مرحبا اصدقائب الاعزاء اقدم لكم اليوم سكربتات جاهزة لبرمجة ميكروتك بالكامل
طبعا الرجااااااء الانتباه الى الاي بيات وفيما يلائمك وتغيرها الى المطلوب لك
نفترض ان الوان هو 10.0.0.1 و الاي بي الداخلي هو 192.168.0.1
طبعا الرجااااااء الانتباه الى الاي بيات وفيما يلائمك وتغيرها الى المطلوب لك
نفترض ان الوان هو 10.0.0.1 و الاي بي الداخلي هو 192.168.0.1
/ interface
set ether1 name=lan
set ether2 name=wan
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=lan
add address=10.0.0.2/24 network=10.0.0.0 broadcast=10.0.0.255 interface=wan
/ ip firewall nat
add chain=srcnat out-interface=wan action=masquerade comment="NAT to wan" disabled=no
/ ip upnp interfaces
add interface=wan type=external
add interface=lan type=internal
/ ip route
add dst-address=8.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=16.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=32.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=64.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=96.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=128.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=207.0.0.0/8 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="MICROSOFT" disabled=no
add dst-address=208.65.0.0/16 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.67.0.0/16 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="GOOGLE" disabled=no
add dst-address=209.0.0.0/28 gateway=192.168.0.1 distance=1 scope=255 \
target-scope=10 comment="ORKUT" disabled=no
/ ip route
add dst-address=8.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=16.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=32.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=64.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=96.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=128.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="INTERNATIONAL SITES" disabled=no
add dst-address=207.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="MICROSOFT" disabled=no
add dst-address=208.65.0.0/16 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.67.0.0/16 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="GOOGLE" disabled=no
add dst-address=209.0.0.0/28 gateway=10.0.0.1 distance=1 scope=255 \
target-scope=10 comment="ORKUT" disabled=no
اعداد الكاش
/ ip firewall nat
add chain=dstnat dst-port=80 protocol=tcp action=redirect to-ports=3128 comment="PROXY REDIRECTION" disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" transparent-proxy=yes parent-proxy=0.0.0.0:0 cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system max-cache-size=380000KiB max-ram-cache-size=64000KiB
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
/ip firewall filter
add chain=input dst-port=3128 protocol=tcp in-interface=wan action=drop comment="EXTERNAL PROXY BLOCK" disabled=no
تحديد سرعة برامج p2p والضارة جدا خليتها لكم 1 كيلو تحميل 1 كيلو رفع
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="MARK P2P" disabled=no
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no
/ queue tree
add name="P2P-Down" parent=global-in packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=1000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="P2P-Up" parent=global-out packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=1000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
اعداد dns وركزو تغيرو الاي بي الى الدي ان اس الخاص ب isp الخاص بك او الي ماخذ منه خط باك بون
/ ip dns set primary-dns=111.111.111.111
/ ip dns set secondary-dns=222.222.222.222
اعداد الفايرول فلتر
/ ip firewall filter
add chain=forward protocol=tcp connection-limit=25,32 limit=1,5 action=drop comment="LIMIT USER CONECTION TO 25" disabled=no
add chain=input connection-state=invalid action=drop comment="DROP INVALID CONNECTIONS" disabled=no
add chain=customer connection-state=invalid action=drop comment="DROP INVALID CONNEECTION PACKETS" disabled=no
add chain=customer connection-state=established action=accept comment="ALLOW ESTABLISHED CONNECTIONS" disabled=no
add chain=customer connection-state=related action=accept comment="ALLOW RELATED CONNECTIONS" disabled=no
add chain=customer action=log log-prefix="customer_drop" comment="LOG DROPPED CONNECTIONS" disabled=no
add chain=forward protocol=tcp src-port=135-139 action=drop comment="NETBEUI" disabled=no
add chain=customer action=drop comment="DROP AND LOG EVERYTHING ELSE" disabled=no
