找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 11402|回复: 17

[其它] [讨论]demo.mt.lv导出配置

[复制链接]
发表于 2004-5-20 14:01:06 | 显示全部楼层
MikroTik v2.8.9
Login: demo
Password:

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 2.8.9 ?1999-2004       http://www.mikrotik.com


Terminal vt100 detected, using single line input mode
[demo@demo.mt.lv] >                                                            

    certificate  Certificate management
         driver  Driver manageent
           file  Local router file storage.
         import  Run exported configuration script
      interface  Interface configuration
            log  System logs
       password  Change password
           ping  Send ICMP Echo packets
           port  Serial ports
           quit  Quit console
         radius  Radius client settings
           redo  Redo previosly undone action
          setup  Do basic setup of system
           snmp  SNMP settings
  special-login  Special login users
           undo  Undo previous action
           user  User management
            ppp  Point to Point Protocol
             ip  IP options
          queue  Bandwidth management
         system  System information and utilities
           tool  Diagnostics tools
        routing  Various routing protocol settings
         export  Print or save an export script that can be used to restore configuration
[demo@demo.mt.lv] >                                                                                                               
[demo@demo.mt.lv] > export                                                                                                         
# may/18/2004 05:00:19 by RouterOS 2.8.9
# software id = DIHX-IMT
#
/ interface ethernet
set ether1 name="ether1" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes long-cable=no
    speed=100Mbps disabled=no
/ interface wireless
set wlan1 name="wlan1" mtu=1500 arp=enabled disable-running-check=no mode=station ssid="mikrotik22" frequency=5120
    band=5GHz-turbo scan-list=default-ism supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps
    supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps
    max-station-count=2007 ack-timeout=dynamic tx-power=default noise-floor-threshold=default burst-time=disabled fast-frames=no
    dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none default-authentication=yes default-forwarding=yes
    hide-ssid=no 802.1x-mode=none disabled=no
/ interface wireless security
set wlan1 security=none algo-0=none key-0="" algo-1=none key-1="" algo-2=none key-2="" algo-3=none key-3="" transmit-key=key-0
    sta-private-algo=none sta-private-key="" radius-mac-authentication=no
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no
    frames-per-second=25 audio-min=-100 audio-max=-20
/ interface bridge port
set ether1 bridge=none priority=128 path-cost=10
set wlan1 bridge=none priority=128 path-cost=10
/ interface l2tp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1,chap,pap default-profile=default
/ interface pptp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1 default-profile=default
/ ip pool
add name="dhcp-local" ranges=10.4.0.2-10.4.0.100
/ ip accounting
set enabled=yes threshold=256
/ ip accounting web-access
set accessible-via-web=yes address=0.0.0.0/0
/ ip address
add address=10.4.0.1/24 network=10.4.0.0 broadcast=10.4.0.255 interface=ether1 comment="" disabled=no
add address=10.6.12.100/24 network=10.6.12.0 broadcast=10.6.12.255 interface=wlan1 comment="" disabled=no
add address=159.148.147.225/32 network=159.148.147.225 broadcast=159.148.147.225 interface=wlan1 comment="" disabled=no
/ ip arp
/ ip dns
set primary-dns=159.148.108.1 secondary-dns=159.148.60.2 allow-remote-requests=yes cache-size="2048 kB" cache-max-ttl=7d
/ ip dns static
add name="local" address=10.4.0.1 ttl=1d
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
/ ip firewall rule forward
add src-address=159.148.172.204/32 action=accept comment="" disabled=no
add dst-address=:137-139 protocol=tcp action=drop comment="" disabled=no
add dst-address=:137-139 protocol=udp action=drop comment="" disabled=no
/ ip firewall rule input
add protocol=tcp tcp-options=non-syn-only connection-state=established action=accept comment="Established TCP connections."
    disabled=no
add protocol=tcp tcp-options=non-syn-only connection-state=related action=accept comment="Related TCP connections" disabled=no
add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm." disabled=no
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
add dst-address=:135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no
add protocol=udp action=accept comment="UDP" disabled=no
add protocol=icmp limit-count=100 limit-burst=2 limit-time=5s action=accept comment="Allow limited pings" disabled=no
add protocol=icmp action=drop comment="Drop excess pings" disabled=no
add dst-address=:22 protocol=tcp action=accept comment="SSH for demo purposes" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="Telnet for demo purposes" disabled=no
add dst-address=:80 protocol=tcp action=accept comment="http for demo purposes" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="winbox for demo purposes" disabled=no
add src-address=159.148.172.192/28 action=accept comment="From Mikrotikls network" disabled=no
add src-address=10.0.0.0/8 action=accept comment="From Mikrotikls network" disabled=no
add action=drop log=yes comment="Log and drop everything else" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add src-address=10.4.0.0/24 action=masquerade comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m tcp-established-timeout=5d tcp-fin-wait-timeout=2m
    tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
    udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip neighbor discovery
set ether1 discover=yes
set wlan1 discover=yes
/ ip route
add dst-address=0.0.0.0/0 preferred-source=159.148.147.225 gateway=10.6.12.1 distance=1 comment="" disabled=no
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip policy-routing
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow="" interface=all action=lookup table=main comment="" disabled=no
/ ip policy-routing table main
add dst-address=0.0.0.0/0 gateway=10.6.12.1 preferred-source=159.148.147.225 comment="" disabled=no
/ ip upnp
set enabled=no
/ ip dhcp-client
set enabled=no host-name="" client-id="" add-default-route=yes use-peer-dns=yes
/ ip dhcp-server
add name="dhcp1" interface=ether1 lease-time=10m address-pool=dhcp-local add-arp=no authoritative=no disabled=no
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.4.0.0/24 gateway=10.4.0.1 dns-server=10.4.0.1 domain="mt.lv" comment=""
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ system identity
set name="demo.mt.lv"
/ system logging
set default-remote-address=0.0.0.0 default-remote-port=514 disk-buffer-lines=100 memory-buffer-lines=500
/ system logging facility
set Firewall-Log local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set PPP-Account local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set PPP-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set PPP-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IPsec-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IKE-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set IPsec-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set System-Echo local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set OSPF-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set Wireless-Info local=memory remote=none remote-address=10.5.8.101 remote-port=0 prefix="" echo=no
/ system scheduler
add name="dumber" on-event=dumb start-date=jan/07/2004 start-time=15:08:50 interval=5h comment="" disabled=no
/ system script
add name="dumb" source=":global nam; :global tempn:set temp 0;n:foreach e in [/user find] do={n    :set nam [/user get $e
    name];n    :if ($nam="demo") do={/user set $e password="";n        :incr temp}};n:if ($temp=0) do={/user add
    name=demo group=demo}n" policy=reboot,read,write,policy,test
/ system serial-console
set enabled=yes port=serial0
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=""
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=no ping-start-after-boot=5m
/ port
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name="default" local-address=0.0.0.0 remote-address=0.0.0.0 session-timeout=0s idle-timeout=0s use-compression=no
    use-vj-compression=no use-encryption=no require-encryption=no only-one=no change-tcp-mss=yes tx-bit-rate=0 rx-bit-rate=0
    incoming-filter="" outgoing-filter="" dns-server="" wins-server="" comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ user
add name="admin" group=full address=0.0.0.0/0 comment="" disabled=no
add name="arnis" group=full address=0.0.0.0/0 comment="" disabled=no
add name="demo" group=demo address=0.0.0.0/0 comment="" disabled=no
add name="normis" group=full address=0.0.0.0/0 comment="" disabled=no
/ user group
add name="read" policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,web
add name="write" policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,web
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web
add name="demo" policy=local,telnet,ssh,!ftp,!reboot,read,!write,!policy,!test,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ driver
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ queue type
set default name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10 red-max-threshold=50
    red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
set ethernet-default name="ethernet-default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
set wireless-default name="wireless-default" kind=sfq bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
set synchronous-default name="synchronous-default" kind=red bfifo-limit=15000 pfifo-limit=50 red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 streaming-enabled=no streaming-server=0.0.0.0
    filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool e-mail
set server=0.0.0.0 from=""
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no
    redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 metric-connected=1
    metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
[demo@demo.mt.lv]>                                                                                                               
[demo@demo.mt.lv] >
routeros
回复

