API tools faq
paste
Advertisement
EliasJRodriguez

Router CVLC dual wan

EliasJRodriguez
May 9th, 2024
1,250
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TypoScript 8.15 KB | Software | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add comment="Red Local" name=bridgeLAN
  3. /interface ethernet
  4. set [ find default-name=ether1 ] comment="WAN ISP1"
  5. set [ find default-name=ether2 ] comment="WAN ISP2"
  6. set [ find default-name=ether3 ] comment="En bridgeLAN"
  7. set [ find default-name=ether4 ] comment="En bridgeLAN"
  8. set [ find default-name=ether5 ] comment="En bridgeLAN"
  9. # Crear listas de interfaces.
  10. /interface list
  11. add name=WANs
  12. add name=LANs
  13. # Pool y DHCP para semento LAN, si requieres un semento LAN diferente, asegurese de
  14. # cambiarlo en todos los apartados donde se haga referencia.
  15. /ip pool
  16. add name=dhcp_pool0 ranges=192.168.100.1-192.168.100.253
  17. /ip dhcp-server
  18. add address-pool=dhcp_pool0 interface=bridgeLAN lease-time=10m name=dhcp1
  19. # Creacion de tablas de Ruteo.
  20. /routing table
  21. add comment="Tabla de Ruteo para ISP1" disabled=no fib name=rtTo-ISP1
  22. add comment="Tabla de Ruteo para ISP2" disabled=no fib name=rtTo-ISP2
  23. /interface bridge port
  24. add bridge=bridgeLAN interface=ether3
  25. add bridge=bridgeLAN interface=ether4
  26. add bridge=bridgeLAN disabled=yes interface=ether5
  27. /interface list member
  28. add interface=ether1 list=WANs
  29. add interface=ether2 list=WANs
  30. add interface=ether3 list=LANs
  31. add interface=ether4 list=LANs
  32. add interface=ether5 list=LANs
  33. /ip address
  34. # Cambiar el segmento de red poe el segmento que les entrega su proveedor ISP1.
  35. add address=192.168.10.10/24 comment=ISP1 interface=ether1 network=192.168.10.0
  36. # Cambiar el segmento de red poe el segmento que les entrega su proveedor ISP1.
  37. add address=192.168.20.20/24 comment=ISP2 interface=ether2 network=192.168.20.0
  38. # Si requieres un semento LAN diferente, asegurese de
  39. # cambiarlo en todos los apartados donde se haga referencia.
  40. add address=192.168.100.254/24 comment=bridgeLAN interface=bridgeLAN network=192.168.100.0
  41. /ip cloud
  42. set ddns-enabled=yes ddns-update-interval=10m
  43. /ip dhcp-server network
  44. add address=192.168.100.0/24 dns-server=192.168.100.254,8.8.4.4 gateway=192.168.100.254
  45. # Si requiere usar los DNS de su proveedor, puede cambiarlos aqui.
  46. /ip dns
  47. set allow-remote-requests=yes cache-size=12048KiB servers=8.8.8.8,1.1.1.1
  48. /ip firewall address-list
  49. # Sementros de IPs Privadas indicados en RFC1918.
  50. add address=10.0.0.0/8 comment="Segmento de IPs Privadas" list="RFC 1918"
  51. add address=172.16.0.0/12 comment="Segmento de IPs Privadas" list="RFC 1918"
  52. add address=192.168.0.0/16 comment="Segmento de IPs Privadas" list="RFC 1918"
  53. # Algunas reglas basicas de Firewall para proteger un poco el equipo.
  54. /ip firewall filter
  55. add action=accept chain=input comment="Aceptar Trafico ICMP" protocol=icmp
  56. add action=drop chain=input comment="Rechazar DNS desde WANs" dst-port=53 in-interface-list=WANs protocol=udp
  57. add action=drop chain=input comment="Rechazar DNS desde WANs" dst-port=53 in-interface-list=WANs protocol=tcp
  58. add action=accept chain=input comment="IN Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  59. add action=drop chain=input comment="IN Rechazar Conexiones Invalidas" connection-state=invalid
  60. add action=accept chain=input comment="Aceptar la Administracion desde segmento LAN" src-address=192.168.100.0/24
  61. add action=drop chain=input comment="IN Bloquear el Resto" disabled=yes
  62. add action=accept chain=forward comment="FW Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  63. add action=drop chain=forward comment="FW Rechazar Conexiones Invalidas" connection-state=invalid
  64. add action=accept chain=output comment="OUT Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  65. add action=drop chain=output comment="OUT Rechazar Conexiones Invalidas" connection-state=invalid
  66. /ip firewall mangle
  67. # Evitar el balanceo del trafico local.
  68. add action=accept chain=prerouting comment="No Balancear Trafico Local" dst-address-list="RFC 1918" src-address-list="RFC 1918"
  69. # Aqui Comienza lña confiuacion de PCC
  70. # Permitir trafico hacia las WAN ISP
  71. add action=accept chain=prerouting comment="Permitir Trafico hacia WAN ISPs" dst-address=192.168.5.0/24 in-interface-list=LANs
  72. add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface-list=LANs
  73. # Marcado de conexiones que se originan en internet a nuestro router
  74. add action=mark-connection chain=prerouting comment="Marcar Conexiones Originadas en Internet" connection-mark=no-mark in-interface=ether1 new-connection-mark=to_ISP1_conn passthrough=yes
  75. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=to_ISP2_conn passthrough=yes
  76. # Marcado de respuestas desde el router a las peticiones de internet
  77. add action=mark-routing chain=output comment="Marcar Conexiones de Respuesta" connection-mark=to_ISP1_conn new-routing-mark=rtTo-ISP1 passthrough=no
  78. add action=mark-routing chain=output connection-mark=to_ISP2_conn new-routing-mark=rtTo-ISP2 passthrough=no
  79. # Marcado de conexiones desde LAN, por defecto el clasificador de conexiones se
  80. # a configurado para 2 proveedores de la misma velocidad (1:1), ademas esta
  81. # seleccionado el clasificador boot-address pero se puede usar el src-address
  82. # contacte al creador por una configuracion adaptada a sus necesidades.
  83. add action=mark-connection chain=prerouting comment="Marcar Conexiones desde LAN (Clasificador de Conexiones)" connection-mark=no-mark in-interface-list=LANs new-connection-mark=to_ISP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
  84. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface-list=LANs new-connection-mark=to_ISP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
  85. # Marcado de rutas por la cual saldran las conexiones marcadas previamente
  86. add action=mark-routing chain=prerouting comment="Marcar Rutas para Conexiones Previamente Marcadas" connection-mark=to_ISP1_conn in-interface-list=LANs new-routing-mark=rtTo-ISP1 passthrough=no
  87. add action=mark-routing chain=prerouting connection-mark=to_ISP2_conn in-interface-list=LANs new-routing-mark=rtTo-ISP2 passthrough=no
  88. /ip firewall nat
  89. # DNS Transparente
  90. add action=redirect chain=dstnat comment="DNS Transparente" dst-port=53 protocol=udp to-ports=53
  91. # NAT Mascarade
  92. add action=masquerade chain=srcnat comment="Enmascaramiento a Internet WANs" out-interface-list=WANs
  93. /ip firewall service-port
  94. set ftp disabled=yes
  95. set tftp disabled=yes
  96. set h323 disabled=yes
  97. set sip disabled=yes
  98. set pptp disabled=yes
  99. /ip route
  100. # Rutas Recursivas a DNSs, aqui tambien debera agregar el gateway de su proveedor.
  101. add comment="Route Recursive To Quad9 ISP1" disabled=no distance=1 dst-address=9.9.9.9/32 gateway=192.168.5.254 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
  102. add comment="Route Recursive To ControlD ISP2" disabled=no distance=1 dst-address=76.76.2.0/32 gateway=192.168.2.254 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
  103. # Rutas para PCC y Failover.
  104. add check-gateway=ping comment="Ruta con MARCAS  ISP2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=rtTo-ISP1 scope=30 suppress-hw-offload=no target-scope=11
  105. add check-gateway=ping comment="Ruta con MARCAS  ISP2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=rtTo-ISP2 scope=30 suppress-hw-offload=no target-scope=11
  106. add check-gateway=ping comment="Ruta main  ISP1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
  107. add check-gateway=ping comment="Default BackUp Route marca ISP1 " disabled=no distance=2 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=rtTo-ISP1 scope=30 suppress-hw-offload=no target-scope=11
  108. add check-gateway=ping comment="Ruta main ISP2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
  109. add check-gateway=ping comment="Default Backup Route marca ISP2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=rtTo-ISP2 scope=30 suppress-hw-offload=no target-scope=11
  110. /ip service
  111. set telnet disabled=yes
  112. set ftp disabled=yes
  113. set www disabled=yes
  114. set ssh disabled=yes
  115. set api disabled=yes
  116. set api-ssl disabled=yes
Tags: MMikrotic
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!