add chain=forward protocol=tcp dst-port=3306 action=drop comment="VIRUS" disabled=no
add chain=forward protocol=tcp dst-port=1025 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=winmx connection-limit=10,32 limit=1,3 action=drop comment="P2P" disabled=no
add chain=forward protocol=tcp p2p=warez connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=bit-torrent connection-limit=10,32 limit=1,3 connection-state=new action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=edonkey connection-limit=10,32 limit=1,3 connection-state=new action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=gnutella connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=fasttrack connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=fasttrack connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=direct-connect connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp p2p=blubster connection-limit=10,32 limit=1,3 action=drop comment="" disabled=no
add chain=forward protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept comment="SYN-FLOOD" disabled=no
add chain=input protocol=icmp icmp-options=8:0 limit=1,5 action=accept comment="DOS ATTACK" disabled=no
add chain=forward protocol=icmp icmp-options=8:0 limit=1,5 action=accept comment="" disabled=no
add chain=output protocol=icmp connection-state=invalid action=drop comment="TRANSLATION NAT BUG" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="PORT SCANNERS TO LIST" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="NMAP FIN STEALTH" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="SYN/FINn" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="SYN/RST" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!ack action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="FIN/PSH/URG" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="ALL/ALL" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="pscanners" address-list-timeout=2w comment="NMAP NULL" disabled=no
add chain=input src-address-list="pscanners" action=drop comment="DROPPING PORT SCANNERS" disabled=no
add chain=forward protocol=tcp dst-port=0 action=drop comment="REX VIRUS" disabled=no
add chain=forward protocol=tcp dst-port=12345 action=drop comment="NETBUS" disabled=no
اعداد dhcp server
/ ip pool
add name="pool_clients" ranges=192.168.0.10-192.168.0.240
/ ip dhcp-server
add name="dhcp_clients" interface=lan lease-time=1d address-pool=pool_clients bootp-support=static authoritative=after-2sec-delay add-arp=yes disabled=no
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24 dns-server=111.111.111.111,222.222.222.222 comment="DHCP Server Range"
/ ip dhcp-server
config set store-leases-disk=5m
حجب اجهزة الزبون من الاتصال باجهزة الزبون الاخرى على كل البورتات
/ ip firewall filter
add chain=forward src-address=192.168.0.0/24 dst-address=192.168.0.0/24 action=drop comment="Block client to client traffic in all ports" disabled=no
تحويل كامل ترفك الزبون الى الوان
/ ip route
add dst-address=0.0.0.0/0 gateway=10.0.0.1 scope=255 target-scope=10 routing-mark=Route_wan comment="Market packets redirect to port Route_wan" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=tcp action=mark-routing new-routing-mark=Route_wan passthrough=yes in-interface=lan comment="Redirect port to Route_wan" disabled=no
add chain=prerouting routing-mark=Route_wan action=mark-packet new-packet-mark=Route_wan passthrough=yes comment="Market packets to Route_wan" disabled=no
/ interface ethernet
set wan name="wan" arp=proxy-arp comment="" disabled=no
/ ip firewall nat
add chain=dstnat action=redirect to-ports=3128 src-address=!210.220.230.0 dst-port=80 protocol=tcp comment="PROXY-WEB/JUMP VALID IP" disabled=no
add chain=dstnat action=passthrough src-address=210.220.230.0/24 comment="VALID IP TO CLIENTS" disabled=no
/ ppp profile
add name="pppoe_palmcse_128K_256K" use-compression=no use-vj-compression=no use-encryption=no only-one=yes change-tcp-mss=yes rate-limit=128k/256k dns-server=111.111.111.111,222.222.222.222 comment=""
/ interface pppoe-server server
add service-name="pppoe_server" interface=wan max-mtu=1480 max-mru=1480 authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10 one-session-per-host=yes max-sessions=0 default-profile= pppoe_palmcse_128K_256K disabled=no
/ ppp secret
