Изгря версия 4 бета 1

[111111]

What's new in 4.0beta1:

*) added support for MetaROUTERs;

*) all test packages are regular ones;

*) console - can mix named and unnamed arguments, can use names for unnamed

    argument values. For example all of the following commands are

    accepted now:

      /ping 10.11.12.13 count=4

      /ping address=10.11.12.13 count=4

      /ping count=4 10.11.12.13

---

да го изтестваме тестово

Traffic and system resource graphing

неработи

[NetworkPro]

При мен работят, ето конфига ми:

/ interface ethernet

set ether1 name="Local"

set ether2 mac-address=нужен за ISP

/ ip firewall address-list

add list=lokalni-adresi address=10.10.10.0/29 comment="LAN"

add list=illegal-addr address=0.0.0.0/8 comment="illegal addresses"

add list=illegal-addr address=127.0.0.0/8

add list=illegal-addr address=224.0.0.0/3

add list=illegal-addr address=10.0.0.0/8

add list=illegal-addr address=172.16.0.0/12

add list=illegal-addr address=192.168.0.0/16

/ interface pppoe-client

add name="Public" interface=ether2 user="потребител" password="парола" service-name="име на ппп" \

   ac-name="име на ac" add-default-route=yes dial-on-demand=yes use-peer-dns=yes

/ ip pool

add name="dhcp_pool1" ranges=10.10.10.2-10.10.10.254

/ ip service

set telnet disabled=yes

set ftp disabled=yes

set www disabled=yes

set ssh disabled=yes

set www-ssl disabled=yes

/ ip upnp

set enabled=no

/ ip dns

set allow-remote-requests=yes

/ ip address

add address=10.10.10.1/24 interface=Local

/ ip neighbor discovery

set Local discover=no

set ether2 discover=no

set Public discover=no

/ ip firewall nat

add chain=srcnat action=masquerade src-address-list=lokalni-adresi comment="NAT"

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=5959 protocol=tcp comment="2 TightVNC"

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=43210 protocol=tcp comment="2 torrent"

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=46215 protocol=tcp comment="2 eMule"

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=41048 protocol=udp

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=54711 protocol=tcp disabled=yes

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=59947 protocol=tcp comment="2 Hamachi" disabled=yes

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=59947 protocol=udp disabled=yes

add chain=dstnat action=dst-nat to-addresses=10.10.10.2 dst-port=6969 protocol=tcp comment="2 HTTP" disabled=yes

add chain=dstnat action=dst-nat to-addresses=10.10.10.3 dst-port=45082 protocol=tcp comment="3 torrent"

add chain=dstnat action=dst-nat to-addresses=10.10.10.3 dst-port=45082 protocol=udp

add chain=dstnat action=dst-nat to-addresses=10.10.10.4 dst-port=41000 protocol=tcp comment="4 torrent"

add chain=dstnat action=dst-nat to-addresses=10.10.10.4 dst-port=42000 protocol=tcp comment="4 Hamachi"

add chain=dstnat action=dst-nat to-addresses=10.10.10.6 dst-port=43000 protocol=tcp comment="6 torrent"

add chain=dstnat action=dst-nat to-addresses=10.10.10.5 dst-port=49999 protocol=tcp comment="5 torrent"

add chain=dstnat action=dst-nat to-addresses=10.10.10.5 dst-port=33096 protocol=tcp comment="5 SLSK"

/ ip firewall mangle

add chain=prerouting action=mark-packet new-packet-mark=nat-traversal passthrough=no in-interface=Public dst-address-list=lokalni-adresi

add chain=prerouting action=mark-connection new-connection-mark=RegnumOnline passthrough=yes in-interface=Local src-address=10.10.10.5 \

   src-port=9960 protocol=udp disabled=yes

add chain=prerouting action=mark-connection new-connection-mark=RegnumOnline passthrough=yes src-address=10.10.10.5 \

   dst-address=212.214.41.165 disabled=yes

add chain=prerouting action=mark-connection new-connection-mark=RegnumOnline passthrough=yes src-address=212.214.41.165 \

   disabled=yes

add chain=prerouting action=change-dscp new-dscp=46 connection-mark=RegnumOnline disabled=yes

add chain=prerouting action=mark-packet new-packet-mark=RegnumOnline passthrough=no connection-mark=RegnumOnline disabled=yes

add chain=postrouting action=change-dscp new-dscp=46 out-interface=Public

add chain=output action=change-dscp new-dscp=46 out-interface=Public

add chain=prerouting action=mark-packet new-packet-mark=local2local passthrough=no src-address-list=lokalni-adresi \

   dst-address-list=lokalni-adresi

add chain=forward action=mark-connection new-connection-mark=clients-conn passthrough=yes src-address-list=lokalni-adresi

add chain=forward action=mark-packet new-packet-mark=clients-packets passthrough=no connection-mark=clients-conn

add chain=forward action=mark-packet new-packet-mark=clients-packets passthrough=no dst-address-list=lokalni-adresi

add chain=forward action=log

/ ip firewall filter

add chain=forward action=jump jump-target=sanity-check comment="Sanity Check Jump"

add chain=sanity-check action=jump jump-target=drop packet-mark=nat-traversal comment="Deny illegal NAT traversal"

add chain=sanity-check action=add-src-to-address-list protocol=tcp psd=20,3s,3,1 address-list=blocked-addr address-list-timeout=1d \

   comment="Block port scans" disabled=yes

add chain=sanity-check action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list=blocked-addr \

   address-list-timeout=1d comment="Block TCP Null scan"

add chain=sanity-check action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=blocked-addr \

   address-list-timeout=1d comment="Block TCP Xmas scan"

add chain=sanity-check action=jump jump-target=drop protocol=tcp src-address-list=blocked-addr

add chain=sanity-check action=jump jump-target=drop tcp-flags=rst protocol=tcp comment="Drop TCP RST" disabled=yes

add chain=sanity-check action=jump jump-target=drop tcp-flags=fin,syn protocol=tcp comment="Drop TCP SYN+FIN"

add chain=sanity-check action=jump jump-target=drop connection-state=invalid comment="Dropping invalid connections at once"

add chain=sanity-check action=accept connection-state=established comment="Accepting already established connections"

add chain=sanity-check action=accept connection-state=related comment="Also accepting related connections"

add chain=sanity-check action=jump jump-target=drop src-address-type=broadcast,multicast comment="Drop all traffic that goes from \

   multicast or broadcast addresses"

add chain=sanity-check action=jump jump-target=drop in-interface=Local dst-address-type=!local dst-address-list=illegal-addr \

   comment="Drop illegal destination addresses"

add chain=sanity-check action=jump jump-target=drop in-interface=Local src-address-list=!lokalni-adresi comment="Drop everything that goes \

   from local interface but not from local address"

add chain=sanity-check action=jump jump-target=drop in-interface=Public src-address-list=illegal-addr comment="Drop illegal source \

   addresses"

add chain=sanity-check action=jump jump-target=drop in-interface=Public dst-address-list=!lokalni-adresi comment="Drop everything that goes \

   from public interface but not to local address"

add chain=sanity-check action=jump jump-target=drop dst-address-type=broadcast,multicast comment="Drop all traffic that goes to multicast \

   or broadcast addresses"

add chain=sanity-check action=jump jump-target=drop src-port=137 dst-port=137 protocol=udp comment="Drop port 137 UDP"

add chain=sanity-check action=return

add chain=input action=accept in-interface=Public dst-port=8291 protocol=tcp comment="Allow Remote Router Administration via WinBox"

add chain=input action=accept in-interface=Local src-address-list=lokalni-adresi comment="Accept lokalni-adresi"

add chain=input action=jump jump-target=drop in-interface=Local comment="Drop everything else on local input"

add chain=input action=jump jump-target=sanity-check comment="Sanity Check all input"

add chain=input action=jump jump-target=drop dst-address-type=!local comment="Dropping packets not destined to the router itself, \

   including all broadcast traffic"

add chain=input action=jump jump-target=drop comment="Drop all other input"

add chain=drop action=log disabled=yes

add chain=drop action=drop

/ ip dhcp-server

add name="dhcp1" interface=Local address-pool=dhcp_pool1 disabled=no

/ ip dhcp-server lease

add address=10.10.10.3 mac-address=мак-адрес server=dhcp1

add address=10.10.10.2 mac-address=мак-адрес server=dhcp1

add address=10.10.10.5 mac-address=мак-адрес server=dhcp1

add address=10.10.10.6 mac-address=мак-адрес server=dhcp1

add address=10.10.10.7 mac-address=мак-адрес server=dhcp1

/ ip dhcp-server network

add address=10.10.10.0/24 gateway=10.10.10.1 netmask=24 dns-server=10.10.10.1

/ system clock manual

set time-zone="+02:00"

/ system identity

set name="име на рутер"

/ system scheduler

add name="changeip3m" on-event=changeip interval=3m

/ queue type

add name="pcq-download" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=200

add name="pcq-upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=200

/ queue tree

add name="Download" parent=Local packet-mark=clients-packets queue=pcq-download priority=1 max-limit=19000000 disabled=no

add name="Upload" parent=Public packet-mark=clients-packets queue=pcq-upload priority=1 max-limit=9000000 disabled=no

/ tool mac-server ping

set enabled=no

/ tool graphing resource

add allow-address=0.0.0.0/0 store-on-disk=yes

/ tool graphing interface

add interface=all allow-address=0.0.0.0/0 store-on-disk=yes

Инсталиран на VMWare 6.5.0, конфига е пейстнат както се вижда.

Потреблението не CPU е по-добре отколкото v3.15 и 3.16  

Смятам да използвам v4. понеже не виждам къде ще ми се бъгне след като конкретно тук, ми трябват само ppp, advanced-tools, dhcp и основните пакети за пейстнатия config който виждате.

Ако имам проблеми ще пиша на support: http://www.mikrotik.com/support.html

p.s. и графиките работят.

[NetworkPro]

[...] /system hardware> print

 multi-cpu: yes

[...] /system hardware>

Няма забелязани проблеми въпреки неправилната настройка по подразбиране. Процесора е с едно ядро.

Public interface

CPU Usage