Scripts MikroTik
Acceso Remoto a un MikroTik IP/Cloud
ip cloud set update-time=yes
Forwarding MikroTik
/ip firewall natadd action=dst-nat chain=dstnat dst-port=2323 in-interface=pppoe-out1 protocol=tcp to-addresses=172.168.1.123 to-ports=80
Balanceo de carga Pcc
/ip addressadd address=192.168.1.2/24 comment="Wan 1" interface=ether1 network=192.168.1.0
add address=192.168.9.2/24 comment="Wan 2" interface=ether2 network=192.168.9.0
add address=10.10.10.1/24 comment=Lan interface=ether5 network=10.10.10.0
/ip firewall nat
add action=masquerade chain=srcnat comment="Wan 1" out-interface=ether1
add action=masquerade chain=srcnat comment="Wan 2" out-interface=ether2
/ip route
add check-gateway=ping comment="Ruteo wan 1" distance=1 gateway=192.168.1.1 \
routing-mark=to_ether1
add check-gateway=ping comment="Ruteo wan 2" distance=1 gateway=192.168.9.1 \
routing-mark=to_ether2
add check-gateway=ping comment="Wan 1" distance=1 gateway=192.168.1.1
add check-gateway=ping comment="Wan 2" distance=2 gateway=192.168.9.1
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Marca de conexiones" \
in-interface=ether1 new-connection-mark=ether1_conn
add action=mark-connection chain=prerouting in-interface=ether2 \
new-connection-mark=ether2_conn
add action=mark-routing chain=output comment=Salida connection-mark=ether1_conn \
new-routing-mark=to_ether1
add action=mark-routing chain=output connection-mark=ether2_conn \
new-routing-mark=to_ether2
add action=mark-connection chain=prerouting comment="Wan (1) 10 megas" \
connection-mark=no-mark dst-address-type=!local in-interface=ether5 \
new-connection-mark=ether1_conn per-connection-classifier=\
both-addresses:4/0
add action=mark-connection chain=prerouting comment="Wan (2) 30 megas" \
connection-mark=no-mark dst-address-type=!local in-interface=ether5 \
new-connection-mark=ether2_conn per-connection-classifier=\
both-addresses:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ether2_conn \
per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ether2_conn \
per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=ether1_conn \
in-interface=ether5 new-routing-mark=to_ether1
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
in-interface=ether5 new-routing-mark=to_ether2
Politica de Ruteo
/ip addressadd address=192.168.1.2/24 comment="Wan 1" interface=ether1 network=192.168.1.0
add address=192.168.9.2/24 comment="Wan 2" interface=ether2 network=192.168.9.0
add address=10.10.10.1/24 comment=Lan interface=ether5 network=10.10.10.0
/ip firewall nat
add action=masquerade chain=srcnat comment="Wan 1" out-interface=ether1
add action=masquerade chain=srcnat comment="Wan 2" out-interface=ether2
/ip route
add check-gateway=ping comment="Ruteo wan 1" distance=1 gateway=192.168.1.1 \
routing-mark=to_ether1
add check-gateway=ping comment="Ruteo wan 2" distance=1 gateway=192.168.9.1 \
routing-mark=to_ether2
add check-gateway=ping comment="Wan 1" distance=1 gateway=192.168.1.1
add check-gateway=ping comment="Wan 2" distance=2 gateway=192.168.9.1
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Marcadode Conexiones" dst-port=80,443 in-interface=ether5 new-connection-mark=ether1_conn passthrough=no protocol=tcp
add action=mark-connection chain=prerouting dst-address=!10.10.10.1 in-interface=ether5 new-connection-mark=ether2_conn passthrough=no
add action=mark-routing chain=output comment="Marcado de Salida " connection-mark=ether1_conn new-routing-mark=to_ether1
add action=mark-routing chain=output connection-mark=ether2_conn new-routing-mark=to_ether2
Subir a primera posicion una regla
/queue simple move [/queue simple find name="queue500"] [:pick [find] 0]Mantener siempre en primera posicion una regla
/system scheduleradd interval=10s name=primera on-event="/queue simple move [/queue simple \
find name=\"queue500\"] [:pick [find] 0]" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup
Administracion de Ancho de Banda con Queue Tree
/ip firewall address-list
add address=172.168.1.254 list=Plan1_2M/512k
/ip firewall mangle
add action=mark-connection chain=prerouting comment="planes de velosidad Upload" connection-mark=no-mark in-interface=bridge1 new-connection-mark=Plan1_conn \
src-address-list=Plan1_2M/512k
add action=mark-packet chain=prerouting connection-mark=Plan1_conn in-interface=bridge1 new-packet-mark="Subida_Plan1 " passthrough=no
add action=mark-connection chain=postrouting comment=Dowload dst-address-list=Plan1_2M/512k new-connection-mark=Plan1_Down_conn out-interface=bridge1