add name="palmcse" service=pppoe password="test" profile= pppoe_palmcse_128K_256K remote-address=210.220.230.240 routes="" limit-bytes-in=0 limit-bytes-out=0 comment="" disabled=no
اعداد اليوزر منجر ولكن ركزو على هاي الامور
#USER MANAGER ACTIVE SESSIONS LIMITED AT:
#SIMULTANEOUS USE: L3=10 L4=10 L5=10 L6=UNLIMITED IN 2.9 VERSION
#SIMULTANEOUS USE: L3=10 L4=20 L5=50 L6=UNLIMITED IN 3.X VERSION
#READ MORE AT License levels - MikroTik Wiki
/ radius add called-id="" domain="" address=10.0.0.1 secret="123456" authentication-port=1812 accounting-port=1813 timeout=300ms accounting-backup=no realm="" comment="" disabled=no
/ radius incoming set accept=yes port=1700
/ ppp aaa set use-radius=yes accounting=yes interim-update=10s
/ radius add service=ppp address=10.0.0.1 secret="123456"
/ ip hotspot profile set hsprof1 use-radius=yes
/ radius add service=hotspot address=10.0.0.1 secret="secretkey"
/ radius add service=hotspot
/ tool user-manager customer add login=admin password=pass123 permissions=owner
/ tool user-manager customer add subscriber=admin login="clients" password="pass123" permissions=read-write comment="" disabled=no
/ tool user-manager router add subscriber=admin name="ServerNET" ip-address=10.0.0.1 shared-secret="123456" log=auth-ok,auth-fail,acct-ok,acct-fail comment="" disabled=no
لاضافة يوزر عن طريق اليوزر منجر
/ tool user-manager user add subscriber=admin name="palmcse" password="test" pool-name="pppoe" group-name="100k/256k" comment="" disabled=no
لتغير سرعة اليوزر بعد منتصف اليل
system scheduler add name=SpeedLeftMidnight start-date=feb/13/1977 start-time=01:30:00 interval=24:00:00 on-event="ppp profile set 100k/256k rate-limit=384k/384k
/queue tree set P2P-Down max-limit=256000
/queue tree set P2P-Up max-limit=256000"
لتنظيف البروكسي سيرفر او الكاش كل 3 ايام
/ system script
add name="proxyclear" source=":log info \"Cleaning web-proxy\" \n
/ ip web-proxy set enabled=no \n
:delay 60s \n
/ ip web-proxy clear-cache \n
:delay 60s \n
/ ip web-proxy set enabled=yes \n
:log info \"Clear web-proxy done\"
\n" \policy=ftp,reboot,read,write,policy,test,winbox,p assword
/ system scheduler
add name="palmcse_proxyclear" on-event=proxyclear start-date=feb/13/1977 start-time=04:10:00 interval=72:00:00 comment="" disabled=no
سكربت لاخذ باك اب يومي
/ system script
add name="abackup" source="/sys bac sa name=\(\[/sys id g na\] . \"_\" . \
\[:pick \[/sys cl g da\] 7 11\] . \[:pick \[/sys cl g da\] 0 3\] . \[:pick \
\[/sys cl g da\] 4 6\]\)\n
\n/ export file=\(\[/sys id g na\] . \"_\" . \
\[:pick \[/sys cl g da\] 7 11\] . \[:pick \[/sys cl g da\] 0 3\] . \[:pick \
\[/sys cl g da\] 4 6\]\)" \
policy=ftp,reboot,read,write,policy,test,winbox,pa ssword
/ system scheduler
add name="palmcse_abackup" on-event="abackup" interval=24:00:00 start-time=23:59:30 comment="Auto backup script"
سكربت لعمل ربوت او اعادة تشغيل تلقائية كل 3 ايام لمن يحب يعدل بالي يريحة
/ system script
add name="areboot" source="/system reboot" \ policy=ftp,reboot,read,write,policy,test,winbox,pa ssword
/ system scheduler
add name="m4d3_areboot" on-event="areboot" interval=72:00:00 start-time=02:00:00 comment="Auto reboot script"
سكربت لتحديد سرعة youtube الى 150 كيلو فقط
/ ip firewall address-list
add list=youtube address=64.0.0.0/8 comment="YOUTUBE" disabled=no
add list=youtube address=72.0.0.0/8 comment="" disabled=no
add list=youtube address=84.0.0.0/8 comment="" disabled=no
add list=youtube address=208.65.153.224/27 comment="" disabled=no
add list=youtube address=209.85.239.0/24 comment="" disabled=no
/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=youtube_conn passthrough=yes src-address-list=youtube comment="YOUTUBE traffic" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=youtube passthrough=yes connection-mark=youtube_conn comment="" disabled=no
/ queue tree
add name="YOUTUBE" parent=global-total packet-mark=youtube limit-at=0 queue=default priority=7 max-limit=150000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ ip route
add dst-address=64.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=72.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=84.0.0.0/8 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=208.65.153.224/27 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
add dst-address=209.85.239.0/24 gateway=10.0.0.1 distance=1 scope=255 target-scope=10 comment="YOUTUBE" disabled=no
No comments:
Post a Comment