# Define User Variables
:global ddnsuser "USERNAME"
:global ddnspass "PASS"
:global ddnshost "DOMAIN NAME"
# Define Global Variables
:global ddnsip
:global ddnslastip
:if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" }
:global ddnsinterface
:global ddnssystem ("mt-" . [/system package get system version] )
# Define Local Variables
:local int
# Loop thru interfaces and look for ones containing
# default gateways without routing-marks
:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={
:if ([:typeof [/ip route get $int routing-mark ]] != str ) do={
:global ddnsinterface [/ip route get $int interface]
}
}
# Grab the current IP address on that interface.
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface ] address ]
# Did we get an IP address to compare?
:if ([ :typeof $ddnsip ] = nil ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")
} else={
:if ($ddnsip != $ddnslastip) do={
:log info "DDNS: Sending UPDATE!"
:log info [ :put [/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ] ]
:global ddnslastip $ddnsip
} else={
:log info "DDNS: No update required."
}
}
# End of script
DDNS Script for(changeip.com) Mikrotik.
Thursday, 25 October 2012
mikrotik pppoe
/ip address add address=192.168.0.1/24 comment=LAN disabled=no interface=LAN network=192.168.0.0 add address=192.168.1.2/24 comment=WAN disabled=no interface=WAN network=192.168.1.0 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10 /ip pool add name=pppoe-users-pool ranges=192.168.0.3-192.168.0.253 /interface pppoe-server server add authentication=pap default-profile=default disabled=no interface=LAN keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=adeelkml.com /ppp profile add change-tcp-mss=default dns-server=8.8.8.8 local-address=192.168.0.1 name=pppoe-profile only-one=yes remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default /ip firewall nat add action=masquerade chain=srcnat disabled=no src-address=192.168.0.1-192.168.0.255 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8 /ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=adeel password=1234 profile=pppoe-profile routes="" service=pppoe
mikrotik hotspot
/ip address add address=192.168.0.1/24 comment=Out to users disabled=no interface=LAN network=192.168.0.0 add address=192.168.1.6/24 comment=INTERNET disabled=no interface=WAN network=192.168.1.0 /ip pool add name=hs-pool-1 ranges=192.168.0.10-192.168.0.255 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=208.67.222.222 /ip dhcp-server add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=1h name=dhcp1 /ip dhcp-server config set store-leases-disk=5m /ip dhcp-server network add address=192.168.0.0/24 comment="hotspot network" gateway=192.168.0.1 /ip hotspot profile set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no add dns-name=login.adeelkml.net hotspot-address=192.168.0.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no /ip hotspot add address-pool=hs-pool-1 addresses-per-mac=1 disabled=no idle-timeout=15m interface=LAN keepalive-timeout=none name=hotspot1 profile=hsprof1 /ip hotspot user profile set default idle-timeout=15m keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes /ip hotspot service-port set ftp disabled=yes ports=21 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=192.168.0.1 /ip hotspot set numbers=hotspot1 address-pool=none /ip firewall nat add action=masquerade chain=srcnat disabled=no /ip hotspot user add disabled=no name=admin password=123 profile=default add disabled=no name=adeel password=1234 profile="512k Limit" server=hotspot1 add disabled=no name=adeel-256k password=1234 profile="256k Limit" server=hotspot1 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
Email Auto backup mikrotik
