Advertisement
EliasJRodriguez

Router CVLC dual wan

May 9th, 2024
1,399
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TypoScript 8.15 KB | Software | 0 0
  1. /interface bridge
  2. add comment="Red Local" name=bridgeLAN
  3. /interface ethernet
  4. set [ find default-name=ether1 ] comment="WAN ISP1"
  5. set [ find default-name=ether2 ] comment="WAN ISP2"
  6. set [ find default-name=ether3 ] comment="En bridgeLAN"
  7. set [ find default-name=ether4 ] comment="En bridgeLAN"
  8. set [ find default-name=ether5 ] comment="En bridgeLAN"
  9. # Crear listas de interfaces.
  10. /interface list
  11. add name=WANs
  12. add name=LANs
  13. # Pool y DHCP para semento LAN, si requieres un semento LAN diferente, asegurese de
  14. # cambiarlo en todos los apartados donde se haga referencia.
  15. /ip pool
  16. add name=dhcp_pool0 ranges=192.168.100.1-192.168.100.253
  17. /ip dhcp-server
  18. add address-pool=dhcp_pool0 interface=bridgeLAN lease-time=10m name=dhcp1
  19. # Creacion de tablas de Ruteo.
  20. /routing table
  21. add comment="Tabla de Ruteo para ISP1" disabled=no fib name=rtTo-ISP1
  22. add comment="Tabla de Ruteo para ISP2" disabled=no fib name=rtTo-ISP2
  23. /interface bridge port
  24. add bridge=bridgeLAN interface=ether3
  25. add bridge=bridgeLAN interface=ether4
  26. add bridge=bridgeLAN disabled=yes interface=ether5
  27. /interface list member
  28. add interface=ether1 list=WANs
  29. add interface=ether2 list=WANs
  30. add interface=ether3 list=LANs
  31. add interface=ether4 list=LANs
  32. add interface=ether5 list=LANs
  33. /ip address
  34. # Cambiar el segmento de red poe el segmento que les entrega su proveedor ISP1.
  35. add address=192.168.10.10/24 comment=ISP1 interface=ether1 network=192.168.10.0
  36. # Cambiar el segmento de red poe el segmento que les entrega su proveedor ISP1.
  37. add address=192.168.20.20/24 comment=ISP2 interface=ether2 network=192.168.20.0
  38. # Si requieres un semento LAN diferente, asegurese de
  39. # cambiarlo en todos los apartados donde se haga referencia.
  40. add address=192.168.100.254/24 comment=bridgeLAN interface=bridgeLAN network=192.168.100.0
  41. /ip cloud
  42. set ddns-enabled=yes ddns-update-interval=10m
  43. /ip dhcp-server network
  44. add address=192.168.100.0/24 dns-server=192.168.100.254,8.8.4.4 gateway=192.168.100.254
  45. # Si requiere usar los DNS de su proveedor, puede cambiarlos aqui.
  46. /ip dns
  47. set allow-remote-requests=yes cache-size=12048KiB servers=8.8.8.8,1.1.1.1
  48. /ip firewall address-list
  49. # Sementros de IPs Privadas indicados en RFC1918.
  50. add address=10.0.0.0/8 comment="Segmento de IPs Privadas" list="RFC 1918"
  51. add address=172.16.0.0/12 comment="Segmento de IPs Privadas" list="RFC 1918"
  52. add address=192.168.0.0/16 comment="Segmento de IPs Privadas" list="RFC 1918"
  53. # Algunas reglas basicas de Firewall para proteger un poco el equipo.
  54. /ip firewall filter
  55. add action=accept chain=input comment="Aceptar Trafico ICMP" protocol=icmp
  56. add action=drop chain=input comment="Rechazar DNS desde WANs" dst-port=53 in-interface-list=WANs protocol=udp
  57. add action=drop chain=input comment="Rechazar DNS desde WANs" dst-port=53 in-interface-list=WANs protocol=tcp
  58. add action=accept chain=input comment="IN Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  59. add action=drop chain=input comment="IN Rechazar Conexiones Invalidas" connection-state=invalid
  60. add action=accept chain=input comment="Aceptar la Administracion desde segmento LAN" src-address=192.168.100.0/24
  61. add action=drop chain=input comment="IN Bloquear el Resto" disabled=yes
  62. add action=accept chain=forward comment="FW Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  63. add action=drop chain=forward comment="FW Rechazar Conexiones Invalidas" connection-state=invalid
  64. add action=accept chain=output comment="OUT Aceptar Conexiones Establecida y Relacionadas" connection-state=established,related
  65. add action=drop chain=output comment="OUT Rechazar Conexiones Invalidas" connection-state=invalid
  66. /ip firewall mangle
  67. # Evitar el balanceo del trafico local.
  68. add action=accept chain=prerouting comment="No Balancear Trafico Local" dst-address-list="RFC 1918" src-address-list="RFC 1918"
  69. # Aqui Comienza lña confiuacion de PCC
  70. # Permitir trafico hacia las WAN ISP
  71. add action=accept chain=prerouting comment="Permitir Trafico hacia WAN ISPs" dst-address=192.168.5.0/24 in-interface-list=LANs
  72. add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface-list=LANs
  73. # Marcado de conexiones que se originan en internet a nuestro router
  74. add action=mark-connection chain=prerouting comment="Marcar Conexiones Originadas en Internet" connection-mark=no-mark in-interface=ether1 new-connection-mark=to_ISP1_conn passthrough=yes
  75. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=to_ISP2_conn passthrough=yes
  76. # Marcado de respuestas desde el router a las peticiones de internet
  77. add action=mark-routing chain=output comment="Marcar Conexiones de Respuesta" connection-mark=to_ISP1_conn new-routing-mark=rtTo-ISP1 passthrough=no
  78. add action=mark-routing chain=output connection-mark=to_ISP2_conn new-routing-mark=rtTo-ISP2 passthrough=no
  79. # Marcado de conexiones desde LAN, por defecto el clasificador de conexiones se
  80. # a configurado para 2 proveedores de la misma velocidad (1:1), ademas esta
  81. # seleccionado el clasificador boot-address pero se puede usar el src-address
  82. # contacte al creador por una configuracion adaptada a sus necesidades.
  83. add action=mark-connection chain=prerouting comment="Marcar Conexiones desde LAN (Clasificador de Conexiones)" connection-mark=no-mark in-interface-list=LANs new-connection-mark=to_ISP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
  84. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface-list=LANs new-connection-mark=to_ISP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
  85. # Marcado de rutas por la cual saldran las conexiones marcadas previamente
  86. add action=mark-routing chain=prerouting comment="Marcar Rutas para Conexiones Previamente Marcadas" connection-mark=to_ISP1_conn in-interface-list=LANs new-routing-mark=rtTo-ISP1 passthrough=no
  87. add action=mark-routing chain=prerouting connection-mark=to_ISP2_conn in-interface-list=LANs new-routing-mark=rtTo-ISP2 passthrough=no
  88. /ip firewall nat
  89. # DNS Transparente
  90. add action=redirect chain=dstnat comment="DNS Transparente" dst-port=53 protocol=udp to-ports=53
  91. # NAT Mascarade
  92. add action=masquerade chain=srcnat comment="Enmascaramiento a Internet WANs" out-interface-list=WANs
  93. /ip firewall service-port
  94. set ftp disabled=yes
  95. set tftp disabled=yes
  96. set h323 disabled=yes
  97. set sip disabled=yes
  98. set pptp disabled=yes
  99. /ip route
  100. # Rutas Recursivas a DNSs, aqui tambien debera agregar el gateway de su proveedor.
  101. add comment="Route Recursive To Quad9 ISP1" disabled=no distance=1 dst-address=9.9.9.9/32 gateway=192.168.5.254 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
  102. add comment="Route Recursive To ControlD ISP2" disabled=no distance=1 dst-address=76.76.2.0/32 gateway=192.168.2.254 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
  103. # Rutas para PCC y Failover.
  104. add check-gateway=ping comment="Ruta con MARCAS  ISP2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=rtTo-ISP1 scope=30 suppress-hw-offload=no target-scope=11
  105. add check-gateway=ping comment="Ruta con MARCAS  ISP2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=rtTo-ISP2 scope=30 suppress-hw-offload=no target-scope=11
  106. add check-gateway=ping comment="Ruta main  ISP1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
  107. add check-gateway=ping comment="Default BackUp Route marca ISP1 " disabled=no distance=2 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=rtTo-ISP1 scope=30 suppress-hw-offload=no target-scope=11
  108. add check-gateway=ping comment="Ruta main ISP2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=76.76.2.0 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
  109. add check-gateway=ping comment="Default Backup Route marca ISP2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=rtTo-ISP2 scope=30 suppress-hw-offload=no target-scope=11
  110. /ip service
  111. set telnet disabled=yes
  112. set ftp disabled=yes
  113. set www disabled=yes
  114. set ssh disabled=yes
  115. set api disabled=yes
  116. set api-ssl disabled=yes
Tags: MMikrotic
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement