- Posty: 44
- Rejestracja: czw wrz 26, 2013 12:38 am
Witam
Czy komuś się udała integracja mikrotika z pyxisem? Ja doszedłem do momentu, kiedy dodawani są użttkownicy pppoe, mają dostęp do netu, dodawane są simple queue ale niestety ruch nie jest kolejkowany. Kolejki nie wyłapują pakietów...
Szukam pomocy
Marcin
konfig mikrotika
# jul/04/2016 22:40:56 by RouterOS 6.35.4
# software id = L742-XKQB
#
/interface bridge
add arp=proxy-arp comment="Bridge LAN" name=LAN
/interface ethernet
set [ find default-name=ether3 ] comment="WAN from ISP" name=WAN
set [ find default-name=ether1 ] comment="MGMNT from LAN"
set [ find default-name=ether2 ] comment="DHCP LAN"
/interface pppoe-server
add name=pppoe service="" user=""
/ip neighbor discovery
set WAN comment="WAN from ISP"
set ether1 comment="MGMNT from LAN"
set ether2 comment="DHCP LAN"
set LAN comment="Bridge LAN"
/ip dhcp-server
add disabled=no interface=LAN name=LAN
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.254
add name=openvpnpool3 ranges=192.168.100.23-192.168.100.24
add name=POOL ranges=172.22.33.10-172.22.33.30
add name=openvpnpool2 next-pool=openvpnpool3 ranges=\
192.168.100.21-192.168.100.22
add name=openvpnpool1 next-pool=openvpnpool2 ranges=\
192.168.100.19-192.168.100.20
/ppp profile
add local-address=192.168.10.1 name=10M
/queue type
add kind=sfq name=sfq
add kind=pcq name=pcq-download pcq-classifier=dst-address
add kind=pcq name=pcq-upload pcq-classifier=src-address
/queue simple
add comment=0 max-limit=250M/250M name=global priority=7/7 queue=sfq/sfq \
target=LAN total-queue=sfq
add comment=1_68 max-limit=1024k/2048k name=1_68 parent=global target=\
192.168.1.23/32
add comment=2_69 max-limit=600k/4200k name=2_69 parent=global target=\
192.168.1.87/32
add comment=58_64 max-limit=600k/2100k name=58_64 parent=global target=\
192.168.5.111/32
add comment=73_65 max-limit=300k/1100k name=73_65 parent=global target=\
192.168.5.101/32
add comment=74_66 max-limit=600k/2100k name=74_66 parent=global target=\
192.168.5.102/32
add comment=655_73 max-limit=20480k/40960k name=655_73 parent=global target=\
192.168.5.231/32
add comment=656_72 max-limit=2048k/1024k name=656_72 parent=global target=\
192.168.5.233/32
add comment=657_71 max-limit=1024k/10240k name=657_71 parent=global target=\
10.0.2.56/32
add comment=658_70 max-limit=1024k/10240k name=658_70 parent=global target=\
192.168.2.90/32
add comment=659_67 max-limit=614400/5120k name=659_67 parent=global target=\
192.168.5.104/32
add comment=660_63 max-limit=614400/5120k name=660_63 parent=global target=\
10.0.1.123/32
/user group
add name=pyxis policy="local,ftp,read,write,policy,!telnet,!ssh,!reboot,!test,\
!winbox,!password,!web,!sniff,!sensitive,!api,!romon"
/interface bridge port
add bridge=LAN interface=ether5
add bridge=LAN interface=ether4
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether2
/interface ovpn-server server
set certificate=ca.crt_0 cipher=blowfish128,aes128,aes192,aes256 \
default-profile=openvpn-bridged keepalive-timeout=disabled mode=ethernet
/interface pppoe-server server
add authentication=chap,mschap2 disabled=no interface=LAN max-mru=1480 \
max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=pppoe
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether1 \
network=192.168.88.0
add address=192.168.3.1/24 interface=ether2 network=192.168.3.0
add address=192.168.1.77/24 comment=WAN interface=WAN network=192.168.1.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.1.23 comment=68 list=blokuj
add address=192.168.1.87 comment=69 list=blokuj
add address=192.168.5.101 comment=65 list=blokuj
add address=192.168.5.102 comment=66 list=blokuj
add address=192.168.5.231 comment=73 list=blokuj
add address=192.168.5.233 comment=72 list=blokuj
add address=10.0.2.56 comment=71 list=blokuj
add address=192.168.2.90 comment=70 list=blokuj
/ip firewall nat
add chain=srcnat out-interface=WAN
/ip proxy
set src-address=81.219.96.210
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" dst-port=23-25
