Thu Feb 19, 2009 1:57 am
THIS IS MY CONF. ON RB450 (this is use only for loadbalancing)
MANGLE:
0 ;;; WAN1
chain=prerouting action=mark-connection new-connection-mark=wan1 passthrough=yes connection-state=new in-interface=ether1 nth=2,0
1 chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=no in-interface=ether1 connection-mark=wan1
2 ;;; WAN2
chain=prerouting action=mark-connection new-connection-mark=wan2 passthrough=yes connection-state=new in-interface=ether1 nth=2,1
3 chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=no in-interface=ether1 connection-mark=wan2
4 ;;; WAN3
chain=prerouting action=mark-connection new-connection-mark=wan3 passthrough=yes connection-state=new in-interface=ether1 nth=2,2
5 chain=prerouting action=mark-routing new-routing-mark=wan3 passthrough=no in-interface=ether1 connection-mark=wan3
NAT:
0 chain=srcnat action=masquerade out-interface=ether2 wan1
1 chain=srcnat action=masquerade out-interface=ether3 wan2
2 X chain=srcnat action=masquerade out-interface=ether4 OUT OF SERVICE ¡¡¡¡
3 chain=srcnat action=masquerade out-interface=ether5 wan3
ROUTE:
0 A S dst-address=0.0.0.0/0 gateway=172.16.3.1 interface=ether3 gateway-state=reachable distance=1 scope=30 target-scope=10 routing-mark=wan2
1 A S dst-address=0.0.0.0/0 gateway=192.168.3.254 interface=ether5 gateway-state=reachable distance=1 scope=30 target-scope=10 routing-mark=wan3
2 A S dst-address=0.0.0.0/0 gateway=192.168.1.254 interface=ether2 gateway-state=reachable distance=1 scope=30 target-scope=10 routing-mark=wan1
3 ADS dst-address=0.0.0.0/0 gateway=172.16.3.1 interface=ether3 gateway-state=reachable distance=0 scope=30 target-scope=10
4 DS dst-address=0.0.0.0/0 gateway=192.168.1.254 interface=ether2 gateway-state=reachable distance=0 scope=30 target-scope=10
5 DS dst-address=0.0.0.0/0 gateway=192.168.3.254 interface=ether5 gateway-state=reachable distance=0 scope=30 target-scope=10
6 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.1 interface=ether1 distance=0 scope=10
7 ADC dst-address=172.16.3.0/24 pref-src=172.16.3.5 interface=ether3 distance=0 scope=10
8 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.72 interface=ether2 distance=0 scope=10
9 ADC dst-address=192.168.3.0/24 pref-src=192.168.3.200 interface=ether5 distance=0 scope=10
10 ADC dst-address=192.168.100.23/32 pref-src=192.168.100.24 interface=l2tp-out1 distance=0 scope=10
THIS IS THE CONF ON PC WITH ROUTEROS, BEHIND RB450
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=no
/ ip address
add address=172.16.68.1/24 network=172.16.68.0 broadcast=172.16.68.255 \
interface=LAN comment="" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 \
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ip route
# DST-ADDRESS PREF-SRC G GATEWAY DIS INTERFACE
0 ADC 10.10.10.0/24 10.10.10.4 Internet29505
1 ADC 172.16.68.0/24 172.16.68.1 LAN
2 X S 0.0.0.0/0 u 192.168.1.254
3 X S 0.0.0.0/0 u 192.168.3.254
4 X S 0.0.0.0/0 u 192.168.1.254
5 X S 0.0.0.0/0 u 192.168.2.1
6 AD 0.0.0.0/0 r 10.10.10.1 0 Internet29505
/ ip firewall mangle
add chain=prerouting src-address=172.16.68.29 content=speedtest \
action=mark-connection new-connection-mark=speedtest.net passthrough=yes \
comment="PRUEBA" disabled=no
add chain=prerouting connection-mark=speedtest.net action=mark-packet \
new-packet-mark=sppedpack passthrough=no comment="" disabled=no
add chain=prerouting src-address=172.16.68.0/26 action=mark-routing \
new-routing-mark=A passthrough=no comment="" disabled=yes
add chain=prerouting src-address=172.16.68.64/26 action=mark-routing \
new-routing-mark=B passthrough=no comment="" disabled=yes
add chain=prerouting src-address=172.16.68.128/26 action=mark-routing \
new-routing-mark=C passthrough=no comment="" disabled=yes
add chain=prerouting src-address=172.16.68.192/26 action=mark-routing \
new-routing-mark=D passthrough=no comment="" disabled=yes
add chain=prerouting src-address-list=Achiris action=mark-routing \
new-routing-mark=ConexionesA passthrough=yes comment="" disabled=yes
add chain=prerouting content=ares action=mark-connection \
new-connection-mark=ares passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ares action=mark-packet \
