❗️Toto je původní verze internetového fóra ISPforum.cz do února 2020 bez možnosti registrace nových uživatelů. Aktivní verzi fóra naleznete na adrese https://telekomunikace.cz

LTE router do WAN mikrotik - problem rychlost

Návody a problémy s konfigurací.
matuskm
Příspěvky: 5
Registrován: 8 years ago

LTE router do WAN mikrotik - problem rychlost

Příspěvekod matuskm » 8 years ago

Nazdar,

vie mi niekto poradit preco na prvom routry (TP-link MR 200 je to LTE router od orangu) si pomocou speedtest.net nameram cca 90/25 a tento router mam napojeny do mikrotiku (RB750GL) ako WAN a za nim nameran cca 20/10 ????

Predtym som mal DLS 10/1 tak to islo na rovnako.

Je mozne, ze tento typ mikrotiku viac neda? Ved ma aj gigove porty.

Dal som to do konfiguracie lebo skor sa priklanam, ze je to len chybne nastavenie (aspon dufam :grinning:)

Dakujem.
0 x

Uživatelský avatar
pcwifi
Příspěvky: 2890
Registrován: 17 years ago
antispam: Ano
Bydliště: Brnensko

Příspěvekod pcwifi » 8 years ago

ten Tik toho da kopec, spis ukaz konfig co tam mas naprany, bez toho je to vareni z vody.
0 x
Umřel sem, tak do mě nekopte a nechte mne spát... z principu na leckoho můžu srát a leckdy to i dělám, prostě život :o)))

