MIKROTIK ميكروتك: 2010

28 September 2010

طريقة عمل load balance لثلاثة خطوط في سيرفر المايكروتك

السلام عليكم ورحمة الله وبركاته

نظرا لطلبات الكثر من الاعضاء على كيفية عمل لود بلنس لـ 3 خطوط انترنت واخراج واحد هذا الشرح مجرب من قبلي على سيرفر مايكروتك اصدار 2.9.20 .. ارجوا من الرغبين في تطبيق الشرح بان ينتبهوا للقيم والايبيات الموجودة .. يجب تغير وتعديل الكودات حسب ايبيات شبكتك .. عدم لصق الكود من دون معرفة .

طريقة العمل مكونة من اربع كروت شبكة .. ثلاث للدخول والرابع للخروج

كارت الشبكة الاول الـ WAN1 والمسمى في الشرح con1 يحمل ايبي : 10.111.0.2/24
كارت الشبكة الثاني الـ WAN2 والمسمى في الشرح con2 يحمل ايبي : 10.112.0.2/24
كارت الشبكة الثالث الـ WAN2 والمسمى في الشرح con2 يحمل ايبي : 10.113.0.2/24
كارت الشبكة الرابع الـ LAN والمسمى في الشرح local يحمل ايبي : 192.168.0.1/24

يجيب تسمة الكروت بهذه الاسماء اولا.

كود عمل هذه الايبايت المذكورة

كود PHP:

     ip address

add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=local comment="" disabled=no

add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=con1 comment="" disabled=no

add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=con2 comment="" disabled=no

add address=10.113.0.2/24 network=10.113.0.0 broadcast=10.113.0.255 interface=con3 comment="" disabled=no

كود عمل اعدادت الجيت وي في الراوت

كود PHP:

     ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=mark1 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=mark2 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=mark3 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 comment="" disabled=no

add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 comment="" disabled=no

كود عمل الدي ان اس

كود PHP:

     ip dns

set primary-dns=192.168.1.1 secondary-dns=192.168.0.1 allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w

كود عمل الاعدادت في الفايرول - نات

كود PHP:

     ip firewall nat

add chain=srcnat connection-mark=mark1 action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 comment="" disabled=no

add chain=srcnat connection-mark=mark2 action=src-nat to-addresses=10.112.0.2 to-ports=0-65535 comment="" disabled=no

add chain=srcnat connection-mark=mark2 action=src-nat to-addresses=10.113.0.2 to-ports=0-65535 comment="" disabled=no

اخيرا كود عمل الفايرول - مانجل

كود PHP:

     ip firewall mangle

add chain=prerouting in-interface=local src-address-list=mark1 action=mark-connection new-connection-mark=mark1 passthrough=yes

    comment="" disabled=no

add chain=prerouting in-interface=local src-address-list=mark1 action=mark-routing new-routing-mark=mark1 passthrough=no comment=""

    disabled=no

add chain=prerouting in-interface=local src-address-list=mark2 action=mark-connection new-connection-mark=mark2 passthrough=yes

    comment="" disabled=no

add chain=prerouting in-interface=local src-address-list=mark2 action=mark-routing new-routing-mark=mark2 passthrough=no comment=""

    disabled=no

add chain=prerouting in-interface=local src-address-list=mark3 action=mark-connection new-connection-mark=mark3 passthrough=yes

    comment="" disabled=no

add chain=prerouting in-interface=local src-address-list=mark3 action=mark-routing new-routing-mark=mark3 passthrough=no comment=""

    disabled=no

add chain=prerouting in-interface=local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=mark1

    passthrough=yes comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark1 action=add-src-to-address-list address-list=mark1

    address-list-timeout=1d comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark1 action=mark-routing new-routing-mark=mark1 passthrough=no comment=""

    disabled=no

add chain=prerouting in-interface=local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=mark2

    passthrough=yes comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark2 action=add-src-to-address-list address-list=mark2

    address-list-timeout=1d comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark2 action=mark-routing new-routing-mark=mark2 passthrough=no comment=""

    disabled=no

add chain=prerouting in-interface=local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=mark3

    passthrough=yes comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark3 action=add-src-to-address-list address-list=mark3

    address-list-timeout=1d comment="" disabled=no

add chain=prerouting in-interface=local connection-mark=mark3 action=mark-routing new-routing-mark=mark3 passthrough=no comment=""

    disabled=no

مجاناً: صفحة واجهة جميلة للمايكروتك (هوت سبوت)

تصميم جميلاً لصفحة دخول المشتركين في نظام المايكروتك (هوت سبوت hotspot).