add action=mark-packet chain=postrouting connection-mark=Plan1_Down_conn new-packet-mark="Dowload_Plan1 " out-interface=bridge1 passthrough=no
/queue tree
add limit-at=4M max-limit=6M name=Dowload parent=global priority=1 queue=pcq-download-default
add limit-at=512k max-limit=512k name=Upload parent=global priority=1 queue=pcq-upload-default
add limit-at=512k max-limit=2M name=plan1 packet-mark="Dowload_Plan1 " parent=Dowload priority=2 queue=pcq-download-default
add max-limit=512k name=plan1_up packet-mark="Subida_Plan1 " parent=Upload priority=2 queue=pcq-upload-default
Site to site pptp
Servidor pptp/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
local-address=60.60.60.1 name=rizolatti password=rizolatti123 \
profile=default remote-address=60.60.60.2 routes="" service=pptp
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.16.1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=20.20.20.0/24 gateway=<pptp-rizolatti> scope=30 target-scope=10
cliente pptp
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.16.1 \
scope=30 target-scope=10
add disabled=no distance=1 dst-address=10.10.10.0/24 gateway=pptp-out1 \
scope=30 target-scope=10
Nat de sobrecarga
/interface bridgeadd name=bridge1
/ip pool
add name=dhcp_pool0 ranges=172.16.50.1-172.16.50.29,172.16.50.31-172.16.50.254
add name=dhcp_pool1 ranges=172.16.50.1-172.16.50.29,172.16.50.31-172.16.50.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
/ip address
add address=172.16.16.89/24 comment="Red Wan" interface=ether1 network=\
172.16.16.0
add address=172.16.50.30/24 comment="Red Lan" interface=bridge1 network=\
172.16.50.0
/ip dhcp-server network
add address=172.16.50.0/24 gateway=172.16.50.30
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add comment=Gateway distance=1 gateway=172.16.16.1
/snmp
set contact=soporte enabled=yes
/system clock
set time-zone-name=America/Lima
/system ntp client
set enabled=yes primary-ntp=200.89.75.197 secondary-ntp=190.15.128.72
/tool user-manager database
set db-path=user-manager
Redireccionar una ip por una linea wan
add action=mark-routing chain=prerouting disabled=yes dst-address-type=!loca
new-routing-mark=to_ether2 passthrough=yes src-address=192.168.80.239
Backup automatico Mikrotik Email
Backup
/system backup save name=([/system identity get name] . "-" . \[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); :delay 10; \
/tool e-mail send start-tls=yes to="correo@gmail.com" subject=([/system identity get name] . " Backup " . \
[/system clock get date]) file=([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".backup"); :delay 10; \
/file rem [/file find name=([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".backup")]; \
:log info ("System Backup emailed at " . [/sys cl get time] . " " . [/sys cl get date])
Export
/export file=([/system identity get name] . "-" . \
[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); \
/tool e-mail send to="teldat123456@gmail.com" subject=([/system identity get name] . " Backup " . \
[/system clock get date]) file=([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".rsc"); :delay 10; \
/file rem [/file find name=([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".rsc")]; \
:log info ("System Backup emailed at " . [/sys cl get time] . " " . [/sys cl get date])
Script automatico para el backup automatico
Backup
/system scheduler
add interval=1w name=backup on-event=backup policy=ftp,read,write,policy,test,password,sniff,sensitive,romon start-date=aug/27/2018 start-time=13:21:14
/system script
add name=backup owner=admin policy=ftp,read,write,policy,test,password,sniff,sensitive,romon source="/system backup save name=([/system identity get name] . \
\"-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); :delay 10; \\\r\
\n/tool e-mail send start-tls=yes to=\"correo@gmail.com\" subject=([/system identity get name] . \" Backup \" . \\\r\
\n[/system clock get date]) file=([/system identity get name] . \"-\" . [:pick [/system clock get date] 7 11] . \\\r\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\"); :delay 10; \\\r\
\n/file rem [/file find name=([/system identity get name] . \"-\" . [:pick [/system clock get date] 7 11] . \\\r\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\")]; \\\r\
\n:log info (\"System Backup emailed at \" . [/sys cl get time] . \" \" . [/sys cl get date])"
/tool e-mail
set address=74.125.31.16 from=correo@gmail.com password=contraseña port=587 start-tls=yes user=correo
Export
/system scheduler
add interval=1w name=backup_export on-event=backup_export policy=ftp,read,write,policy,test,password,sniff,sensitive,romon start-date=aug/27/2018 start-time=\
13:21:14
/system script
add name=backup_export owner=admin policy=ftp,read,write,policy,test,password,sniff,sensitive,romon source="/export file=([/system identity get name] . \"-\" \
. \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); :delay 10; \\\r\
\n/tool e-mail send start-tls=yes to=\"teldat123456@gmail.com\" subject=([/system identity get name] . \" Backup \" . \\\r\
\n[/system clock get date]) file=([/system identity get name] . \"-\" . [:pick [/system clock get date] 7 11] . \\\r\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\"); :delay 10; \\\r\
\n/file rem [/file find name=([/system identity get name] . \"-\" . [:pick [/system clock get date] 7 11] . \\\r\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\")]; \\\r\
\n:log info (\"System Backup emailed at \" . [/sys cl get time] . \" \" . [/sys cl get date])"
Script automatico para registrar caidas
tool e-mail send to=correo@gmail.com subject=ROUTER_REPETIDOR_1-UP body=ROUTER_REPETIDOR_1-172.16.16.11-UP
Recibir un correo cuando un dispositivo tiene talencia alta
:local Asunto "Alarma! Monitor de ping a IP"
:local addre 172.18.1.20;
:local ms 200;
:local avgRtt;
/tool flood-ping $addre count=10 do={
:if ($sent = 10) do={
:set avgRtt $"avg-rtt"
}}
:if ($avgRtt >= $ms) do={
/tool e-mail send server=74.125.31.16 port=587 user=correo password=contraseña to=correo@gmail.com from=correo@gmail.com subject=$Themes body=("Monitoring KATHERINE IP:$addre\ndelay:$avgRtt ms")
:log err "Message has been sent";
:log err "La alarma ha sido enviada.";
}
Recibir un correo con el reporte diario del voltaje
Voltreport
:global highvolt
:global lowvolt
:global hivolttime
:global lovolttime
:global starttime
:global vh
:local tvolt
:local thisbox [/system identity get name]
:local thisdate [/system clock get date]
:local thishour
:local emessage "Informe diario del voltaje de $thisbox on $thisdate\n\n"
:if ([:len $vh] > 0) do={
:for x from=0 to=([:len $vh]-1) step=1 do={
:set tvolt [:tostr [:pick $vh $x]]
:set thishour [:tostr (23 - $x)]
:while ([:len $thishour] < 2) do={:set thishour ("0" . $thishour)}
:set emessage ($emessage . $thishour . ":00 = " . [:pick $tvolt 0 2] . "." . [:pick $tvolt 2 3] . "\n")
}
:set emessage ($emessage . "\nDesde que comenzo el monitoreo " . $starttime . "\n")
:set tvolt [:tostr $highvolt]
:set emessage ($emessage . "Maximo = " . [:pick $tvolt 0 2] . "." . [:pick $tvolt 2 3] . "v at " . $hivolttime . "\n")
:set tvolt [:tostr $lowvolt]
:set emessage ($emessage . "Minimo = " . [:pick $tvolt 0 2] . "." . [:pick $tvolt 2 3] . "v at " . $lovolttime . "\n")
# set email address in next line
/tool e-mail send to="correo@gmail.com" subject="$thisbox Voltaje Reporte" body=$emessage
}
# remark out the next line for testing to avoid resetting the voltage array
:set vh
# remark out the next line for testing to avoid resetting the voltage array
:set vh
Voltmonitor
#set lowvoltalarm to desired alarm voltage in tenths of a volt. 234 = 23.4v
:global lowvoltalarm 234
:global highvolt
:global lowvolt
:global starttime
:global hivolttime
:global lovolttime
:global vh
:local thisbox [/system identity get name]
:global voltage [/system health get voltage]
:local thistime [/system clock get time]
:local thisdate [/system clock get date]
:local thishour [:pick $thistime 0 2]
:local emessage ($thisbox . " voltage is " . [:pick $voltage 0 2] . "." . [:pick $voltage 2 3])
:if ([:len $lowvolt] < 1) do={:set lowvolt 999; :set highvolt 0}
# set your email address in the next line
:if ($voltage <= $lowvoltalarm) do={/tool e-mail send to="correo@gmail.com" subject="$thisbox low voltage" body=$emessage}
:if ($voltage > $highvolt) do={:set highvolt $voltage; :set hivolttime ($thistime . " " . $thisdate)}
:if ($voltage < $lowvolt) do={:set lowvolt $voltage; :set lovolttime ($thistime . " " . $thisdate)}
:if ([:len $vh] > 0) do={:set vh ([:toarray $voltage] + $vh)} else={:set vh [:toarray $voltage]}
:if ([:len $starttime] < 1) do={:set starttime ($thistime . " " . $thisdate)}
:if ($thishour = "23") do={:voltajereport}
add interval=23h name=voltajereport on-event=voltajereport policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/18/2019 start-time=\
00:00:00
add interval=1h name=voltmonitor on-event=voltmonitor policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/21/2019 start-time=00:00:00
/system ntp client
set enabled=yes primary-ntp=200.89.75.197 secondary-ntp=190.15.128.72
Comentarios
Publicar un comentario