matuskm
Příspěvky: 5
Registrován: 8 years ago

Příspěvekod matuskm » 8 years ago

Kód: Vybrat vše

# jul/13/2017 07:58:51 by RouterOS 5.16
# software id = NFMC-804R
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:5E:70:48 \
    master-port=none mtu=1500 name=WAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:5E:70:49 \
    master-port=none mtu=1500 name=LAN2 speed=100Mbps
set 2 arp=proxy-arp auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=yes full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:5E:70:4A \
    master-port=LAN2 mtu=1500 name=ether3-VPN speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:5E:70:4B \
    master-port=LAN2 mtu=1500 name=ether4-slave-local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:5E:70:4C \
    master-port=LAN2 mtu=1500 name=ether5-slave-local speed=100Mbps
/interface gre
add disabled=no dscp=0 l2mtu=65535 local-address=192.168.1.163 mtu=1476 name=\
    gre-tunnel1 remote-address=185.59.186.3
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/ip firewall layer7-protocol
add name="block web" regexp=\
    "^.+(facebook.com|youtube.com|pokec.sk|azet.sk).*\$"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
    lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=default-dhcp ranges=192.168.1.150-192.168.1.170
add name=vpn-PPTP-pool next-pool=default-dhcp ranges=\
    192.168.1.220-192.168.1.225
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=LAN2 lease-time=3d name=default
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default
add change-tcp-mss=default dns-server=192.168.1.1 local-address=192.168.1.163 \
    name=PPTP only-one=default remote-address=vpn-PPTP-pool use-compression=\
    default use-encryption=yes use-mpls=default use-vj-compression=default
set 2 change-tcp-mss=yes name=default-encryption only-one=default \
    use-compression=default use-encryption=yes use-mpls=default \
    use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
    dial-on-demand=no disabled=yes interface=WAN max-mru=1480 max-mtu=1480 \
    mrru=disabled name="DSL - PPPoE - Nastrojaren" password=gb3czp profile=\
    default service-name="" use-peer-dns=no user=krfljoze23@dslbasic
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
    red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:A5:57:72:9D:EC \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=\
    1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.1/24 comment="default configuration" disabled=no \
    interface=LAN2 network=192.168.1.0
/ip arp
add address=10.10.10.1 disabled=no interface=WAN mac-address=\
    C0:25:E9:AE:5F:BD
add address=192.168.1.156 disabled=no interface=LAN2 mac-address=\
    00:E0:4D:72:24:12
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
    default-route-distance=1 disabled=no interface=WAN use-peer-dns=yes \
    use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.1.167 always-broadcast=yes client-id=1:e8:40:f2:a7:2c:b4 \
    comment="Marek Smolko" disabled=no mac-address=E8:40:F2:A7:2C:B4 server=\
    default
add address=192.168.1.170 always-broadcast=yes client-id=1:0:e0:4b:3b:46:98 \
    comment=EXERON disabled=no mac-address=00:E0:4B:3B:46:98 server=default
add address=192.168.1.165 always-broadcast=yes client-id=1:0:e0:4d:9d:e5:55 \
    comment="Slavomir Nicz" disabled=no mac-address=00:E0:4D:9D:E5:55 server=\
    default
add address=192.168.1.171 client-id=1:0:17:a4:1e:97:91 comment="PC Lisovna" \
    disabled=no mac-address=00:17:A4:1E:97:91 server=default
add address=192.168.1.160 client-id=1:0:16:17:flag_ec:31:3 comment=\
    "Peter Krizovensky" disabled=no mac-address=00:16:17:EC:31:03 server=\
    default
add address=192.168.1.169 client-id=1:18:3:73:flag_bd:b9:71 comment="PC Frezy" \
    disabled=no mac-address=18:03:73:BD:B9:71 server=default
add address=192.168.1.163 comment=Sekretariat disabled=no mac-address=\
    1C:6F:65:E9:55:16 server=default
add address=192.168.1.142 client-id=1:34:64:a9:15:fb:b6 comment=\
    "Lenka Lescinska" disabled=no mac-address=34:64:A9:15:FB:B6 server=\
    default
add address=192.168.1.153 client-id=1:0:24:8c:3d:3b:92 comment=\
    "Imro Orlovsky" disabled=no mac-address=00:24:8C:3D:3B:92 server=default
add address=192.168.1.100 always-broadcast=yes comment="SERVER - NEW" \
    disabled=no mac-address=4C:72:B9:1C:F4:03 server=default
add address=192.168.1.162 client-id=1:0:10:b5:flag_ad:b0:cf comment="SATO PC" \
    disabled=no mac-address=00:10:B5:AD:B0:CF server=default
add address=192.168.1.172 client-id=1:48:f🇨🇫4a:8e:37 comment="Ivan Skolnik" \
    disabled=no mac-address=48:0F:CF:4A:8E:37 server=default
add address=192.168.1.180 client-id=1:b8:27:eb:8:53:1e comment=\
    KM-T01_raspberry disabled=no mac-address=B8:27:EB:08:53:1E server=default