add action=deny comment=\
"allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
!443,563 method=CONNECT
/ip proxy direct
add dst-address=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set www port=7979
set ssh port=7878
/lcd
set backlight-timeout=1h30m default-screen=stats
/ppp profile
set *0 dns-server=8.8.8.8 local-address=192.168.100.1 parent-queue=*F7 \
queue-type=sfq
add bridge=*16 local-address=172.22.33.1 name=openvpn-bridged remote-address=\
POOL use-encryption=required
/ppp secret
add comment=68 name=123456 remote-address=192.168.1.23 service=pppoe
add comment=69 name=123scsacd remote-address=192.168.1.87 service=pppoe
add comment=64 name=test234 remote-address=192.168.5.111 service=pppoe
add comment=65 name=123 remote-address=192.168.5.101 service=pppoe
add comment=66 name=kowa746hsf remote-address=192.168.5.102 service=pppoe
add comment=73 name=xdfg556h remote-address=192.168.5.231 service=pppoe
add comment=72 name=zfgretyrthwt remote-address=192.168.5.233 service=pppoe
add comment=71 name=vbn profile=10M remote-address=10.0.2.56 service=pppoe
add comment=70 name=asd remote-address=192.168.2.90 service=pppoe
add comment=67 name=33pl remote-address=192.168.5.104 service=pppoe
add comment=63 name=222j9 remote-address=10.0.1.123 service=pppoe
/system clock
set time-zone-name=Europe/Warsaw
/system leds
set 0 interface=sfp1
set 1 interface=sfp2
set 2 interface=sfp3
set 3 interface=sfp4
/system ntp client
set enabled=yes primary-ntp=153.19.250.123 secondary-ntp=198.123.30.132
/system resource irq rps
set sfp1 disabled=no
set sfp2 disabled=no
set sfp3 disabled=no
set sfp4 disabled=no
set ether1 disabled=no
set ether2 disabled=no
set WAN disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
set ether10 disabled=no
set ether11 disabled=no
set ether12 disabled=no
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=\
disabled
/system watchdog
set no-ping-delay=5h35m
/tool bandwidth-server
set authenticate=no
/tool sniffer
set file-name=sniff filter-interface=LAN
Czy komuś się udała integracja mikrotika z pyxisem? Ja doszedłem do momentu, kiedy dodawani są użttkownicy pppoe, mają dostęp do netu, dodawane są simple queue ale niestety ruch nie jest kolejkowany. Kolejki nie wyłapują pakietów...
Szukam pomocy
Marcin
konfig mikrotika
# jul/04/2016 22:40:56 by RouterOS 6.35.4
# software id = L742-XKQB
#
/interface bridge
add arp=proxy-arp comment="Bridge LAN" name=LAN
/interface ethernet
set [ find default-name=ether3 ] comment="WAN from ISP" name=WAN
set [ find default-name=ether1 ] comment="MGMNT from LAN"
set [ find default-name=ether2 ] comment="DHCP LAN"
/interface pppoe-server
add name=pppoe service="" user=""
/ip neighbor discovery
set WAN comment="WAN from ISP"
set ether1 comment="MGMNT from LAN"
set ether2 comment="DHCP LAN"
set LAN comment="Bridge LAN"
/ip dhcp-server
add disabled=no interface=LAN name=LAN
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.254
add name=openvpnpool3 ranges=192.168.100.23-192.168.100.24
add name=POOL ranges=172.22.33.10-172.22.33.30
add name=openvpnpool2 next-pool=openvpnpool3 ranges=\
192.168.100.21-192.168.100.22
add name=openvpnpool1 next-pool=openvpnpool2 ranges=\
192.168.100.19-192.168.100.20
/ppp profile
add local-address=192.168.10.1 name=10M
/queue type
add kind=sfq name=sfq
add kind=pcq name=pcq-download pcq-classifier=dst-address
add kind=pcq name=pcq-upload pcq-classifier=src-address
/queue simple
add comment=0 max-limit=250M/250M name=global priority=7/7 queue=sfq/sfq \
target=LAN total-queue=sfq
add comment=1_68 max-limit=1024k/2048k name=1_68 parent=global target=\
192.168.1.23/32
add comment=2_69 max-limit=600k/4200k name=2_69 parent=global target=\
192.168.1.87/32
add comment=58_64 max-limit=600k/2100k name=58_64 parent=global target=\
192.168.5.111/32
add comment=73_65 max-limit=300k/1100k name=73_65 parent=global target=\
192.168.5.101/32
add comment=74_66 max-limit=600k/2100k name=74_66 parent=global target=\
192.168.5.102/32
add comment=655_73 max-limit=20480k/40960k name=655_73 parent=global target=\
192.168.5.231/32
add comment=656_72 max-limit=2048k/1024k name=656_72 parent=global target=\
192.168.5.233/32
add comment=657_71 max-limit=1024k/10240k name=657_71 parent=global target=\
10.0.2.56/32
add comment=658_70 max-limit=1024k/10240k name=658_70 parent=global target=\
192.168.2.90/32
add comment=659_67 max-limit=614400/5120k name=659_67 parent=global target=\
192.168.5.104/32
add comment=660_63 max-limit=614400/5120k name=660_63 parent=global target=\
10.0.1.123/32
/user group
add name=pyxis policy="local,ftp,read,write,policy,!telnet,!ssh,!reboot,!test,\
!winbox,!password,!web,!sniff,!sensitive,!api,!romon"
/interface bridge port
add bridge=LAN interface=ether5
add bridge=LAN interface=ether4
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether2
/interface ovpn-server server
set certificate=ca.crt_0 cipher=blowfish128,aes128,aes192,aes256 \
default-profile=openvpn-bridged keepalive-timeout=disabled mode=ethernet
/interface pppoe-server server
add authentication=chap,mschap2 disabled=no interface=LAN max-mru=1480 \
max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=pppoe
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether1 \
network=192.168.88.0
add address=192.168.3.1/24 interface=ether2 network=192.168.3.0
add address=192.168.1.77/24 comment=WAN interface=WAN network=192.168.1.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.1.23 comment=68 list=blokuj
add address=192.168.1.87 comment=69 list=blokuj
add address=192.168.5.101 comment=65 list=blokuj
add address=192.168.5.102 comment=66 list=blokuj
add address=192.168.5.231 comment=73 list=blokuj
add address=192.168.5.233 comment=72 list=blokuj
add address=10.0.2.56 comment=71 list=blokuj
add address=192.168.2.90 comment=70 list=blokuj
/ip firewall nat
add chain=srcnat out-interface=WAN
/ip proxy
set src-address=81.219.96.210
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" dst-port=23-25
add action=deny comment=\
"allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
!443,563 method=CONNECT
/ip proxy direct
add dst-address=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set www port=7979
set ssh port=7878
/lcd
set backlight-timeout=1h30m default-screen=stats
/ppp profile
set *0 dns-server=8.8.8.8 local-address=192.168.100.1 parent-queue=*F7 \
queue-type=sfq
add bridge=*16 local-address=172.22.33.1 name=openvpn-bridged remote-address=\
POOL use-encryption=required
/ppp secret
add comment=68 name=123456 remote-address=192.168.1.23 service=pppoe
add comment=69 name=123scsacd remote-address=192.168.1.87 service=pppoe
add comment=64 name=test234 remote-address=192.168.5.111 service=pppoe
add comment=65 name=123 remote-address=192.168.5.101 service=pppoe
add comment=66 name=kowa746hsf remote-address=192.168.5.102 service=pppoe
add comment=73 name=xdfg556h remote-address=192.168.5.231 service=pppoe
add comment=72 name=zfgretyrthwt remote-address=192.168.5.233 service=pppoe
add comment=71 name=vbn profile=10M remote-address=10.0.2.56 service=pppoe
add comment=70 name=asd remote-address=192.168.2.90 service=pppoe
add comment=67 name=33pl remote-address=192.168.5.104 service=pppoe
add comment=63 name=222j9 remote-address=10.0.1.123 service=pppoe
/system clock
set time-zone-name=Europe/Warsaw
/system leds
set 0 interface=sfp1
set 1 interface=sfp2
set 2 interface=sfp3
set 3 interface=sfp4
/system ntp client
set enabled=yes primary-ntp=153.19.250.123 secondary-ntp=198.123.30.132
/system resource irq rps
set sfp1 disabled=no
set sfp2 disabled=no
set sfp3 disabled=no
set sfp4 disabled=no
set ether1 disabled=no
set ether2 disabled=no
set WAN disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
set ether10 disabled=no
set ether11 disabled=no
set ether12 disabled=no
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=\
disabled
/system watchdog
set no-ping-delay=5h35m
/tool bandwidth-server
set authenticate=no
/tool sniffer
set file-name=sniff filter-interface=LAN