classic.ISPforum.cz

Nasel by se nekdo kdo by pomohl s konfiguraci toho routeru? pm pls

Není problém. Spíš napiš jak si to představuješ?

Psal jsem ti pm, díky za rady.

Dlouho jsem uvazoval o nejakem routeru, ktery by mi pomohl moji bridgovanou sit rozroutovat a mel jsem spadeno na RB750/750G, ale kdyz se objevila 751, tak jsem sel do ni, protoze mi odstrani jedno zarizeni (in door ap). Chci nasadit tento stroj misto hloupeho switche.

Chtel bych se zeptat, mate nekdo tento stroj nahozeny v rezimu router bez maskarady?

nevim co řešíš, je v tom mikrotik, všechno funguje tak jak si to nastavíš.

hapi píše:nevim co řešíš, je v tom mikrotik, všechno funguje tak jak si to nastavíš.

řeším to, že mi to nechce routovat, dopingám se jen na gw a to je vše

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:E4:39:A3 mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:XX:XX:A4 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:XX:XX:A5 \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:XX:XX:A6 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:XX:XX:A7 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types=wpa2-psk group-ciphers=tkip \
group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=dynamic-keys name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0=1234567890 static-key-1="" static-key-2="" \
static-key-3="" static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key="" \
wpa2-pre-shared-key=1234567890
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=\
20/40mhz-ht-above compression=no country="czech republic" \
default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=\
0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=\
no disconnect-timeout=3s distance=indoors frame-lifetime=0 frequency=2412 \
frequency-mode=regulatory-domain frequency-offset=0 hide-ssid=no \
ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
ht-guard-interval=any ht-rxchains=0,1 ht-supported-mcs="mcs-0,mcs-1,mcs-2,\
mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-\
14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
ht-txchains=0,1 hw-fragmentation-threshold=disabled hw-protection-mode=\
none hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
00:XX:XX:XX:XX:A8 max-station-count=2007 mode=ap-bridge mtu=1500 name=\
wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
periodic-calibration=default periodic-calibration-interval=60 \
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
00XXXXXXXXA8 rate-selection=legacy rate-set=default scan-list=default \
security-profile=default ssid=MikroTik station-bridge-clone-mac=\
00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
wireless-protocol=any wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=dhcp_wlan1 ranges=192.168.40.2-192.168.40.254
add name=dhcp_ether2 ranges=192.168.50.2-192.168.50.254
add name=dhcp_ether3 ranges=192.168.60.2-192.168.60.254
add name=dhcp_ether4 ranges=192.168.70.2-192.168.70.254
add name=dhcp_ether5 ranges=192.168.80.2-192.168.80.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_wlan1 authoritative=after-2sec-delay \
disabled=no interface=wlan1 lease-time=3d name=dhcp1
add add-arp=yes address-pool=dhcp_ether2 authoritative=after-2sec-delay \
disabled=no interface=ether2 lease-time=3d name=dhcp2
add add-arp=yes address-pool=dhcp_ether3 authoritative=after-2sec-delay \
disabled=no interface=ether3 lease-time=3d name=dhcp3
add add-arp=yes address-pool=dhcp_ether5 authoritative=after-2sec-delay \
disabled=no interface=ether5 lease-time=3d name=dhcp5
add add-arp=yes address-pool=dhcp_ether4 authoritative=after-2sec-delay \
disabled=no interface=ether4 lease-time=3d name=dhcp4
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=\
default use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
default
/snmp
set contact=lojza@seznam.cz enabled=yes engine-id="" location=xxx\
trap-community=public trap-target=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/snmp
set contact=lojza@seznam.cz enabled=yes engine-id="" location=xxx \
trap-community=public trap-target=0.0.0.0 trap-version=1
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
400MHz force-backup-booter=no silent-boot=no
/user group
add name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sn\
iff,sensitive,api,!ftp,!write,!policy" skin=default
add name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,sniff,sensitive,api,!ftp,!policy" skin=default
add name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 \
path-cost=10 point-to-point=auto priority=0x80
add disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 \
path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet switch port
set ether2 vlan-header=leave-as-is vlan-mode=fallback
set ether3 vlan-header=leave-as-is vlan-mode=fallback
set ether4 vlan-header=leave-as-is vlan-mode=fallback
set ether5 vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=XX:XX:XX:XX:XX:FD \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.40.1/24 disabled=no interface=wlan1 network=192.168.40.0
add address=192.168.50.1/24 disabled=no interface=ether2 network=192.168.50.0
add address=192.168.80.1/24 disabled=no interface=ether5 network=192.168.80.0
add address=192.168.60.1/24 disabled=no interface=ether3 network=192.168.60.0
add address=192.168.70.1/24 disabled=no interface=ether4 network=192.168.70.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
default-route-distance=1 disabled=no host-name=MikroTik interface=\
ether1-gateway use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.40.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.40.1
add address=192.168.50.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.50.1
add address=192.168.60.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.60.1
add address=192.168.70.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.70.1
add address=192.168.80.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.80.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=192.168.10.1,8.8.8.8
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set wlan1 disabled=no
set ether1-gateway disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1-gateway \
scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.1.1 scope=30 \
target-scope=10
/ip service
set telnet disabled=yes port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set wlan1 queue=wireless-default
set ether1-gateway queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Prague
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system health
set
/system identity
set name=MikroTik
/system leds
add disabled=no interface=wlan1 leds=wlan-led type=wireless-status
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=192.43.244.18 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set (unknown) disabled=no interface=wlan1
set (unknown) disabled=no interface=ether2
set (unknown) disabled=no interface=ether3
set (unknown) disabled=no interface=ether4
set (unknown) disabled=no interface=ether5
set (unknown) disabled=no
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=all-frames \
filter-stream=yes interface=all memory-limit=10 memory-scroll=yes \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

dns dotazy se mi z lokalniho dns serveru vraci, routování na gw mám nastavené, je nutné přidat do fw nějaká pravidla?

Vymaž statické řádky z nastavení z ip route a bridge port. Pokud zachováš na eth1 dhcp-clienta tak jak máš, mělo by to fungovat. Projížděl jsem to jen v rychlosti, nic jiného tam jinak nevidím.