EOF

Пользователи
  • Content count

    12
  • Joined

  • Last visited

Community Reputation

0 Обычный

About EOF

Контакты

  • ICQ
    0

OnLime

  • Обслуживание в Onlime
    да
  1. У меня давно уже отвалились все vpn интерфейсы. Пароли нормально парсятся и ложутся в роутер, скрипты в планировщике запускаются. Как чинить?
  2. Это вам под билайн не приходилось его заводить. С онлаймом роутер работает сразу из коробки, ничего не надо настраивать. Только wif-пароль поставить.
  3. Чтоб микротиком рулить надо иметь опыт администрирования *nix систем
  4. ruvhell что за тема с телевидением? нужен только роутер и плазма подключенная по витой? никаких больше коробочек и платить не нужно?
  5. У меня все настройки от ruvhell за что ему спасибо! Только слегка измененные в некоторых местах. залить в /home/wwwuser/server.my/htdocs/pptp файл pptp.sh следующего содержания curl -s "https://www.vpnme.me/freevpn.html" | grep -A 3 "Password:" | head -n 2 | cut -f2 -s -d "<" | cut -f2 -d ">" | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/vpnme.me.txt curl -s "http://freevpnaccess.com" | grep -A 8 "UK - London" | tail -n 1 | cut -f1 -d " " | tr -cd [:digit:] | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/freevpnaccess.com.txt curl -s "http://freevpn.me/accounts/" | grep -A 3 "Password:" | head -n 1 | cut -f2 -d ":" | cut -f2 -d ">" | cut -b 3- | cut -f1 -d "<" | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/freevpn.me.txt curl -s "http://www.vpnbook.com/" | grep -A 1 "Username: vpnbook" | tail -n 1 | cut -f2 -d ":" | cut -b 2- | cut -f1 -d '<' | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/vpnbook.com.txt поставить его в крон на каждые 10 мин 00,10,20,30,40,50 * * * * /home/wwwuser/server.my/htdocs/pptp/pptp.sh зайти через ftp клиент на роутер и создать там папку pptp залить в /home/wwwuser/server.my/htdocs/pptp файл upload.sh #!/bin/sh LOCALDIR=/home/wwwuser/server.my/htdocs/pptp REMOTESERVER=192.168.1.1 REMOTEPATH=/pptp LOGIN=admin PASSWORD=youpassword cd $LOCALDIR ftp -n $REMOTESERVER <<INPUT_END quote user $LOGIN quote pass $PASSWORD cd $REMOTEPATH put vpnme.me.txt put freevpnaccess.com.txt put freevpn.me.txt put vpnbook.com.txt exit INPUT_END поставить его в крон на каждые 10 мин 1,11,21,31,41,51 * * * * /home/wwwuser/server.my/htdocs/pptp/upload.sh создать pptp интерфейс /interface pptp-client add connect-to=de1.vpnme.me disabled=no mrru=1600 name=vpnme.me password=YQ1eMi user=vpnme add connect-to=83.170.84.216 disabled=no mrru=1600 name=freevpnaccess.com password=3046 user=freevpnaccess.com add connect-to=176.126.237.207 disabled=no mrru=1600 name=freevpn.me password=L1d3Hf1Pl user=pptp add connect-to=euro217.vpnbook.com disabled=no mrru=1600 name=vpnbook.com password=fra4agaV user=vpnbook разрешающее правило в firewall /ip firewall filter add chain=forward comment=PPTP out-interface=all-ppp add chain=output comment=PPTP out-interface=all-ppp add chain=forward comment=PPTP in-interface=all-ppp add chain=input comment=PPTP in-interface=all-ppp nat /ip firewall nat add action=masquerade chain=srcnat out-interface=vpnme.me src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=freevpnaccess.com src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=freevpn.me src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=vpnbook.com src-address=192.168.1.0/24 парсинг заблокированных ресурсов залить в /home/wwwuser/server.my/htdocs/iplist-to-mikrotik файл iplist-to-mikrotik.sh следующего содержания #!/bin/sh #Simple script to convert list of ip addresses to #Mikrotik import file (address list feature) #Can also parse IPs from any text file (ie csv) #SETTINGS #url of input file url="https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv" #address list in mikrotik list="russianbl" #Where to download source file downfile="/home/wwwuser/server.my/htdocs/iplist-to-mikrotik/templist.txt" #File with cleaned & formatted ip addresses infile="/home/wwwuser/server.my/htdocs/iplist-to-mikrotik/craplist.txt" #Where to put rsc script outfile="/home/wwwuser/server.my/htdocs/iplist-to-mikrotik/crapregistry.rsc" wget $url -O $downfile #This will extract all IPs from file (ie works with .csv russian blocklist) sed -n 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/\nIPINDEX&\n/gp' $downfile | grep IPINDEX | sed 's/IPINDEX//'| sort | uniq >> $infile #We need to drop all IPs in address list because mikrotik does not check for duplicates (and they may be removed from file) echo /ip firewall address-list remove [find list=$list] > $outfile #Build rsc file... for line in $(cat $infile) do echo /ip firewall address-list add address="$line" list="$list" >> $outfile done rm $downfile $infile поставить его в крон на каждые 3 часа в 0 мин 0 */3 * * * /home/wwwuser/server.my/htdocs/iplist-to-mikrotik/iplist-to-mikrotik.sh зайти через ftp клиент на роутер и создать там папку blacklist залить в /home/wwwuser/server.my/htdocs/iplist-to-mikrotik файл upload.sh #!/bin/sh LOCALDIR=/home/wwwuser/server.my/htdocs/iplist-to-mikrotik REMOTESERVER=192.168.1.1 REMOTEPATH=/blacklist LOGIN=admin PASSWORD=youpassword cd $LOCALDIR ftp -n $REMOTESERVER <<INPUT_END quote user $LOGIN quote pass $PASSWORD cd $REMOTEPATH put crapregistry.rsc exit INPUT_END поставить его в крон на каждые 3 часа в 5 мин 5 */3 * * * /home/wwwuser/server.my/htdocs/iplist-to-mikrotik/upload.sh добавить system-scripts скрипт import_blacklist /import file=/blacklist/crapregistry.rsc добавить в планировщик на каждые 3 часа /system scheduler add name=import_blacklist interval=3h on-event=import_blacklist делаем новые правила для 4-х соединений в mangl для разбиения трафика по адрес-порту(я в туннель завернул еще и DNS) /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_1 per-connection-classifier=both-addresses-and-ports:4/0 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_2 per-connection-classifier=both-addresses-and-ports:4/1 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_3 per-connection-classifier=both-addresses-and-ports:4/2 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_4 per-connection-classifier=both-addresses-and-ports:4/3 add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=tcp add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=udp add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 protocol=udp add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 protocol=tcp add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_1 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_1 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_2 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_2 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_3 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_3 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_4 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_4 строим дерево в route ip для 4-х сервисов /ip route add check-gateway=arp distance=1 gateway=vpnme.me routing-mark=Route_1 add check-gateway=arp distance=2 gateway=freevpnaccess.com routing-mark=Route_1 add check-gateway=arp distance=3 gateway=freevpn.me routing-mark=Route_1 add check-gateway=arp distance=4 gateway=vpnbook.com routing-mark=Route_1 add check-gateway=arp distance=1 gateway=vpnbook.com routing-mark=Route_2 add check-gateway=arp distance=2 gateway=vpnme.me routing-mark=Route_2 add check-gateway=arp distance=3 gateway=freevpnaccess.com routing-mark=Route_2 add check-gateway=arp distance=4 gateway=freevpn.me routing-mark=Route_2 add check-gateway=arp distance=2 gateway=freevpn.me routing-mark=Route_3 add check-gateway=arp distance=3 gateway=vpnbook.com routing-mark=Route_3 add check-gateway=arp distance=4 gateway=vpnme.me routing-mark=Route_3 add check-gateway=arp distance=5 gateway=freevpnaccess.com routing-mark=Route_3 add check-gateway=arp distance=1 gateway=freevpnaccess.com routing-mark=Route_4 add check-gateway=arp distance=2 gateway=freevpn.me routing-mark=Route_4 add check-gateway=arp distance=3 gateway=vpnbook.com routing-mark=Route_4 add check-gateway=arp distance=4 gateway=vpnme.me routing-mark=Route_4 скрипты замены паролей vpnme.me :local newp [/file get [/file find name=pptp/vpnme.me.txt] contents]; :local oldp [/interface vpnme.me get pptp password]; :if ($oldp != $newp) do {/interface vpnme.me set numbers=0 password=$newp}; /interface vpnme.me set numbers=0 disabled=yes; :delay 5; interface vpnme.me set numbers=0 disabled=no; freevpnaccess.com :local newp [/file get [/file find name=pptp/freevpnaccess.com.txt] contents]; :local oldp [/interface freevpnaccess.com get pptp password]; :if ($oldp != $newp) do {/interface freevpnaccess.com set numbers=0 password=$newp}; /interface freevpnaccess.com set numbers=0 disabled=yes; :delay 5; interface freevpnaccess.com set numbers=0 disabled=no; freevpn.me :local newp [/file get [/file find name=pptp/freevpn.me.txt] contents]; :local oldp [/interface freevpn.me get pptp password]; :if ($oldp != $newp) do {/interface freevpn.me set numbers=0 password=$newp}; /interface freevpn.me set numbers=0 disabled=yes; :delay 5; interface freevpn.me set numbers=0 disabled=no; vpnbook.com :local newp [/file get [/file find name=pptp/vpnbook.com.txt] contents]; :local oldp [/interface vpnbook.com get pptp password]; :if ($oldp != $newp) do {/interface vpnbook.com set numbers=0 password=$newp}; /interface vpnbook.com set numbers=0 disabled=yes; :delay 5; interface vpnbook.com set numbers=0 disabled=no; добавляем в крон /system scheduler add name=vpnme.me interval=10m on-event=vpnme.me /system scheduler add name=freevpnaccess.com interval=10m on-event=freevpnaccess.com /system scheduler add name=freevpn.me interval=10m on-event=freevpn.me /system scheduler add name=vpnbook.com interval=10m on-event=vpnbook.com /system scheduler print в файрволе должно получиться так (без address-list списков) /ip firewall export # dec/07/2015 12:13:13 by RouterOS 6.33.1 # software id = 1ALL-EBDX # /ip firewall layer7-protocol add name=NoZond regexp="^.+(vortex.data.microsoft.com|vortex-win.data.microsoft.com|telecommand.telemetry.microsoft.com|telecommand.telemetry .microsoft.com.\ nsatc.net|oca.telemetry.microsoft.com|oca.telemetry.microsoft.com.nsatc.net |sqm.telemetry.microsoft.com|sqm.telemetry.microsoft.com.nsatc.net|watson.tel\ emetry.microsoft.com|watson.telemetry.microsoft.com.nsatc.net|redir.metaser vices.microsoft.com|choice.microsoft.com|choice.microsoft.com.nsatc.net|df.te\ lemetry.microsoft.com|reports.wes.df.telemetry.microsoft.com|wes.df.telemet ry.microsoft.com|services.wes.df.telemetry.microsoft.com|sqm.df.telemetry.mic\ rosoft.com|telemetry.microsoft.com|watson.ppe.telemetry.microsoft.com|telem etry.appex.bing.net|telemetry.urs.microsoft.com|telemetry.appex.bing.net|sett\ ings-sandbox.data.microsoft.com|vortex-sandbox.data.microsoft.com|survey.watson.microsoft.com|watson.live.com|watson.mi crosoft.com|statsfe2.ws.microsoft\ .com|corpext.msitadfs.glbdns2.microsoft.com|compatexchange.cloudapp.net|cs1 .wpc.v0cdn.net|a-0001.a-msedge.net|statsfe2.update.microsoft.com.akadns.net|d\ iagnostics.support.microsoft.com|corp.sts.microsoft.com|statsfe1.ws.microso ft.com|pre.footprintpredict.com|i1.services.social.microsoft.com|i1.services.\ social.microsoft.com.nsatc.net|feedback.windows.com|feedback.microsoft-hohm.com|feedback.search.microsoft.com|rad.msn.com|preview.msn.com|ad.doubleclic k\ .net|ads.msn.com|ads1.msads.net|ads1.msn.com|a.ads1.msn.com|a.ads2.msn.com| adnexus.net|adnxs.com|az361816.vo.msecnd.net|az512334.vo.msecnd.net).*\$" /ip firewall filter add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related add action=reject chain=forward comment=NoZond layer7-protocol=NoZond protocol=tcp reject-with=tcp-reset add action=drop chain=forward comment=NoZond layer7-protocol=NoZond protocol=udp add chain=input comment="accept established connections" connection-state=established add chain=forward comment="accept established connections" connection-state=established add chain=input comment="accept related connections" connection-state=related add chain=forward comment="accept related connections" connection-state=related add chain=forward comment="accept from local to internet" in-interface=!ether1-gateway out-interface=ether1-gateway add chain=input comment="access to mikrotik only from our local network" in-interface=!ether1-gateway src-address=192.168.1.0/24 add chain=forward comment=PPTP out-interface=all-ppp add chain=output comment=PPTP out-interface=all-ppp add chain=forward comment=PPTP in-interface=all-ppp add chain=input comment=PPTP in-interface=all-ppp add action=drop chain=input comment="drop invalid connections" connection-state=invalid add action=drop chain=forward comment="drop invalid connections" connection-state=invalid add action=drop chain=input comment=goverment in-interface=ether1-gateway src-address-list=goverment add action=drop chain=output comment=goverment dst-address-list=goverment add action=drop chain=input comment=BOGON in-interface=ether1-gateway src-address-list=BOGON add chain=input comment="allow ping" disabled=yes protocol=icmp add chain=forward comment="allow ping" protocol=icmp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input comment="drop ssh brute forcers" connection-state=new \ dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="drop ssh brute forcers" connection-state=new \ dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="drop ssh brute forcers" connection-state=new \ dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="drop ssh brute forcers" connection-state=new \ dst-port=22 protocol=tcp add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="drop ftp brute forcers" connection-state=new \ dst-port=21 protocol=tcp src-address-list=ftp_stage3 add action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m chain=input comment="drop ftp brute forcers" connection-state=new \ dst-port=21 protocol=tcp src-address-list=ftp_stage2 add action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m chain=input comment="drop ftp brute forcers" connection-state=new \ dst-port=21 protocol=tcp src-address-list=ftp_stage1 add action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m chain=input comment="drop ftp brute forcers" connection-state=new \ dst-port=21 protocol=tcp add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="drop telnet brute forcers" connection-state=new \ dst-port=23 protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input comment="drop telnet brute forcers" connection-state=new \ dst-port=23 protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input comment="drop telnet brute forcers" connection-state=new \ dst-port=23 protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input comment="drop telnet brute forcers" connection-state=new \ dst-port=23 protocol=tcp add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="drop winbox brute forcers" connection-state=new \ dst-port=8291 protocol=tcp src-address-list=Winbox_stage3 add action=add-src-to-address-list address-list=wWinbox_stage3 address-list-timeout=1m chain=input comment="drop winbox brute forcers" connection-state=new \ dst-port=8291 protocol=tcp src-address-list=Winbox_stage2 add action=add-src-to-address-list address-list=wWinbox_stage2 address-list-timeout=1m chain=input comment="drop winbox brute forcers" connection-state=new \ dst-port=8291 protocol=tcp src-address-list=Winbox_stage1 add action=add-src-to-address-list address-list=Winbox_stage1 address-list-timeout=1m chain=input comment="drop winbox brute forcers" connection-state=new \ dst-port=8291 protocol=tcp add action=drop chain=input comment="port scanners" src-address-list="port scanners" add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=\ fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=\ fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=\ fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="port scanners" protocol=tcp tcp-flags=\ !fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input comment="drop 80 dos attack" dst-port=80 protocol=tcp src-address-list=web_blacklist add action=add-src-to-address-list address-list=web_blacklist address-list-timeout=2d chain=input comment="drop 80 dos attack" connection-limit=40,32 \ dst-port=80 limit=20,5 protocol=tcp add chain=input comment="drop 80 dos attack" dst-port=80 in-interface=ether1-gateway protocol=tcp src-address-list=!web_blacklist add action=drop chain=output comment="r00t backdor" dst-address=218.93.250.18 add action=drop chain=input comment="r00t backdor" dst-address=218.93.250.18 add action=drop chain=forward comment="r00t backdor" dst-address=218.93.250.18 add action=drop chain=input comment="r00t backdor" src-address=218.93.250.18 add action=drop chain=output comment="r00t backdor" src-address=218.93.250.18 add action=drop chain=forward comment="r00t backdor" src-address=218.93.250.18 add action=drop chain=input comment="dns flood" disabled=yes in-interface=ether1-gateway port=53 protocol=udp add action=drop chain=input comment="dns flood" in-interface=ether1-gateway port=53 protocol=udp src-address-list=dns_black_list add action=add-src-to-address-list address-list=dns_black_list address-list-timeout=1d chain=input comment="dns flood" connection-state=new port=53 \ protocol=udp add action=drop chain=forward comment="all other drop" src-address=0.0.0.0/8 add action=drop chain=forward comment="all other drop" dst-address=0.0.0.0/8 add action=drop chain=forward comment="all other drop" src-address=127.0.0.0/8 add action=drop chain=forward comment="all other drop" dst-address=127.0.0.0/8 add action=drop chain=forward comment="all other drop" src-address=224.0.0.0/3 add action=drop chain=forward comment="all other drop" dst-address=224.0.0.0/3 add action=drop chain=input comment="all other drop" log=yes log-prefix=input-drop add action=drop chain=forward comment="all other drop" log=yes log-prefix=forward-drop /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_1 per-connection-classifier=\ both-addresses-and-ports:4/0 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_2 per-connection-classifier=\ both-addresses-and-ports:4/1 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_3 per-connection-classifier=\ both-addresses-and-ports:4/2 add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local new-connection-mark=Pcc_Conn_4 per-connection-classifier=\ both-addresses-and-ports:4/3 add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=tcp add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=udp add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 protocol=udp add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 protocol=tcp add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_1 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_1 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_2 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_2 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_3 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_3 add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_4 dst-address-list=russianbl dst-address-type=!local new-routing-mark=Route_4 /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway add action=masquerade chain=srcnat out-interface=vpnme.me src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=freevpnaccess.com src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=freevpn.me src-address=192.168.1.0/24 add action=masquerade chain=srcnat out-interface=vpnbook.com src-address=192.168.1.0/24 Если что не понятно спрашивайте!
  6. Выключаю роутер на 10 минут все равно IP не меняется. Как его поменять?
  7. Вот более актуальный скрипт для парсинга паролей. Пути поменять на свои. freecloudvpn.com у меня не открывается, по этому только 4-ре сервиса. Хотел спросить по какой методе искать новые бесплатные vpn сервисы? curl -s "https://www.vpnme.me/freevpn.html" | grep -A 3 "Password:" | head -n 2 | cut -f2 -s -d "<" | cut -f2 -d ">" | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/vpnme.me.txt curl -s "http://freevpnaccess.com" | grep -A 8 "UK - London" | tail -n 1 | cut -f1 -d " " | tr -cd [:digit:] | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/freevpnaccess.com.txt curl -s "http://freevpn.me/accounts/" | grep -A 3 "Password:" | head -n 1 | cut -f2 -d ":" | cut -f2 -d ">" | cut -b 3- | cut -f1 -d "<" | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/freevpn.me.txt curl -s "http://www.vpnbook.com/" | grep -A 1 "Username: vpnbook" | tail -n 1 | cut -f2 -d ":" | cut -b 2- | cut -f1 -d '<' | grep -v -e '^$' > /home/wwwuser/server.my/htdocs/pptp/vpnbook.com.txt Скрипт заливки полученных паролей на роутер. Пути и пароли поменять на свои. #!/bin/sh LOCALDIR=/home/wwwuser/server.my/htdocs/pptp REMOTESERVER=192.168.1.1 REMOTEPATH=/pptp LOGIN=admin PASSWORD=yourpassword cd $LOCALDIR ftp -n $REMOTESERVER <<INPUT_END quote user $LOGIN quote pass $PASSWORD cd $REMOTEPATH put vpnme.me.txt put freevpnaccess.com.txt put freevpn.me.txt put vpnbook.com.txt exit INPUT_END Если кому надо, могу выложить все скрипты и настройки...
  8. У меня завелось все! Ресурс из блеклиста открывается через freevpnacces автоматически! Правда есть еще вопросы и надо кое что допилить, думаю сам справлюсь если нет спрошу! Спасибо ruvhell!!!
  9. Благодарю! С sh скриптами проблем нету, все парсится, на mikrotik заливаются vpn пароли и crapregistry.rsc На этом сегодня закончил, надо проверять и теститровать дальше..
  10. Скажие пожалуйтса, что дают правила "помойка из layer7 - почти не использую в дереве" Я добавил, и чего с ними делать то? Я так понимаю нужны какие-то правила для файрвола, а правила есть только для NoZond. Или все кроме NoZond для маркинга траффика и можно удалить? Самый главный вопрос, как получается база заблокированных сайтов? Ротутер же должен знать что речь идет о заблокированном ресурсе Я так понимаю это russianbl Как его сделать?
  11. Пока что добавил правило блокирующие dns-флуд. А то много входящих соединений на 53-й порт. # drop dns flood add action=drop chain=input in-interface=ether1-gateway protocol=udp port=53 comment="dns flood" или вариант с блеклистом # drop dns flood with blacklist add action=drop chain=input in-interface=ether1-gateway comment="dns flood" port=53 protocol=udp src-address-list=dns_black_list add action=add-src-to-address-list comment="dns flood" address-list=dns_black_list address-list-timeout=1d chain=input connection-state=new port=53 protocol=udp
  12. Подскажите а как поднять и настроить pptp клиент? Я чето не понял. Как ему пароли скормить разберусь. add chain=forward comment=PPTP out-interface=pptp add chain=output out-interface=pptp add chain=forward in-interface=pptp add chain=input in-interface=pptp Еще у меня в правилах "заблокировать все остальное", вот в этих, в счетчиках попадает какой-то трафик. Как быть? add action=drop chain=input comment="all other drop" add action=drop chain=forward comment="all other drop" А что делать с приблудами для layer-7? Ну, добавил я как написано, а дальше что? Спасибо.