/system script add name=backup policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":log info \"backup beginning now\"\r\ \n:global backupfile ([/system identity get name] . \"-\" . [/system clock get time])\r\ \n/system backup save name=\$backupfile\r\ \n:log info \"backup pausing for 60s Adeelkml.com\"\r\ \n:delay 60s\r\ \n:log info \"backup being emailed\"\r\ \n/tool e-mail send to=\"dil515283@yahoo.com\" subject=(\" Backup Winbox _ \" . [/system clock get date] . \" - \" . [/system clock get time]) tls=yes file=\$backupfile\r\ \n:log info \"backup pausing for 60s adeelkml.com\"\r\ \n:delay 60s\r\ \n/file remove \$backupfile\r\ \n:log info \"Fileremoved\"\r\ \n:log info \"backup finished\"" add name=backup-USER policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":log info \"backup beginning now\"\r\ \n:global backupfile ([/system identity get name] . \"-\" . [/system clock get time])\r\ \n/tool user-manager database save name=\$backupfile\r\ \n:log info \"backup pausing for 60s\"\r\ \n:delay 60s\r\ \n:log info \"backup being emailed\"\r\ \n/tool e-mail send to=\"dil515283@yahoo.com\" subject=(\" Backup Winbox _ \" tls=yes . [/system clock get date] . \" - \" . [/system clock get time]) tls=yes file=\$backupfile\r\ \n:log info \"backup pausing for 60s\"\r\ \n:delay 60s\r\ \n/file remove \$backupfile\r\ \n:log info \"Fileremoved\"\r\ \n:log info \"backup finished\"" /system scheduler add comment="" disabled=no interval=1w name=sched_backup on-event=backup policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive start-date=jan/01/1970 \ start-time=07:30:00 add comment="" disabled=no interval=1w name=backup-USER on-event=backup-USER policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive start-date=jan/01/1970 \ start-time=07:30:00
Commands for new proxy Scripts
Source:aacable.wordpress.com
Credits:Syed Jahanzaib
Note:Copy One Line at a time
1:Create file
touch /etc/fw.sh
2:Change permissions
chmod +x /etc/fw.sh
3:Edit File
nano /etc/fw.sh
(Add the script simple internet sharing)
4:Run
/etc/fw.sh
5:Place shortcut
/etc/rc.local
6:Upgrade DNS
apt-get install dnsmasq
7:Update system
apt-get update
8:Install Squid
apt-get install squid
9:Edit squid.conf
nano /etc/squid/squid.conf
(Add the script squid.conf)
10:create storeurl.pl
touch /etc/squid/storeurl.pl
chmod +x /etc/squid/storeurl.pl
11:Edit store URL
nano /etc/squid/storeurl.pl
(Add store URL Script)
12:Install Nginx
apt-get install nginx
13:Edit Nginx.conf
nano /etc/nginx/nginx.conf
(Delete all lines in Nginx.conf)
(Donot Add the script Nginx.conf)
14:Create directories to hold cache files
mkdir /usr/local/www
mkdir /usr/local/www/nginx_cache
mkdir /usr/local/www/nginx_cache/tmp
mkdir /usr/local/www/nginx_cache/files
chown www-data /usr/local/www/nginx_cache/files/ -Rf
15:create nginx.rb file
touch /etc/nginx/nginx.rb
chmod 755 /etc/nginx/nginx.rb
16:edit Nginx.rb
nano /etc/nginx/nginx.rb
(Add script Nginx.rb)
17:Install Ruby
apt-get install ruby
18:create cache dir
mkdir /cache1
chown proxy:proxy /cache1
chmod -R 777 /cache1
19:Start dir
squid -z
20:Start squid
service squid start
21:Restart Nginx
service nginx restart
22:Chek cached videos
ls -lh /usr/local/www/nginx_cache/files
23:chek cache hit
tail -f /var/log/squid/access.log | grep HIT
Nginx Rb scripts
#!/usr/bin/env ruby1.8
# This script is not written by me,
# My Email address is inserted Just for tracking purposes
# For more info, visit http://code.google.com/p/youtube-cache/
# Syed Jahanzaib / aacable [at] hotmail.com
# url_rewrite_program <path>/nginx.rb
# url_rewrite_host_header off
require "syslog"
require "base64"
class SquidRequest
attr_accessor :url, :user
attr_reader :client_ip, :method
def method=(s)
@method = s.downcase
end
def client_ip=(s)
@client_ip = s.split('/').first
end
end
def read_requests
# URL <SP> client_ip "/" fqdn <SP> user <SP> method [<SP> kvpairs]<NL>
STDIN.each_line do |ln|
r = SquidRequest.new
r.url, r.client_ip, r.user, r.method, *dummy = ln.rstrip.split(' ')
(STDOUT << "#{yield r}\n").flush
end
end
def log(msg)
Syslog.log(Syslog::LOG_ERR, "%s", msg)
end
def main
Syslog.open('nginx.rb', Syslog::LOG_PID)
log("Started")
read_requests do |r|
if r.method == 'get' && r.url !~ /[?&]begin=/ && r.url =~ %r{\Ahttp://[^/]+\.youtube\.com/(videoplayback\?.*)\z}
log("YouTube Video [#{r.url}].")
"http://127.0.0.1:8081/#{$1}"
else
r.url
end
end
end
main
Internet sharing scripts
#!/bin/sh # ------------------------------------------------------------------------------------ # See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html # (c) 2006, nixCraft under GNU/GPL v2.0+ # http://adeelkml.com # ------------------------------------------------------------------------------------- ## Squid Server LAN IP Address SQUID_SERVER="192.168.2.1" ## Interface connected to Internet INTERNET="eth1" ## Interface connected to LAN LAN_IN="eth0" ## Squid port SQUID_PORT="8080" # Clear old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X ## Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp ## For win xp ftp client ## modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward ## Setting default filter policy ## iptables -P INPUT DROP iptables -P OUTPUT ACCEPT ## Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT ## Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT ## set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT ## unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT ## DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT ## if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT ## LOG everything iptables -A INPUT -j LOG ## Drop Everything else. I m not enabling it, use it at your own. ##iptables -A INPUT -j DROP
Internet sharing
#!/bin/sh # ------------------------------------------------------------------------------------ # See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html # (c) 2006, nixCraft under GNU/GPL v2.0+ # http://adeelkml.com # ------------------------------------------------------------------------------------- ## Squid Server LAN IP Address SQUID_SERVER="192.168.2.1" ## Interface connected to Internet INTERNET="eth1" ## Interface connected to LAN LAN_IN="eth0" ## Squid port SQUID_PORT="8080" # Clear old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X ## Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp ## For win xp ftp client ## modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward ## Setting default filter policy ## iptables -P INPUT DROP iptables -P OUTPUT ACCEPT ## Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT ## Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT ## set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT ## unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT ## DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT ## if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT ## LOG everything iptables -A INPUT -j LOG ## Drop Everything else. I m not enabling it, use it at your own. ##iptables -A INPUT -j DROP
cmand
Source:aacable.wordpress.com Credits:Syed Jahanzaib 1:Create file touch /etc/fw.sh 2:Change permissions chmod +x /etc/fw.sh 3:Edit File nano /etc/fw.sh (Add the script simple internet sharing) 4:Run /etc/fw.sh 5:Place shortcut /etc/rc.local 6:Upgrade DNS apt-get install dnsmasq 7:Update system apt-get update 8:Install Squid apt-get install squid 9:Edit squid.conf nano /etc/squid/squid.conf (Add the script squid.conf) 10:Install Nginx apt-get install nginx 11:Edit Nginx.conf nano /etc/nginx/nginx.conf (Add the script Nginx.conf) 12:Create directories to hold cache files mkdir /usr/local/www mkdir /usr/local/www/nginx_cache mkdir /usr/local/www/nginx_cache/tmp mkdir /usr/local/www/nginx_cache/files chown www-data /usr/local/www/nginx_cache/files/ -Rf 13:create nginx.rb file touch /etc/nginx/nginx.rb chmod 755 /etc/nginx/nginx.rb 14:edit Nginx.rb nano /etc/nginx/nginx.rb (Add script Nginx.rb) 15:Install Ruby apt-get install ruby 16:create cache dir mkdir /cache1 chown proxy:proxy /cache1 chmod -R 777 /cache1 17:Start dir squid -z 18:Start squid service squid start 19:Restart Nginx service nginx restart 20:Chek cached videos ls -lh /usr/local/www/nginx_cache/files 21:chek cache hit tail -f /var/log/squid/access.log | grep HIT
Nginx Rb(Updated)
#!/usr/bin/env ruby1.8
# This script is not written by me,
# My Email address is inserted Just for tracking purposes
# For more info, visit http://code.google.com/p/youtube-cache/
# Syed Jahanzaib / aacable [at] hotmail.com
# url_rewrite_program <path>/nginx.rb
# url_rewrite_host_header off
require "syslog"
require "base64"
class SquidRequest
attr_accessor :url, :user
attr_reader :client_ip, :method
def method=(s)
@method = s.downcase
end
def client_ip=(s)
@client_ip = s.split('/').first
end
end
def read_requests
# URL <SP> client_ip "/" fqdn <SP> user <SP> method [<SP> kvpairs]<NL>
STDIN.each_line do |ln|
r = SquidRequest.new
r.url, r.client_ip, r.user, r.method, *dummy = ln.rstrip.split(' ')
(STDOUT << "#{yield r}\n").flush
end
end
def log(msg)
Syslog.log(Syslog::LOG_ERR, "%s", msg)
end
def main
Syslog.open('nginx.rb', Syslog::LOG_PID)
log("Started")
read_requests do |r|
if r.method == 'get' && r.url !~ /[?&]begin=/ && r.url =~ %r{\Ahttp://[^/]+\.youtube\.com/(videoplayback\?.*)\z}
log("YouTube Video [#{r.url}].")
"http://127.0.0.1:8081/#{$1}"
else
r.url
end
end
end
main
Nginx Conf(Updated)
# This config file is not written by me,
# My Email address is inserted Just for tracking purposes
# For more info, visit http://code.google.com/p/youtube-cache/
# Syed Jahanzaib / aacable [at] hotmail.com
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_static on;
gzip_comp_level 6;
gzip_disable .msie6.;
gzip_vary on;
gzip_types text/plain text/css text/xml text/javascript application/json application/x-javascript application/xml application/xml+rss;
gzip_proxied expired no-cache no-store private auth;
gzip_buffers 16 8k;
gzip_http_version 1.1;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# starting youtube section
server {
listen 127.0.0.1:8081;
location / {
root /usr/local/www/nginx_cache/files;
#try_files "/id=$arg_id.itag=$arg_itag" @proxy_youtube; # Old one
#try_files "$uri" "/id=$arg_id.itag=$arg_itag.flv" "/id=$arg_id-range=$arg_range.itag=$arg_itag.flv" @proxy_youtube; #old2
try_files "/id=$arg_id.itag=$arg_itag.range=$arg_range.algo=$arg_algorithm" @proxy_youtube;
}
location @proxy_youtube {
resolver 221.132.112.8;
proxy_pass http://$host$request_uri;
proxy_temp_path "/usr/local/www/nginx_cache/tmp";
#proxy_store "/usr/local/www/nginx_cache/files/id=$arg_id.itag=$arg_itag"; # Old 1
proxy_store "/usr/local/www/nginx_cache/files/id=$arg_id.itag=$arg_itag.range=$arg_range.algo=$arg_algorithm";
proxy_ignore_client_abort off;
proxy_method GET;
proxy_set_header X-YouTube-Cache "aacable@hotmail.com";
proxy_set_header Accept "video/*";
proxy_set_header User-Agent "YouTube Cacher (nginx)";
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "";
proxy_set_header Accept-Charset "";
proxy_set_header Cache-Control "";}
}
}
nternet Sharing Script
#!/bin/sh # ------------------------------------------------------------------------------------ # See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html # (c) 2006, nixCraft under GNU/GPL v2.0+ # http://adeelkml.com # ------------------------------------------------------------------------------------- ## Squid Server LAN IP Address SQUID_SERVER="192.168.2.1" ## Interface connected to Internet INTERNET="eth1" ## Interface connected to LAN LAN_IN="eth0" ## Squid port SQUID_PORT="8080" # Clear old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X ## Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp ## For win xp ftp client ## modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward ## Setting default filter policy ## iptables -P INPUT DROP iptables -P OUTPUT ACCEPT ## Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT ## Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT ## set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT ## unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT ## DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT ## if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT ## LOG everything iptables -A INPUT -j LOG ## Drop Everything else. I m not enabling it, use it at your own. ##iptables -A INPUT -j DROP
2 WAN loadbalancing nth method
/ip address add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 comment="" disabled=no add address=192.168.2.3/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 comment="" disabled=no add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=internal comment="" disabled=no /ip firewall mangle add chain=prerouting in-interface=internal connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no add chain=prerouting in-interface=internal connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no add chain=prerouting in-interface=internal connection-state=new nth=1,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no add chain=prerouting in-interface=internal connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no /ip firewall nat add chain=srcnat connection-mark=conn1 action=masquerade out-interface=WAN1 comment="" disabled=no add chain=srcnat connection-mark=conn2 action=masquerade out-interface=WAN2 comment="" disabled=no /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
4X WAN Load Balancing PCC method
/ip address add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0 add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0 add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0 add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0 add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0 /ip firewall mangle add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255 add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255 add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255 /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10 add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10
2X WAN LoadBalancing PCC Method
/ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8 /ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1 add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2 add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1 add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2 /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping /ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade add chain=srcnat out-interface=WAN2 action=masquerade
Subscribe to:
Posts (Atom)