Mikrotik - za početnika

[Cuky]

Ne moras nista dirati na isp ruteru.

[BlackDwarf]

ni dmz prema mirku?
ne prolazi mi ssh.

[Cuky]

Onongore vrijedi ako ti je router u bridge modu.

Ako nije onda bubni mtika u dmz na isp routeru 😁

[BlackDwarf]

je stavio sam, ali isto nece.

[Cuky]

Onda te zeza cgnat (carrier grade nat).

Zovi isp da te maknu s dijeljene ip adrese i nek te puste samog direktno na net.

[BlackDwarf]

thx

[dadoremix]

ima li kojeg mikrotik skriptera ovdje ?
kako slozit skriptu, tj da mi logira vanji ip adresu
da vidim kad dođe do promjene
ip>>cloud>>public adress
e sad, kako slozit da on promjenu objavi u log history ?

[OuttaControl]

Mi mikrotik amateri

Sad imam(cu imat) PPPoE distance 20, A1 WAN distance 10
Jeli moguće nasteliti da jedan uredjaj (tv s netflixom) ide na net preko PPPoE, a ostali uredjaji da idu preko WANa vanka? Ako da u kojem smijeru trebam gledat?

[johnsmith]

@dado:
https://mhelp.pro/mikrotik-scripts-n...outer-changes/

Za output u log slozis u if bloku umjesto mail i telegram npr:
/log info ""New IP: $NewIP, Previous IP: $CurrentIP";

[dadoremix]

Cu probat. Tnx


A ovo za 2 wana koristit, moguce je

[madox]

Citiraj:

Autor OuttaControl

Mi mikrotik amateri

Sad imam(cu imat) PPPoE distance 20, A1 WAN distance 10
Jeli moguće nasteliti da jedan uredjaj (tv s netflixom) ide na net preko PPPoE, a ostali uredjaji da idu preko WANa vanka? Ako da u kojem smijeru trebam gledat?

Treba ti ruta koja usmjerava promet s odredjenim routing markom prema gateway-u.
Takodjer firewall/mangle - chain prerouting - src adress (ip adresa uredjaja) / in interface (interface na kojem je lokalna mreza) - action - mark routing - new routing mark (naziv routinga koji ce biti gore naveden u ruti.

[OuttaControl]

E to te ja pitam, tenks sad cu prckat tako.

Eh problem u startu, koju nisam mislio da cu imat.
Spojim 5G antenu od A1 direkt u laptop automatski imam full internet u roku od 10 sekundi.
U mikrotika ustekam u Ether 3, gdje je prije bio WAN 4G od HTa, nema interneta, iako aplikacija kaze da ima o.O

Problem je sto antena mijenja IP.

https://prnt.sc/3sXC1xWBFNrO

Edit riješio izgleda da je modemu trebalo malo duze da se digne

[OuttaControl]

Dragi dnevnice, j*** te mikrotik da te j*** i sta si ga kupio:

Ovaj mikrotik je stvanro most user UNfriendly device ikad.
Isa disejblat ether3 wan da provjerim nesto na ether1. Kaze mikrotik internet detected, ali nista ne radi ofc zasto bi jer je jucer radilo.
Dobro jebe me se Iden resetirat config i ucitat ponovo staru kad resetira. Kliknem ja reset, after reset load preA1 config. I restiram kad ono nema ničega.
Pajdo se vratio kompletno na tvornicke, disejblao ip login,izbrisao usere, sve potaraca nista nije restorea. Valjda bi odabrao factory reset da sam htjeo reset a ne reset configuration.
Nije restorea zato jer je izbrisa file iz kojeg je triba restorat. Ali neces mene tako lako zajebat, svaki backup je downloadan. Uploadam ja backup selektiram odakle restorat. On kaze No file found, file koji sam upravo odabrao iz tog menija.

Nista nasa skriptu backupiranu isa u terminal i pokrenio. je iz suta, vidim ima nekih errora al ko ce to sad ispravljat. Zasto je pppoe crka nikad necemo sazanat, idalje ne radi iako kaze da radi. Tako da mi propada i plan o tvu koji ide na pppoe a ostali uredjaji preko ether 3.

Previse je osjetljiv, jedan krivi pogled i sve crkne, a skuzit zašto crkne, pa lakse ga skoro resetirat pa ponovo konfigurirat, tj bilo bi da nije osjetljiv koliko je.

Ether1 crkne zato jer namjestis ether3, a erher 3 jenprije radio sa pppoe ali novi ether3 ne radi sa pppoe :facepalm:

pppoe sad ne radi jer je factory izbrisa podatke o pppoe, ali nije ni bitno jer je sad isp modem u normalnom modu, ali to je sve radilo

[Alister]

A što si uzeo Mikrotik ako nemaš živaca za podešavati sve to, svi znaju da on nije plug&play igračka, i da za većinu stvari treba više stvari poklikati.
Meni se nikada nije desilo ovo što si ti napisao, a tebe očito zeza tvoja kriva konfiguracija više nego Mikrotik

[OuttaControl]

Uzeo sam ga dok beba nije bila ni u planu
Ono sam gore napisao u trenutku ljutnje, dosao sa posla, uspavali bebu i idem predahnuti 15 minuta tako da na hrti pogledam TV Kalendar prije ponovne akcije. Uplaim hrti koji ne radi jer A1. I racunam ok samo se spojim na mikrotika disjeblam ether3 interface di je drugi wan i ovaj ether1 koji je uvijek radio ce jednostavno raditi kao i sto je radio uvjek do sad. (Do sad sam doduse disejblao ether1 da se spoji na ether3) Sad to vise ne radi. Jeli zbog moje konfiguracije, je sigurno, ali do cega, pojma nemam, jer roureru na 192.168.5.1 mogu pristupiti preko mikrotika, ruta postoji, sam mikrotik kaze internet detected. Distanci su konfigurirani di mi dopusta. Samo ne radi.

Ovaj dio sa backupom me šokirao, bio sam uvjeren da tu nema sta ne raditi. Mozda ja nesto krivo radim?

Edit pošaljem konfiguraciju cim dodjem doma

[Alister]

pusti nam tvoju konfiguraciju tu pa da vidimo što te muči

[jp_rv]

meni je naprosto fantaplastično da mikrotik u 2022. godini nema neke stvari koje drugi vendori imaju već 10 godina, a obzirom da drkanjem po postavkama često nešto prvo sjebeš prije nego popraviš bilo bi sasvim realno očekivati da umjesto APPLY prvo klineš na TEST, vidiš dal nešto radi, i onda tek lupiš apply ako je sve ok, ili undo ako ne radi.

ubiquiti ima taj test feature koji je prva liga, znam ako sjebem konfig da će se stari restorat za 3 minute.

slično i na openwrt, ako sjebem i ubijem konfig, vratit će se na staro nakon par minuta.

na mikrotiku lupim OK pa kud puklo da puklo.



za neke stvari su sasvim ok, ali neke bolesti vuku zadnjih 15 godina.

[dadoremix]

ima ima, zove se safe mode
a hebiga, nije mikrotik za svakog, kao i linux

[c-shadow]

+1
Safe mode je super.
Ja sam prčkao sve i svašta u početku po mtiku i stvarno nisam nikad zatrebao factory reset. Paziš da ne zezneš, a za sve ostalo tu je safe mode. Naravno i backup + export jer i sam mtik (barem na forumu) preporuča da se i export napravi budući da restore backupa nije toliko pouzdan

[OuttaControl]

Evo ovde je sve sprckano, trenutno stanje

Code:

# feb/25/2022 22:00:52 by RouterOS 6.49
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country="united states" disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid= station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=" 5GHz" \
    station-roaming=enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
    0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
    0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/ppp profile
set *FFFFFFFE on-up="/tool e-mail send to=\"@gmail.com\" subject=\"PPPo\
    E Up\" \\\
    \nbody=\" PPPoE Is Up \""
/interface pppoe-client
add add-default-route=yes default-route-distance=10 interface=ether1 max-mru=\
    1480 max-mtu=1480 name=pppoe-out1 profile=default-encryption user=\
    %bit@iskon-dsl
/queue simple
add burst-time=5s/0s dst=pppoe-out1 limit-at=512k/0 max-limit=768k/0 name=\
    "Main Queue" target=192.168.1.0/24
add name="1PM bojler Filip " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=384k/2M name=Imilab parent="Main Queue" target=192.168.1.167/32
add burst-limit=128k/2M burst-time=1s/1s max-limit=128k/2M name="Galaxy J7" \
    parent="Main Queue" target=192.168.1.248/32
/system logging action
add email-to=v@gmail.com name=EmailVul target=email
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add comment=OnStep interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add comment=Imilab interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
/ip address
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=172.20.168.2/24 interface=ether3 network=172.20.168.0
/ip dhcp-client
add disabled=no interface=ether3
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.248 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.120 client-id=1:XX:XX:XX:XX:XX:XX:1 comment=\
    "Roborock S5max" mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.158 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.152 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.20 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.150 client-id=Withings mac-address=XX:XX:XX:XX:XX:XX \
    server=defconf
add address=192.168.1.160 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.167 client-id=1:XX:XX:XX:XX:XX:XX comment=imilab \
    mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.170 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.159 client-id=1:XX:XX:XX:XX:XX:XX comment="lg tv" \
    mac-address=XX:XX:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,192.168.1.1
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=9 gateway=192.168.5.1
add check-gateway=ping disabled=yes distance=20 gateway=192.168.0.1
add disabled=yes distance=1 gateway=172.20.168.1
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
add action=EmailVul disabled=yes topics=pppoe
add action=EmailVul topics=critical
add disabled=yes topics=pppoe,debug
/tool e-mail
set address=in-v3.mailjet.com from= port=587 start-tls=yes \
    
/tool graphing interface
add interface=pppoe-out1
add interface=ether3
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script="/interface ethernet disable ether1 \
    \n\r\
    \n /interface ethernet enable ether1" host=213.191.128.9 interval=8s \
    timeout=2s
/tool traffic-monitor
add interface=bridge name=tmon1

A ovo. je prije unintended reseta

Code:

