미크로틱(mikrotik) 일반 공유기 처럼 사용하기 설정 예시

현재 라우터로 쓰고있는 미크로틱(mikrotik) RB751G-2HnD 모델 설정.
일반 공유기정도의 세팅에서 웹프록시가 추가됐고 WAN 포트의 맥어드레스는 전에 쓰던 공유기의 맥어드레스인데 IP가 바뀌는걸 방지하기 위해 변경했다. 포트는 1번 WAN포트, 2,3,4포트 내부, 5번포트는 브릿지로 IPTV에 대응하기 위해 공인아이피를 받는 설정.

미크로틱하단에는 웹,DNS,메일,시놀로지,FTP등이 서비스로 돌아간다.

미크로틱은 윈박스를 제외한 모든 서비스를 닫아놨고 아래 PPTP 유저 부분은 실제 서비스 되는 부분이라 예시만 들어놨다.

세팅 : DHCP, VPN(PPTP), WI-FI, Web proxy, UPNP, IGMP PROXY, NTP client

# jan/27/2014 15:44:11 by RouterOS 6.7
# software id = xxxx-xxxx
#
/interface bridge
add admin-mac=D4:CA:6D:29:7B:5D arp=proxy-arp auto-mac=no l2mtu=1598 name=
bridge-local protocol-mode=rstp
add l2mtu=1598 name=bridge-wan
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=
20/40mhz-ht-below country=”korea republic2″
disabled=no distance=indoors frequency=2452 frequency-mode=superchannel
l2mtu=2290 mode=ap-bridge name=WI-FI ssid=PGLABS-B2G // SSID 이름
/interface ethernet
set [ find default-name=ether2 ] comment=master name=port1
set [ find default-name=ether3 ] master-port=port1 name=port2
set [ find default-name=ether4 ] master-port=port1 name=port3
set [ find default-name=ether5 ] name=port4
set [ find default-name=ether1 ] comment=”MAC 30:85:A9:E8:E8:C8″ mac-address= // WAN포트 맥어드레스 변경
30:85:A9:E8:E8:C8 name=wan
/ip neighbor discovery
set port1 comment=master
set wan comment=”MAC 30:85:A9:E8:E8:C8″ discover=no
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=”" mode= // 와이파이 암호화 WPA2
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=2F7A02D00794
wpa2-pre-shared-key=비밀번호 // 와이파이 비밀번호
/ip pool
add name=pool_local ranges=192.168.0.150-192.168.0.230 // DHCP 내부 아이피 범위
add name=pool_pptp ranges=192.168.0.231-192.168.0.253 // PPTP 내부 아이피 범위
/ip dhcp-server
add add-arp=yes address-pool=pool_local always-broadcast=yes bootp-support=
dynamic disabled=no interface=bridge-local lease-time=1w name=dhcp_local
/ppp profile
set 0 bridge=bridge-local local-address=pool_pptp only-one=no remote-address=
pool_pptp use-encryption=yes use-ipv6=default wins-server=192.168.0.52
/interface bridge port
add bridge=bridge-local interface=port1
add bridge=bridge-local interface=WI-FI
add bridge=bridge-wan interface=wan
add bridge=bridge-wan interface=port4
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=
yes
/ip address
add address=192.168.0.1/24 interface=bridge-local network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge-wan
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static // 웹프록시를 위한 내부 아이피 도메인 연결 설정
add address=192.168.0.60 name=mystor.net
add address=192.168.0.60 name=www.mystor.net
add address=192.168.0.51 name=mail.mystor.net
add address=192.168.0.60 name=blog.mystor.net
add address=192.168.0.60 name=wallpaper.mystor.net
add address=192.168.0.60 name=alpha.mystor.net
add address=192.168.0.50 name=sy.mystor.net
add address=192.168.0.51 name=sy2.mystor.net
add address=192.168.0.52 name=ns.mystor.net
/ip firewall filter
add chain=input protocol=igmp
add chain=input connection-state=established
add chain=input connection-state=related
add chain=input connection-state=new
add action=drop chain=input protocol=icmp
add action=drop chain=input
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=forward connection-state=new
add action=drop chain=forward connection-state=invalid
/ip firewall nat // 포트포워딩 부분
add action=masquerade chain=srcnat comment=NAT out-interface=bridge-wan
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=
bridge-wan protocol=tcp to-addresses=192.168.0.52 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=bridge-wan protocol=
udp to-addresses=192.168.0.52 to-ports=53
add action=redirect chain=dstnat comment=”reverse proxy 80″ dst-port=80
in-interface=bridge-wan protocol=tcp to-ports=8080
add action=redirect chain=dstnat comment=”reverse proxy 5000″ dst-port=5000
in-interface=bridge-wan protocol=tcp to-ports=5050
add action=dst-nat chain=dstnat comment=”FTP by sy.mystor.net” dst-port=2221
in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.50 to-ports=
2221
add action=dst-nat chain=dstnat dst-port=65500-65535 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.50 to-ports=65500-65535
add action=dst-nat chain=dstnat comment=”MAIL by sy2.mystor.net” dst-port=25
in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=
25
add action=dst-nat chain=dstnat dst-port=587 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.51 to-ports=587
add action=dst-nat chain=dstnat dst-port=110 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.51 to-ports=110
add action=dst-nat chain=dstnat dst-port=143 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.51 to-ports=143
add action=dst-nat chain=dstnat dst-port=993 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.51 to-ports=993
add action=dst-nat chain=dstnat dst-port=995 in-interface=bridge-wan
protocol=tcp to-addresses=192.168.0.51 to-ports=995
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip proxy // 웹프록시 설정 (80번 웹서버와 5000 시놀로지)
set cache-administrator=master@mystor.net cache-on-disk=yes enabled=yes
max-cache-size=none max-client-connections=1440 max-fresh-time=1w
max-server-connections=1440 parent-proxy=0.0.0.0 port=8080,5050
/ip proxy access
add dst-host=mystor.net dst-port=80
add dst-host=www.mystor.net dst-port=80
add dst-host=blog.mystor.net dst-port=80
add dst-host=wallpaper.mystor.net dst-port=80
add dst-host=alpha.mystor.net dst-port=80
add dst-host=sy.mystor.net dst-port=80
add dst-host=sy.mystor.net dst-port=5000
add dst-host=sy2.mystor.net dst-port=80
add dst-host=sy2.mystor.net dst-port=5000
add action=deny dst-port=80
add action=deny dst-port=5000
/ip proxy cache
add dst-port=80
add action=deny dst-host=sy.mystor.net dst-port=80
add action=deny dst-host=sy.mystor.net dst-port=5000
add action=deny dst-host=sy2.mystor.net dst-port=80
add action=deny dst-host=sy2.mystor.net dst-port=5000
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp // UPNP
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
/ppp secret // PPTP 계정 설정
add name=user1 password=비밀번호 service=pptp

/routing igmp-proxy // IGMP proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0
/system clock
set time-zone-name=Asia/Seoul
/system identity
set name=”MikroTik RB751G-2HnD”
/system leds
set 0 interface=WI-FI
/system ntp client // NPT 클라이언트 설정 (시간 받아오기)
set enabled=yes mode=unicast primary-ntp=165.246.43.176
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=port1
add interface=port2
add interface=port3
add interface=port4
add interface=WI-FI
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=port1
add interface=port2
add interface=port3
add interface=port4
add interface=WI-FI
add interface=bridge-local

연관 글

댓글