الواجهة جذابة وسهلة التركيب والتعديل.

وتتميز بما يلي:

- تصميم خفيف و مميز بنمط ويب 2.

- استخدام تقنية الـ CSS في التصميم والتي تتميز بالخفة و سهولة التعديل على تصميم كافة الصفحات من ملف واحد فقط .

- تعريب كامل لرسائل الأخطاء.

- شمل التصميم كافة صفحات الهوت سبوت.

- أضيفت 4 صفحات إضافية و هي (الأسعار-الشروط-الحسابات-خدمة العملاء).

- إضيفت صفحة أذكار و أدعية متحركة لتذكير المشتركين.

- أضيف إلى التصميم ميزة إظهار اليوم والتاريخ.

- لم يكتب المصمم اسمه ولا حقوقه على الصفحة ويسمح بتعديلها لمن شاء بشرط ألا ينسبها لنفسه.

وفيما يلي لقطات من صفحات الهوت سبوت والصفحات الإضافية:

* الصفحة الرئيسية و تبين تعريب الأخطاء (اضغط الصورة للتكبير)

* صفحة الأسعار مع تصميم لها (اضغط الصورة للتكبير)

*صفحة خدمة العملاء (اضغط الصورة للتكبير)

* صفحة الحسابات البنكية مفرغة من البيانات للتعديل

* صفحة الشروط (وبإمكانكم إزالة الصورة و كتابتة ما يحلوا لكم) اضغط الصورة للتكبير

حجم الملف:

430.5 kb

رابط تحميل الملف:

http://www.ziddu.com/download/14655317/mikrotik4u.blogspot.com_hotspot.zip.html

او

http://www.duckload.com/download/4772863/mikrotik4u.blogspot.com_hotspot.zip

طريقة التركيب:

- خذ نسخة احتياطية لنظامك قبل التركيب.

- حمل الملف المضغوط.

- فك الضغط عن الملف بعد تحميله.

- عدل على التصميم حسب رغبتك.

- استبدل مجلد "hotspot" في نظامك بالمجلد الظاهر بعد فك الضغط.

01 August 2010

شرح بالصور عمل سيرفر أفلام وبرامج مع سيرفر المايكروتك

أولا :

لازم يكون عندك برنامج hfs وداطبعا اللى هايعملك الجهاذ بتاعك سايت

اللى هوه عليه الوندوز ال xp اللى هايبقى عليه الآفلام والبرامج ..... الخ

لتحميل البرنامج

بعد تنزيل البرنامج افتحه هتلاقيه واخد الأيبي الخاص بالجهاز اللى البرنامج

موجود عليه

بعد كدا هانبدأ نحطله الحاجات اللي احنا عايزينها علي الموقع بتعنا مثل الأفلام

والبرامج .......الخ

28 March 2010

جهز اعدادات ميكروتك كاملة عن طريق التيرمنال

مرحبا اصدقائب الاعزاء اقدم لكم اليوم سكربتات جاهزة لبرمجة ميكروتك بالكامل
طبعا الرجااااااء الانتباه الى الاي بيات وفيما يلائمك وتغيرها الى المطلوب لك
نفترض ان الوان هو 10.0.0.1 و الاي بي الداخلي هو 192.168.0.1

/ interface
set ether1 name=lan
set ether2 name=wan

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=lan
add address=10.0.0.2/24 network=10.0.0.0 broadcast=10.0.0.255 interface=wan

/ ip firewall nat
add chain=srcnat out-interface=wan action=masquerade comment="NAT to wan" disabled=no

/ ip upnp interfaces
add interface=wan type=external
add interface=lan type=internal

/ ip route
add dst-address=8.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=16.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=32.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=64.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=96.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=128.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=207.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="MICROSOFT" disabled=no
add dst-address=208.65.0.0/16 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.67.0.0/16 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="GOOGLE" disabled=no
add dst-address=209.0.0.0/28 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="ORKUT" disabled=no

/ ip route
add dst-address=8.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=16.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=32.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=64.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=96.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=128.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=207.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="MICROSOFT" disabled=no
add dst-address=208.65.0.0/16 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.67.0.0/16 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="GOOGLE" disabled=no
add dst-address=209.0.0.0/28 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="ORKUT" disabled=no