new-packet-mark=arespacket passthrough=no comment="" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=ConexionesP2P passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ConexionesP2P action=mark-packet \
new-packet-mark=P2PCA passthrough=no comment="" disabled=no
add chain=prerouting content=hotmail action=mark-connection \
new-connection-mark=hotmailconn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=hotmailconn action=mark-packet \
new-packet-mark=hotpacket passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
new-connection-mark=msnconn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=msnconn action=mark-packet \
new-packet-mark=msnpaquet passthrough=no comment="" disabled=no
add chain=prerouting content=imss action=mark-connection \
new-connection-mark=immsconn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=immsconn action=mark-packet \
new-packet-mark=immspaqeut passthrough=no comment="" disabled=no
add chain=prerouting content=ban action=mark-connection \
new-connection-mark=Bancosconn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=Bancosconn action=mark-packet \
new-packet-mark=bancospaqeut passthrough=no comment="" disabled=no
add chain=prerouting content=HSBC action=mark-connection \
new-connection-mark=HSBCconn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=HSBCconn action=mark-packet \
new-packet-mark=Hsbcpaqeut passthrough=no comment="" disabled=no
add chain=prerouting in-interface=LAN connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=Impar passthrough=yes \
comment="" disabled=yes
add chain=prerouting in-interface=LAN connection-mark=Impar \
action=mark-routing new-routing-mark=Impar passthrough=no comment="" \
disabled=yes
add chain=prerouting in-interface=LAN connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=Par passthrough=yes comment="" \
disabled=yes
add chain=prerouting in-interface=LAN connection-mark=Par action=mark-routing \
new-routing-mark=Par passthrough=no comment="" disabled=yes
add chain=prerouting in-interface=LAN connection-state=new nth=2,4,2 \
src-address-list=Achiris action=mark-connection new-connection-mark=nulo \
passthrough=yes comment="" disabled=yes
add chain=prerouting in-interface=LAN connection-mark=nulo action=mark-routing \
new-routing-mark=nulo passthrough=no comment="" disabled=yes
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1448 \
comment="" disabled=yes
/ ip firewall nat
add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="" disabled=no
add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
src-address-list=Angostura action=redirect to-ports=3128 comment="" \
disabled=yes
add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
src-address-list=Nuevos action=redirect to-ports=3128 comment="" \
disabled=yes
add chain=srcnat src-address=172.16.68.0/24 dst-address=!172.16.68.0/24 \
action=masquerade comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=1701 action=dst-nat \
to-addresses=172.16.68.15 to-ports=1701 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=1723 action=dst-nat \
to-addresses=172.16.68.15 to-ports=1723 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=5900 action=dst-nat \
to-addresses=172.16.68.15 to-ports=5900 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=3389 action=dst-nat \
to-addresses=172.16.68.15 to-ports=3389 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=26 action=dst-nat \
to-addresses=172.16.68.15 to-ports=26 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=25 action=dst-nat \
to-addresses=172.16.68.15 to-ports=25 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=forward action=jump jump-target=virus comment="" disabled=no
add chain=forward action=jump jump-target=prohibidas comment="" disabled=no
add chain=virus protocol=tcp dst-port=135-139 src-address-list=Achiris \
action=drop comment="blaaster Achiris" disabled=no
add chain=virus protocol=tcp dst-port=135-139 src-address-list=Angostura \
action=drop comment="blaaster Angostura" disabled=no
add chain=virus src-address-list=Angostura action=return comment="" \
disabled=no
add chain=prohibidas content=redtube action=drop comment="" disabled=no
add chain=prohibidas content=pornogatitas action=drop comment="" disabled=no
add chain=prohibidas action=return comment="" disabled=no
add chain=forward protocol=tcp dst-port=80 src-address-list=Achiris \
action=accept comment="" disabled=yes
add chain=forward protocol=tcp dst-port=1863 action=accept comment="Regla del \
MSN" disabled=no
add chain=forward connection-state=invalid action=drop comment="Conexiones \
Invalidas" disabled=no
add chain=forward src-address-list=Cortadas action=drop comment="Ip Cortadas, \
para que no navegue nada" disabled=no
/ ip firewall address-list
add list=Achiris address=172.16.68.2 comment="" disabled=yes
add list=Achiris address=172.16.68.3 comment="" disabled=yes
add list=Achiris address=172.16.68.4 comment="" disabled=yes
add list=Achiris address=172.16.68.5 comment="" disabled=yes
add list=Achiris address=172.16.68.6 comment="" disabled=yes
add list=Achiris address=172.16.68.7 comment="" disabled=yes
add list=Achiris address=172.16.68.9 comment="" disabled=yes
add list=Achiris address=172.16.68.11 comment="" disabled=yes
add list=Achiris address=172.16.68.12 comment="" disabled=yes
add list=Achiris address=172.16.68.13 comment="" disabled=yes
add list=Achiris address=172.16.68.14 comment="" disabled=yes
add list=Achiris address=172.16.68.15 comment="" disabled=yes
add list=Achiris address=172.16.68.17 comment="" disabled=yes
add list=Achiris address=172.16.68.18 comment="" disabled=yes
add list=Achiris address=172.16.68.19 comment="" disabled=yes
add list=Achiris address=172.16.68.20 comment="" disabled=yes
add list=Achiris address=172.16.68.50 comment="" disabled=yes
add list=Achiris address=172.16.68.51 comment="" disabled=yes
add list=Achiris address=172.16.68.52 comment="" disabled=yes
add list=Achiris address=172.16.68.53 comment="" disabled=yes
add list=Achiris address=172.16.68.54 comment="" disabled=yes
add list=Achiris address=172.16.68.55 comment="" disabled=yes
add list=Achiris address=172.16.68.16 comment="" disabled=yes
add list=Achiris address=172.16.68.21 comment="" disabled=yes
add list=Achiris address=172.16.68.22 comment="" disabled=yes
add list=Achiris address=172.16.68.56 comment="" disabled=yes
add list=Angostura address=172.16.68.65 comment="" disabled=yes
add list=Angostura address=172.16.68.66 comment="" disabled=yes
add list=Angostura address=172.16.68.67 comment="" disabled=yes
add list=Angostura address=172.16.68.68 comment="" disabled=yes
add list=Angostura address=172.16.68.69 comment="" disabled=yes
add list=Angostura address=172.16.68.70 comment="" disabled=yes
add list=Cortadas address=172.16.68.74 comment="" disabled=yes
add list=Angostura address=172.16.68.72 comment="" disabled=yes
add list=Angostura address=172.16.68.73 comment="" disabled=yes
add list=Angostura address=172.16.68.74 comment="" disabled=yes
add list=Angostura address=172.16.68.75 comment="" disabled=yes
add list=Cortadas address=172.16.68.76 comment="" disabled=yes
add list=Angostura address=172.16.68.77 comment="" disabled=yes
add list=Angostura address=172.16.68.78 comment="" disabled=yes
add list=Cortadas address=172.16.68.79 comment="" disabled=yes
add list=Nuevos address=172.16.68.193 comment="" disabled=yes
add list=Cortadas address=172.16.68.194 comment="" disabled=yes
add list=Nuevos address=172.16.68.195 comment="" disabled=yes
add list=Angostura address=172.16.68.80 comment="" disabled=yes
add list=Angostura address=172.16.68.81 comment="" disabled=yes
add list=Angostura address=172.16.68.82 comment="" disabled=yes
add list=Cortadas address=172.16.68.6 comment="" disabled=yes
add list=Cortadas address=172.16.68.10 comment="" disabled=no
add list=Cortadas address=172.16.68.12 comment="" disabled=yes
add list=Cortadas address=172.16.68.23 comment="" disabled=yes
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-client
add interface=Internet29505 add-default-route=yes use-peer-dns=yes \ GET IP FROM RB450
use-peer-ntp=yes comment="" disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="LLamar_A_Redcom_6737329798_o_6737340122" \
max-object-size=4096KiB cache-drive=system max-cache-size=unlimited \
max-ram-cache-size=unlimited
I KNOW IS SO LARGE BUT I DONT KNOW WHAT I CAN DO ¡¡¡
You do not have the required permissions to view the files attached to this post.