HI,NORMIS do you have time?

channingzou · July 31, 2007, 4:08am

HI,NORMIS do you have time?
can you login my router see if my router setting was safe?
I’m headache with setting it up, if you can i send my login info to support.
thanks in advance.

sergejs · July 31, 2007, 12:59pm

Contact and hire MikroTik certified consultants,
http://www.mikrotik.com/consultants.html

janisk · August 2, 2007, 7:39am

or post your configurations here for evaluation (remove sensitive information first)

abab_rafiq · August 4, 2007, 6:56am

You can also post what type of router or service you want to provide?
Just put the configuration of you router H/W, ( must after install the MK and if you don’t want to setup a hotspot or wireless service) and send me a SMS to my cell phone at +8801716488912. I will make myself in my virtual server for your service and send you a backup copy of it.

Rafiq…

channingzou · August 6, 2007, 2:39am

hi,I have rb532a r5, wireless card r52, 15db omni antenna .
I want configuration router as:
first two port for loading WAN (ECMP Routing )
third port for lan with 192.168.0.1/24
hotspot(i don’t want hotspot user can access to my router anyway and cann’t intercommunion with my local lan)
secure router protect customer
please send your backup copy to:
FTP: claol.com
user:temp@claol.com
password:123456
everyone want to help me is welcome.
thanks!!!

abab_rafiq · August 7, 2007, 12:14pm

Dear channingzou,
I used a p-III with 3 lan card.

Please discurd IP address 192.168.2.10.. and replace all other IP address as you need.
I am not experience with HOTSPOT. Already a copy of this backup is sent to your ftp. This is for others.

I think It will help you.

Rafiq…
MikroTik-07082007.rar (4.62 KB)

sergejs · August 7, 2007, 12:47pm

Probably backup file will not be restored correctly. It is better to use export file.

channingzou · August 7, 2007, 2:12pm

hi,sergejs will make export file upload to your website let everyone download?

abab_rafiq · August 8, 2007, 4:59am

Here is the export file ...

Rafiq...

####################################################################

aug/07/2007 17:50:24 by RouterOS 2.9.27

software id = 9EK0-FJT

/ interface ethernet
set Lan name="Lan" mtu=1500 mac-address=00:08:54:34:6A:96 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment="" disabled=no
set Wan1 name="Wan1" mtu=1500 mac-address=00:E0:4D:49:87:05 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment="" disabled=no
set Wan2 name="Wan2" mtu=1500 mac-address=00:10:4B:0E:E8:D2 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment="" disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2
keepalive-timeout=30 default-profile=default-encryption
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=0.0.0.0 secondary-dns=0.0.0.0 allow-remote-requests=no
cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m
inactive-flow-timeout=15s
/ ip address
add address=192.168.2.10/24 network=192.168.2.0 broadcast=192.168.2.255
interface=Lan comment="added by setup" disabled=no
add address=177.66.202.2/24 network=177.66.202.0 broadcast=177.66.202.255
interface=Wan1 comment="" disabled=no
add address=177.66.203.3/24 network=177.66.203.0 broadcast=177.66.203.255
interface=Wan2 comment="" disabled=no
add address=192.168.17.1/24 network=192.168.17.0 broadcast=192.168.17.255
interface=Lan comment="added by setup" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no
/ ip neighbor discovery
set Lan discover=yes
set Wan1 discover=yes
set Wan2 discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10
comment="added by setup" disabled=no
add dst-address=0.0.0.0/0 gateway=177.66.202.1 check-gateway=ping scope=255
target-scope=10 routing-mark=wan1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=177.66.203.1 check-gateway=ping scope=255
target-scope=10 routing-mark=wan2 comment="" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.17.0/24 action=mark-routing
new-routing-mark=wan1 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.17.0/24 action=mark-routing
new-routing-mark=wan2 passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat src-address=192.168.17.0/24 action=masquerade comment=""
disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop Invalid
connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow
Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="Allow access
to router from known network" disabled=no
add chain=input src-address=192.168.2.0/24 action=accept comment="Allow access
to router from here " disabled=no
add chain=input src-address=192.168.17.0/24 action=accept comment="Allow
access to router from here " disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop
comment="drop invalid connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow
already established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow
related connections" disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=""
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=""
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP"
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT"
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs"
disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS"
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny
NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus"
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny
BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP"
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP"
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC
portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC
portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT"
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS"
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny
BackOriffice" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop
invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow
established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow
already established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow
source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow
echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow
time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow
parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname="proxy"
transparent-proxy=no parent-proxy=0.0.0.0:0
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system
max-cache-size=none max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying"
disabled=no
/ ip web-proxy cache
add url=":cgi-bin \?" action=deny comment="don't cache dynamic http pages"
disabled=no
/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0
check-interval=1d user=""
/ system clock dst
set dst-delta=+00:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970
00:00:00"
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add term="" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
/ system console screen
set line-count=25
/ system identity
set name="MikroTik"
/ system note
set show-at-login=yes note=""
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5
sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5
sfq-allot=1514
add name="default-small" kind=pfifo pfifo-limit=10
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user"
disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f
tp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password
,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no redistribute-bgp=no
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import="" prefix-list-export=""
disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

###########################################

I know it is too big .. but I cannot upload this file with various extension.

channingzou · August 8, 2007, 5:31am

hi,Rafiq
I probably try backup file first ,if I need some more help do you have time login to my router to do it?
thanks a lot !!!

channingzou · August 8, 2007, 7:02am

I have tried backup ,it doesn’t work ,still in same was , I use rc1