RouterOS新装后必要的配置
https://mikrotik.com/download
Cloud Hosted Router(CHR) 版本
给网卡重命名:Interface
关闭不用服务并修改winbox端口
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=22890
set api-ssl disabled=yes/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set sip disabled=yes添加IP :
/ip address
add address=192.168.138.254/24 interface=lan network=192.168.138.0
add address=140.210.18.250/24 interface=wan network=140.210.18.0添加网关 :
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=140.210.18.1 设置dns
/ip dns
set servers=58.220.32.220,58.220.32.219设置回流
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.138.0/24禁止ping
/ip firewall filter
add action=drop chain=input comment="BDFBping" disabled=yes protocol=icmp
src-address=!192.168.138.0/24关闭公网DNS查询(防止被做为DDOS放大攻击器)
/ip firewall filter
add action=drop chain=input comment="B9D8B1D5B9ABCDF8DNSB2E9D1AF(
B7C0D6B9ROSB1BBD7F7CEAADDOSB7C5B4F3B9A5BBF7C6F7)"
dst-port=53 in-interface=wan protocol=udp添加内网映射
/ip firewall nat
add action=dst-nat chain=dstnat comment="CBDED6F7BBFA192.168.138.200"
disabled=yes dst-port=30000 protocol=tcp to-addresses=192.168.138.200
to-ports=30000禁用mac-telnet服务
/tool mac-server set allowed-interface-list=none禁用mac-winbox服务
/tool mac-server mac-winbox set allowed-interface-list=none禁用mac-ping服务
/tool mac-server ping set enabled=no邻居发现
MikroTik邻居发现协议用于显示和识别网络中的其他MikroTik设备,禁用所有接口上的邻居发现
禁用IPv4 的邻居发现协议
/ip neighbor discovery-settings set discover-interface-list=none关闭IPV6
/ipv6 settings
set disable-ipv6=yes
使用export命令导出,使用import命令导入。
如:导出全部配置命令为:
/export file=name
导入配置命令:
/import file=name
示例:导出防火墙配置的命令:/ip firewall export file=name
导入防火墙配置的命令:/import file-name:name
将所有设置全部导出和导入:
将设置全部导出:
/system backup save name=name
将所有设置全部导入:
/system backup load name=name
全部导入需要重启生效,重启之后,以前的设置全都回来了。
*本文=后面的name均指备份的名字
阅读剩余
THE END