使用道具 举报

 楼主| 发表于 2004-5-20 14:02:33 | 显示全部楼层
大家一起来讨论一下各项配置的意义
routeros
回复

使用道具 举报

 楼主| 发表于 2004-5-20 15:14:19 | 显示全部楼层
以下是部分描述:

MikroTik v2.8.9
Login: demo
Password:

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 2.8.9 ?1999-2004       http://www.mikrotik.com


Terminal vt100 detected, using single line input mode
[demo@demo.mt.lv] >                                                            

    certificate  Certificate management
         driver  Driver manageent
           file  Local router file storage.
         import  Run exported configuration script
      interface  Interface configuration
            log  System logs
       password  Change password
           ping  Send ICMP Echo packets
           port  Serial ports
           quit  Quit console
         radius  Radius client settings
           redo  Redo previosly undone action
          setup  Do basic setup of system
           snmp  SNMP settings
  special-login  Special login users
           undo  Undo previous action
           user  User management
            ppp  Point to Point Protocol
             ip  IP options
          queue  Bandwidth management
         system  System information and utilities
           tool  Diagnostics tools
        routing  Various routing protocol settings
         export  Print or save an export script that can be used to restore configuration
[demo@demo.mt.lv] >                                                                          

                                      
[demo@demo.mt.lv] > export                                                                  

                                      
# may/18/2004 05:00:19 by RouterOS 2.8.9
# software id = DIHX-IMT
#
#以太网接口设置
/ interface ethernet

  #接口ether1的名称为ether1,接口自适应
set ether1 name="ether1" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes

full-duplex=yes long-cable=no
    speed=100Mbps disabled=no


#无线接口设置
/ interface wireless
set wlan1 name="wlan1" mtu=1500 arp=enabled disable-running-check=no mode=station

ssid="mikrotik22" frequency=5120
    band=5GHz-turbo scan-list=default-ism supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps
    supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps

basic-rates-b=1Mbps basic-rates-a/g=6Mbps
    max-station-count=2007 ack-timeout=dynamic tx-power=default

noise-floor-threshold=default burst-time=disabled fast-frames=no
    dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none

default-authentication=yes default-forwarding=yes
    hide-ssid=no 802.1x-mode=none disabled=no


#无线接口安全设置
/ interface wireless security
set wlan1 security=none algo-0=none key-0="" algo-1=none key-1="" algo-2=none key-2=""

algo-3=none key-3="" transmit-key=key-0
    sta-private-algo=none sta-private-key="" radius-mac-authentication=no


#
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00

filter-mac=00:00:00:00:00:00 ssid-all=no
    frames-per-second=25 audio-min=-100 audio-max=-20


#桥接口设置
/ interface bridge port
set ether1 bridge=none priority=128 path-cost=10
set wlan1 bridge=none priority=128 path-cost=10


#L2TP服务接口设置
/ interface l2tp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1,chap,pap

default-profile=default


#PPTP服务接口设置
/ interface pptp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1 default-profile=default


#IP地址池设置
/ ip pool

  #名称为dhcp-local的地址池,范围为10.4.0.2-10.4.0.100
add name="dhcp-local" ranges=10.4.0.2-10.4.0.100


#
/ ip accounting
set enabled=yes threshold=256


#
/ ip accounting web-access
set accessible-via-web=yes address=0.0.0.0/0


#IP地址设置
/ ip address

  #地址10.4.0.1/24分配给ether1
add address=10.4.0.1/24 network=10.4.0.0 broadcast=10.4.0.255 interface=ether1 comment=""

disabled=no

  #地址10.6.12.100/24分配给wlan1
add address=10.6.12.100/24 network=10.6.12.0 broadcast=10.6.12.255 interface=wlan1

comment="" disabled=no

  #地址159.148.147.225/32分配给wlan1
add address=159.148.147.225/32 network=159.148.147.225 broadcast=159.148.147.225

interface=wlan1 comment="" disabled=no


#IP的ARP设置
/ ip arp


#IP的DNS设置
/ ip dns

  #主DNS为159.148.108.1 辅DNS为159.148.60.2 缓冲空间为2048KB 缓冲TTL为7天
set primary-dns=159.148.108.1 secondary-dns=159.148.60.2 allow-remote-requests=yes

cache-size="2048 kB" cache-max-ttl=7d


#
/ ip dns static
add name="local" address=10.4.0.1 ttl=1d


#IP防火墙设置
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""


