RouterOS软路由常用命令

快速整理

#/user set 0 name=NEW-admin  #将admin用户更名
/user set 0 password=密码 
/user ssh-keys import public-key-file=id_rsa.pub user=admin
/ipv6 nd set [find] disabled=yes
/ip neighbor discovery-settings set discover-interface-list=none
/ip dns set servers=8.8.8.8
/ip ssh set strong-crypto=yes
/ip service disable telnet,ftp,api,api-ssl
/ip service
set www port=3000
set ssh port=3001
set api port=3003
set winbox port=3002
/ip firewall mangle add action=change-mss chain=postrouting new-mss=1420 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-1420
#关闭ddns动态解析
/ip cloud set ddns-enabled=no update-time=no
/system clock set time-zone-name=Asia/Shanghai
/system identity set name=ROS-Name
#关闭ppp系列
/interface l2tp-server server set enabled=no
/interface pptp-server server set enabled=no
/interface sstp-server server set enabled=no
/interface ovpn-server server set enabled=no

修改用户密码

[[email protected]]>/user                               #进入操作路径
[[email protected]]/user>print                           #显示RouterOS用户
[[email protected]]/user>set admin password=123456        #修改admin用户密码为123456
[[email protected]] /user> /                              #返回根目录

在当前用户下修改密码

[[email protected]]>password                             #修改本目录用户密码备份命令
[[email protected]]>/system backup                           #进入操作路径
[[email protected]] /system backup>save name=testbackup         #备份名为testbackup
[[email protected]] /system backup>load name=testbackup         #载入备份testbackup
[[email protected]]>file print                                                                   #查看备份情况

导出指令

[[email protected]]>ip address print                          #查看IP
[[email protected]]>/ip address                              #进入IP操作路径
[[email protected]]/ip address>export file=address  #导出一个名为address的IP地址配置参数
[[email protected]]>export compact                          #查看IP地址配置参数

系统重启与关机

[[email protected]]>system reboot                         #系统重启
[[email protected]]>system shutdown                      #系统关机

修改RouterOS主机名

[[email protected]]>system identity print                     #查看RouterOS主机名
[[email protected]]>system identity set name=MyRouterOS  #修改RouterOS主机名为MyRouterOS

系统资源管理

[[email protected]] > /system resource                        #操作路径
[[email protected]] /system resource> print              #查看CPU占用率\内存\硬盘等使用情况
[[email protected]] /system resource> monitor           #查看CPU和空闲内存使用情况

开通ssh远程 & 修改端口

[[email protected]] > ip service print                                             #查看服务
[[email protected]] > ip service enable ssh                                  #开启SSH服务
[[email protected]] > ip service disable ssh                                 #关闭SSH服务
[[email protected]] > ip service disable telnet                                 #关闭telnet服务
[[email protected]] > ip service set ssh port=22 address=10.8.9.11   #允许10.8.9.11访问SSH访问,其它IP都均被拒绝
[[email protected]] > ip service set ssh port=2333                                 #修改ssh端口
[[email protected]] > ip service set www port=XXXX                                 #修改web端口
[[email protected]] > ip service set winbox port=XXXX                              #修改winbox端口
[[email protected]] > ip service set api port=XXXX                       #修改api端口

Interface接口基本操作

[[email protected]] > interface print                                              #显示接口状态
[[email protected]] > interface enable ether1            #启动ether1网卡
[[email protected]] > interface print stats               #显示接口状态+静态流量
[[email protected]] > interface monitor-traffic ether1     #监测网卡动态流量 
[[email protected]] > interface ethernet print detail                #显示网卡参数

IP配置与ARP

[[email protected]] > ip address add address=192.168.10.1/24 interface=ether2   #添加IP地址到ether2接口上
[[email protected]] > ip address print                                           #显示IP地址
[[email protected]] > ip arp print                                                    #显示arp信息
[[email protected]] > ip arp add address=192.168.10.100 interface=00:23:24:2e:78:3e   #添加静态IP与ARP
[[email protected]] >/interface ethernet set ether2 arp=reply-only  #设置ether2接口非静态的ARP条目将无法与路由进行通信

防火墙过滤(firewall Filte)----域名过滤  

[[email protected]]>ip firewall filter add action=drop chain=forward content=www.jd.com

防火墙过滤(firewall Filte)----端口映射将内网主机192.168.10.200的3389端口映射到外网的9999端口

[[email protected]] > ip firewall nat add chain=dstnat protocol=tcp dst-port=9999 in-interface=WAN action=dst-nat to-addresses=192.168.10.200 to-ports=3389

添加新评论 »