Created
March 6, 2015 06:26
-
-
Save ndoo/c9575599879f2933e932 to your computer and use it in GitHub Desktop.
CCR1009-1S-1S+ PCC WAN, Teamed LAN Configuration Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /interface bridge | |
| add name=bridge1 | |
| /interface ethernet | |
| set [ find default-name=ether1 ] | |
| set [ find default-name=ether2 ] master-port=ether1 | |
| set [ find default-name=ether3 ] master-port=ether1 | |
| set [ find default-name=ether4 ] master-port=ether1 | |
| set [ find default-name=ether7 ] comment="Zhone GE3" | |
| set [ find default-name=ether8 ] comment="Zhone GE4" | |
| /interface bonding | |
| add lacp-rate=1sec mode=802.3ad name=bonding1 slaves=ether5,ether6 transmit-hash-policy=layer-3-and-4 | |
| /ip pool | |
| add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 | |
| /ip dhcp-server | |
| add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=dhcp1 | |
| /interface bridge port | |
| add bridge=bridge1 interface=ether1 | |
| add bridge=bridge1 interface=bonding1 | |
| add bridge=bridge1 interface=sfp-sfpplus1 | |
| /ip address | |
| set [ find interface=ether1 ] address=192.168.88.1/24 comment="lan" interface=bridge1 network=192.168.88.0 | |
| /ip dhcp-client | |
| add dhcp-options=hostname,clientid disabled=no interface=ether7 | |
| add default-route-distance=2 dhcp-options=hostname,clientid disabled=no \ | |
| interface=ether8 | |
| /ip dhcp-server network | |
| add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 | |
| /ip dns | |
| set allow-remote-requests=yes | |
| /ip firewall address-list | |
| add address=192.168.88.2 disabled="yes" list="MyServer" comment="Exclude from PCC Example" | |
| /ip firewall filter | |
| add chain=input comment="input established, related" connection-state=established,related | |
| add chain=input comment="input related" connection-state=related | |
| add chain=input comment="input icmp" dst-limit=30/1m,0,src-address/10m \ | |
| icmp-options=8 protocol=icmp | |
| add chain=input comment="input winbox" dst-port=8291 protocol=tcp | |
| add action=drop chain=input comment="wan1 drop" in-interface=ether7 | |
| add action=drop chain=input comment="wan2 drop" in-interface=ether8 | |
| add chain=input comment="input dns udp" dst-port=53 protocol=tcp | |
| add chain=input comment="input dns tcp" dst-port=53 protocol=udp | |
| add chain=input comment="input upnp udp/1900" dst-port=1900 protocol=udp | |
| add chain=input comment="input upnp tcp/2828" dst-port=2828 protocol=tcp | |
| add chain=input comment="input webfig" dst-port=80 protocol=tcp | |
| add action=drop chain=input comment="input default drop" | |
| /ip firewall mangle | |
| add action=mark-connection chain=input comment="wan1 input connection mark" \ | |
| in-interface=ether7 new-connection-mark=wan1 passthrough=no | |
| add action=mark-connection chain=input comment="wan2 input connection mark" \ | |
| in-interface=ether8 new-connection-mark=wan2 passthrough=no | |
| add action=mark-routing chain=output comment=\ | |
| "wan1 connection mark to routing mark" connection-mark=wan1 \ | |
| new-routing-mark=wan1 | |
| add action=mark-routing chain=output comment=\ | |
| "wan2 connection mark to routing mark" connection-mark=wan2 \ | |
| new-routing-mark=wan2 | |
| add action=mark-connection chain=prerouting comment="wan1 pcc connection mark" \ | |
| dst-address-type=!local in-interface=bridge1 new-connection-mark=wan1 \ | |
| per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=\ | |
| "!Exclude from PCC" | |
| add action=mark-connection chain=prerouting comment="wan2 pcc connection mark" \ | |
| dst-address-type=!local in-interface=bridge1 new-connection-mark=wan2 \ | |
| per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=\ | |
| "!Exclude from PCC" | |
| add action=mark-routing chain=prerouting comment=\ | |
| "wan1 pcc connection mark to routing mark" connection-mark=wan1 \ | |
| in-interface=bridge1 new-routing-mark=wan1 passthrough=no | |
| add action=mark-routing chain=prerouting comment=\ | |
| "wan2 pcc connection mark to routing mark" connection-mark=wan2 \ | |
| in-interface=bridge1 new-routing-mark=wan2 passthrough=no | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat comment="nat wan1" out-interface=ether7 | |
| add action=masquerade chain=srcnat comment="nat wan2" out-interface=ether8 | |
| add action=dst-nat chain=dstnat comment="HTTP Port Forward Example" dst-port=\ | |
| 21 protocol=tcp to-addresses=192.168.88.2 disabled=yes | |
| /ip route | |
| add distance=1 gateway=1.1.1.1 routing-mark=wan1 | |
| add distance=2 gateway=2.2.2.2 routing-mark=wan2 | |
| /ip upnp | |
| set enabled=yes | |
| /ip upnp interfaces | |
| add interface=ether7 type=external | |
| add interface=ether8 type=external | |
| add interface=bridge1 type=internal | |
| /system clock | |
| set time-zone-name=Asia/Singapore | |
| /system ntp client | |
| set enabled=yes primary-ntp=203.117.180.36 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment