How to acess my router in DHCP

wagnerja · October 29, 2024, 12:45pm

“My internet router is in bridge mode, and it is distributing the public IP via DHCP. However, to access the router, I have to set an IP of 192.168.1.1. I would like to access the modem from my local machine. I added an address, 192.168.1.2/24, on the interface, and I can ping the IP 192.168.1.1 from the MikroTik, but when I try to access it from the computer, I cannot.”

erlinden · October 29, 2024, 1:00pm

What is up with the quotation marks?
Can you share your config?

/export file=anynameyoulike

Remove serial and any other provate info.

wagnerja · October 29, 2024, 4:26pm

My router is on interface SFP - CLARO

2024-10-29 13:23:43 by RouterOS 7.17beta4

software id =

model = CCR2004-16G-2S+

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] comment=" ** SFP CLARO **" name=
"SFP - CLARO"
set [ find default-name=sfp-sfpplus1 ] comment=" ** SFP VIVO **" name=
"SFP - VIVO"
set [ find default-name=ether1 ] name=Starlink
set [ find default-name=ether5 ] name="ether5 - NAS"
set [ find default-name=ether7 ] name="ether7 - NAS"
set [ find default-name=ether15 ] name="ether15 - SWITCH POE"
/interface pppoe-client
add allow=chap,mschap1,mschap2 disabled=no interface="SFP - VIVO" name=
"PPOE - VIVO" user=cliente@cliente
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-URSO
add comment=back-to-home-vpn listen-port=35113 mtu=1420 name=back-to-home-vpn
/interface list
add name=WAN
add name=LAN
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/ip pool
add name=dhcp_pool0 ranges=192.168.68.50-192.168.68.254
add name=VPN ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 name=dhcp1
/ip vrf
add comment="!== VRF FAILOVER" interfaces=none name="TEST-LINK 3 #2"
add comment="!== VRF FAILOVER" interfaces=none name="TEST-LINK 1 #5"
add comment="!== VRF FAILOVER" interfaces=none name="TEST-LINK 2 #5"
add comment="!== VRF LOAD_BALANCE_DINAMICO" interfaces=none name=
"BALANCE-LINK 3 #2"
add comment="!== VRF LOAD_BALANCE_DINAMICO" interfaces=none name=
"BALANCE-LINK 1 #5"
add comment="!== VRF LOAD_BALANCE_DINAMICO" interfaces=none name=
"BALANCE-LINK 2 #5"
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface="ether5 - NAS"
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface="ether7 - NAS"
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface="ether15 - SWITCH POE"
add bridge=bridge1 interface=ether16
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set tcp-syncookies=yes
/interface l2tp-server server
set accept-proto-version=l2tpv2 authentication=chap,mschap1,mschap2
default-profile=*1 use-ipsec=required
/interface list member
add interface="PPOE - VIVO" list=WAN
add interface="SFP - CLARO" list=WAN
add interface=bridge1 list=LAN
add interface=Starlink list=WAN
add interface=WG-URSO list=LAN
/interface ovpn-server servers
add mac-address=FE:5D:66:AB:49:99 name=ovpn-server1
/interface wireguard peers
add allowed-address=10.10.10.1/32,192.168.20.0/24 endpoint-address=
hf0096kendm.sn.mynetname.net endpoint-port=13231 interface=WG-URSO name=
peer5 persistent-keepalive=15s public-key=\

/ip address
add address=192.168.68.1/24 interface=bridge1 network=192.168.68.0
add address=10.10.10.2/24 interface=WG-URSO network=10.10.10.0
add address=192.168.1.2/24 interface="SFP - VIVO" network=192.168.1.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes
/ip cloud back-to-home-users
add allow-lan=yes comment="iPhone 14 Pro Max" name=Celular private-key=
"=" public-key=\

