현재 라우터로 쓰고있는 미크로틱(mikrotik) RB751G-2HnD 모델 설정.
일반 공유기정도의 세팅에서 웹프록시가 추가됐고 WAN 포트의 맥어드레스는 전에 쓰던 공유기의 맥어드레스인데 IP가 바뀌는걸 방지하기 위해 변경했다. 포트는 1번 WAN포트, 2,3,4포트 내부, 5번포트는 브릿지로 IPTV에 대응하기 위해 공인아이피를 받는 설정.
미크로틱하단에는 웹,DNS,메일,시놀로지,FTP등이 서비스로 돌아간다.
미크로틱은 윈박스를 제외한 모든 서비스를 닫아놨고 아래 PPTP 유저 부분은 실제 서비스 되는 부분이라 예시만 들어놨다.
세팅 : DHCP, VPN(PPTP), WI-FI, Web proxy, UPNP, IGMP PROXY, NTP client
# jan/27/2014 15:44:11 by RouterOS 6.7 # software id = xxxx-xxxx # /interface bridge add admin-mac=D4:CA:6D:29:7B:5D arp=proxy-arp auto-mac=no l2mtu=1598 name= bridge-local protocol-mode=rstp add l2mtu=1598 name=bridge-wan /interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width= 20/40mhz-ht-below country=”korea republic2″ disabled=no distance=indoors frequency=2452 frequency-mode=superchannel l2mtu=2290 mode=ap-bridge name=WI-FI ssid=PGLABS-B2G // SSID 이름 /interface ethernet set [ find default-name=ether2 ] comment=master name=port1 set [ find default-name=ether3 ] master-port=port1 name=port2 set [ find default-name=ether4 ] master-port=port1 name=port3 set [ find default-name=ether5 ] name=port4 set [ find default-name=ether1 ] comment=”MAC 30:85:A9:E8:E8:C8″ mac-address= // WAN포트 맥어드레스 변경 30:85:A9:E8:E8:C8 name=wan /ip neighbor discovery set port1 comment=master set wan comment=”MAC 30:85:A9:E8:E8:C8″ discover=no set [ find default=yes ] authentication-types=wpa2-psk eap-methods=”" mode= // 와이파이 암호화 WPA2 dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=2F7A02D00794 wpa2-pre-shared-key=비밀번호 // 와이파이 비밀번호 /ip pool add name=pool_local ranges=192.168.0.150-192.168.0.230 // DHCP 내부 아이피 범위 add name=pool_pptp ranges=192.168.0.231-192.168.0.253 // PPTP 내부 아이피 범위 /ip dhcp-server add add-arp=yes address-pool=pool_local always-broadcast=yes bootp-support= dynamic disabled=no interface=bridge-local lease-time=1w name=dhcp_local /ppp profile set 0 bridge=bridge-local local-address=pool_pptp only-one=no remote-address= pool_pptp use-encryption=yes use-ipv6=default wins-server=192.168.0.52 /interface bridge port add bridge=bridge-local interface=port1 add bridge=bridge-local interface=WI-FI add bridge=bridge-wan interface=wan add bridge=bridge-wan interface=port4 /interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled= yes /ip address add address=192.168.0.1/24 interface=bridge-local network=192.168.0.0 /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=bridge-wan /ip dhcp-server network add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 /ip dns set allow-remote-requests=yes /ip dns static // 웹프록시를 위한 내부 아이피 도메인 연결 설정 add address=192.168.0.60 name=mystor.net add address=192.168.0.60 name=www.mystor.net add address=192.168.0.51 name=mail.mystor.net add address=192.168.0.60 name=blog.mystor.net add address=192.168.0.60 name=wallpaper.mystor.net add address=192.168.0.60 name=alpha.mystor.net add address=192.168.0.50 name=sy.mystor.net add address=192.168.0.51 name=sy2.mystor.net add address=192.168.0.52 name=ns.mystor.net /ip firewall filter add chain=input protocol=igmp add chain=input connection-state=established add chain=input connection-state=related add chain=input connection-state=new add action=drop chain=input protocol=icmp add action=drop chain=input add chain=forward connection-state=established add chain=forward connection-state=related add chain=forward connection-state=new add action=drop chain=forward connection-state=invalid /ip firewall nat // 포트포워딩 부분 add action=masquerade chain=srcnat comment=NAT out-interface=bridge-wan add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface= bridge-wan protocol=tcp to-addresses=192.168.0.52 to-ports=53 add action=dst-nat chain=dstnat dst-port=53 in-interface=bridge-wan protocol= udp to-addresses=192.168.0.52 to-ports=53 add action=redirect chain=dstnat comment=”reverse proxy 80″ dst-port=80 in-interface=bridge-wan protocol=tcp to-ports=8080 add action=redirect chain=dstnat comment=”reverse proxy 5000″ dst-port=5000 in-interface=bridge-wan protocol=tcp to-ports=5050 add action=dst-nat chain=dstnat comment=”FTP by sy.mystor.net” dst-port=2221 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.50 to-ports= 2221 add action=dst-nat chain=dstnat dst-port=65500-65535 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.50 to-ports=65500-65535 add action=dst-nat chain=dstnat comment=”MAIL by sy2.mystor.net” dst-port=25 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports= 25 add action=dst-nat chain=dstnat dst-port=587 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=587 add action=dst-nat chain=dstnat dst-port=110 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=110 add action=dst-nat chain=dstnat dst-port=143 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=143 add action=dst-nat chain=dstnat dst-port=993 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=993 add action=dst-nat chain=dstnat dst-port=995 in-interface=bridge-wan protocol=tcp to-addresses=192.168.0.51 to-ports=995 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes /ip proxy // 웹프록시 설정 (80번 웹서버와 5000 시놀로지) set cache-administrator=master@mystor.net cache-on-disk=yes enabled=yes max-cache-size=none max-client-connections=1440 max-fresh-time=1w max-server-connections=1440 parent-proxy=0.0.0.0 port=8080,5050 /ip proxy access add dst-host=mystor.net dst-port=80 add dst-host=www.mystor.net dst-port=80 add dst-host=blog.mystor.net dst-port=80 add dst-host=wallpaper.mystor.net dst-port=80 add dst-host=alpha.mystor.net dst-port=80 add dst-host=sy.mystor.net dst-port=80 add dst-host=sy.mystor.net dst-port=5000 add dst-host=sy2.mystor.net dst-port=80 add dst-host=sy2.mystor.net dst-port=5000 add action=deny dst-port=80 add action=deny dst-port=5000 /ip proxy cache add dst-port=80 add action=deny dst-host=sy.mystor.net dst-port=80 add action=deny dst-host=sy.mystor.net dst-port=5000 add action=deny dst-host=sy2.mystor.net dst-port=80 add action=deny dst-host=sy2.mystor.net dst-port=5000 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ip upnp // UPNP set enabled=yes /ip upnp interfaces add interface=bridge-local type=internal /ppp secret // PPTP 계정 설정 add name=user1 password=비밀번호 service=pptp /routing igmp-proxy // IGMP proxy set quick-leave=yes /routing igmp-proxy interface add alternative-subnets=0.0.0.0/0 /system clock set time-zone-name=Asia/Seoul /system identity set name=”MikroTik RB751G-2HnD” /system leds set 0 interface=WI-FI /system ntp client // NPT 클라이언트 설정 (시간 받아오기) set enabled=yes mode=unicast primary-ntp=165.246.43.176 /tool mac-server set [ find default=yes ] disabled=yes add interface=port1 add interface=port2 add interface=port3 add interface=port4 add interface=WI-FI add interface=bridge-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=port1 add interface=port2 add interface=port3 add interface=port4 add interface=WI-FI add interface=bridge-local