اعداد الكاش

/ ip firewall nat
add chain=dstnat dst-port=80 protocol=tcp action=redirect to-ports=3128 comment="PROXY REDIRECTION" disabled=no

/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" transparent-proxy=yes parent-proxy=0.0.0.0:0 cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system max-cache-size=380000KiB max-ram-cache-size=64000KiB

/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no

/ip firewall filter
add chain=input dst-port=3128 protocol=tcp in-interface=wan action=drop comment="EXTERNAL PROXY BLOCK" disabled=no

تحديد سرعة برامج p2p والضارة جدا خليتها لكم 1 كيلو تحميل 1 كيلو رفع

/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="MARK P2P" disabled=no
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no

/ queue tree
add name="P2P-Down" parent=global-in packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=1000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="P2P-Up" parent=global-out packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=1000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
اعداد dns وركزو تغيرو الاي بي الى الدي ان اس الخاص ب isp الخاص بك او الي ماخذ منه خط باك بون

/ ip dns set primary-dns=111.111.111.111
/ ip dns set secondary-dns=222.222.222.222

اعداد الفايرول فلتر

/ ip firewall filter
add chain=forward protocol=tcp connection-limit=25,32 limit=1,5 action=drop comment="LIMIT USER CONECTION TO 25" disabled=no
add chain=input connection-state=invalid action=drop comment="DROP INVALID CONNECTIONS" disabled=no
add chain=customer connection-state=invalid action=drop comment="DROP INVALID CONNEECTION PACKETS" disabled=no
add chain=customer connection-state=established action=accept comment="ALLOW ESTABLISHED CONNECTIONS" disabled=no
add chain=customer connection-state=related action=accept comment="ALLOW RELATED CONNECTIONS" disabled=no
add chain=customer action=log log-prefix="customer_drop" comment="LOG DROPPED CONNECTIONS" disabled=no
add chain=forward protocol=tcp src-port=135-139 action=drop comment="NETBEUI" disabled=no
add chain=customer action=drop comment="DROP AND LOG EVERYTHING ELSE" disabled=no
add chain=forward protocol=tcp dst-port=3306 action=drop comment="VIRUS" disabled=no
add chain=forward protocol=tcp dst-port=1025 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=winmx connection-limit=10,32 limit=1,3 action=drop comment="P2P" disabled=no
add chain=forward protocol=tcp p2p=warez connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=bit-torrent connection-limit=10,32 limit=1,3 connection-state=new action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=edonkey connection-limit=10,32 limit=1,3 connection-state=new action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=gnutella connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=fasttrack connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=fasttrack connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=direct-connect connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=blubster connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept comment="SYN-FLOOD" disabled=no
add chain=input protocol=icmp icmp-options=8:0 limit=1,5 action=accept comment="DOS ATTACK" disabled=no
add chain=forward protocol=icmp icmp-options=8:0 limit=1,5 action=accept comment="" disabled=no
add chain=output protocol=icmp connection-state=invalid action=drop comment="TRANSLATION NAT BUG" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="PORT SCANNERS TO LIST" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="NMAP FIN STEALTH" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="SYN/FINn" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="SYN/RST" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!ack action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="FIN/PSH/URG" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="ALL/ALL" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="NMAP NULL" disabled=no
add chain=input src-address-list="pscanners" action=drop comment="DROPPING PORT SCANNERS" disabled=no
add chain=forward protocol=tcp dst-port=0 action=drop comment="REX VIRUS" disabled=no
add chain=forward protocol=tcp dst-port=12345 action=drop comment="NETBUS" disabled=no
اعداد dhcp server

/ ip pool
add name="pool_clients" ranges=192.168.0.10-192.168.0.240

/ ip dhcp-server
add name="dhcp_clients" interface=lan lease-time=1d address-pool=pool_clients bootp-support=static authoritative=after-2sec-delay add-arp=yes disabled=no

/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24 dns-server=111.111.111.111,222.222.222.222 comment="DHCP Server Range"

/ ip dhcp-server
config set store-leases-disk=5m

حجب اجهزة الزبون من الاتصال باجهزة الزبون الاخرى على كل البورتات
/ ip firewall filter
add chain=forward src-address=192.168.0.0/24 dst-address=192.168.0.0/24 action=drop comment="Block client to client traffic in all ports" disabled=no
تحويل كامل ترفك الزبون الى الوان

/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.0.1 scope=255 target-scope=10 routing-mark=Route_wan comment="Market packets redirect to port Route_wan" disabled=no

/ ip firewall mangle
add chain=prerouting protocol=tcp action=mark-routing new-routing-mark=Route_wan passthrough=yes in-interface=lan comment="Redirect port to Route_wan" disabled=no
add chain=prerouting routing-mark=Route_wan action=mark-packet new-packet-mark=Route_wan passthrough=yes comment="Market packets to Route_wan" disabled=no

/ interface ethernet
set wan name="wan" arp=proxy-arp comment="" disabled=no

/ ip firewall nat
add chain=dstnat action=redirect to-ports=3128 src-address=!210.220.230.0 dst-port=80 protocol=tcp comment="PROXY-WEB/JUMP VALID IP" disabled=no
add chain=dstnat action=passthrough src-address=210.220.230.0/24 comment="VALID IP TO CLIENTS" disabled=no

/ ppp profile
add name="pppoe_palmcse_128K_256K" use-compression=no use-vj-compression=no use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=128k/256k dns-server=111.111.111.111,222.222.222.222 comment=""

/ interface pppoe-server server
add service-name="pppoe_server" interface=wan max-mtu=1480 max-mru=1480 authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10 one-session-per-host=yes max-sessions=0 default-profile= pppoe_palmcse_128K_256K disabled=no

/ ppp secret
add name="palmcse" service=pppoe password="test" profile= pppoe_palmcse_128K_256K remote-address=210.220.230.240 routes="" limit-bytes-in=0 limit-bytes-out=0 comment="" disabled=no
اعداد اليوزر منجر ولكن ركزو على هاي الامور
#USER MANAGER ACTIVE SESSIONS LIMITED AT:
#SIMULTANEOUS USE: L3=10 L4=10 L5=10 L6=UNLIMITED IN 2.9 VERSION
#SIMULTANEOUS USE: L3=10 L4=20 L5=50 L6=UNLIMITED IN 3.X VERSION
#READ MORE AT License levels - MikroTik Wiki

/ radius add called-id="" domain="" address=10.0.0.1 secret="123456" authentication-port=1812 accounting-port=1813 timeout=300ms accounting-backup=no realm="" comment="" disabled=no

/ radius incoming set accept=yes port=1700

/ ppp aaa set use-radius=yes accounting=yes interim-update=10s
/ radius add service=ppp address=10.0.0.1 secret="123456"

/ ip hotspot profile set hsprof1 use-radius=yes
/ radius add service=hotspot address=10.0.0.1 secret="secretkey"
/ radius add service=hotspot

/ tool user-manager customer add login=admin password=pass123 permissions=owner

/ tool user-manager customer add subscriber=admin login="clients" password="pass123" permissions=read-write comment="" disabled=no

/ tool user-manager router add subscriber=admin name="ServerNET" ip-address=10.0.0.1 shared-secret="123456" log=auth-ok,auth-fail,acct-ok,acct-fail comment="" disabled=no

لاضافة يوزر عن طريق اليوزر منجر
/ tool user-manager user add subscriber=admin name="palmcse" password="test" pool-name="pppoe" group-name="100k/256k" comment="" disabled=no
لتغير سرعة اليوزر بعد منتصف اليل

system scheduler add name=SpeedLeftMidnight start-date=feb/13/1977 start-time=01:30:00 interval=24:00:00 on-event="ppp profile set 100k/256k rate-limit=384k/384k
/queue tree set P2P-Down max-limit=256000
/queue tree set P2P-Up max-limit=256000"

لتنظيف البروكسي سيرفر او الكاش كل 3 ايام

/ system script
add name="proxyclear" source=":log info \"Cleaning web-proxy\" \n
/ ip web-proxy set enabled=no \n
:delay 60s \n
/ ip web-proxy clear-cache \n
:delay 60s \n
/ ip web-proxy set enabled=yes \n
:log info \"Clear web-proxy done\"
\n" \policy=ftp,reboot,read,write,policy,test,winbox,p assword

/ system scheduler
add name="palmcse_proxyclear" on-event=proxyclear start-date=feb/13/1977 start-time=04:10:00 interval=72:00:00 comment="" disabled=no

سكربت لاخذ باك اب يومي

/ system script
add name="abackup" source="/sys bac sa name=\(\[/sys id g na\] . \"_\" . \
\[:pick \[/sys cl g da\] 7 11\] . \[:pick \[/sys cl g da\] 0 3\] . \[:pick \
\[/sys cl g da\] 4 6\]\)\n
\n/ export file=\(\[/sys id g na\] . \"_\" . \
\[:pick \[/sys cl g da\] 7 11\] . \[:pick \[/sys cl g da\] 0 3\] . \[:pick \
\[/sys cl g da\] 4 6\]\)" \
policy=ftp,reboot,read,write,policy,test,winbox,pa ssword

/ system scheduler
add name="palmcse_abackup" on-event="abackup" interval=24:00:00 start-time=23:59:30 comment="Auto backup script"

سكربت لعمل ربوت او اعادة تشغيل تلقائية كل 3 ايام لمن يحب يعدل بالي يريحة

/ system script
add name="areboot" source="/system reboot" \ policy=ftp,reboot,read,write,policy,test,winbox,pa ssword

/ system scheduler
add name="m4d3_areboot" on-event="areboot" interval=72:00:00 start-time=02:00:00 comment="Auto reboot script"
سكربت لتحديد سرعة youtube الى 150 كيلو فقط

/ ip firewall address-list
add list=youtube address=64.0.0.0/8 comment="YOUTUBE" disabled=no
add list=youtube address=72.0.0.0/8 comment="" disabled=no
add list=youtube address=84.0.0.0/8 comment="" disabled=no
add list=youtube address=208.65.153.224/27 comment="" disabled=no
add list=youtube address=209.85.239.0/24 comment="" disabled=no

/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=youtube_conn passthrough=yes src-address-list=youtube comment="YOUTUBE traffic" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=youtube passthrough=yes connection-mark=youtube_conn comment="" disabled=no

/ queue tree
add name="YOUTUBE" parent=global-total packet-mark=youtube limit-at=0 queue=default priority=7 max-limit=150000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

/ ip route
add dst-address=64.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=72.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=84.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.65.153.224/27 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=209.85.239.0/24 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no

25 March 2010

الحل الاكيد لمشكلة النت كت

بكدة نقول وداعآ للنت قط

PPTPServer

A minimalistic HowTo for using a MT Router OS as PPTP-Server, based on 2.9.x. Use it on your own risk.
I prefer bridge-groups as they are always up and one can add physical interfaces later. The arp=proxy-arp is important.
N.B. 8 Oct 2007: "set gre disabled=no" is not active on RouterOS 3.0rc5
/ interface ethernet
set ether1 name="ether1"

/ interface bridge
add name="lan" arp=proxy-arp

/ interface bridge port
add interface=ether1 bridge=lan

/ ip address
add address=192.168.0.1/24 interface=lan

/ ip dns
allow-remote-requests=yes

/ ip firewall service-port
set gre disabled=no
set pptp disabled=no

/ ip pool
add name="pptp" ranges=192.168.0.200-192.168.0.229

/ ppp profile
add name="pptp-in" local-address=192.168.0.1 remote-address=pptp use-encryption=required only-one=yes change-tcp-mss=yes dns-server=192.168.0.1

/ interface pptp-server server
set enabled=yes max-mtu=1460 max-mru=1460 authentication=chap,mschap1,mschap2 default-profile=pptp-in

/ ppp secret
add name="user-1" service=pptp password="******" profile=pptp-in
add name="user-2" service=pptp password="******" profile=pptp-in
# ...

PPPoE Server Setup with Profiles

In this article i will be setting up a PPPoE (point-to-point protocol over ethernet) Server with different profiles.

First we will configure interface that is connected to WAN.
/ ip address add address=172.16.10.50/16 network=172.16.0.0 broadcast=172.16.255.255 interface=ether1

Now one interface is configured and connected to WAN (with ip 172.16.10.50/16). Now we will configure second interface for our Local Network.
/ ip address add address=10.10.10.1/24 network=10.10.10.0 broadcast=10.10.10.255 interface=ether2

Now goto IP > Pool. Press the PLUS sign in RED, then create a IP Address Pool that will be used by the PPPoE to give out IP (i am using 10.10.10.10-10.10.10.250) Press APPLY and OK. It should look something like this.

Now we will create a PPPoE Server. Goto PPP then press PLUS sign and select PPPoE Server, a new small window will popup, just press APPLY and OK. You will see a window similar to this one after you press APPLY and OK.

Now we will setup the main PPPoE Server. Press the button which says "PPPoE Server" in the same window. A new window will popup, press the PLUS sign to add a PPPoE Server. Now set the Service Name=pppoe-server (or whatever you like), then select the interface connected to local network (here i have selected ether2). Dont change the values of max MTU and max MRU. Uncheck the button Keepalive Timeout, select the option "Once Session per host". At the bottom of the window you can see 4 authenticaion methods, here only select PAP, and unselect all others. It should look something like this. Now press APPLY and OK.

Now we will create a profile that will be used by different users. Goto the main PPP window, goto Profiles tab, here you will see two profiles by default, dont do any thing to these default profiles, create a new profile by pressing the PLUS sign. Name the profile what ever you like (here i have named it name=profile512). Local Address is the address of the server (here it is 10.10.10.1) local-address=10.10.10.1. In Remote Address box press the down arrow button you will see the name of the pool that we created in the first step, select it. If you dont see the name of the pool dont worry, name type the name of the pool in the Remote Address Location. In the DNS Server, enter the IP of your SERVER (here i am using mikrotik as my DNS Server) DNS-Server=10.10.10.1. Then goto Limits tab in the same window, now here we have to setup the bandwidth rate at which the users using this profile will be restricted at. Here set the Rate Limit (tx/rx) to what ever you like (i am setting it to 512k up/down). Then press APPLY and OK. Your settings should be a bit similar to settings shown below.

Now we will create users. In the main PPP window goto Secrets tab, then press the PLUS sign to add a new user. Name is the UID ( here i am setting it to test), set the password ( i am setting here to test). Now in the service box, select "pppoe", in the profile select the profile that we created in the previous step profile="profile512". Dont change any thing else. Just press APPLY and OK. Setting should be similar to this.

Our PPPoE Server Setup is complete, however Internet right now will not be working at any cleint. Now we will setup NAT and ROUTE and DNS so that internet will also work on the clients.
Goto IP > Firewall. In the NAT tab add a new FIREWALL rule, press the PLUS sign. chain=srcnat , src.address=10.10.10.0/24 , then goto Action's tab in the same window, select action=masquerade. Then press APPLY and OK.

Now we will setup Default ROUTE. Goto IP > Routes , in here add a new Static ROUTE by pressing PLUS sign. Destination=0.0.0.0/0 , set the gateway to the gateway of the interface connected to INTERNET or the main IP of your ADSL Router (here its 172.16.10.1) gateway=172.16.10.1. Then Press APPLY and OK.

Now the last and final step, setup DNS Server on Mikrotik Router. Goto IP > DNS, press the settings butting. Enter the primary and secondary DNS Server's IP provided by your ISP (here i have a DNS Server on my network i am using that) primary DNS=172.16.10.1 , also select "Allow Remote Request" this will make your Mikrotik Router act as a DNS Server. Notice that i have setup the Cache size=10000 , if you want you can change that, its not that big deal. Now press APPLY and OK.

Now our PPPoE Server Setup with Profiles is complete. Every thing should be working fine....

طريقه تحديد السرعه من الكيوز ( فصل الدونلود عن التصفح ) سيرفر مايكروتك mikrotik

تحديد السرعه من الكيوز

name : اسم اليوزر
target address : عنوان الاى بى الخاص باليوزر
max limit : سرعه اليوزر القصوى
burst limit : سرعه التصفح القصوى وايضا سرعه الدونلود لمده 300 ثانيه 5 دقائق
burst threshold : سرعه اليوزر القصوى التى سيجبر عليها فى حاله الدونلود لمده 300 ثانيه متواصله
burst time : وقت الدونلود بالسرعه كامله ( فى حاله التصفح لن يؤثر عليه الوقت )

overclock rb433ah

overclock rb433ah

overclock rb433uah

in new terminal

/system routerboard settings change-frequency frequency=800MHz

/system reboot

that is all

23 March 2010

PPPOE Server

you can use this configuration for PPPoe server that users get public ip. if range of public ip is 192.168.1.0/24 and ip of router is 192.168.1.4 and ip of gateway is 192.168.1.1 first for router set this ip