add allow-lan=yes comment="iPhone 14 Pro Max" name=
"RouterMK | CCR2004-16G-2S+" private-key=
"=" public-key=
"="
add allow-lan=yes name=Wagnernote private-key=
"YE7v++=" public-key=
"/+mqLyk="
/ip dhcp-client
add add-default-route=no interface="SFP - CLARO" script="#======= Aterar =====
============\r
\nglobal ComentarioDHCPC "LINK 2 #5"\r
\nglobal Distancia 20\r
\n#==============================\r
\n\r
\n\r
\n#====== N\E3o alterar ==============\r
\nglobal InterfaceDHCPC $"interface"\r
\nglobal GatewayDHCPC $"gateway-address"\r
\n\r
\n\r
\n\r
\n:if ($bound=1) do={\r
\n\r
\n#Cria a rota default se ela nao existir\r
\nif ([ip route print count-only where (!routing-table or routing-table=ma
in) gateway~$InterfaceDHCPC static (!dst-address or dst-address=0.0.0.0/0
)] = 0) do={\r
\n/ip route add gateway=($GatewayDHCPC."%".$InterfaceDHCPC) comment=$
ComentarioDHCPC distance=$Distancia\r
\n} \r
\n\r
\n#Alterar o gateway\r
\n/ip route set [find gateway~$InterfaceDHCPC static (!dst-address or dst
-address=0.0.0.0/0)] gateway=($GatewayDHCPC."%".$InterfaceDHCPC) disab
led=no\r
\n\r
\n\r
\n} else={\r
\n\r
\n/ip route disable [find gateway~$InterfaceDHCPC static dst-address=0.0.
0.0/0]\r
\n\r
\n}\r
\n\r
\n#/log warning message=$InterfaceDHCPC\r
\n#/log warning message=$ComentarioDHCPC\r
\n#/log warning message=($GatewayDHCPC."%".$InterfaceDHCPC)\r
\n#/log warning message=$bound\r
\n\r
\n\r
\n\r
\n\r
\n" use-peer-dns=no use-peer-ntp=no
add add-default-route=no disabled=yes interface=Starlink use-peer-dns=no
use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.68.11 client-id=1:d8:36:5f:d8:1e:4b mac-address=
D8:36:5F:D8:1E:4B server=dhcp1
add address=192.168.68.12 client-id=1:d8:36:5f:d8:29:4d mac-address=
D8:36:5F:D8:29:4D server=dhcp1
add address=192.168.68.19 client-id=1:d8:36:5f:2a:e2:bf mac-address=
D8:36:5F:2A:E2:BF server=dhcp1
add address=192.168.68.18 client-id=1:48:51:cf:bc:b4:80 mac-address=
48:51:CF:BC:B4:80 server=dhcp1
add address=192.168.68.17 client-id=1:48:51:cf:d9:e:56 mac-address=
48:51:CF:D9:0E:56 server=dhcp1
add address=192.168.68.13 client-id=1:98:2a:a:3d:e3:35 mac-address=
98:2A:0A:3D:E3:35 server=dhcp1
add address=192.168.68.14 client-id=1:30:e1:f1:16:b8:b6 mac-address=
30:E1:F1:16:B8:B6 server=dhcp1
add address=192.168.68.16 client-id=1:d8:36:5f:2a:dc:19 mac-address=
D8:36:5F:2A:DC:19 server=dhcp1
add address=192.168.68.15 client-id=1:d8:36:5f:d8:1e:3f mac-address=
D8:36:5F:D8:1E:3F server=dhcp1
add address=192.168.68.10 client-id=1:98:2a:a:72:c:f1 mac-address=
98:2A:0A:72:0C:F1 server=dhcp1
add address=192.168.68.5 client-id=1:98:2a:a:9a:e5:fb mac-address=
98:2A:0A:9A:E5:FB server=dhcp1
add address=192.168.68.69 client-id=1:d4:8a:3b:a6:16:a1 comment=
"Interfone externo" mac-address=D4:8A:3B:A6:16:A1 server=dhcp1
add address=192.168.68.70 client-id=00:00:00:00:00:00 comment=
"Intefone Interno" server=dhcp1
add address=192.168.68.50 client-id=1:76:72:76:79:e6:4a mac-address=
76:72:76:79:E6:4A server=dhcp1
add address=192.168.68.51 client-id=1:90:9:d0:62:be:5d comment=NAS
mac-address=90:09:D0:62:BE:5D server=dhcp1
/ip dhcp-server network
add address=192.168.68.0/24 dns-server=
192.168.68.1,1.1.1.1,208.67.222.222,8.8.8.8 gateway=192.168.68.1
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=6048KiB
max-concurrent-queries=200 max-concurrent-tcp-sessions=40 use-doh-server=
https://dns.nextdns.io/735975 verify-doh-cert=yes
/ip dns static
add address=45.90.28.0 name=dns.nextdns.io type=A
add address=45.90.30.0 name=dns.nextdns.io type=A
/ip firewall address-list
add list=ddos-attackers
add list=ddos-targets
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 disabled=yes list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.168.68.0/24 list=rede-local-privada
add address=192.168.68.0/24 list=rede-local-geral
add address=192.168.68.0/24 list=suporte
add address=0.0.0.0/8 comment="Auto identificao [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Privado[RFC 1918] - CLASS A # Verifique se voc
e precisa desta sub-rede antes de ativa-la" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Privado[RFC 1918] - CLASS B # Verifique se
voce precisa desta sub-rede antes de ativa-la" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Privado[RFC 1918] - CLASS C # Verifique se
_voce precisa desta sub-rede antes de ativa-la" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reservado - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="Anycast de retransmisso 6to4 [RFC 3068]"
list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reservado - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reservado - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA # Verifique se voce precisa
_desta sub-rede antes de ativa-la" disabled=yes list=bogons
add address=192.168.68.2-192.168.68.254 list=allowed_to_router
add address=192.168.20.0/24 list=rede-local-geral
add address=192.168.20.0/24 list=rede-local-privada
add address=192.168.20.0/24 list=suporte
add address=192.168.1.0/24 list=rede-local-geral
add address=192.168.1.0/24 list=rede-local-privada
/ip firewall filter
add action=accept chain=input comment=WG-URSO dst-port=13231 protocol=udp
add action=accept chain=forward comment="LAN <==> LAN" in-interface=WG-URSO
add action=accept chain=forward comment="LAN <==> LAN" in-interface-list=LAN
out-interface-list=LAN
add action=add-src-to-address-list address-list=PORTSCAN
address-list-timeout=8w4d chain=input comment="PEGA MALANDRO" dst-port=
20-23,3389,53,1723,8728,8729,8291,3389 in-interface-list=WAN log=yes
protocol=tcp
add action=add-src-to-address-list address-list=PORTSCAN
address-list-timeout=4w2d chain=input comment="Detecta PortScan"
in-interface-list=WAN protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=Syn_Flooder
address-list-timeout=30m chain=input comment=
"Adicionar Syn Flood IP lista" connection-limit=30,32 protocol=tcp
tcp-flags=syn
add action=drop chain=input comment="Drop IPs da lista Syn_Flooder"
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=spammers
address-list-timeout=3h chain=forward comment=
"Adicione Spammers a lista por 3 horas" connection-limit=30,32 dst-port=
25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Evite a acao dos spammers" dst-port=
25,587 protocol=tcp src-address-list=spammers
add action=jump chain=forward comment="Jump for icmp forward flow"
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop IPs da lista Bogons"
dst-address-list=bogons
add action=jump chain=input comment="Jump for icmp input flow" jump-target=
ICMP protocol=icmp
add action=drop chain=input comment="Bloqueie todo o acesso ao winbox - exceto
_o que estiver na lista suporte # NAO HABILITE ESTA REGRA ANTES DE ADICIO
NAR SUA SUB-REDE NA LISTA DE ENDERECOS do suporte" disabled=yes dst-port=
8291 protocol=tcp src-address-list=!suporte
add action=accept chain=input comment="Aceitar DNS - UDP" port=53 protocol=
udp
add action=accept chain=input comment="Aceitar DNS - TCP" port=53 protocol=
tcp
add action=accept chain=input comment="Aceitar conexoes estabelecidas"
connection-state=established
add action=accept chain=input comment="Aceitar conexoes relacionadas"
connection-state=related
add action=accept chain=input comment=
"Acesso total a lista de IPs de suporte" src-address-list=suporte
add action=accept chain=ICMP comment="Solicitacaoo de eco - Evitando Ping Floo
d, ajuste o limite conforme necessario" icmp-options=8:0 limit=4,5:packet
protocol=icmp
add action=accept chain=ICMP comment="Resposta de eco" icmp-options=0:0
protocol=icmp
add action=accept chain=ICMP comment="Tempo Excedido" icmp-options=11:0
protocol=icmp
add action=accept chain=ICMP comment="Destino inalcancavel" icmp-options=
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop outros ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP
protocol=icmp
add action=accept chain=input comment="default configuration"
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=fasttrack-connection chain=forward comment=FastTrack
connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="Established, Related"
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
log-prefix=invalid
add action=drop chain=forward comment=
"Drop tries to reach not public addresses from LAN" dst-address-list=
not_in_internet in-interface=bridge1 log-prefix=!public_from_LAN
out-interface=!bridge1
add action=drop chain=forward comment=
"Drop packets from LAN that do not have LAN IP" in-interface=bridge1
log-prefix=LAN_!LAN src-address=!192.168.68.0/24
add action=accept chain=input comment="defconf: accept ICMP after RAW"
protocol=icmp
add action=accept chain=input comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=accept chain=forward connection-state=established,related
add action=accept chain=input connection-state=established,related
add action=accept chain=forward out-interface-list=WAN
add action=accept chain=input dst-port=53,67 in-interface-list=!WAN protocol=
udp
add action=accept chain=input dst-port=53,8291 in-interface-list=!WAN
protocol=tcp
add action=accept chain=input icmp-options=8 protocol=icmp
add action=drop chain=forward
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-targets
address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers
address-list-timeout=10m chain=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
protocol=tcp tcp-flags=syn,ack
add action=drop chain=input comment="DROP GERAL WAN" in-interface-list=WAN
add action=drop chain=input comment="Drop qualquer outra coisa! # NAO HABILITE
_ESTA REGRA ANTES DE TER CERTEZA QUE CRIOU TODAS AS REGRAS DE ACEITACAO Q
UE VOCE PRECISA" disabled=yes
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=192.168.100.1
new-routing-mark="TEST-LINK 1 #5" passthrough=no
add action=add-dst-to-address-list address-list=lista-link-2
address-list-timeout=2d chain=prerouting content=meuip
add action=mark-connection chain=prerouting comment="FORCA SAIR POR LINK2"
connection-mark=no-mark connection-state=new dst-address-list=
lista-link-2 new-connection-mark="conexao-LINK 2 #5" src-address-list=
rede-local-geral
add action=jump chain=prerouting comment="!== JUMP PARA PCC DINAMICO"
connection-mark=no-mark connection-state=new dst-address-list=
!rede-local-geral jump-target=pcc-dinamico src-address-list=
rede-local-privada
add action=mark-routing chain=prerouting comment=
"!== MARCA DE ROTEAMENTO | LINK 3 #2" connection-mark="conexao-LINK 3 #2"
dst-address-list=!rede-local-geral new-routing-mark="BALANCE-LINK 3 #2"
passthrough=no src-address-list=rede-local-privada
add action=mark-routing chain=prerouting comment=
"!== MARCA DE ROTEAMENTO | LINK 1 #5" connection-mark="conexao-LINK 1 #5"
dst-address-list=!rede-local-geral new-routing-mark="BALANCE-LINK 1 #5"
passthrough=no src-address-list=rede-local-privada
add action=mark-routing chain=prerouting comment=
"!== MARCA DE ROTEAMENTO | LINK 2 #5" connection-mark="conexao-LINK 2 #5"
dst-address-list=!rede-local-geral new-routing-mark="BALANCE-LINK 2 #5"
passthrough=no src-address-list=rede-local-privada
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/0 ==> LINK 2 #5" new-connection-mark=
"conexao-LINK 2 #5" per-connection-classifier=both-addresses:10/0
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/1 ==> LINK 2 #5" new-connection-mark=
"conexao-LINK 2 #5" per-connection-classifier=both-addresses:10/1
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/2 ==> LINK 2 #5" new-connection-mark=
"conexao-LINK 2 #5" per-connection-classifier=both-addresses:10/2
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/3 ==> LINK 2 #5" new-connection-mark=
"conexao-LINK 2 #5" per-connection-classifier=both-addresses:10/3
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/4 ==> LINK 2 #5" new-connection-mark=
"conexao-LINK 2 #5" per-connection-classifier=both-addresses:10/4
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/5 ==> LINK 1 #5" new-connection-mark=
"conexao-LINK 1 #5" per-connection-classifier=both-addresses:10/5
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/6 ==> LINK 1 #5" new-connection-mark=
"conexao-LINK 1 #5" per-connection-classifier=both-addresses:10/6
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/7 ==> LINK 1 #5" new-connection-mark=
"conexao-LINK 1 #5" per-connection-classifier=both-addresses:10/7
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/8 ==> LINK 1 #5" new-connection-mark=
"conexao-LINK 1 #5" per-connection-classifier=both-addresses:10/8
add action=mark-connection chain=pcc-dinamico comment=
"!== MARCA DE CONEXAO PARA PCC 10/9 ==> LINK 1 #5" new-connection-mark=
"conexao-LINK 1 #5" per-connection-classifier=both-addresses:10/9
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat src-address-list="REDE VPN L2TP"
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-targets
src-address-list=ddos-attackers
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp
tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=prerouting comment="Bloqueio PortScan"
src-address-list=PORTSCAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add comment="LINK 2 #5" disabled=no distance=20 dst-address=0.0.0.0/0
gateway="191.187.124.1%SFP - CLARO" routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add comment="LINK 1 #5" disabled=no distance=10 dst-address=0.0.0.0/0
gateway="PPOE - VIVO" routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
add comment="!== ROTA FAILOVER | LINK 3 #2" gateway=192.168.1.1
routing-table="TEST-LINK 3 #2"
add comment="!== ROTA FAILOVER | LINK 1 #5" disabled=no distance=1
dst-address=0.0.0.0/0 gateway="PPOE - VIVO" routing-table=
"TEST-LINK 1 #5" scope=30 suppress-hw-offload=no target-scope=10
add comment="!== ROTA FAILOVER | LINK 2 #5" disabled=no gateway=
"191.187.124.1%SFP - CLARO" routing-table="TEST-LINK 2 #5"
add comment="!== ROTA DO BALANCE | LINK 3 #2" disabled=yes gateway=
192.168.1.1 routing-table="BALANCE-LINK 3 #2"
add comment="!== ROTA DO BALANCE | LINK 1 #5" disabled=no distance=1
dst-address=0.0.0.0/0 gateway="PPOE - VIVO" routing-table=
"BALANCE-LINK 1 #5" scope=30 suppress-hw-offload=no target-scope=10
add comment="!== ROTA DO BALANCE | LINK 2 #5" disabled=no gateway=
"191.187.124.1%SFP - CLARO" routing-table="BALANCE-LINK 2 #5"
add comment="LINK 3 #2" disabled=yes distance=30 dst-address=0.0.0.0/0
gateway=192.168.1.1 routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
add disabled=no dst-address=192.168.20.0/24 gateway=WG-URSO routing-table=
main suppress-hw-offload=no
/ipv6 address
add address=::1122 from-pool=pool-claro interface=lo
/ipv6 dhcp-client
add add-default-route=yes interface="SFP - CLARO" pool-name=pool-claro
request=address,prefix
add interface=Starlink pool-name=pool-starlink request=prefix
add disabled=yes interface="PPOE - VIVO" pool-name=pool-vivo request=prefix
/ipv6 dhcp-server
add address-pool="" interface=bridge1 name=server1
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=ff02::/16 comment=multicast list=allowed
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=
33434-33534 protocol=udp
add action=accept chain=input comment=
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=
ipsec-esp
add action=accept chain=input comment=
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=
"defconf: drop everything else not coming from LAN" in-interface-list=
!LAN
add action=accept chain=forward comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
add action=drop chain=forward comment=
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1"
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=
ipsec-esp
add action=accept chain=forward comment=
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=
"defconf: drop everything else not coming from LAN" in-interface-list=
!LAN
/ipv6 firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ipv6 nd
set [ find default=yes ] disabled=yes
/routing rule
add action=lookup-only-in-table comment=
"!== FORCE TESTE DE FAILOVER ==> LINK 3 #2" disabled=no routing-mark=
"TEST-LINK 3 #2" table="TEST-LINK 3 #2"
add action=lookup-only-in-table comment=
"!== FORCE TESTE DE FAILOVER ==> LINK 1 #3" disabled=no routing-mark=
"TEST-LINK 1 #5" table="TEST-LINK 1 #5"
add action=lookup-only-in-table comment=
"!== FORCE TESTE DE FAILOVER ==> LINK 2 #5" disabled=no routing-mark=
"TEST-LINK 2 #5" table="TEST-LINK 2 #5"
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=RouterMK
/system leds
set 0 type=interface-speed-1G
set 2 type=interface-speed-1G
add interface="PPOE - VIVO" leds=user-led type=interface-status
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=a.st1.ntp.br
add address=b.st1.ntp.br
add address=c.st1.ntp.br
add address=d.st1.ntp.br
/system routerboard settings
set enter-setup-on=delete-key
/system scheduler
add interval=30s name="EXECUTA SCRIPT DE FAILOVER" on-event=FAILOVER policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-time=startup
/system script
add dont-require-permissions=no name=FAILOVER owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#
==========================================================================
=====================\r
\n# IPS DEVEM SER SEPARADOS POR VIRGULA
_ \r
\n# NAO USAR DOMINIOS TIPO GOOGLE.COM
_ \r
\n# Intervalo = TIMEOUT DE CADA PING ONDE 00:00:00.5 CORRESPO
NDE A 500ms \r
\n#=======================================================================
========================\r
\n\r
\n\r
\n:global IPsParaTeste "8.8.8.8,8.8.4.4,200.160.0.8,31.13.80.8"\r
\n:global NumeroDePings 3\r
\n:global Intervalo 00:00:00.5\r
\n:global IPsParaTeste [:toarray $IPsParaTeste];\r
\n\r
\n\r
\n\r
\n#=======================================================================
========================\r
\n# SELECIONA TABELAS DE ROTAMENTO PARA TESTE
_ \r
\n#=======================================================================
========================\r
\n\r
\n:foreach i in=[/ip route find dst-address=0.0.0.0/0 routing-table=main]
_do={\r
\n\r
\n/ping 127.0.0.1 count=1\r
\n:delay 1\r
\n:global LinkState 0\r
\n:global comentario [/ip route get number=$i comment]\r
\n:global TabRoteAtual ("TEST-" . $comentario)\r
\n\r
\n\r
\n\r
\n:foreach IPAtualParaTeste in=$IPsParaTeste do={\r
\n:global LinkState ($LinkState + [ping address=$IPAtualParaTeste vrf=
$TabRoteAtual interval=$Intervalo count=$NumeroDePings ])\r
\n}\r
\n:global RotaAtiva [/ip route print count-only where routing-table=main c
omment=$comentario disabled=no]\r
\n\r
\n\r
\n#=======================================================================
========================\r
\n# ATIVA OU DESATIVA ROTA DE ACORDO COM O ESTADO DE LINK
_ \r
\n#=======================================================================
========================\r
\n\r
\n# IF DOWN
_ \r
\nif ($LinkState=0 and $RotaAtiva>0) do={\r
\n/ip route disable [find comment~$comentario !(comment~"!== ROTA FAILOV
ER")]\r
\n\r
\nexecute {/system/script/run FAILOVER_ACTIONS}\r
\nexecute {/system/script/run LOAD_BALANCE_DINAMICO}\r
\n\r
\n\r
\n\r
\n}\r
\n\r
\n# IF UP
_ \r
\nif ($LinkState>0 and $RotaAtiva=0) do={\r
\n/ip route enable [find comment~$comentario !(comment~"!== ROTA FAILOVE
R")]\r
\n\r
\nexecute {/system/script/run FAILOVER_ACTIONS}\r
\nexecute {/system/script/run LOAD_BALANCE_DINAMICO}\r
\n\r
\n\r
\n\r
\n}\r
\n\r
\n\r
\n}\r
\n"
add dont-require-permissions=no name=LOAD_BALANCE_DINAMICO owner=wagner
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
source="#=================================================================
==============================\r
\n# TIPO DE PCC, USE src-address: ou both-addresses:
_ \r
\n#=======================================================================
========================\r
\n\r
\n:global tipopcc both-addresses:\r
\n\r
\n#=======================================================================
========================\r
\n# CALCULA NUMERO DE REGRAS PARA PCC
_ \r
\n#=======================================================================
========================\r
\n\r
\n:global numregraspcc 0 \r
\n:foreach i in=[/ip route find dst-address=0.0.0.0/0 routing-table=main
disabled=no ] do={\r
\n:global peso [pick [/ip route get number=$i comment] ([ find [/ip rout
e get number=$i comment ] "#"]+1) 100]\r
\n:global numregraspcc ($numregraspcc+$peso) \r
\n}\r
\n\r
\n#=======================================================================
========================\r
\n# CRIA REGRAS DO PCC
_ \r
\n#=======================================================================
========================\r
\n\r
\n\r
\n/ip firewall mangle remove [find comment~"!== MARCA DE CONEXAO"]\r
\n\r
\n:global restomax ($numregraspcc-1)\r
\n:global resto 0\r
\n:foreach i in=[/ip route find dst-address=0.0.0.0/0 routing-table=main
disabled=no ] do={\r
\n\r
\n:global comentario [/ip route get number=$i comment]\r
\n:global link $comentario\r
\n:global peso [pick [/ip route get number=$i comment] ([ find [/ip rout
e get number=$i comment ] "#"]+1) 100]\r
\n:for rota from=1 to=$peso do={:if ($restomax >= $resto) do={\r
\n/ip firewall mangle\r
\nadd action=mark-connection chain=pcc-dinamico new-connection-mark=("con
exao-".$link) passthrough=yes per-connection-classifier=($tipopcc.$num
regraspcc."/".$resto) comment=("!== MARCA DE CONEXAO PARA PCC ".$num
regraspcc."/".$resto." ==> ".$link)\r
\n\r
\n:global resto ($resto+1)\r
\n\r
\n}\r
\n}\r
\n}\r
\n"
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface="SFP - CLARO"
add interface=*15
add interface=Starlink