Scribd Logo
Carica

Benvenuto in Scribd!

  • Redireccion Videos

    Caricato da

    Wilfredo A. Freitez R.
    32 visualizzazioni5 pagine
    Redireccion videos una wan especifica

    Titolo originale

    Redireccion videos

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Redireccion videos una wan especifica

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    32 visualizzazioni5 pagine

    Redireccion Videos

    Caricato da

    Wilfredo A. Freitez R.
    Redireccion videos una wan especifica

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    # jan/02/1970 00:31:14 by RouterOS 6.43.

    2
    # software id = IFLG-3Q3U
    #
    # model = RB941-2nD
    # serial number = 9D7509BC3A91

    /interface bridge
    add admin-mac=B8:69:F4:B6:31:61 auto-mac=no comment="Av. la Patria" name=bridge

    /interface wireless
    set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=AvLaPatria
    wireless-protocol=802.11
    /interface wireless security-profiles
    set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=80232658023265 \
    wpa2-pre-shared-key=80232658023265

    /interface list
    add comment=WAN name=WAN
    add comment=LOCAL name=LAN

    /interface wireless security-profiles


    set [ find default=yes ] supplicant-identity=MikroTik
    /ip pool
    add name=default-dhcp ranges=192.168.0.10-192.168.0.254
    /ip dhcp-server
    add address-pool=default-dhcp disabled=no interface=bridge name=IpLocal
    /interface bridge port
    add bridge=bridge comment=LAN1 interface=ether3
    add bridge=bridge comment=LAN2 interface=ether4
    add bridge=bridge comment=WIFI interface=wlan1
    /ip neighbor discovery-settings
    set discover-interface-list=LAN
    /interface list member
    add comment=LOCAL interface=bridge list=LAN
    add comment=CANTV interface=ether1 list=WAN
    add comment=GALLUP interface=ether2 list=WAN

    /ip address
    add address=192.168.0.1/24 comment=IpMikrotik interface=bridge network=192.168.0.0
    add address=192.168.1.2/24 comment=IpCANTV interface=ether2 network=192.168.1.0
    add address=192.168.2.2/24 comment=IpGALLUP interface=ether2 network=192.168.2.0

    /ip dhcp-server network


    add address=192.168.0.0/24 comment=IpLocalPuertaEnlace gateway=192.168.0.1
    add address=192.168.1.0/24 comment=IpCantvPuertaEnlace gateway=192.168.1.1
    add address=192.168.2.0/24 comment=IpGallupPuertaEnlace gateway=192.168.2.1

    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

    /ip firewall nat


    add action=masquerade chain=srcnat comment="CANTV: masquerade" ipsec-
    policy=out,none out-interface-list=WAN1
    add action=masquerade chain=srcnat comment="GALLUP: masquerade" ipsec-
    policy=out,none out-interface-list=WAN2
    /ip route
    add check-gateway=ping comment="Ruteo wan 1" distance=1 gateway=192.168.1.1
    routing-mark=to_ether1
    add check-gateway=ping comment="Ruteo wan 2" distance=1 gateway=192.168.2.1
    routing-mark=to_ether2
    add check-gateway=ping comment="Wan 1" distance=1 gateway=192.168.1.1
    add check-gateway=ping comment="Wan 2" distance=2 gateway=192.168.2.1

    /ip firewall layer7-protocol


    add name=speedtest-servers regexp="^.*(get|GET).+speedtest.*\$"
    add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|
    entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|
    meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
    add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|
    btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|
    btbot|fenopy|gpirate|commonbits).*\$"
    add name=netflix regexp="^.*(get|GET).+(netflix).*\$"
    add name=mp4 regexp="^.*(get|GET).+\\.mp4.*\$"
    add name=swf regexp="^.*(get|GET).+\\.swf.*\$"
    add name=flv regexp="^.*(get|GET).+\\.flv.*\$"
    add name=video regexp="^.*(get|GET).+(\\.flv|\\.mp4|netflix|\\.swf).*\$"
    add name=mp3 regexp="^.*(get|GET).+\\.mp3.*\$"
    add name=youtube.com regexp="^.*(get|GET).+(youtube).*\$"
    add name=googlevideo.com regexp="^.*(get|GET).+(googlevideo).*\$"
    add name=windowsupdate.com regexp="^.*(get|GET).+(windowsupdate).*\$"
    add name=freakshare.com regexp="^.*(get|GET).+(freakshare).*\$"
    add name=4shared.com regexp="^.*(get|GET).+(4shared).*\$"
    add name=xvideos.com regexp="^.*(get|GET).+(xvideos).*\$"

    /ip firewall mangle


    add action=mark-connection chain=prerouting comment=Youtube layer7-
    protocol=youtube.com new-connection-mark=Youtube
    add action=mark-connection chain=prerouting dst-address-type=!local layer7-
    protocol=googlevideo.com new-connection-mark=Youtube
    add action=mark-packet chain=prerouting connection-mark=Youtube new-packet-
    mark=Youtube

    add action=mark-connection chain=prerouting comment=Wupdate dst-address-type=!local


    layer7-protocol=windowsupdate.com new-connection-mark=Wupdate
    add action=mark-packet chain=prerouting connection-mark=Wupdate new-packet-
    mark=Wupdate

    add action=mark-connection chain=prerouting comment=Freakshare dst-address-type=!


    local layer7-protocol=freakshare.com new-connection-mark=Freakshare
    add action=mark-packet chain=prerouting connection-mark=Freakshare new-packet-
    mark=Freakshare

    add action=mark-connection chain=prerouting comment=4shared dst-address-type=!local


    layer7-protocol=4shared.com new-connection-mark=4shared
    add action=mark-packet chain=prerouting connection-mark=4shared new-packet-
    mark=4shared

    add action=mark-connection chain=prerouting comment=Xvideos layer7-


    protocol=xvideos.com new-connection-mark=xvideos
    add action=mark-packet chain=prerouting connection-mark=xvideos new-packet-
    mark=xvideos

    add action=mark-connection chain=prerouting comment=torrent-wwws layer7-


    protocol=torrent-wwws new-connection-mark=torrent-wwws
    add action=mark-packet chain=prerouting connection-mark=torrent-wwws new-packet-
    mark=torrent-wwws

    add action=mark-connection chain=prerouting comment=torrent-dns layer7-


    protocol=torrent-dns new-connection-mark=torrent-dns
    add action=mark-packet chain=prerouting connection-mark=torrent-dns new-packet-
    mark=torrent-dns

    add action=mark-connection chain=prerouting comment=videos layer7-


    protocol=videos.com new-connection-mark=videos
    add action=mark-packet chain=prerouting connection-mark=videos new-packet-
    mark=videos

    add action=mark-connection chain=prerouting comment=mp3 layer7-protocol=mp3 new-


    connection-mark=mp3
    add action=mark-packet chain=prerouting connection-mark=mp3 new-packet-mark=mp3

    add action=mark-connection chain=prerouting dst-address=!192.168.0.1 in-


    interface=bridge new-connection-mark=ether2_conn passthrough=no

    add action=mark-routing chain=output comment="Marcado de Salida Youtube"


    connection-mark=Youtube new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida Wupdate"
    connection-mark=Wupdate new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida Freakshare"
    connection-mark=Freakshare new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida 4shared"
    connection-mark=4shared new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida Xvideo" connection-
    mark=Xvideo new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida torrent-wwws"
    connection-mark=torrent-wwws new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida torrent-dns"
    connection-mark=torrent-wwws new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida video" connection-
    mark=video new-routing-mark=to_ether1
    add action=mark-routing chain=output comment="Marcado de Salida mp3" connection-
    mark=mp3 new-routing-mark=to_ether1

    add action=mark-routing chain=output connection-mark=ether2_conn new-routing-


    mark=to_ether2

    /queue type
    add kind=sfq name=BAJADA
    add kind=sfq name=SUBIDA

    /queue tree
    add name=Descargas parent=bridge queue=default
    add name=Upload parent=WAN queue=default
    add max-limit=100k name=Youtube packet-mark=Youtube parent=Descargas queue=BAJADA
    add max-limit=128k name=Youtube packet-mark=Youtube parent=Upload queue=SUBIDA
    add max-limit=1k name=Windowsupdate packet-mark=Wupdate parent=Descargas
    queue=BAJADA
    add max-limit=1k name=wupdate packet-mark=Wupdate parent=Upload priority=1
    queue=SUBIDA
    add max-limit=128k name=Freakshare packet-mark=Freakshare parent=Descargas
    queue=BAJADA
    add max-limit=32k name=freakshare packet-mark=Freakshare parent=Upload queue=SUBIDA
    add max-limit=56k name=4shared packet-mark=4shared parent=Descargas queue=BAJADA
    add max-limit=32k name=4Shared packet-mark=4shared parent=Upload queue=SUBIDA
    add max-limit=50k name=Xvideos packet-mark=xvideos parent=Descargas queue=BAJADA

    /ip firewall filter


    add chain=input comment="*************Accept established connection packets"
    connection-state=established
    add chain=input comment="Accept related connection packets" connection-
    state=related
    add action=drop chain=input comment="Drop invalid packets" connection-state=invalid
    add action=add-src-to-address-list address-list=ICMP address-list-timeout=1m
    chain=input comment="*************Start Port KnockingA By Jesus Garcia"
    disabled=yes protocol=icmp
    add action=add-src-to-address-list address-list="ICMP + Http" address-list-
    timeout=2m chain=input disabled=yes dst-port=80 protocol=tcp src-address-list=ICMP
    add action=drop chain=input comment="End Port KnockingA" disabled=yes dst-
    port=22,23,8291 protocol=tcp src-address-list="!ICMP + Http"
    add action=add-src-to-address-list address-list=Temp1 address-list-timeout=5m
    chain=input comment="*************Start Port KnockingB By Jesus Garcia"
    disabled=yes dst-port=\
    1000 protocol=tcp
    add action=add-src-to-address-list address-list=Temp1+Temp2 address-list-timeout=5m
    chain=input disabled=yes dst-port=2000 protocol=tcp src-address-list=Temp1
    add action=add-src-to-address-list address-list=Temp1+Temp2+Cantito address-list-
    timeout=5m chain=input disabled=yes dst-port=3000 protocol=tcp src-address-list=\
    Temp1+Temp2
    add action=drop chain=input comment="END Port KnockingB" disabled=yes dst-
    port=22,23,8291 protocol=tcp src-address-list=!Temp1+Temp2+Cantito
    add chain=input comment="*************Permitir Protocolos ICMP" connection-
    limit=15,32 icmp-options=0:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
    add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
    add action=drop chain=input protocol=icmp
    add action=tarpit chain=input comment="*************Impedir Atacante DOS genere
    nuevas conecxiones" protocol=tcp src-address-list="Lista Negra"
    add action=add-src-to-address-list address-list="Lista Negra" address-list-
    timeout=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
    add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-
    address-list="Lista Negra"

    add action=drop chain=input comment="*************Block Intrusos WebProxy" dst-


    port=3128 in-interface=wan1 protocol=tcp

    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-


    interface=WAN1 protocol=udp
    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-
    interface=WAN2 protocol=udp

    add action=drop chain=forward comment="*************BLOCK SPAMMERS OR INFECTED


    USERS" dst-port=25 protocol=tcp src-address-list=spammer
    add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
    chain=forward comment="Detect and add-list SMTP virus or spammers" connection-
    limit=30,32 \
    dst-port=25 limit=50,5 protocol=tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=virus
    add chain=input comment="*************Permitir el Acceso al Router desde Redes
    Conocidas" disabled=yes src-address-list="Permitir IPs for Access"
    add action=drop chain=input comment="*************Drop all INPUT" disabled=yes

    /system routerboard settings


    set silent-boot=no
    /tool mac-server
    set allowed-interface-list=LAN
    /tool mac-server mac-winbox
    set allowed-interface-list=LAN

    Potrebbero piacerti anche