# feb/25/2022 17:33:29 by RouterOS 6.49
# software id = H8IP-FT07
#
# model = RBD52G-5HacD2HnD
# serial number = D7160D9D7422
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country="united states" disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid= station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=" 5GHz" \
    station-roaming=enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa2-pre-shared-key
/ip firewall layer7-protocol
add name="Amazon Update" regexp="^.+d1s31zyz7dcc2d.cloudfront.net.*\$|^.+amzdi\
    gital-a.akamaihd.net.*\$|^.+amzdigitaldownloads.edgesuite.net.*\$|^.+updat\
    es.amazon.com.*\$|^.+softwareupdates.amazon.com.*\$"
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
    0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
    0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/ppp profile
set *FFFFFFFE on-up="/tool e-mail send to=\"@gmail.com\" subject=\"PPPo\
    E Up\" \\\
    \nbody=\" PPPoE Is Up \""
/interface pppoe-client
add add-default-route=yes default-route-distance=10 interface=ether1 max-mru=\
    1480 max-mtu=1480 name=pppoe-out1 password= profile=\
    default-encryption user=***l%bit@iskon-dsl
/queue simple
add burst-time=5s/0s dst=pppoe-out1 limit-at=512k/0 max-limit=768k/0 name=\
    "Main Queue" target=192.168.1.0/24
add name="1PM bojler " parent="Main Queue" target=192.168.1.30/32
add name="1PM bojler mater " parent="Main Queue" target=192.168.1.31/32
add name=1EM parent="Main Queue" target=192.168.1.40/32
add name="Plug S" parent="Main Queue" target=192.168.1.50/32
add max-limit=384k/2M name=Imilab parent="Main Queue" target=192.168.1.167/32
add burst-limit=128k/2M burst-time=1s/1s max-limit=128k/2M name="Galaxy J7" \
    parent="Main Queue" target=192.168.1.248/32
/system logging action
add email-t@gmail.com name=EmailVul target=email
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/interface wireless access-list
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add comment=OnStep interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
add comment=Imilab interface=wlan1 mac-address=XX:XX:XX:XX:XX:XX
/ip address
add address=192.168.5.2/24 interface=ether1 network=192.168.5.0
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=172.20.168.2/24 interface=ether3 network=172.20.168.0
/ip dhcp-client
add disabled=no interface=ether3
/ip dhcp-server lease
add address=192.168.1.151 comment="Klima Daikin" mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.248 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.120 client-id=1:XX:XX:XX:XX:XX:XX:1 comment=\
    "Roborock S5max" mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.158 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.152 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.20 client-id=1:XX:XX:XX:XX:XX:XX:1:fe mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.150 client-id=Withings mac-address=XX:XX:XX:XX:XX:XX \
    server=defconf
add address=192.168.1.160 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.167 client-id=1:XX:XX:XX:XX:XX:XX comment=imilab \
    mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.170 client-id=1:XX:XX:XX:XX:XX:XX:1:e0 mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.1.159 client-id=1:XX:XX:XX:XX:XX:XX comment="lg tv" \
    mac-address=XX:XX:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,192.168.1.1
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward layer7-protocol="Amazon Update" protocol=tcp \
    src-port=80,443
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=9 gateway=192.168.5.1
add check-gateway=ping disabled=yes distance=20 gateway=192.168.0.1
add disabled=yes distance=1 gateway=172.20.168.1
/ip service
set telnet disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=wireless,debug
add action=EmailVul disabled=yes topics=pppoe
add action=EmailVul topics=critical
add disabled=yes topics=pppoe,debug
/tool e-mail
set address=in-v3.mailjet.com from= password=\
     port=587 start-tls=yes user=\
    
/tool graphing interface
add interface=pppoe-out1
add interface=ether3
/tool graphing queue
add simple-queue=1EM
add simple-queue="1PM bojler Filip "
add simple-queue="1PM bojler mater "
add simple-queue="Galaxy J7"
add simple-queue="Main Queue"
add simple-queue="Plug S"
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script="/interface ethernet disable ether1 \
    \n\r\
    \n /interface ethernet enable ether1" host=213.191.128.9 interval=8s \
    timeout=2s
/tool traffic-monitor
add interface=bridge name=tmon1

[c-shadow]

A mogao si maknuti privatne podatke

[OuttaControl]

A exportan je sa hide sensitive, ali kad budem za kompom pocistit cu ako bude tribalo, ugl su ok nema šifri

[Nikky]

Makni MAC adrese da te nebi ciljano napadalo,
WiFi ti je na USrA umjesto na EU (čitaj kanali),
nešto zoveš "Roborock S5max", pogledaj malo MAC adrese,
mogao si malo bolje organizirati IP adrese od IoT, klima i sl.
...
treba ti Amazon update ?

[c-shadow]

@Outta

Uopće nema nekih velikih razlika u te dvije konfiguracije
Pusti si neki vizualni compare alat i pogledaj side by side razlike.
Da ti sad ne postam tu sliku preko neta, u kasnijoj konfiguraciji imaš dvaput:

Code:

 add bridge=bridge comment=defconf disabled=yes interface=ether3

Dok nedostaje ovo:

Code:

/port
 set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
 add apn=internet name=ppp-out1 port=usb1

Ostalo je sve kozmetika.
Sad ne bi ulazio što je specijalno s tim eth 3 i zašto je disablean i u staroj konfi, ali ovako bez dublje analize, ako je starija konfiguracija radila, napravi reset bez default konfiguracije i učitaj tu staru. Ak ne radi, onda si i tamo nešto sprčkao

[OuttaControl]

Citiraj:

Autor Nikky

Makni MAC adrese da te nebi ciljano napadalo,
WiFi ti je na USrA umjesto na EU (čitaj kanali),
nešto zoveš "Roborock S5max", pogledaj malo MAC adrese,
mogao si malo bolje organizirati IP adrese od IoT, klima i sl.
...
treba ti Amazon update ?

MAC maknut, regex <3
USA dopusta jacu izlaznu snagu antene, mislim da je EU 0.1 US 0.5W ili cak 1W zato sam stavio US
Amazon update sam disjeblao, to radi dobro,
Dobro je ovo meni organizirano sve znam di mi je znam napamet IP adresse svega pa je to ok

Citiraj:

Autor c-shadow

@Outta

Uopće nema nekih velikih razlika u te dvije konfiguracije
Pusti si neki vizualni compare alat i pogledaj side by side razlike.
Da ti sad ne postam tu sliku preko neta, u kasnijoj konfiguraciji imaš dvaput:

Code:

 add bridge=bridge comment=defconf disabled=yes interface=ether3

Dok nedostaje ovo:

Code:

/port
 set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/interface ppp-client
 add apn=internet name=ppp-out1 port=usb1

Ostalo je sve kozmetika.
Sad ne bi ulazio što je specijalno s tim eth 3 i zašto je disablean i u staroj konfi, ali ovako bez dublje analize, ako je starija konfiguracija radila, napravi reset bez default konfiguracije i učitaj tu staru. Ak ne radi, onda si i tamo nešto sprčkao

Pa kad sam restorao sa te skripte pa isao poraviti i ne znam ni sam sto sam napravio. Sad sam malo smireniji i odmorniji i za laptopom a ne mobom pa cu poksati objasnitgi situaciju.

Dakle prije sam imao na Ether1 Iskon na PPPoE i WAN(oboje nekako radilo u isto vrijeme) i to mi je bila glavna ruta sa distanceom od 10.
Uz to sam imao HT4G Router koji je bio spojen na Ether3 sa distanceom 20.

Kad bi mi trebao upload ili nešto disjeblao bi Ether1 i automatski bi se prebacilo na Ether3 Wan i to je sve radilo ko sat.


Sada sam dobio A1 5G internet, sa brzinama pristojima 21 stoljeća. Iskljucio sam HT 4G, ukljucio sam A1 5G u Ether3, dodao Ip Addressu, i stavio rutu da je distance 1, a PPPoE distance 10.

Znači mijenjam koji mi je glavni internet. Od tog trenutka kad izgasim Ether3, ne prebacuje mi se na Ether1 ili ti PPPoE i ako mikrotik javlja internet detected. Znaci da se ne zna prebaciti gdje treba. Ocito negdje jos nesto treba sklepati, ali neman ideje sta ni di.

[dadoremix]

sam ti deni wifi na no_country_set

[OuttaControl]

Stavio sam bio to, ali nije nesto funkcioniralo mislim cak da mi umre wifi skroz, pa sam isa na next best thing USA iako koliko sam cita no county set bi trebalo bit 4W jel?

[OuttaControl]

Oke, popravio sam ether1 tako da sam ga dodao u dhcp klijent, kad ja ručno odaberem nece da radi kao WAN ali mogu komotno pristupiti routeru na 192.168.5.1...

pppoe sam iskljucio.

Problem sa DHCP client je sto ne mogu postaviti distance...

[OuttaControl]

Dakle tjedan dana borbe bez rezultata.

Wan na Ether1 i Ether3, kad stavim Dhcp Client, znaci samo dodam dhcp client sve radi automagically.

Kad disableam DHCP klijenta, dodam IP Address, i IP routes(istu ko sto napravi on sam, ili različitu) više ne radi.
Sta jos zaboravljam dodati? Nebi mi smetao ni DHCP client ali mi neda namjestiti route distance u tom slučaju.

[dadoremix]

Ajd, cim navucem silikona po kuci, bacim oko ja
Hiti svoj gsm broj u pm