192.168.100.2 总出口路由器配置备份:
2014-9-6
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.19 (c) 1999-2014 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
sep/06/2014 08:01:37 system,error,critical login failure for user admin from 192.
168.1.181 via web
sep/06/2014 22:07:05 system,error,critical login failure for user ubnt via bandwi
dth-test
[admin@ros] > exp com
# sep/06/2014 22:59:20 by RouterOS 6.19
# software id = SV91-73PD
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-cnc
set [ find default-name=ether2 ] name=ether2-cmcc
set [ find default-name=ether5 ] name=ether5-inside
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway
/interface pptp-server
add name=pptp-in1 user=""
/ip neighbor discovery
set ether1-cnc discover=no
set ether2-cmcc discover=no
set ether5-inside discover=no
set sfp1-gateway discover=no
/ip pool
add name=pptp_vpn ranges=10.10.1.2-10.10.1.254
/port
set 0 name=serial0
/ppp profile
add local-address=10.10.1.1 name=pptp remote-address=pptp_vpn
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.100.2/24 comment=inside interface=ether5-inside network=\
192.168.100.0
add address=60.6.228.103/24 comment=outside-cnc interface=ether1-cnc network=\
60.6.228.0
add address=183.196.162.67/24 comment=outside-cmcc interface=ether2-cmcc \
network=183.196.162.0
/ip dhcp-server network
add address=192.168.100.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.100.2 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=88048KiB servers=114.114.114.114
/ip dns static
add address=192.168.100.3 name=blog.luwl.net
add address=192.168.100.3 name=fonts.googleapis.com
add address=192.168.100.3 name=new.yxbljt.com
/ip firewall mangle
add action=mark-routing chain=prerouting comment="web\B7\D6\C1\F7" dst-port=80 \
new-routing-mark=web protocol=tcp src-address=!10.10.1.0/24
add action=mark-routing chain=prerouting dst-port=443 new-routing-mark=web \
protocol=tcp src-address=!10.10.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="\B4\FA\C0\ED\C9\CF\CD\F8"
add action=redirect chain=dstnat comment="\C7\BF\D6\C6\B4\FA\C0\EDDNS" \
dst-port=53 protocol=udp to-ports=53
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=\
192.168.100.2 to-ports=53
add action=dst-nat chain=dstnat comment="\B6\CB\BF\DA\D7\AA\B7\A2" \
dst-address=60.6.228.103 dst-address-type="" dst-port=21 protocol=tcp \
to-addresses=192.168.1.10 to-ports=21
add action=dst-nat chain=dstnat dst-address=183.196.162.67 dst-port=21 \
protocol=tcp to-addresses=192.168.1.10 to-ports=21
add action=dst-nat chain=dstnat dst-address=60.6.228.103 dst-port=81 protocol=\
tcp to-addresses=192.168.1.10 to-ports=80
add action=dst-nat chain=dstnat dst-address=183.196.162.67 dst-port=81 \
protocol=tcp to-addresses=192.168.1.10 to-ports=80
/ip route
add distance=1 gateway=183.196.162.65 routing-mark=web
add distance=1 gateway=60.6.228.126
add distance=1 gateway=183.196.162.65
add distance=1 dst-address=192.168.0.0/16 gateway=192.168.100.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip upnp
set allow-disable-external-interface=no
/lcd
set default-screen=stats time-interval=hour
/lcd interface
set sfp1-gateway disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether6-master-local disabled=yes
set ether7-slave-local disabled=yes
set ether8-slave-local disabled=yes
set ether9-slave-local disabled=yes
set ether10-slave-local disabled=yes
/ppp secret
add comment="\D2\C7\B1\ED\B0\E0" name=vpn1 password=vpn1 profile=pptp service=\
pptp
add comment="\CE\C0\C5\F3" name=vpn2 password=vpn2 profile=pptp service=pptp
add comment=lwl name=vpn3 password=vpn3 profile=pptp service=pptp
add name=vpn4 password=vpn4 profile=pptp service=pptp
add name=vpn5 password=vpn5 profile=pptp service=pptp
/system clock
set time-zone-name=Asia/Shanghai
/system identity
set name=ros
/system ntp client
set enabled=yes primary-ntp=64.4.10.33 secondary-ntp=64.4.10.33
/system ntp server
set enabled=yes
/tool e-mail
set address=123.125.50.156 from=yxbljt@yeah.net password=yingxin user=yxbljt
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-cmcc
add interface=ether3
add interface=ether4
add interface=ether5-inside
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-cmcc
add interface=ether3
add interface=ether4
add interface=ether5-inside
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add
/tool netwatch
add comment="\B7\FE\CE\F1\C6\F7" host=192.168.1.10
add comment="\C8\FD\B2\E3\BD\BB\BB\BB\BB\FA" host=192.168.1.254
add comment="\D0\A1\C7\F81" host=192.168.168.100
add comment="\D0\A1\C7\F82" host=192.168.168.101
add host=192.168.168.102
add host=192.168.168.103
add host=192.168.168.104
add host=192.168.168.105
add host=192.168.168.106
add host=192.168.168.107
add host=192.168.168.108
add host=192.168.168.109
add host=192.168.168.110
add host=192.168.168.111
add host=192.168.168.112
add host=192.168.168.113
add host=192.168.168.114
add host=192.168.168.115
add host=192.168.168.116
add disabled=yes host=192.168.168.117
add host=192.168.168.118
add host=192.168.168.119
add host=192.168.168.120
add host=192.168.168.121
add host=192.168.168.122
add host=192.168.168.123
add host=192.168.168.124
add host=192.168.168.125
add host=192.168.168.126
add host=192.168.168.127
add host=192.168.168.128
add host=192.168.168.129
add host=192.168.168.130
add host=192.168.168.131
add host=192.168.168.132
add host=192.168.168.133
add host=192.168.168.134
add host=192.168.168.135
add host=192.168.168.136
add host=192.168.168.137
add host=192.168.168.138
add host=192.168.168.139
add disabled=yes host=192.168.168.165
add host=192.168.168.141
add host=192.168.168.142
add host=192.168.168.143
add host=192.168.168.144
add host=192.168.168.145
add host=192.168.168.146
add host=192.168.168.147
add host=192.168.168.148
add host=192.168.168.149
add host=192.168.168.150
add host=192.168.168.151
add host=192.168.168.152
add host=192.168.168.153
add host=192.168.168.154
add host=192.168.168.155
add host=192.168.168.164
add host=192.168.168.163
add host=192.168.168.162
add host=192.168.168.161
add comment="\C1\AA\CD\A8\CD\F8\B9\D8" host=60.6.228.126 interval=10s
add comment="\D2\C6\B6\AF\CD\F8\B9\D8" host=183.196.162.65 interval=10s
[admin@ros] >