2017年1月24日 星期二

smartdns 不穩定運作

window 10 因  ipv6 .
不穩定

cmd
ipconfig /all

Teredo Tunneling Pseudo-Interface


https://lonesysadmin.net/2011/04/25/how-to-disable-teredo-ipv6-tunneling-in-microsoft-windows/


netsh interface teredo set state disabled
routeros ipv6 關閉 也無法解決,

2016年12月6日 星期二

ipconflg /all 還有 ipv6 該如何移

跟移不掉的幽靈網卡說掰掰!

如果你的網路常常出現「IP位址衝突」的訊息,但明明自己的IP並 沒有和別人相同,這可能是你之前安裝過其它網卡所搞的鬼 。或者你將網路卡換過插槽,會造成原先插槽對應的驅動程式沒有真正 被卸除,此時都可能佔據住原本的IP而與另一張網卡相衝 。這邊就要教你如何真正卸除掉殘留的網卡驅動程式。


STEP

1. 首先按下【開始】→【執行】,在對話框中輸入「cmd 」來叫出命令提示字元視窗。

2. 輸入「set devmgr_show_nonpresent_devices=1」並按下〔Enter〕,此命令是用來讓裝置管理員中的隱藏裝 置顯示出來。

3. 接著繼續輸入「start devmgmt.msc」,呼叫出「裝置管理員」視窗。

※如果沒有從這裡下指令呼叫,而是直接從控制台開啟「裝置管理員 」,那麼某些隱藏的硬體裝置將不會顯示出來,因此記得一定要接著輸 入上述指令喔!

4. 在「裝置管理員」視窗中,確認【檢視】→【顯示隱藏裝置 】的選項有勾選起來,這樣才能把隱藏裝置都叫出來。

5. 這時展開「網路介面卡」的清單,把 Teredo Tunneling Pseudo-Interface 及 ISATAP 網路裝置刪除


 Teredo Tunneling Pseudo-Interface 
會有  ipv6 
有設定  smart dns 要移掉這個

x86 routeros nad hAP

 rb952Ui GS-5hact2hnt



設定 CPE

Configuration 設定 Bridge

IP Address 設定內網一個 ip

其他設定內網的 GW and DNS

即可運作 成橋接 mode

DHCP Server 也是從 前端 x86 派送

interface wlan1/wlan2

設定  ap bridge mode

channel width

設定 20/40/80Mhz Ceee 不要設定 非大小開頭(印象中是主副頻道,選 邏輯上
干擾比較少的頻道)

2016年7月18日 星期一

GoogleMonkeyR 1.7.3.1

// ==UserScript==
// @author mungushume
// @version 1.7.3.1
// @name GoogleMonkeyR

第681行


if(this.numColumns>1)
{
style += ("#cnt.singleton #center_col, #cnt.singleton #foot, .mw {margin-left:0 !important;}");
}



增修改





if(this.numColumns>1)
{
style += ("#cnt.singleton #center_col#cnt.singleton #foot, .mw {margin-left:0 !important;}");
}
style += ("div.col {width: 100% !important;}");




info
https://greasyfork.org/en/forum/discussion/10487/googlemonkeyr-broken-again#latest

2016年7月2日 星期六

讓routeros 具有adblock 功能





# create script to Download fresh list and replace old one
/system script add name="Download_Ads_List" source="/tool fetch url=\"https://blocklister.gefoo.org/ads" dst-path=ads.rsc; /import file-name=ads.rsc;"

# create schedule to run script weekly
/system scheduler add comment="Download_Ads_List" interval=7d name="DownloadAdsList" on-event=Download_Ads_List start-date=jan/01/1970 start-time=02:42:00

# add firewall rule once
/ip firewall filter add chain=forward in-interface=bridge-local connection-state=new protocol=tcp dst-address-list=ads_list action=reject reject-with=tcp-reset comment="Ad-block list drop"

info

https://www.reddit.com/r/mikrotik/comments/3jf830/selfupdating_adblocker_script/

https://blocklister.gefoo.org/

2015年11月30日 星期一

routeros 設定黑名單 ip

http://forum.mikrotik.com/viewtopic.php?t=31994


設定black list
並在rules上 設定一條即可


==
Use IP address list.
Create a list, e.g. 'blacklist' and put as few or as many IP addresses and CIDR blocks in the list as you need to block.
e.g.
Code: Select all
/ip firewall address-list
add list=blacklist address=1.1.1.1
add list=blacklist address=2.2.2.2
add list=blacklist address=3.3.0.0/16
...


Then you can use this list in any rule in any chain of any table of the firewall.
It's especially helpful because without the address list, if you have nat rules and filter rules and masquerade rules all having to do with the same set of addresses, if you add or remove any addresses from the set, then you'd have to go update all of your chains. If all of the chains refer to the same address list, changing the address list immediately affects all of the rules which refer to it.

You match an address list in your rules by using the criteria: src-address-list=blacklist or dst-address-list=blacklist
In Winbox / Webfig, the address list matchers are in the 'advanced' tab.

So for instance, to accomplish what the original poster asked, you would add the offending IP address to the blacklist and have a rule in the input chain:
/ip firewall filter add chain=input src-address-list=blacklist action=drop

I rarely use the output chain in Mikrotiks, but this is one place I will do it:
/ip firewall filter add chain=output dst-address-list=blacklist action=drop

However, this firewall 'mode' is not the best for a secure filter. It allows everything except specific exceptions. (blocked hosts) which you must manually detect and react to. (You can make firewall rules that automatically detect port scans and brute force attempts on telnet / ssh and add the sources to blacklists but that's beyond the scope of this post)

It's better to make your Mikrotik drop all input traffic on the WAN interface that it didn't request (e.g. ping replies, dns replies, http replies, etc). Suppose ether1 is the WAN interface:
/ip firewall filter add chain=input in-interface=ether1 connection-state=!established,related action=drop
One rule blocks the Internet from being able to initiate any interaction with your mikrotik at all. No blacklist is required.

===



routeros 服務port

建議,對外的 www 改 非80 . 或是關閉

ssh and telnet 比較麻煩

或是參考

2015年11月24日 星期二