add address=192.168.1.168 client-id=1:74:46:a0:flag_af:4b:a2 comment="PC Hlbicka" \
    disabled=no mac-address=74:46:A0:AF:4B:A2 server=default
add address=192.168.1.102 client-id=1:0:90:a9:e1:89:9e comment=\
    "WD My Cloud - ZALOHY" disabled=no mac-address=00:90:A9:E1:89:9E server=\
    default
add address=192.168.1.77 client-id=1:98:e7:f4:c:36:9a comment="HP - PLOTER" \
    disabled=no mac-address=98:E7:F4:0C:36:9A server=default
add address=192.168.1.181 client-id=1:b8:27:eb:7e:6a:9 comment=\
    KM-T02_raspberry disabled=no mac-address=B8:27:EB:7E:6A:09 server=default
add address=192.168.1.116 client-id=1:d8:cb:8a:c7:9a:1a comment=\
    "Matus Janovcik" disabled=no mac-address=D8:CB:8A:C7:9A:1A server=default
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dhcp-option="" \
    dns-server=10.10.10.1,8.8.8.8 gateway=192.168.1.1 netmask=24 ntp-server=\
    "" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=4096 servers=10.10.10.1,8.8.8.8
/ip dns static
add address=10.10.10.1 disabled=no name=router ttl=1d
add address=8.8.8.8 disabled=no name=router ttl=1d
/ip firewall address-list
add address=192.168.1.169 disabled=no list=STOP_net
add address=192.168.1.170 disabled=no list=STOP_net
add address=192.168.1.180 disabled=yes list=STOP_net
add address=192.168.1.168 disabled=yes list=STOP_net
add address=192.168.1.171 disabled=yes list=STOP_net
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment=Proxy-drop disabled=no dst-port=8080 \
    in-interface=WAN protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=no
add action=accept chain=output comment="default configuration" \
    connection-state=established disabled=no
add action=drop chain=input comment=STOP_net disabled=no layer7-protocol=\
    "!(unknown)" src-address=192.168.1.168-192.168.1.180 src-address-list=\
    STOP_net
add action=drop chain=forward connection-mark=stop_net_paket disabled=no \
    layer7-protocol="!(unknown)" src-address=192.168.1.168-192.168.1.180 \
    src-address-list=STOP_net
add action=drop chain=forward comment="Block web" disabled=no \
    layer7-protocol="block web" src-address=192.168.1.171
add action=accept chain=input comment=VPN disabled=no dst-port=1723 protocol=\
    tcp
add action=accept chain=input disabled=no protocol=gre
/ip firewall mangle
add action=mark-connection chain=forward comment=STOP_net disabled=no \
    new-connection-mark=stop_net_paket passthrough=yes src-address=\
    192.165.1.168-192.168.1.180 src-address-list=STOP_net
/ip firewall nat
add action=dst-nat chain=dstnat comment="REMOTE MIKROTIK" disabled=yes \
    dst-address=10.10.10.150 dst-port=8291 protocol=tcp to-addresses=\
    192.168.1.1 to-ports=8291
add action=masquerade chain=srcnat comment="default configuration" \
    connection-limit=0,32 disabled=no out-interface=WAN
add action=dst-nat chain=dstnat comment=Proxy-drop connection-limit=\
    10000000,0 disabled=no dst-port=80 protocol=tcp to-addresses=192.168.1.1 \
    to-ports=80
add action=dst-nat chain=dstnat comment=POP3-Solivar connection-limit=100,32 \
    disabled=no dst-address=10.10.10.150 dst-port=110 protocol=tcp \
    to-addresses=192.168.1.100 to-ports=110
add action=dst-nat chain=dstnat comment=POP3-Solivar-ssl disabled=no \
    dst-address=10.10.10.150 dst-port=995 protocol=tcp to-addresses=\
    192.168.1.100 to-ports=995
add action=dst-nat chain=dstnat comment=SMTP-Solivar connection-limit=600,32 \
    disabled=no dst-address=10.10.10.150 dst-port=400 protocol=tcp \
    to-addresses=192.168.1.100 to-ports=400
add action=dst-nat chain=dstnat comment=FINGERA2 disabled=no dst-address=\
    188.167.160.74 dst-port=8088 protocol=tcp to-addresses=192.168.1.70 \
    to-ports=80
add action=dst-nat chain=dstnat comment=FINGERA3 connection-limit=600,32 \
    disabled=no dst-address=188.167.160.74 dst-port=443 protocol=tcp \
    to-addresses=192.168.1.70 to-ports=443
add action=dst-nat chain=dstnat comment=SMTP-KERIO connection-limit=!600,32 \
    disabled=no dst-address=10.10.10.150 dst-port=587 protocol=tcp \
    to-addresses=192.168.1.100 to-ports=587
add action=dst-nat chain=dstnat comment=SMTP-KERIO-ssl connection-limit=\
    !600,32 disabled=no dst-address=10.10.10.150 dst-port=465 protocol=tcp \
    to-addresses=192.168.1.100 to-ports=465
add action=dst-nat chain=dstnat comment="FTP - KMS" disabled=yes dst-address=\
    10.10.10.150 dst-port=21 protocol=tcp to-addresses=192.168.1.100 \
    to-ports=21
add action=dst-nat chain=dstnat comment="REMOTE MIKROTIK-API" disabled=yes \
    dst-address=10.10.10.150 dst-port=8728 protocol=tcp to-addresses=\
    192.168.1.1 to-ports=8728
add action=dst-nat chain=dstnat comment="REMOTE - IVETA" disabled=no \
    dst-address=10.10.10.150 dst-port=2743 protocol=tcp to-addresses=\
    192.168.1.114 to-ports=2743
add action=dst-nat chain=dstnat comment="REMOTE - PETO" disabled=no \
    dst-address=10.10.10.150 dst-port=5326 protocol=tcp to-addresses=\
    192.168.1.112 to-ports=5326
add action=dst-nat chain=dstnat comment="VPN server - KM_82" disabled=yes \
    dst-address=10.10.10.150 dst-port=1723 protocol=tcp to-addresses=\
    192.168.1.163 to-ports=1723
add action=dst-nat chain=dstnat comment="REMOTE - MATUS" disabled=no \
    dst-address=10.10.10.150 dst-port=4328 protocol=tcp to-addresses=\
    192.168.1.116 to-ports=4328
add action=dst-nat chain=dstnat comment="iSpy-kamery dielna" disabled=no \
    dst-address=10.10.10.150 dst-port=4521 protocol=tcp to-addresses=\
    192.168.1.179 to-ports=4521
add action=dst-nat chain=dstnat comment="REMOTE - LENKA" disabled=no \
    dst-address=10.10.10.150 dst-port=4322 protocol=tcp to-addresses=\
    192.168.1.142 to-ports=4322
add action=dst-nat chain=dstnat comment="REMOTE - RADKA" disabled=no \
    dst-address=10.10.10.150 dst-port=5325 protocol=tcp to-addresses=\
    192.168.1.163 to-ports=5325
add action=dst-nat chain=dstnat comment="KAMERY KMS" disabled=no dst-address=\
    10.10.10.150 dst-port=5550 protocol=tcp to-addresses=192.168.1.163 \
    to-ports=5550
add action=dst-nat chain=dstnat comment=Edimax-Zvarovna disabled=no \
    dst-address=10.10.10.150 dst-port=8550 protocol=tcp to-addresses=\
    192.168.1.50 to-ports=8550
add action=dst-nat chain=dstnat comment=Edimax-Zvarovna1 disabled=yes \
    dst-address=10.10.10.150 dst-port=8050 protocol=tcp to-addresses=\
    192.168.1.50 to-ports=8050
add action=dst-nat chain=dstnat comment=Edimax-Rezacky disabled=no \
    dst-address=10.10.10.150 dst-port=8551 protocol=tcp to-addresses=\
    192.168.1.51 to-ports=8551
add action=dst-nat chain=dstnat comment="Edimax-Rezacky 1" disabled=yes \
    dst-address=10.10.10.150 dst-port=8051 protocol=tcp to-addresses=\
    192.168.1.51 to-ports=8051
add action=dst-nat chain=dstnat comment="Airlive - frezy" disabled=yes \
    dst-address=10.10.10.150 dst-port=8053 protocol=tcp to-addresses=\
    192.168.1.53 to-ports=8053
add action=dst-nat chain=dstnat comment="Airlive - lisovna" disabled=no \
    dst-address=10.10.10.150 dst-port=8055 protocol=tcp to-addresses=\
    192.168.1.55 to-ports=8055
add action=dst-nat chain=dstnat comment="Airlive - dielna" disabled=yes \
    dst-address=10.10.10.150 dst-port=8052 protocol=tcp to-addresses=\
    192.168.1.52 to-ports=8052
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no ports=1723
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set WAN disabled=no
set LAN2 disabled=no
set ether3-VPN disabled=no
set ether4-slave-local disabled=no
set ether5-slave-local disabled=no
set "DSL - PPPoE - Nastrojaren" disabled=yes
set gre-tunnel1 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=WEB-FILTER cache-hit-dscp=4 \
    cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
    800 max-fresh-time=3d max-server-connections=800 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080,443 serialize-connections=no src-address=\
    0.0.0.0
/ip proxy access
add action=deny disabled=no dst-host=*.facebook.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=torrent-info.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.nntime.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.anonymizer.com dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.torproject.org dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.freeproxyserver.net dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=ulozto.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=uloz.to dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.cztorrent.net dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=download.cnet.com dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.utorrent.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=torrentz.eu dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.torrentz.eu dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.utorrent.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.expres.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.funradio.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=facebook.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.youtube.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.skype.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.topky.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.zoznam.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.o2.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.centrum.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.centrum.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=yes dst-host=*.radia.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=europa2.