IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Vegeu també RB750 Series

NOTA: Es tracta d'un router real de 5 ports, però cal tenir en compte que la configuració per defecte simula un router SOHO típic amb NAT amb dos interfícies WAN i LAN on la LAN és una switch de 4 ports

Configuració per defecte. Factory defaults

#| ether1 is renamed ether1-gateway, rest of interfaces are switched
#| IP address 192.168.88.1/24 is on switch
#| DHCP client is on ether1-gateway
#| DHCP server is on switch, with address pool 192.168.88.10-192.168.88.254
#| masquerade on ether1-gateway
:global action

# these commands are executed after installation or configuration reset
:if ($action = "apply") do={
    /interface set ether1 name=ether1-gateway
    /interface set ether2 name=ether2-local-master
    /interface set ether3 name=ether3-local-slave
    /interface set ether4 name=ether4-local-slave
    /interface set ether5 name=ether5-local-slave

    /interface ethernet set ether3-local-slave master-port=ether2-local-master
    /interface ethernet set ether4-local-slave master-port=ether2-local-master
    /interface ethernet set ether5-local-slave master-port=ether2-local-master

    /ip address add address=192.168.88.1/24 interface=ether2-local-master comment="default configuration"

    :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
        /ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
        /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254;
        /ip dhcp-server add name=default address-pool=default-dhcp interface=ether2-local-master disabled=no;
        /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
    }

    /ip firewall {
    	filter add chain=input action=accept protocol=icmp comment="default configuration" 
	filter add chain=input action=accept connection-state=established in-interface=eth er1-gateway comment="default configuration"
	filter add chain=input action=accept connection-state=related in-interface=ether1- gateway comment="default configuration"
	filter add chain=input action=drop in-interface=ether1-gateway comment="default co nfiguration"
       nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="defau lt configuration"
    } 

   /ip dns {
   	set allow-remote-requests=yes
   	static add name=router address=192.168.88.1
   }

   /tool mac-server remove [find]
   /tool mac-server add interface=ether2-local-master disabled=no
   /tool mac-server add interface=ether3-local-slave disabled=no
   /tool mac-server add interface=ether4-local-slave disabled=no
   /tool mac-server add interface=ether5-local-slave disabled=no

   /tool mac-server mac-winbox disable [find]
   /tool mac-server mac-winbox add interface=ether2-local-master disabled=no
   /tool mac-server mac-winbox add interface=ether3-local-slave disabled=no
   /tool mac-server mac-winbox add interface=ether4-local-slave disabled=no
   /tool mac-server mac-winbox add interface=ether5-local-slave disabled=no

   /ip neighbor discovery set [find name=ether1-gateway] discover=no
}

# these commands are executed if user requests to remove default configuration
:if ($action = "revert") do={
   /ip firewall {
       :local o [nat find comment="default configuration"]
       :if ([:len $o] != 0) do={ nat remove $o }

       :local o [filter find comment="default configuration"]
       :if ([:len $o] != 0) do={ filter remove $o }
   }

   :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
       :local o [/ip dhcp-server network find comment="default configuration"]
       :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }

       :local o [/ip dhcp-server find name="default" address-pool="default-dhcp" interface=ether2-local-master !disabled]
       :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }

       /ip pool {
           :local o [find name=default-dhcp ranges=192.168.88.10-192.168.88.254]
           :if ([:len $o] != 0) do={ remove $o }
       }

       :local o [/ip dhcp-client find comment="default configuration"]
       :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
   }

   /ip dns {
   	set allow-remote-requests=no
       :local o [static find name=router address=192.168.88.1]
       :if ([:len $o] != 0) do={ static remove $o }
   }

   /ip address {
       :local o [find comment="default configuration"]
       :if ([:len $o] != 0) do={ remove $o }
   }

   /tool mac-server remove [find]
   /tool mac-server add interface=all disabled=no

    /tool mac-server mac-winbox remove [find interface!=all]
   /tool mac-server mac-winbox set [find] disabled=no 

   /ip neighbor discovery set [find name=ether1-gateway] discover=yes

   /interface ethernet set ether3-local-slave master-port=none
   /interface ethernet set ether4-local-slave master-port=none
   /interface ethernet set ether5-local-slave master-port=none

   /interface set ether1-gateway name=ether1
   /interface set ether2-local-master name=ether2
   /interface set ether3-local-slave name=ether3
   /interface set ether4-local-slave name=ether4
   /interface set ether5-local-slave name=ether5
}


Reset to factory defaults

Reset amb reset button

Cal mantenir apretat amb quelcom amb punta el botó de reset mentrestant connectem la font d'alimentació. Cal mantenir premut el botó fins que el boto activity parpallegi. Això tornar el router a la configuració de fàbrica.

Configuració de fàbrica

Els valors per defecte del dispositiu són:

  • IP: 192.168.88.1
  • Màscara: 255.255.255.0
  • Usuari: admin
  • Paraula de pas: sense paraula de pas

Podeu fer IP aliasing per tal de connectar-vos:

$ ifconfig eth0:1 192.168.88.45 up
$ ping 192.168.88.1

I connectar-vos al routerOS amb winbox i wine:

$ wine winbox.exe

A la primera connexió o després de fer un:

/system reset-configuration

Us apareixerà el següent missatge:

The following default configuration has been installed on your router:

ether1 is renamed ether1-gateway, rest of interfaces are switched 
IP address 192.168.88.1/24 is on switch 
DHCP client is on ether1-gateway 
DHCP server is on switch, with address pool 192.168.88.10-192.168.88.254 
masquerade on ether1-gateway  

You can click on "Show Script" to see the exact commands that are used to add and remove this default configuration.To remove this default configuration click on "Remove   
Configuration" or click on "OK" to continue.  

NOTE: If you are connected using the above IP and you remove it, you will be disconnected.
  

Script per defecte

#| ether1 is renamed ether1-gateway, rest of interfaces are switched
#| IP address 192.168.88.1/24 is on switch
#| DHCP client is on ether1-gateway
#| DHCP server is on switch, with address pool 192.168.88.10-192.168.88.254
#| masquerade on ether1-gateway
:global action

# these commands are executed after installation or configuration reset
:if ($action = "apply") do={
    /interface set ether1 name=ether1-gateway
    /interface set ether2 name=ether2-local-master
    /interface set ether3 name=ether3-local-slave
    /interface set ether4 name=ether4-local-slave
    /interface set ether5 name=ether5-local-slave  

    /interface ethernet set ether3-local-slave master-port=ether2-local-master
    /interface ethernet set ether4-local-slave master-port=ether2-local-master
    /interface ethernet set ether5-local-slave master-port=ether2-local-master 

    /ip address add address=192.168.88.1/24 interface=ether2-local-master comment="default configuration"  

    :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
       /ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
       /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254;
       /ip dhcp-server add name=default address-pool=default-dhcp interface=ether2-local-master disabled=no;
       /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
   }

   /ip firewall {
   	filter add chain=input action=accept protocol=icmp comment="default configuration"
	filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration"
	filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration"
	filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
        nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
   }

   /ip dns {
   	set allow-remote-requests=yes
   	static add name=router address=192.168.88.1
   }

   /tool mac-server remove [find]
   /tool mac-server add interface=ether2-local-master disabled=no
   /tool mac-server add interface=ether3-local-slave disabled=no
   /tool mac-server add interface=ether4-local-slave disabled=no
   /tool mac-server add interface=ether5-local-slave disabled=no

   /tool mac-server mac-winbox disable [find]
   /tool mac-server mac-winbox add interface=ether2-local-master disabled=no
   /tool mac-server mac-winbox add interface=ether3-local-slave disabled=no
   /tool mac-server mac-winbox add interface=ether4-local-slave disabled=no
   /tool mac-server mac-winbox add interface=ether5-local-slave disabled=no

   /ip neighbor discovery set [find name=ether1-gateway] discover=no
}

# these commands are executed if user requests to remove default configuration
:if ($action = "revert") do={
   /ip firewall {
       :local o [nat find comment="default configuration"]
       :if ([:len $o] != 0) do={ nat remove $o }

       :local o [filter find comment="default configuration"]
       :if ([:len $o] != 0) do={ filter remove $o }
   }

   :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
       :local o [/ip dhcp-server network find comment="default configuration"]
       :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }

       :local o [/ip dhcp-server find name="default" address-pool="default-dhcp" interface=ether2-local-master !disabled]
       :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }

       /ip pool {
           :local o [find name=default-dhcp ranges=192.168.88.10-192.168.88.254]
           :if ([:len $o] != 0) do={ remove $o }
       }

       :local o [/ip dhcp-client find comment="default configuration"]
       :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
   }

   /ip dns {
   	set allow-remote-requests=no
       :local o [static find name=router address=192.168.88.1]
       :if ([:len $o] != 0) do={ static remove $o }
   }

   /ip address {
       :local o [find comment="default configuration"]
       :if ([:len $o] != 0) do={ remove $o }
   }

   /tool mac-server remove [find]
   /tool mac-server add interface=all disabled=no

   /tool mac-server mac-winbox remove [find interface!=all]
   /tool mac-server mac-winbox set [find] disabled=no 

   /ip neighbor discovery set [find name=ether1-gateway] discover=yes

   /interface ethernet set ether3-local-slave master-port=none
   /interface ethernet set ether4-local-slave master-port=none
   /interface ethernet set ether5-local-slave master-port=none

   /interface set ether1-gateway name=ether1
   /interface set ether2-local-master name=ether2
   /interface set ether3-local-slave name=ether3
   /interface set ether4-local-slave name=ether4
   /interface set ether5-local-slave name=ether5
}

Convertir la configuració per defecte a un router de 5 ports

A interfaces cliquem a cada interfície i els canviem el nom a:

ether1
ether2
ether3
ether4
ether5

A les interfaces 3,4 i 5 posem none a master-port (així eliminem el switch).

NOTA: La IP per defecte 192.168.88.1 només s'assigna a la ether2! Si elimineu la configuració en mode switch (mirror) a partir d'ara només us podreu connectar al router utilitzant aquesta ip pel port ether2

Configuració pas a pas

Notes:

  • Per configurar les adreces de xarxa cal:
  • Crear les interfícies amb les seves adreçes IP
  • Crear les rutes de xarxa local a routes

NOTA: A diferència d'altres sistemes (per exemple el que fa l'ordre ifconfig en sistemes Linux), al assignar una adreça IP a una interfície, no configura automàticament les routes de xarxa local (vegeu ordre route)

Configuració manual

  • Firewall
  • A IP/Firewall treure el NAT
  • Posar l'action per defecte 5a ACCEPT per la interfície ether1
  • Es poden treure les normes de permetre connexions established i related...
  • Canviar la ether1
  • A interfaces canviar el nom a les interfície a eth1
  • Cal moure la IP per defecte (192.168.88.1) a la eth1 a IP/Adresses
  • Afegir la IP pública de guifi (a l'exemple 10.36.253.11) a la ether1
  • Altres interfícies
  • Canviar el nom i desactivar el esclau (posar none) de les interfícies et2,eth3,eth4,eth5

::*Un cop a none tornar-les a fer esclaves però de eth1

  • Canviar el nom de la ether2 i posar-lo com a esclau de eth1
  • Ja tenim un switch Oco, TODO
  • Altres configuracions
  • Eliminar dhcp client (menú IP)
  • Eliminar dhcp server (menú IP)
  • A System/Identity posar el nom del dispositiu
  • Activar i configurar SNMP a IP > SNMP:
  • Activar el bandwidth server a Tools > BtestServer
  • Canviar la paraula de pas de l'usuari admin
  • Activar guest
  • Afegir usuaris personals
  • Establir el DNS primari (i secundari si hi ha) a IP/DNS botó Settings.
  • Configurar el NTP client (TODO cal comprovar el servidor) a Sistema > NTP Client


Vegeu també

Enllaços externs