d3x
May 19, 2013, 5:27pm
1
/ ip address
add address=192.168.0.2/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether1
add address=192.168.0.3/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether2
add address=192.168.0.4/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether3
add address=192.168.0.5/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether4
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether5
/ ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=bridge-local
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=bridge-local
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=bridge-local
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=bridge-local
add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=wan1
add chain=prerouting in-interface=ether2 connection-mark=no-mark action=mark-connection new-connection-mark=wan2
add chain=prerouting in-interface=ether3 connection-mark=no-mark action=mark-connection new-connection-mark=wan3
add chain=prerouting in-interface=ether4 connection-mark=no-mark action=mark-connection new-connection-mark=wan4
add chain=prerouting in-interface=bridge-local connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/0 action=mark-connection new-connection-mark=wan1
add chain=prerouting in-interface=bridge-local connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/1 action=mark-connection new-connection-mark=wan2
add chain=prerouting in-interface=bridge-local connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/2 action=mark-connection new-connection-mark=wan3
add chain=prerouting in-interface=bridge-local connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/3 action=mark-connection new-connection-mark=wan4
add chain=prerouting connection-mark=wan1 in-interface=bridge-local action=mark-routing new-routing-mark=towan1
add chain=prerouting connection-mark=wan2 in-interface=bridge-local action=mark-routing new-routing-mark=towan2
add chain=prerouting connection-mark=wan3 in-interface=bridge-local action=mark-routing new-routing-mark=towan3
add chain=prerouting connection-mark=wan4 in-interface=bridge-local action=mark-routing new-routing-mark=towan4
add chain=output connection-mark=wan1 action=mark-routing new-routing-mark=towan1
add chain=output connection-mark=wan2 action=mark-routing new-routing-mark=towan2
add chain=output connection-mark=wan3 action=mark-routing new-routing-mark=towan3
add chain=output connection-mark=wan4 action=mark-routing new-routing-mark=towan4
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether1 routing-mark=towan1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether2 routing-mark=towan2
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether3 routing-mark=towan3
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether4 routing-mark=towan4
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether1 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether2 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether3 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether4 distance=1
/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
Is that acceptable to execute after a reset?
cbrown
May 20, 2013, 11:09am
2
A reset with no default config you will need to put your bridge interface back. If it does have a default config your will need to remove ports from the switch and move the default 192.168.88.1/24 to ether5 and not just add the same address from bridge-local to ether5.
Also looking at your script it looks like you have your LAN setup to run on ether5 but your mangle rules have bridge-local instead of ether5.
You only need this rule one time.
/ ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=bridge-local
d3x
May 22, 2013, 9:36pm
3
I am trying to come up with something I can reset with no default config. I can’t find the commands to setup a DHCP server and such for ether5. I can’t even find the default script.
d3x
May 23, 2013, 8:44am
4
/ ip address
add address=192.168.0.2/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether1
add address=192.168.0.3/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether2
add address=192.168.0.4/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether3
add address=192.168.0.5/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether4
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether5
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server add name=default address-pool="default-dhcp" interface=ether5 disabled=no;
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
/ip dns set allow-remote-requests=yes
/ip dns static add name=router address=192.168.88.1
/ ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=ether5
add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=wan1
add chain=prerouting in-interface=ether2 connection-mark=no-mark action=mark-connection new-connection-mark=wan2
add chain=prerouting in-interface=ether3 connection-mark=no-mark action=mark-connection new-connection-mark=wan3
add chain=prerouting in-interface=ether4 connection-mark=no-mark action=mark-connection new-connection-mark=wan4
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/0 action=mark-connection new-connection-mark=wan1
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/1 action=mark-connection new-connection-mark=wan2
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/2 action=mark-connection new-connection-mark=wan3
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:4/3 action=mark-connection new-connection-mark=wan4
add chain=prerouting connection-mark=wan1 in-interface=ether5 action=mark-routing new-routing-mark=towan1
add chain=prerouting connection-mark=wan2 in-interface=ether5 action=mark-routing new-routing-mark=towan2
add chain=prerouting connection-mark=wan3 in-interface=ether5 action=mark-routing new-routing-mark=towan3
add chain=prerouting connection-mark=wan4 in-interface=ether5 action=mark-routing new-routing-mark=towan4
add chain=output connection-mark=wan1 action=mark-routing new-routing-mark=towan1
add chain=output connection-mark=wan2 action=mark-routing new-routing-mark=towan2
add chain=output connection-mark=wan3 action=mark-routing new-routing-mark=towan3
add chain=output connection-mark=wan4 action=mark-routing new-routing-mark=towan4
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether1 routing-mark=towan1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether2 routing-mark=towan2
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether3 routing-mark=towan3
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether4 routing-mark=towan4
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether1 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether2 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether3 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.0.1%ether4 distance=1
/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
d3x
May 23, 2013, 9:07am
5
is the dhcp server and dns part correct?