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=allow disabled=no dst-host=cp.atlas.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.atlas.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.tyden.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.zive.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.kukaj.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.idnes.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.ihned.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.sme.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.pravda.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.hnonline.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.hlavnespravy.sk dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.seznam.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=gigavideo.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.funny.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.ceknito.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.mojevideo.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.novinky.cz dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=dolezite.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.cas.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.reddit.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.pluska.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.aktuality.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.inespravy.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.cez-okno.net dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.zvedavec.org dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.pozri.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=ww.bbc.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=www.bbc.co.uk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.radioviva.sk dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=*.ptc.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host=www.ptc.com dst-port="" src-address=\
    !192.168.1.112-192.168.1.120
add action=deny disabled=no dst-host="^.+youtube.*\$" dst-port="" \
    src-address=!192.168.1.112-192.168.1.120
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=no port=443
set api address="" disabled=no port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
    all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
    max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=LAN2
/ip traffic-flow target
add address=192.168.1.166:3389 disabled=no v9-template-refresh=20 \
    v9-template-timeout=30m version=5
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
    mareksmolkovisi password=KmSystem5aMSv profile=PPTP routes="" service=\
    pptp
/queue interface
set WAN queue=only-hardware-queue
set LAN2 queue=only-hardware-queue
set ether3-VPN queue=only-hardware-queue
set ether4-slave-local queue=only-hardware-queue
set ether5-slave-local queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
    trap-target="" trap-version=1
/system clock
set time-zone-name=Europe/Bratislava
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+01:00
/system identity
set name=KMS-ROUTER
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=yes primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=LAN2
add disabled=no interface=ether3-VPN
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=LAN2
add disabled=no interface=ether3-VPN
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-direction=any filter-ip-address=\
    192.168.1.112/32 filter-ip-protocol="" filter-mac-address="" \
    filter-mac-protocol="" filter-port=https filter-stream=yes interface=LAN2 \
    memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\
    no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool traffic-monitor
add disabled=no interface="DSL - PPPoE - Nastrojaren" name=tmon1 on-event="" \
    threshold=0 traffic=transmitted trigger=always
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
    use-radius=no
0 x

Uživatelský avatar
Selič
Příspěvky: 818
Registrován: 15 years ago
antispam: Ano

Příspěvekod Selič » 8 years ago

Problém bude pravděpodobně ve firewallu v zapnutém filtrování L7. Na to tato řada routerboardů prostě nemá dostatečný výkon CPU.
S odřenýma ušima by to možná dala RB850.

Kód: Vybrat vše

add action=drop chain=input comment=STOP_net disabled=no layer7-protocol=\
    "!(unknown)" src-address=192.168.1.168-192.168.1.180 src-address-list=\
    STOP_net
add action=drop chain=forward connection-mark=stop_net_paket disabled=no \
    layer7-protocol="!(unknown)" src-address=192.168.1.168-192.168.1.180 \
    src-address-list=STOP_net


Pak bych ještě zkusil povýšit verzi routerOS nejdříve na 5v26, updatovat licenci a firmware a pak dát 6v36.4 a zase povýšit firmware.
0 x
"Slepému neukážeš, hluchému nepovíš, debilovi nedokážeš..."