Diferencia entre revisiones de «QMp al Jardí Botànic de Barcelona»
De Guifi.net - Wiki Hispano
(Página creada con «Esta instalación permite a los usuarios de Jardí Botànic conectarse a una red de nodos mesh en modo roaming para acceder a una aplicación web interna. Desde la nuve mes...») |
|||
Línea 525: | Línea 525: | ||
set accounting=yes default-group=read interim-update=0s use-radius=no | set accounting=yes default-group=read interim-update=0s use-radius=no | ||
</pre> | </pre> | ||
+ | |||
+ | = Agradecimientos/Colaboradores = | ||
+ | * p4u: qMp | ||
+ | * joanm: xsf | ||
+ | * pablog: marsupi | ||
+ | * al: marsupi | ||
+ | * Blackhold: marsupi |
Revisión de 16:51 29 jun 2012
Esta instalación permite a los usuarios de Jardí Botànic conectarse a una red de nodos mesh en modo roaming para acceder a una aplicación web interna. Desde la nuve mesh es posible acceder a los servicios de guifi.net pero a la fecha de escribir este manual cuando alguien quiere salir a una IP que no sea de guifi.net es redirigido al hotspot que lo lleva al servidor.
Contenido
Estructura básica
- Supernodo Guifi.net con 1 Rocket M5 + 1 Nanobridge 22db + 1 RB750GL
- 1 servidor con contenedores openvz accesibles desde guifi.net
- Red mesh de inicialmente 3 nodos y en total 6-7.
Configuración RB750GL
- La boca 1 (ether1) se destina a la comunicación con el server, el server y la RB los separan un tramo de fibra óptica.
- Las bocas 2 y 3 se destinan a comunicación del supernodo con guifi
- La boca 5 (wlan4) se destina a la comunicación con los nodos mesh
- Definimos una IP válida de guifi en wlan4
- Creamos el NAT a la IP válida de guifi que le asignaremos al nodo mesh "NI".
Configuración nodos mesh
- La instalación inicial consiste en 3 nodos mesh, 1 que es el que va conectado a la RB que lo llamaremos "NI" (nodo internet).
- Inicialmente montamos y configuramos todos los nodos por igual: Instalación_de_qMp_en_RouterStation_Pro
- Nos vamos a wizard y los ponemos todos en modo "roaming".
- Definimos el mismo essid para todos (guifi.net-qMp-JB para la malla mesh a 5GHz wlan0 y JardiBotanic para los AP a 2,4GHz wlan1)
- Desactivamos el hotspot en todos los dispositivos mesh (ya que el hotspot lo llevará la RB)
service tinyproxy disable service tinyproxy stop
- Separamos uno que lo llamaremos "GW" o "NI".
Configuración adicional "NI"
Configuración red
- qMp > Xarxa:
- LAN Devices: eth0, eth1 y wlan1
- WAN Devices: eth0
- MESH Devices: wlan0
- qMp > Xarxa > Advanced Networking:
- Force internet: Yes
- Nameservers: Ponemos un DNS válido dentro de guifi.net (recordad, no sale a internet)
- Administració > Xarxa > Interfícies > WAN0:
- La ponemos a estática y definimos la IP que comunicará con la RB
- Reiniciamos el dispositivo
reboot
Anunciar salida a guifi
La instalación en realidad no tiene salida a internet, así que tendremos que desactivar el gwck, que es un servicio que verifica cada x tiempo que el nodo tiene salida a internet
service gwck disable service gwck stop qmpcontrol offer_default_gw
También tendremos que comentar una línea del firewall ( /etc/firewall.user )
root@qmpc2:~# cat /etc/firewall.user # This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. #iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 10.0.0.0/8 -j RETURN iptables -t nat -A POSTROUTING -j MASQUERADE
Y reiniciamos el firewall
service firewall restart
Ahora podemos entrar a los otros nodos mesh y verificamos que pueden hacer ping a internet.
Configuración hotspot y RB
# jun/29/2012 15:45:36 by RouterOS 5.11 # software id = KQP1-MFE4 # /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 \ name=lan/lan priority=0x8000 protocol-mode=none transmit-hold-count=6 /interface ethernet set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C4:33:48 \ master-port=none mtu=1500 name=ether1 speed=100Mbps set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether2 ;; ROCKET M5 ;; BARCELONA" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:49 master-port=none mtu=1500 name=wlan1 speed=\ 100Mbps set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether3 ;; NANOBRIDGE 5 ;; ZF" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:4A master-port=none mtu=1500 name=wlan2 speed=\ 100Mbps set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether4 ;; ROCKET M2 ;; CLIENTS" disabled=no full-duplex=yes l2mtu=1598 \ mac-address=00:0C:42:C4:33:4B master-port=none mtu=1500 name=wlan3 speed=\ 100Mbps set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\ "ether5 ;; NODE MESH" disabled=no full-duplex=yes l2mtu=1598 mac-address=\ 00:0C:42:C4:33:4C master-port=none mtu=1500 name=wlan4 speed=100Mbps /interface ethernet switch set switch1 mirror-source=none mirror-target=none name=switch1 /ip dhcp-server add authoritative=after-2sec-delay bootp-support=static disabled=yes \ interface=wlan4 lease-time=3d name=dhcp2 /ip hotspot profile set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \ http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \ name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \ use-radius=no add dns-name=Jardi.Botanic.hs hotspot-address=10.139.88.73 html-directory=\ hotspot http-cookie-lifetime=4h http-proxy=0.0.0.0:0 login-by=\ cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 \ split-user-domain=no use-radius=no /ip hotspot add disabled=no idle-timeout=5m interface=wlan4 keepalive-timeout=none name=\ hotspot1 profile=hsprof1 /ip hotspot user profile set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\ 100 status-autorefresh=1m transparent-proxy=no add idle-timeout=none keepalive-timeout=45m name=Intranet_JB shared-users=2 \ status-autorefresh=1m transparent-proxy=no /ip ipsec proposal set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \ name=default pfs-group=modp1024 /ip pool add name=dhcp_wlan3 ranges=10.228.199.68-10.228.199.126 add name=hs-pool-5 ranges=10.139.88.74-10.139.88.78 /ip dhcp-server add address-pool=dhcp_wlan3 authoritative=after-2sec-delay bootp-support=\ static disabled=no interface=wlan3 lease-time=1h name=dhcp1 add address-pool=hs-pool-5 authoritative=after-2sec-delay bootp-support=\ static disabled=no interface=wlan4 lease-time=1h name=dhcp3 /ppp profile set default change-tcp-mss=yes name=default only-one=default use-compression=\ default use-encryption=default use-mpls=default use-vj-compression=\ default set default-encryption change-tcp-mss=yes name=default-encryption only-one=\ default use-compression=default use-encryption=yes use-mpls=default \ use-vj-compression=default /queue type set default kind=pfifo name=default pfifo-limit=50 set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50 set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \ sfq-perturb=5 set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \ red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10 set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\ 5 set only-hardware-queue kind=none name=only-hardware-queue set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\ multi-queue-ethernet-default set default-small kind=pfifo name=default-small pfifo-limit=10 /routing bgp instance set default as=35670 client-to-client-reflection=yes disabled=no \ ignore-as-path-len=no name=default out-filter=ospf-out \ redistribute-connected=yes redistribute-ospf=no redistribute-other-bgp=\ yes redistribute-rip=no redistribute-static=no router-id=10.228.199.33 \ routing-table="" /routing ospf instance set default disabled=no distribute-default=never in-filter=ospf-in \ metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\ auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \ redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \ redistribute-rip=no redistribute-static=no router-id=0.0.0.0 /routing ospf area set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\ default /snmp set contact=guifi@guifi.net enabled=yes engine-id="" location=BCNJardiBotanic \ trap-target=0.0.0.0 trap-version=1 /snmp community set public address=0.0.0.0/0 authentication-password="" \ authentication-protocol=MD5 encryption-password="" encryption-protocol=\ DES name=public read-access=yes security=none write-access=no /system logging action set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \ disk-stop-on-full=no name=disk target=disk set echo name=echo remember=yes target=echo set remote bsd-syslog=no name=remote remote-port=514 syslog-facility=daemon \ syslog-severity=auto target=remote /system routerboard settings set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\ 400MHz force-backup-booter=no silent-boot=no set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\ 400MHz force-backup-booter=no silent-boot=no /user group set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\ eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\ ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\ winbox,password,web,sniff,sensitive,api" skin=default /interface bridge port add disabled=no edge=auto external-fdb=auto horizon=none interface=ether1 \ path-cost=10 point-to-point=auto priority=0x80 add disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 \ path-cost=10 point-to-point=auto priority=0x80 /interface bridge settings set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ no /interface ethernet switch port set ether1 vlan-mode=disabled set wlan1 vlan-mode=disabled set wlan2 vlan-mode=disabled set wlan3 vlan-mode=disabled set wlan4 vlan-mode=disabled set switch1_cpu vlan-mode=disabled /interface l2tp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=\ default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled /interface ovpn-server server set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ default enabled=no keepalive-timeout=60 mac-address=FE:5C:FA:D4:61:97 \ max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no /interface pptp-server server set authentication=mschap1,mschap2 default-profile=default-encryption \ enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled /interface sstp-server server set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\ default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\ disabled port=443 verify-client-certificate=no /ip accounting set account-local-traffic=no enabled=no threshold=256 /ip accounting web-access set accessible-via-web=no address=0.0.0.0/0 /ip address add address=192.168.1.19/24 comment=BACKUP disabled=no interface=ether1 \ network=192.168.1.0 add address=10.228.199.33/29 disabled=no interface=lan/lan network=\ 10.228.199.32 add address=172.25.48.169/29 comment=\ "ROCKET M5 ;; BARCELONA peer_bcnrossello208" disabled=no interface=wlan1 \ network=172.25.48.168 add address=172.25.48.177/29 comment="ROCKET M2 ;; CLIENTS" disabled=no \ interface=wlan3 network=172.25.48.176 add address=10.228.199.65/26 comment="CLIENTS NETWORK" disabled=no interface=\ wlan3 network=10.228.199.64 add address=172.25.48.185/29 comment="NANOBRIDGE ZF" disabled=no interface=\ wlan2 network=172.25.48.184 add address=10.228.199.34/29 disabled=yes interface=lan/lan network=\ 10.228.199.32 add address=172.31.5.5/24 comment="LAN INTERNA JARDI BOTANIC" disabled=no \ interface=ether1 network=172.31.5.0 add address=10.139.6.177/28 comment=SERVERS disabled=no interface=ether1 \ network=10.139.6.176 add address=10.228.201.225/29 comment="CLIENTS T1 ;; TEMPORAL" disabled=no \ interface=wlan1 network=10.228.201.224 add address=172.25.49.145/29 comment="WDS BCNOSI52" disabled=no interface=\ wlan1 network=172.25.49.144 add address=172.25.32.29/30 comment=MESSHHH disabled=yes interface=wlan4 \ network=172.25.32.28 add address=10.139.88.73/29 comment=MESSHHH disabled=no interface=wlan4 \ network=10.139.88.72 add address=172.30.93.114/16 comment=MESSSSSSSSSSSHHHHHHHHHHHHH disabled=no \ interface=wlan4 network=172.30.0.0 /ip dhcp-client add comment="default configuration" default-route-distance=1 disabled=yes \ interface=ether1 add default-route-distance=0 disabled=yes interface=wlan4 /ip dhcp-server config set store-leases-disk=5m /ip dhcp-server lease add address=10.139.88.74 disabled=yes mac-address=00:15:6D:C9:C1:C2 server=\ dhcp3 /ip dhcp-server network add address=10.139.88.72/29 comment="hotspot network" gateway=10.139.88.73 add address=10.228.199.64/26 dns-server=10.228.199.65 domain=guifi.net \ gateway=10.228.199.65 add address=172.25.32.28/30 gateway=172.25.32.29 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 servers=172.30.22.1,10.139.6.130 /ip dns static add address=192.168.88.1 disabled=no name=router ttl=1d /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \ tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \ tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \ tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s /ip firewall filter add action=passthrough chain=unused-hs-chain comment=\ "place hotspot rules here" disabled=yes add action=reject chain=input comment="no permetre acces xarxa jb" disabled=\ no dst-address=172.31.5.0/24 in-interface=wlan2 reject-with=\ icmp-net-prohibited src-address=10.0.0.0/8 add action=reject chain=input comment="no permetre acces xarxa jb" disabled=\ no dst-address=172.31.5.0/24 in-interface=wlan1 reject-with=\ icmp-net-prohibited src-address=10.0.0.0/8 /ip firewall nat add action=src-nat chain=srcnat comment=old disabled=yes dst-address=\ !172.16.0.0/12 protocol=!ospf src-address=172.16.0.0/12 to-addresses=\ 10.228.199.33 add action=src-nat chain=srcnat comment=old disabled=yes dst-address=\ !192.168.0.0/16 src-address=192.168.0.0/16 to-addresses=10.228.199.33 add action=src-nat chain=srcnat disabled=no dst-address=!172.16.0.0/12 \ protocol=!ospf src-address=172.16.0.0/12 to-addresses=10.228.199.33 add action=src-nat chain=srcnat disabled=no dst-address=!192.168.0.0/16 \ src-address=192.168.0.0/16 to-addresses=10.228.199.33 add action=dst-nat chain=dstnat comment="ROCKET M5" disabled=no dst-address=\ 10.228.199.34 to-addresses=172.25.48.171 add action=dst-nat chain=dstnat comment=NANOBRIDGE disabled=no dst-address=\ 10.228.199.35 to-addresses=172.25.48.187 add action=dst-nat chain=dstnat comment="ROCKET M2" disabled=no dst-address=\ 10.228.199.36 to-addresses=172.25.48.178 add action=dst-nat chain=dstnat comment="NANOBRIDGE ZF TEMPORAL" disabled=yes \ dst-address=10.228.199.37 to-addresses=172.25.48.188 add action=dst-nat chain=dstnat comment=MESSSHHHH disabled=no dst-address=\ 10.228.199.37 to-addresses=10.139.88.74 add action=passthrough chain=unused-hs-chain comment=\ "place hotspot rules here" disabled=yes add action=masquerade chain=srcnat disabled=yes out-interface=wlan4 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=yes src-address=172.25.32.28/30 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=yes src-address=10.139.88.72/29 add action=masquerade chain=srcnat comment="masquerade hotspot network" \ disabled=no src-address=10.139.88.72/29 /ip firewall service-port set ftp disabled=no ports=21 set tftp disabled=no ports=69 set irc disabled=no ports=6667 set h323 disabled=no set sip disabled=no ports=5060,5061 sip-direct-media=yes set pptp disabled=no /ip hotspot ip-binding add comment=JM disabled=yes mac-address=00:19:D2:BE:C9:CB type=bypassed add comment=Black disabled=yes mac-address=00:21:6A:A5:21:78 type=bypassed /ip hotspot service-port set ftp disabled=no ports=21 /ip hotspot user add disabled=no name=admin password=1234 profile=Intranet_JB /ip hotspot walled-garden add action=allow comment="place hotspot rules here" disabled=yes /ip hotspot walled-garden ip add action=accept comment="permetre acc\E9s al server" disabled=no \ dst-address=10.139.6.179 server=hotspot1 add action=accept comment="permetre acc\E9s a guifi" disabled=no dst-address=\ 10.0.0.0/8 server=hotspot1 add action=accept comment="permetre acc\E9s a la RB" disabled=no dst-address=\ 10.139.88.73 server=hotspot1 /ip neighbor discovery set ether1 disabled=yes set wlan1 disabled=no set wlan2 disabled=no set wlan3 disabled=no set wlan4 disabled=no set lan/lan disabled=no /ip proxy set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \ cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\ 600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \ parent-proxy-port=0 port=8080 serialize-connections=no src-address=\ 0.0.0.0 /ip service set telnet disabled=no port=23 set ftp disabled=no port=21 set www disabled=no port=80 set ssh disabled=no port=22 set www-ssl certificate=none disabled=yes port=443 set api disabled=yes port=8728 set winbox disabled=no port=8291 /ip socks set connection-idle-timeout=2m enabled=no max-connections=200 port=1080 /ip ssh set forwarding-enabled=no /ip traffic-flow set active-flow-timeout=30m cache-entries=4k enabled=no \ inactive-flow-timeout=15s interfaces=all /ip upnp set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes /mpls set dynamic-label-range=16-1048575 propagate-ttl=yes /mpls interface add disabled=no interface=all mpls-mtu=1508 /mpls ldp set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \ lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \ use-explicit-null=no /port firmware set directory=firmware /ppp aaa set accounting=yes interim-update=0s use-radius=no /queue interface set ether1 queue=ethernet-default set wlan1 queue=ethernet-default set wlan2 queue=ethernet-default set wlan3 queue=ethernet-default set wlan4 queue=ethernet-default /radius incoming set accept=no port=3799 /routing bfd interface set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5 /routing bgp network add disabled=no network=10.228.199.32/29 synchronize=yes add disabled=no network=10.228.199.64/26 synchronize=yes add disabled=no network=10.228.201.224/29 synchronize=yes add disabled=no network=10.139.6.176/28 synchronize=yes /routing bgp peer add address-families=ip as-override=no default-originate=never disabled=no \ hold-time=3m in-filter=ospf-in instance=default multihop=no name=\ BCNrossello208RB1100 nexthop-choice=default out-filter=ospf-out passive=\ no remote-address=172.25.48.170 remote-as=26325 remove-private-as=no \ route-reflect=no tcp-md5-key="" ttl=1 use-bfd=no add address-families=ip as-override=no default-originate=never disabled=no \ hold-time=3m in-filter=ospf-in instance=default multihop=no name=\ BCNosi52RB750 nexthop-choice=default out-filter=ospf-out passive=no \ remote-address=172.25.49.146 remote-as=38104 remove-private-as=no \ route-reflect=no tcp-md5-key="" ttl=1 use-bfd=no /routing filter add action=discard chain=ebgp-in comment=\ "1. Discard insert non 10.x routes from BGP peer" disabled=yes \ invert-match=no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=discard chain=ebgp-out comment=\ "2. Discard send non 10.x routes to BGP peer" disabled=yes invert-match=\ no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=accept chain=ospf-in comment=\ "3. Accept insert 10.x routes from OSPF neighbor" disabled=yes \ invert-match=no prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-in comment=\ "4. Accept insert 172.x routes from OSPF neighbor" disabled=yes \ invert-match=no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-in comment=\ "5. Discard insert non 10.x and 172.x from OSPF neighbor" disabled=yes \ invert-match=no add action=accept chain=ospf-out comment=\ "6. Allow send 10.x routes to OSPF neighbor" disabled=yes invert-match=no \ prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-out comment=\ "7. Allow send 172.x routes to OSPF neighbor" disabled=yes invert-match=\ no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-out comment=\ "8. Discard send non 10.x and 172.x to OSPF neighbor" disabled=yes \ invert-match=no add action=discard chain=ebgp-in comment=\ "1. Discard insert non 10.x routes from BGP peer" disabled=no \ invert-match=no prefix=!10.0.0.0/8 prefix-length=!8-32 add action=discard chain=ebgp-out comment=\ "2. Discard send non 10.x routes to BGP peer" disabled=no invert-match=no \ prefix=!10.0.0.0/8 prefix-length=!8-32 add action=accept chain=ospf-in comment=\ "3. Accept insert 10.x routes from OSPF neighbor" disabled=no \ invert-match=no prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-in comment=\ "4. Accept insert 172.x routes from OSPF neighbor" disabled=no \ invert-match=no prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-in comment=\ "5. Discard insert non 10.x and 172.x from OSPF neighbor" disabled=no \ invert-match=no add action=accept chain=ospf-out comment=\ "6. Allow send 10.x routes to OSPF neighbor" disabled=no invert-match=no \ prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-out comment=\ "7. Allow send 172.x routes to OSPF neighbor" disabled=no invert-match=no \ prefix=172.16.0.0/12 prefix-length=8-32 add action=discard chain=ospf-out comment=\ "8. Discard send non 10.x and 172.x to OSPF neighbor" disabled=no \ invert-match=no /routing mme set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \ gateway-selection=no-gateway origination-interval=5s preferred-gateway=\ 0.0.0.0 timeout=1m ttl=50 /routing ospf interface add authentication=none authentication-key="" authentication-key-id=1 cost=10 \ dead-interval=40s disabled=no hello-interval=10s instance-id=0 \ network-type=default passive=no priority=1 retransmit-interval=5s \ transmit-delay=1s use-bfd=no /routing rip set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \ metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \ redistribute-connected=no redistribute-ospf=no redistribute-static=no \ routing-table=main timeout-timer=3m update-timer=30s /store add disabled=no disk=system name=web-proxy1 type=web-proxy /system clock set time-zone-name=manual /system clock manual set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\ "jan/01/1970 00:00:00" time-zone=+00:00 /system console add disabled=no term=vt102 /system health set /system identity set name=BCNJardiBotanic-RB750 /system logging add action=memory disabled=no prefix="" topics=info add action=memory disabled=no prefix="" topics=error add action=memory disabled=no prefix="" topics=warning add action=echo disabled=no prefix="" topics=critical /system note set note="" show-at-login=yes /system ntp client set enabled=yes mode=unicast primary-ntp=10.138.27.98 secondary-ntp=\ 10.138.27.194 /system resource irq set 0 cpu=auto set 1 cpu=auto /system upgrade mirror set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\ 0.0.0.0 user="" /system watchdog set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ none watchdog-timer=yes /tool bandwidth-server set allocate-udp-ports-from=2000 authenticate=no enabled=yes max-sessions=100 /tool e-mail set address=0.0.0.0 from=<> password="" port=25 user="" /tool graphing set page-refresh=300 store-every=5min /tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes /tool mac-server set (unknown) disabled=no interface=wlan1 set (unknown) disabled=no interface=wlan2 set (unknown) disabled=no interface=wlan3 set (unknown) disabled=no interface=wlan4 /tool mac-server ping set enabled=yes /tool sms set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" /tool sniffer set file-limit=1000KiB file-name="" filter-stream=yes interface=all \ memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\ no streaming-server=0.0.0.0 /tool traffic-generator set latency-distribution-scale=10 test-id=0 /user aaa set accounting=yes default-group=read interim-update=0s use-radius=no
Agradecimientos/Colaboradores
- p4u: qMp
- joanm: xsf
- pablog: marsupi
- al: marsupi
- Blackhold: marsupi