 list=HotspotShield-itlearnweb
add address=176.56.0.0/16 list=HotspotShield-itlearnweb
add address=54.75.0.0/16 list=HotspotShield-itlearnweb
add address=54.161.0.0/16 list=HotspotShield-itlearnweb
add address=199.188.0.0/16 list=HotspotShield-itlearnweb
add address=64.55.144.0/24 list=HotspotShield-itlearnweb
add address=54.192.201.0/24 list=HotspotShield-itlearnweb
add address=173.245.64.0/24 list=HotspotShield-itlearnweb
add address=209.107.208.0/24 list=HotspotShield-itlearnweb
add address=209.107.208.0/24 list=HotspotShield-itlearnweb
add address=66.160.196.0/24 list=HotspotShield-itlearnweb
add address=68.68.108.0/24 list=HotspotShield-itlearnweb
add address=216.151.191.0/24 list=HotspotShield-itlearnweb
add address=85.237.211.0/24 list=HotspotShield-itlearnweb
add address=68.68.107.0/24 list=HotspotShield-itlearnweb
add address=206.223.118.0/24 list=HotspotShield-itlearnweb
add address=72.52.92.0/24 list=HotspotShield-itlearnweb
add address=64.71.150.0/24 list=HotspotShield-itlearnweb
add address=72.13.93.0/24 list=HotspotShield-itlearnweb
add address=68.68.109.0/24 list=HotspotShield-itlearnweb
add address=69.31.103.0/24 list=HotspotShield-itlearnweb
add address=205.164.34.0/24 list=HotspotShield-itlearnweb
add address=216.151.191.0/24 list=HotspotShield-itlearnweb
add address=173.245.64.0/24 list=HotspotShield-itlearnweb
/ip firewall filter
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Addresses /www.itlearnweb.com" src-address-list=\
    HotspotShield-itlearnweb
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Ports /www.itlearnweb.com" dst-port=\
    5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
    protocol=tcp
add action=drop chain=forward comment=\
    "Block Hotspot Shield by Ports /www.itlearnweb.com" dst-port=\
    5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
    protocol=udp
add action=drop chain=forward comment=\
    "Block Other VPN Ports (PPTP,L2TP,IPSec)/www.itlearnweb.com" dst-port=\
    1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment=\
    "Block Other VPN Ports (PPTP,L2TP,IPSec)/www.itlearnweb.com" dst-port=\
    1701,1723,47,4500,500 protocol=tcp


DOWNLOAD%20FULL%20SCRIPTS
at 10 comments:

Sunday, May 15, 2016

Simple Bandwidth Sharing With ''DHCP & QUEUE''

First we configure DHCP fellow this post and configure ''DHCP SERVER''

Now we will setup Bandwidth Control (2M/300K per user)

/queue typeadd kind=pcq name=PCQ-DOW pcq-classifier=dst-address pcq-dst-address6-mask=64 \    pcq-rate=2M pcq-src-address6-mask=64add kind=pcq name=PCQ-UP pcq-classifier=src-address pcq-dst-address6-mask=64 \    pcq-rate=300k pcq-src-address6-mask=64
 /queue simpleadd comment="2MB PER USER " name=PCQ-2MB queue=PCQ-UP/PCQ-DOW target=\    192.168.10.0/24
at 1 comment:

Monday, May 9, 2016

EoIP Tunnel Configuration (Transparent Bridge)


An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.
Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
  • The EoIP interface appears as an Ethernet interface under the interface list.
  • This interface supports all features of an Ethernet interface. IP addresses and other tunnels may be run over the interface.
  • The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
  • Maximal count of EoIP tunnels is 65536.
####Server Side####
/interface eoip add remote-address=10.10.0.4 tunnel-id=100 name=10.10.0.4-Branch2
/interface pppoe-server server add authentication=pap,chap disabled=no interface=10.10.0.30-Branch2 one-session-per-host=yes service-name=service2

####2nd Branch####
/interface eoip add remote-address=10.10.0.1 tunnel-id=100 name=Main-Branch
/interface bridge
add name=access
/interface bridge port
add bridge=access interface=ether2
add bridge=access interface=ether3
add bridge=access interface=ether4
add bridge=access interface=ether5
add bridge=access interface=Main-Branch
/ip address
add address=10.10.0.4/24 interface=ether1 network=10.10.0.0
add address=192.168.100.1/24 interface=access network=192.168.100.0

Result For Example Server_Side

Result For Example Other_Side

at 1 comment:

Sunday, May 8, 2016

Multiple Servers (DHCP, Hotspot & PPPoE) in one RB

/interface ethernet
set [ find default-name=ether1 ] comment="Wan Network"
set [ find default-name=ether2 ] comment="Dhcp Server"
set [ find default-name=ether3 ] comment="Hotspot Server"
set [ find default-name=ether4 ] comment="PPPoE Server"
/ip address
add address=192.168.1.10/24 comment="Wan Network" interface=ether1 network=\
    192.168.1.0
add address=10.10.0.1/24 comment="PPP Network" interface=ether4 network=\
    10.10.0.0
add address=192.168.2.1/24 comment="DHCP Network" interface=ether2 network=\
    192.168.2.0
add address=192.168.3.1/24 comment="Hotspot Network" interface=ether3 \
    network=192.168.3.0
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=192.168.1.1
/ip pool
add name=hs-pool-3 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=ppp ranges=172.16.2.254-172.168.1.2
/ip dhcp-server
add address-pool=hs-pool-3 disabled=no interface=ether3 lease-time=1h name=\
    dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp2
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 comment="hotspot network" gateway=192.168.3.1
/ip hotspot
add address-pool=hs-pool-3 disabled=no interface=ether3 name=hotspot1 \
    profile=hsprof1
/ip hotspot profile
add dns-name=login.net hotspot-address=192.168.3.1 login-by=\
    http-chap,https,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=1Mb \
    rate-limit=300K/1M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=2Mb \
    rate-limit=300K/2M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=4Mb \
    rate-limit=1M/4M transparent-proxy=yes
/ip hotspot user
add name=admin password=admin
/interface pppoe-server server
add authentication=pap,chap disabled=no interface=ether4 \
    one-session-per-host=yes service-name=service1
/ppp profile
add local-address=10.10.0.1 name=1Mb only-one=yes rate-limit=300K/1M \
    remote-address=ppp
add local-address=10.10.0.1 name=2Mb only-one=yes rate-limit=300K/2M \
    remote-address=ppp
add local-address=10.10.0.1 name=4Mb only-one=yes rate-limit=1M/4M \
    remote-address=ppp
/ppp secret
add name=test password=test profile=4Mb service=p
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.3.0/24
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.2.2-192.168.2.254
add action=masquerade chain=srcnat comment="masqu
    src-address=172.16.1.2-172.16.2.254

DONLOAD%20SCRIPTS%20%20%26%20BACKUP%20FILE
at 1 comment:

Saturday, May 7, 2016

High Priority For Videos 4Mb Per User



/ip firewall layer7-protocol
add name=youtube regexp="^.+(youtube|googlevideo.com).*\$"

/ip firewall mangle
add action=mark-packet chain=prerouting layer7-protocol=youtube new-packet-mark=youtube-pack passthrough=no

/queue simple
add max-limit=100M/100M name=all target=""
add max-limit=256k/256k name=pc parent=all target=192.168.50.252/32
/queue type
add kind=pcq name=Youtube-Dow-4Mb pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name=Youtube-Up-4Mb pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
/queue simple
add name=youtube packet-marks=youtube-pack parent=all queue=Youtube-Up-4Mb/Youtube-Dow-4Mb target=""



at 16 comments:

Wednesday, May 4, 2016

DHCP SERVER

/interface ethernet
set [find default-name=ether1 ] name=ether1
set [find default-name=ether2 ] name=ether2
set [find default-name=ether3 ] name=ether3
set [find default-name=ether4 ] name=ether4
set [find default-name=ether5 ] name=ether5
set [ find default-name=ether2 ] master-port=ether5
set [ find default-name=ether3 ] master-port=ether5
set [ find default-name=ether4 ] master-port=ether5
set [ find default-name=ether1 ] comment="WAN NETWORK"
set [ find default-name=ether5 ] comment="DHCP SERVER"
/ip address
add address=192.168.1.10/24 comment="WAN NETWORK" interface=ether1 \
    network=192.168.1.0
add address=192.168.10.1/24 comment="DHCP SERVER NETWORK" interface=ether5 \
    network=192.168.10.0
/ip route
add distance=1 gateway=192.168.1.1
/ip dns
set servers=192.168.1.1,8.8.4.4
/ip pool
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether5 name=dhcp3
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip firewall nat
add action=masquerade chain=srcnat comment="DHCP SERVER MASQUERADE" \
    src-address=192.168.10.2-192.168.10.254 to-addresses=0.0.0.0

DOWNLOAD FULL SCRIPTS

at 4 comments: