İçeriğe atla

Mikrotik

Mikrotik Çözümleri

Mikrotik VPN Engelleme

Mikrotik VPN Engelleme

Mikrotik VPN kullanıcılarını engellemeniz için kullanabilirsiniz. Ayrıca bu yöntem ile Hotspot shield , ultra surf , open vpn gibi programlarıda engellemiş olursunuz

/ip firewall filter
add action=drop chain=forward comment="DROP VPN / PPTP" disabled=no \
    protocol=gre

veya aşagıdaki kodları kullanabilirsiniz

/ip firewall address-list
add address=192.168.100.100 disable=no list=Allowed-pptp
 
/ip firewall filter
add action=drop chain=forward comment="DROP VPN / PPTP" disabled=no \
    protocol=gre src-address-list="Allowed-pptp"

Mikrotik Skype Reklamlarını Engelleme

Aşağıdaki kodları terminale ekleyin

/ip dns static
add address=127.0.0.1 name=pubads.g.doubleclick.net
add address=127.0.0.1 name=static.doubleclick.net
add address=127.0.0.1 name=devads.skypeassets.net
add address=127.0.0.1 name=devapps.skype.net
add address=127.0.0.1 name=qawww.skypeassets.net
add address=127.0.0.1 name=qaapi.skype.net
add address=127.0.0.1 name=preads.skypeassets.net
add address=127.0.0.1 name=preapps.skype.net
add address=127.0.0.1 name=static.skypeassets.com
add address=127.0.0.1 name=serving.plexop.net
add address=127.0.0.1 name=preg.bforex.com
add address=127.0.0.1 name=ads1.msads.net
add address=127.0.0.1 name=flex.msn.com
add address=127.0.0.1 name=apps.skype.com
add address=127.0.0.1 name=api.skype.com
add address=127.0.0.1 name=cdn.mbstatic.org
add address=127.0.0.1 name=marathonbet.com
add address=127.0.0.1 name=megogo.net
add address=127.0.0.1 name=adselector.ru
add address=127.0.0.1 name=pluso.ru
add address=127.0.0.1 name=flash.begun.ru
add address=127.0.0.1 name=ad.adriver.ru

Mikrotik Hotspot Shield ve UltraSurf Engelleme

Mikrotik Hotspot Shield ve UltraSurf Engelleme

Hotspot Shield programını tespit eder ve engeller

/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp

/ip firewall filter
add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
src-address-list=HotSpotShieldUsers

UltraSurf programını tespit eder ve engeller

/ip firewall filter
add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\
443 protocol=tcp src-address-list=UltraSurfUsers

/ip firewall mangle
add action=add-src-to-address-list address-list=UltraSurfUsers \
address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\
no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp

/ip firewall address-list
add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers
add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers

DNS Engelleme

/ip firewall filter
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=udp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=udp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=tcp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=udp

Mikrotik Hotspot Shield Engelleme

Mikrotik terminal ekranına geçip aşagıdaki kodları yapıştırın

/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4d4h chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no \
    dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers content=127.0.0.1:895 \
    disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4d4h chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no \
    dst-port=443 protocol=tcp
 
/ip firewall filter
add action=drop chain=forward comment="Engel HotSpot Shield" disabled=no src-address-list=HotSpotShieldUsers

Mikrotik Ultrasorf Engelleme

Mikrotik kullananların ortak problemi ultrasorf engelliyememesidir.

Ultrasorf engellemek için terminale aşagıdaki kodları yazmanız yeterlidir.

/ip firewall filter
add action=drop chain=forward comment="Engel UltraSurf" disabled=no dst-port=443 protocol=tcp src-address-list=UltraSurfUsers

/ip firewall mangle
add action=add-src-to-address-list address-list=UltraSurfUsers address-list-timeout=1d chain=prerouting comment="UltraSurfUsers" disabled=no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp

/ip firewall address-list
add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers
add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers

/ip firewall filter
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=udp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=udp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=tcp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=udp

Mikrotik 4 hat PPPOE kurulumu

4 hat PPPOE hattı loadbalancer yapmamız için aşagıdaki kodları terminale yazmanız yeterli.

/ip address
add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0
add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0
 
/ip pool
add name=dhcp_pool1 ranges=172.16.0.70-172.16.0.254
add name=pppoe-users-pool ranges=10.0.0.1-10.0.0.255
 
/ip dhcp-server add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=12h name="My DHCP Server"
 
/ip dhcp-server config
set store-leases-disk=5m
 
/ip dhcp-server network
add address=172.16.0.0/16 comment="" dns-server=172.16.0.1,221.132.112.8
 
/interface pppoe-server server
add authentication=pap default-profile=default disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=virtual
 
/ppp profile add change-tcp-mss=default dns-server=172.16.0.1 local-address=172.16.0.1 name=pppoe-profile only-one=default remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default
 
/ppp secret add caller-id=”" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=virtual password=1234 profile=pppoe-profile routes=”" service=pppoe
 
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
 
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
 
add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes
 
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24
 
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255
 
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255
 
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255
 
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255
 
add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes
 
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255
 
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
 
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10
 
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10
 
add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10
 
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
 
add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
 
add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10
 
add check-gateway=ping comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10

Mikrotik Gmail Hesabına Yedekleme

Aşagıdaki kodları terminale yazmanız yeterlidir.

Değiştirmeniz gereken yerler:

Öncelikle değiştirmeniz gereken yerler:

gmailuser GMAILUSERNAME
gmailid YOUREMAILID@gmail.com
global gmailpwd YOURCURRENTPASSWORD

global recmail RECEIVEREMAILADDRESS

/system script
add name=BackupEmail source="# Enter Sender/Receiver Details.\r\
\n\r\
\n:global gmailuser GMAILUSERNAME\r\
\n:global gmailid YOUREMAILID@gmail.com\r\
\n:global gmailpwd YOURCURRENTPASSWORD\r\
\n\r\
\n## --- Aşağıda değiştirmeyin ---- ##\r\
\n\r\
\n\r\
\n# Enter Receiver Details.\r\
\n:global recmail RECEIVEREMAILADDRESS\r\
\n\r\
\n## --- Do not change below ---- ##\r\
\n\r\
\n#:log warning \"Mikrotik Router Backup JOB Started . . . \"\r\
\n:local gmailip\r\
\n:set gmailip [:resolve \"smtp.gmail.com\"]\r\
\n:global backupfile configbackup\r\
\n:global mikrotikexport mtexport_backup\r\
\n:global sub1 ([/system identity get name])\r\
\n:global sub2 ([/system clock get time])\r\
\n:global sub3 ([/system clock get date])\r\
\n:log warning \"Creating new up to date backup files . . . \"\r\
\n\r\
\n/system backup save dont-encrypt=yes name=\$backupfile\r\
\n/export compact file=\$mikrotikexport\r\
\n\r\
\n/tool e-mail set address=\$gmailip from=\$gmailid password=\$gmailpwd port=587 start-tls=yes user=\$gmailuser\r\
\n\r\
\n:log warning \"Backup process pausing for 10s so it can complete creating backup if system is busy ...\"\r\
\n:delay 10s\r\
\n:log info \"Start Sending Backup File via Email using GMAIL SMTP . . .\"\r\
\n/tool e-mail send to=\$recmail password=\$gmailpwd subject=\"\$sub3 \$sub2 \$sub1 Configuration BACKUP File\" from=\$gmailid file=\$backupfile server=\$gmailip start-tls=yes\r\
\n:delay 30s\r\
\n/tool e-mail send to=\$gmailid password=\$gmailpwd subject=\"\$sub3 \$sub2 \$sub1 Configuration EXPORT File\" from=\$gmailid file=\$mikrotikexport server=\$gmailip start-tls=yes\r\
\n# Delete Old backup files to save space.\r\
\n/file remove \$backupfile\r\
\n:delay 30s\r\
\n/file remove \$mikrotikexport\r\
\n/tool e-mail set address=0.0.0.0 from=<> password=xxxx port=25 start-tls=yes user=yourid\r\
\n:log warning \"Backup Finished & Backup File Removed. All Done. You should verify your inbox for confirmation\""

Aşagıdaki kodu zamanlanmış görevlere ekleyiniz


/system scheduler
add interval=1d name=BackupByEmail on-event=BackupEmail start-date=apr/03/2016 start-time=00:15:00

 

Torrent Engelleme

192.168.0.0/24 blogundaki torrent ve p2p trafigi engellemek için aşagıdaki kodları kullanabilirsiniz.

/ip firewall layer7-protocol
add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"

/ip firewall filter
add chain=forward src-address=192.168.0.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.0.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.0.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.0.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.0.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.0.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.0.0/24 content=announce_peers action=drop comment=announce_peers_drop

# Ayrıca aşagıdaki koduda eklemeniz iyi olur

add chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment=p2p_drop