|
楼主 |
发表于 2004-5-20 15:14:19
|
显示全部楼层
以下是部分描述:
MikroTik v2.8.9
Login: demo
Password:
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 2.8.9 ?1999-2004 http://www.mikrotik.com
Terminal vt100 detected, using single line input mode
[demo@demo.mt.lv] >
certificate Certificate management
driver Driver manageent
file Local router file storage.
import Run exported configuration script
interface Interface configuration
log System logs
password Change password
ping Send ICMP Echo packets
port Serial ports
quit Quit console
radius Radius client settings
redo Redo previosly undone action
setup Do basic setup of system
snmp SNMP settings
special-login Special login users
undo Undo previous action
user User management
ppp Point to Point Protocol
ip IP options
queue Bandwidth management
system System information and utilities
tool Diagnostics tools
routing Various routing protocol settings
export Print or save an export script that can be used to restore configuration
[demo@demo.mt.lv] >
[demo@demo.mt.lv] > export
# may/18/2004 05:00:19 by RouterOS 2.8.9
# software id = DIHX-IMT
#
#以太网接口设置
/ interface ethernet
#接口ether1的名称为ether1,接口自适应
set ether1 name="ether1" mtu=1500 arp=enabled disable-running-check=yes auto-negotiation=yes
full-duplex=yes long-cable=no
speed=100Mbps disabled=no
#无线接口设置
/ interface wireless
set wlan1 name="wlan1" mtu=1500 arp=enabled disable-running-check=no mode=station
ssid="mikrotik22" frequency=5120
band=5GHz-turbo scan-list=default-ism supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
basic-rates-b=1Mbps basic-rates-a/g=6Mbps
max-station-count=2007 ack-timeout=dynamic tx-power=default
noise-floor-threshold=default burst-time=disabled fast-frames=no
dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none
default-authentication=yes default-forwarding=yes
hide-ssid=no 802.1x-mode=none disabled=no
#无线接口安全设置
/ interface wireless security
set wlan1 security=none algo-0=none key-0="" algo-1=none key-1="" algo-2=none key-2=""
algo-3=none key-3="" transmit-key=key-0
sta-private-algo=none sta-private-key="" radius-mac-authentication=no
#
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00
filter-mac=00:00:00:00:00:00 ssid-all=no
frames-per-second=25 audio-min=-100 audio-max=-20
#桥接口设置
/ interface bridge port
set ether1 bridge=none priority=128 path-cost=10
set wlan1 bridge=none priority=128 path-cost=10
#L2TP服务接口设置
/ interface l2tp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1,chap,pap
default-profile=default
#PPTP服务接口设置
/ interface pptp-server server
set enabled=no mtu=1460 mru=1460 authentication=mschap2,mschap1 default-profile=default
#IP地址池设置
/ ip pool
#名称为dhcp-local的地址池,范围为10.4.0.2-10.4.0.100
add name="dhcp-local" ranges=10.4.0.2-10.4.0.100
#
/ ip accounting
set enabled=yes threshold=256
#
/ ip accounting web-access
set accessible-via-web=yes address=0.0.0.0/0
#IP地址设置
/ ip address
#地址10.4.0.1/24分配给ether1
add address=10.4.0.1/24 network=10.4.0.0 broadcast=10.4.0.255 interface=ether1 comment=""
disabled=no
#地址10.6.12.100/24分配给wlan1
add address=10.6.12.100/24 network=10.6.12.0 broadcast=10.6.12.255 interface=wlan1
comment="" disabled=no
#地址159.148.147.225/32分配给wlan1
add address=159.148.147.225/32 network=159.148.147.225 broadcast=159.148.147.225
interface=wlan1 comment="" disabled=no
#IP的ARP设置
/ ip arp
#IP的DNS设置
/ ip dns
#主DNS为159.148.108.1 辅DNS为159.148.60.2 缓冲空间为2048KB 缓冲TTL为7天
set primary-dns=159.148.108.1 secondary-dns=159.148.60.2 allow-remote-requests=yes
cache-size="2048 kB" cache-max-ttl=7d
#
/ ip dns static
add name="local" address=10.4.0.1 ttl=1d
#IP防火墙设置
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
#IP防火墙转发规则设置
/ ip firewall rule forward
#源地址为159.148.172.204/32的动作全部接受
add src-address=159.148.172.204/32 action=accept comment="" disabled=no
#目标地址端口为137-139的tcp包都丢弃
add dst-address=:137-139 protocol=tcp action=drop comment="" disabled=no
#目标地址端口为137-139的tcp包都丢弃
add dst-address=:137-139 protocol=udp action=drop comment="" disabled=no
#IP防火墙进入规则设置
/ ip firewall rule input
#已经建立连接的tcp包都允许
add protocol=tcp tcp-options=non-syn-only connection-state=established action=accept
comment="Established TCP connections."
disabled=no
#
add protocol=tcp tcp-options=non-syn-only connection-state=related action=accept
comment="Related TCP connections" disabled=no
#目标地址端口为135-139的tcp包都丢弃
add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm." disabled=no
#目标地址端口为445的tcp包都丢弃
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
#目标地址端口为135-139的udp包都丢弃
add dst-address=:135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no
#协议为udp的包都允许
add protocol=udp action=accept comment="UDP" disabled=no
#协议为icmp的包在5秒内允许接受100次(不知道limit-burst=2与limit-burst=1的区别,请高手指教)
add protocol=icmp limit-count=100 limit-burst=2 limit-time=5s action=accept comment="Allow
limited pings" disabled=no
#协议为icmp的包都丢弃
add protocol=icmp action=drop comment="Drop excess pings" disabled=no
#目标地址的端口为22的tcp包都允许
add dst-address=:22 protocol=tcp action=accept comment="SSH for demo purposes" disabled=no
#目标地址的端口为23的tcp包都允许
add dst-address=:23 protocol=tcp action=accept comment="Telnet for demo purposes"
disabled=no
#目标地址的端口为80的tcp包都允许
add dst-address=:80 protocol=tcp action=accept comment="http for demo purposes" disabled=no
#目标地址的端口为3987的tcp包都允许
add dst-address=:3987 protocol=tcp action=accept comment="winbox for demo purposes"
disabled=no
#源地址为159.148.172.192/28的动作都允许
add src-address=159.148.172.192/28 action=accept comment="From Mikrotikls network"
disabled=no
#源地址为10.0.0.0/8的动作都允许
add src-address=10.0.0.0/8 action=accept comment="From Mikrotikls network" disabled=no
#丢弃其他所有的包,并进行记录
add action=drop log=yes comment="Log and drop everything else" disabled=no
#IP防火墙的服务端口设置
/ ip firewall service-port
#ftp=21,pptp,gre服务端口开启
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
#H323服务端口关闭
set h323 disabled=yes
#mms,irc=6667,quake3,tftp=69服务端口开启
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
#IP防火墙的源地址NAT设置
/ ip firewall src-nat
#对源地址10.4.0.0/24进行伪装
add src-address=10.4.0.0/24 action=masquerade comment="" disabled=no
#
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m
tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
#
/ ip neighbor discovery
set ether1 discover=yes
set wlan1 discover=yes
#IP的路由设置
/ ip route
#缺省路由,网关为10.6.12.1
add dst-address=0.0.0.0/0 preferred-source=159.148.147.225 gateway=10.6.12.1 distance=1
comment="" disabled=no
#IP的服务端口设置
/ ip service
#telnet端口为23,访问地址无限制
set telnet port=23 address=0.0.0.0/0 disabled=no
#ftp端口为21,访问地址无限制
set ftp port=21 address=0.0.0.0/0 disabled=no
#www端口为80,访问地址无限制
set www port=80 address=0.0.0.0/0 disabled=no
#ssh端口为22,访问地址无限制
set ssh port=22 address=0.0.0.0/0 disabled=no
#IP的socks功能设置
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
#IP的策略路由设置
/ ip policy-routing
#IP的策略路由规则
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow="" interface=all action=lookup
table=main comment="" disabled=no
#IP的策略路由表main设置
/ ip policy-routing table main
add dst-address=0.0.0.0/0 gateway=10.6.12.1 preferred-source=159.148.147.225 comment=""
disabled=no
#IP的upnp功能设置
/ ip upnp
set enabled=no
#IP的dhcp客户端设置
/ ip dhcp-client
set enabled=no host-name="" client-id="" add-default-route=yes use-peer-dns=yes
#IP的dhcp服务设置
/ ip dhcp-server
#服务名称为dhcp1,使用接口为ether1,使用地址池为dhcp-local
add name="dhcp1" interface=ether1 lease-time=10m address-pool=dhcp-local add-arp=no
authoritative=no disabled=no
#
/ ip dhcp-server lease
#
/ ip dhcp-server network
add address=10.4.0.0/24 gateway=10.4.0.1 dns-server=10.4.0.1 domain="mt.lv" comment=""
#
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0
pfs-group=modp1024 disabled=no
#系统标示设置
/ system identity
#系统标示为demo.mt.lv
set name="demo.mt.lv"
#系统日志记录设置
/ system logging
set default-remote-address=0.0.0.0 default-remote-port=514 disk-buffer-lines=100
memory-buffer-lines=500
#系统日志工具设置
/ system logging facility
set Firewall-Log local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set PPP-Account local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set PPP-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix="" echo=no
set PPP-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set System-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set System-Error local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set System-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set IPsec-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set IKE-Event local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set IPsec-Warning local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set System-Echo local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set OSPF-Info local=memory remote=none remote-address=0.0.0.0 remote-port=0 prefix=""
echo=no
set Wireless-Info local=memory remote=none remote-address=10.5.8.101 remote-port=0 prefix=""
echo=no
#系统计划任务设置
/ system scheduler
add name="dumber" on-event=dumb start-date=jan/07/2004 start-time=15:08:50 interval=5h
comment="" disabled=no
#系统脚本设置
/ system script
add name="dumb" source=":global nam; :global tempn:set temp 0;n:foreach e in [/user
find] do={n :set nam [/user get $e
name];n :if ($nam="demo") do={/user set $e password="";n :incr
temp}};n:if ($temp=0) do={/user add
name=demo group=demo}n" policy=reboot,read,write,policy,test
#系统控制口设置
/ system serial-console
#允许使用,可控制串口为serial0
set enabled=yes port=serial0
#系统升级镜像设置
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=""
#系统监视狗设置
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=no ping-start-after-boot=5m
#串口参数设置
/ port
#串口serial0 波特率=9600 数据位=8 奇偶校验=none 停止位=1 流量控制=hardware
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=hardware
#PPP模板设置
/ ppp profile
set default name="default" local-address=0.0.0.0 remote-address=0.0.0.0 session-timeout=0s
idle-timeout=0s use-compression=no
use-vj-compression=no use-encryption=no require-encryption=no only-one=no
change-tcp-mss=yes tx-bit-rate=0 rx-bit-rate=0
incoming-filter="" outgoing-filter="" dns-server="" wins-server="" comment=""
#PPP用户AAA设置
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
#管理用户设置
/ user
#admin用户权限为full
add name="admin" group=full address=0.0.0.0/0 comment="" disabled=no
#arnis用户权限为full
add name="arnis" group=full address=0.0.0.0/0 comment="" disabled=no
#demo用户权限为demo
add name="demo" group=demo address=0.0.0.0/0 comment="" disabled=no
#normis用户权限为full
add name="normis" group=full address=0.0.0.0/0 comment="" disabled=no
#管理用户组设置
/ user group
add name="read" policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,web
add name="write" policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,web
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web
add name="demo" policy=local,telnet,ssh,!ftp,!reboot,read,!write,!policy,!test,web
#管理用户AAA设置
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
#驱动设置
/ driver
#简单网管设置
/ snmp
set enabled=no contact="" location=""
#简单网管的community设置
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
#queue设置
/ queue type
#缺省设置
set default name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50
red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""
#以太网缺省设置
set ethernet-default name="ethernet-default" kind=pfifo bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50
pcq-classifier=""
#无线缺省设置
set wireless-default name="wireless-default" kind=sfq bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50
pcq-classifier=""
#同步通信缺省设置
set synchronous-default name="synchronous-default" kind=red bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50
pcq-classifier=""
#工具的带宽测试服务器设置
/ tool bandwidth-server
#使用带宽测试服务器功能,需要认证,utp端口为2000,最大连接数为10
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
#工具的mac-server ping设置
/ tool mac-server ping
#使用mac-server ping功能
set enabled=yes
#工具的sniffer设置
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10
streaming-enabled=no streaming-server=0.0.0.0
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535
#工具的E-mail地址设置
/ tool e-mail
set server=0.0.0.0 from=""
#BGP路由设置
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no
redistribute-rip=no redistribute-ospf=no
#OSPF路由设置
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20
metric-bgp=20
#
/ routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no
#RIP路由设置
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-static=1 metric-connected=1
metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
[demo@demo.mt.lv] > |
|