#IP防火墙转发规则设置
/ ip firewall rule forward

  #源地址为159.148.172.204/32的动作全部接受
add src-address=159.148.172.204/32 action=accept comment="" disabled=no

  #目标地址端口为137-139的tcp包都丢弃
add dst-address=:137-139 protocol=tcp action=drop comment="" disabled=no

  #目标地址端口为137-139的tcp包都丢弃
add dst-address=:137-139 protocol=udp action=drop comment="" disabled=no


#IP防火墙进入规则设置
/ ip firewall rule input

  #已经建立连接的tcp包都允许
add protocol=tcp tcp-options=non-syn-only connection-state=established action=accept

comment="Established TCP connections."
    disabled=no

  #
add protocol=tcp tcp-options=non-syn-only connection-state=related action=accept

comment="Related TCP connections" disabled=no

  #目标地址端口为135-139的tcp包都丢弃
add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm." disabled=no

  #目标地址端口为445的tcp包都丢弃
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no

  #目标地址端口为135-139的udp包都丢弃
add dst-address=:135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no

  #协议为udp的包都允许
add protocol=udp action=accept comment="UDP" disabled=no

  #协议为icmp的包在5秒内允许接受100次(不知道limit-burst=2与limit-burst=1的区别,请高手指教)
add protocol=icmp limit-count=100 limit-burst=2 limit-time=5s action=accept comment="Allow

limited pings" disabled=no

  #协议为icmp的包都丢弃
add protocol=icmp action=drop comment="Drop excess pings" disabled=no

  #目标地址的端口为22的tcp包都允许
add dst-address=:22 protocol=tcp action=accept comment="SSH for demo purposes" disabled=no

  #目标地址的端口为23的tcp包都允许
add dst-address=:23 protocol=tcp action=accept comment="Telnet for demo purposes"

disabled=no

  #目标地址的端口为80的tcp包都允许
add dst-address=:80 protocol=tcp action=accept comment="http for demo purposes" disabled=no

  #目标地址的端口为3987的tcp包都允许
add dst-address=:3987 protocol=tcp action=accept comment="winbox for demo purposes"

disabled=no

  #源地址为159.148.172.192/28的动作都允许
add src-address=159.148.172.192/28 action=accept comment="From Mikrotikls network"

disabled=no

  #源地址为10.0.0.0/8的动作都允许
add src-address=10.0.0.0/8 action=accept comment="From Mikrotikls network" disabled=no

  #丢弃其他所有的包,并进行记录
add action=drop log=yes comment="Log and drop everything else" disabled=no


#IP防火墙的服务端口设置
/ ip firewall service-port

  #ftp=21,pptp,gre服务端口开启
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no

  #H323服务端口关闭
set h323 disabled=yes

  #mms,irc=6667,quake3,tftp=69服务端口开启
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no


#IP防火墙的源地址NAT设置
/ ip firewall src-nat

  #对源地址10.4.0.0/24进行伪装
add src-address=10.4.0.0/24 action=masquerade comment="" disabled=no


#
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m

tcp-established-timeout=5d tcp-fin-wait-timeout=2m
    tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m

tcp-close-timeout=10s udp-timeout=30s
    udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m


#
/ ip neighbor discovery
set ether1 discover=yes
set wlan1 discover=yes


#IP的路由设置
/ ip route

  #缺省路由,网关为10.6.12.1
add dst-address=0.0.0.0/0 preferred-source=159.148.147.225 gateway=10.6.12.1 distance=1

comment="" disabled=no


#IP的服务端口设置
/ ip service

  #telnet端口为23,访问地址无限制
set telnet port=23 address=0.0.0.0/0 disabled=no

  #ftp端口为21,访问地址无限制
set ftp port=21 address=0.0.0.0/0 disabled=no

  #www端口为80,访问地址无限制
set www port=80 address=0.0.0.0/0 disabled=no

  #ssh端口为22,访问地址无限制
set ssh port=22 address=0.0.0.0/0 disabled=no


#IP的socks功能设置
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200


#IP的策略路由设置
/ ip policy-routing


#IP的策略路由规则
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow="" interface=all action=lookup

table=main comment="" disabled=no


#IP的策略路由表main设置
/ ip policy-routing table main
add dst-address=0.0.0.0/0 gateway=10.6.12.1 preferred-source=159.148.147.225 comment=""

disabled=no


#IP的upnp功能设置
/ ip upnp
set enabled=no


#IP的dhcp客户端设置
/ ip dhcp-client
set enabled=no host-name="" client-id="" add-default-route=yes use-peer-dns=yes


#IP的dhcp服务设置
/ ip dhcp-server

  #服务名称为dhcp1,使用接口为ether1,使用地址池为dhcp-local
add name="dhcp1" interface=ether1 lease-time=10m address-pool=dhcp-local add-arp=no

authoritative=no disabled=no


#
/ ip dhcp-server lease


#
/ ip dhcp-server network
add address=10.4.0.0/24 gateway=10.4.0.1 dns-server=10.4.0.1 domain="mt.lv" comment=""


#
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0

pfs-group=modp1024 disabled=no


#系统标示设置
/ system identity

  #系统标示为demo.mt.lv
set name="demo.mt.lv"


#系统日志记录设置
/ system logging
set default-remote-address=0.0.0.0 default-remote-port=514 disk-buffer-lines=100

memory-buffer-lines=500


#系统日志工具设置
/ system logging facility
set Firewall-Log local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set PPP-Account local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set PPP-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set PPP-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set System-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set System-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set System-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set IPsec-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set IKE-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set IPsec-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set System-Echo local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set OSPF-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""

echo=no
set Wireless-Info local=memory remote=none remote-address=10.5.8.101 remote-port=0 prefix=""

echo=no


#系统计划任务设置
/ system scheduler
add name="dumber" on-event=dumb start-date=jan/07/2004 start-time=15:08:50 interval=5h

comment="" disabled=no


#系统脚本设置
/ system script
add name="dumb" source=":global nam; :global tempn:set temp 0;n:foreach e in [/user

find] do={n    :set nam [/user get $e
    name];n    :if ($nam="demo") do={/user set $e password="";n        :incr

temp}};n:if ($temp=0) do={/user add
    name=demo group=demo}n" policy=reboot,read,write,policy,test


#系统控制口设置
/ system serial-console

  #允许使用,可控制串口为serial0
set enabled=yes port=serial0


#系统升级镜像设置
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=""


#系统监视狗设置
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=no ping-start-after-boot=5m


#串口参数设置
/ port

  #串口serial0 波特率=9600 数据位=8 奇偶校验=none 停止位=1 流量控制=hardware
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1

flow-control=hardware


#PPP模板设置
/ ppp profile
set default name="default" local-address=0.0.0.0 remote-address=0.0.0.0 session-timeout=0s

idle-timeout=0s use-compression=no
    use-vj-compression=no use-encryption=no require-encryption=no only-one=no

change-tcp-mss=yes tx-bit-rate=0 rx-bit-rate=0
    incoming-filter="" outgoing-filter="" dns-server="" wins-server="" comment=""


#PPP用户AAA设置
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s


#管理用户设置
/ user

  #admin用户权限为full
add name="admin" group=full address=0.0.0.0/0 comment="" disabled=no
  
  #arnis用户权限为full
add name="arnis" group=full address=0.0.0.0/0 comment="" disabled=no

  #demo用户权限为demo
add name="demo" group=demo address=0.0.0.0/0 comment="" disabled=no

  #normis用户权限为full
add name="normis" group=full address=0.0.0.0/0 comment="" disabled=no


#管理用户组设置
/ user group
add name="read" policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,web
add name="write" policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,web
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web
add name="demo" policy=local,telnet,ssh,!ftp,!reboot,read,!write,!policy,!test,web


#管理用户AAA设置
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read


#驱动设置
/ driver


#简单网管设置
/ snmp
set enabled=no contact="" location=""


#简单网管的community设置
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes


#queue设置
/ queue type

  #缺省设置
set default name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60

red-min-threshold=10 red-max-threshold=50
    red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""

  #以太网缺省设置
set ethernet-default name="ethernet-default" kind=pfifo bfifo-limit=15000 pfifo-limit=50

red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50

pcq-classifier=""

  #无线缺省设置
set wireless-default name="wireless-default" kind=sfq bfifo-limit=15000 pfifo-limit=50

red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50

pcq-classifier=""

  #同步通信缺省设置
set synchronous-default name="synchronous-default" kind=red bfifo-limit=15000 pfifo-limit=50

red-limit=60 red-min-threshold=10
    red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50

pcq-classifier=""


#工具的带宽测试服务器设置
/ tool bandwidth-server

  #使用带宽测试服务器功能,需要认证,utp端口为2000,最大连接数为10
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10


#工具的mac-server ping设置
/ tool mac-server ping
  #使用mac-server ping功能
set enabled=yes


#工具的sniffer设置
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10

streaming-enabled=no streaming-server=0.0.0.0
    filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535

filter-address2=0.0.0.0/0:0-65535


#工具的E-mail地址设置
/ tool e-mail
set server=0.0.0.0 from=""


#BGP路由设置
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no

redistribute-rip=no redistribute-ospf=no


#OSPF路由设置
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no

redistribute-static=no redistribute-rip=no
    redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20

metric-bgp=20


#
/ routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no


#RIP路由设置
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no

redistribute-bgp=no metric-static=1 metric-connected=1
    metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

[demo@demo.mt.lv] >
routeros
回复

使用道具 举报

 楼主| 发表于 2004-5-20 15:15:44 | 显示全部楼层
其中的错漏请高手补充
routeros
回复

使用道具 举报

发表于 2004-5-20 17:06:37 | 显示全部楼层
我不是高手,是个地地道道的菜鸟,不过看起来你挺辛苦的。给你加加油
routeros
回复

使用道具 举报

发表于 2004-5-20 18:35:17 | 显示全部楼层
我们都应该支持这中精神
routeros
回复

使用道具 举报

 楼主| 发表于 2004-5-21 08:51:57 | 显示全部楼层
谢谢大家 :)
routeros
回复

使用道具 举报

发表于 2004-5-21 16:42:41 | 显示全部楼层
谢谢共享!
routeros
回复

使用道具 举报

 楼主| 发表于 2004-6-12 15:27:27 | 显示全部楼层
大家可以把自己的配置导出贴上来,就可以共同学习提高了
routeros
回复

使用道具 举报

发表于 2004-7-13 01:40:40 | 显示全部楼层
QUOTE (rainy @ May 20 2004, 02:01 PM)
MikroTik v2.8.9[demo@demo.mt.lv]>                                                                                                                [demo@demo.mt.lv] >
研究中
routeros
回复

使用道具 举报

发表于 2004-10-30 14:56:45 | 显示全部楼层
大开眼界!!!
routeros
回复

使用道具 举报

发表于 2004-10-30 15:15:48 | 显示全部楼层
大哥。捣出来你就放在网上我们下载就是了
routeros
回复

使用道具 举报

发表于 2005-1-19 19:30:35 | 显示全部楼层
非常感谢楼主。。真是好东西哦:~??+~
routeros
回复

使用道具 举报

发表于 2005-1-20 13:16:17 | 显示全部楼层
282x的防火墙设得更好。
routeros
回复

使用道具 举报

发表于 2005-1-20 22:17:28 | 显示全部楼层
demo 用户能导出配置?
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-5 20:24 , Processed in 0.192669 second(s), 4 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表