SCRIPT MIKROTIK CƠ BẢN

#1, ADD BRIDGE

/interface bridge

add name=BridgeLan

#2, ADDRESS DNS BRIDGE

/ip address

add address=192.168.1.1/24 interface=BridgeLan network=192.168.1.1

/ip dns

set servers=8.8.8.8,8.8.4.4

#3, SET TIME

/system clock

set time-zone-autodetect=no time-zone-name=Asia/Ho_Chi_Minh

#4, SERVICE PORT

/ip firewall service-port

set ftp disabled=yes

set tftp disabled=yes

set h323 disabled=yes

set sip disabled=yes

set pptp disabled=yes

/ip service

set telnet disabled=yes

set ftp disabled=yes

set www disabled=no

set ssh disabled=yes

set api disabled=yes

set api-ssl disabled=yes

#5, ROUTING TABLE

/routing table

add fib name=WAN1

add fib name=WAN2

add fib name=WAN3

add fib name=WAN4

add fib name=WAN5

add fib name=WAN6

add fib name=WAN7

add fib name=WAN8

add fib name=WAN9

add fib name=WAN10

add fib name=WAN11

add fib name=WAN12

add fib name=WAN13

add fib name=WAN14

add fib name=WAN15

add fib name=WAN16

add fib name=WAN17

add fib name=WAN18

add fib name=WAN19

add fib name=WAN20

:for i from=50 to=100 do={

    /routing table add fib name=("WAN".$i)

}

#6, MACVLAN

/interface macvlan add name=macvlan1 interface=ether1 mode=private

/interface macvlan add name=macvlan2 interface=ether1 mode=private

/interface macvlan add name=macvlan3 interface=ether1 mode=private

/interface macvlan add name=macvlan4 interface=ether1 mode=private

/interface macvlan add name=macvlan5 interface=ether1 mode=private

/interface macvlan add name=macvlan6 interface=ether1 mode=private

/interface macvlan add name=macvlan7 interface=ether1 mode=private

/interface macvlan add name=macvlan8 interface=ether1 mode=private

/interface macvlan add name=macvlan9 interface=ether1 mode=private

/interface macvlan add name=macvlan10 interface=ether1 mode=private

/interface macvlan add name=macvlan11 interface=ether1 mode=private

/interface macvlan add name=macvlan12 interface=ether1 mode=private

/interface macvlan add name=macvlan13 interface=ether1 mode=private

/interface macvlan add name=macvlan14 interface=ether1 mode=private

/interface macvlan add name=macvlan15 interface=ether1 mode=private

/interface macvlan add name=macvlan16 interface=ether1 mode=private

/interface macvlan add name=macvlan17 interface=ether1 mode=private

/interface macvlan add name=macvlan18 interface=ether1 mode=private

/interface macvlan add name=macvlan19 interface=ether1 mode=private

/interface macvlan add name=macvlan20 interface=ether1 mode=private

:for i from=50 to=100 do={

    /interface macvlan add name=("macvlan".$i) interface=ether1 mode=private

}

#7, PPPOE(.........................................) 

:for i from=55 to=100 do={

    /interface pppoe-client add \

        name=("pppoe-out" . $i) \

        interface=("macvlan" . $i) \

        user="TK PPPOE" \

        password="MK PPPOE" \

        add-default-route=($i=1) \

        disabled=no

}

#8, NAT OUT INTERFACE

/ip firewall nat

add action=masquerade chain=srcnat out-interface=pppoe-out1

add action=masquerade chain=srcnat out-interface=pppoe-out2

add action=masquerade chain=srcnat out-interface=pppoe-out3

add action=masquerade chain=srcnat out-interface=pppoe-out4

add action=masquerade chain=srcnat out-interface=pppoe-out5

add action=masquerade chain=srcnat out-interface=pppoe-out6

add action=masquerade chain=srcnat out-interface=pppoe-out7

add action=masquerade chain=srcnat out-interface=pppoe-out8

add action=masquerade chain=srcnat out-interface=pppoe-out9

add action=masquerade chain=srcnat out-interface=pppoe-out10

add action=masquerade chain=srcnat out-interface=pppoe-out11

add action=masquerade chain=srcnat out-interface=pppoe-out12

add action=masquerade chain=srcnat out-interface=pppoe-out13

add action=masquerade chain=srcnat out-interface=pppoe-out14

add action=masquerade chain=srcnat out-interface=pppoe-out15

add action=masquerade chain=srcnat out-interface=pppoe-out16

add action=masquerade chain=srcnat out-interface=pppoe-out17

add action=masquerade chain=srcnat out-interface=pppoe-out18

add action=masquerade chain=srcnat out-interface=pppoe-out19

add action=masquerade chain=srcnat out-interface=pppoe-out20

#9, IP ROUTE

/ip route 

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=WAN1 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-table=WAN2 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-table=WAN3 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-table=WAN4 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out5 routing-table=WAN5 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out6 routing-table=WAN6 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out7 routing-table=WAN7 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out8 routing-table=WAN8 \

    scope=30 target-scope=10 

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out9 routing-table=WAN9 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out10 routing-table=WAN10 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out11 routing-table=WAN11 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out12 routing-table=WAN12 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out13 routing-table=WAN13 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out14 routing-table=WAN14 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out15 routing-table=WAN15 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out16 routing-table=WAN16 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out17 routing-table=WAN17 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out18 routing-table=WAN18 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out19 routing-table=WAN19 \

    scope=30 target-scope=10

add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out20 routing-table=WAN20 \

    scope=30 target-scope=10

:for i from=1 to=20 do={

    /ip route add distance=1 dst-address=0.0.0.0/0 gateway=("pppoe-out".$i) routing-table=("WAN".$i) scope=30 target-scope=10

}

/routing rule

add action=lookup-only-in-table disabled=no routing-mark=WAN1 table=WAN1

add action=lookup-only-in-table disabled=no routing-mark=WAN2 table=WAN2

add action=lookup-only-in-table disabled=no routing-mark=WAN3 table=WAN3

add action=lookup-only-in-table disabled=no routing-mark=WAN4 table=WAN4

add action=lookup-only-in-table disabled=no routing-mark=WAN5 table=WAN5

add action=lookup-only-in-table disabled=no routing-mark=WAN6 table=WAN6

add action=lookup-only-in-table disabled=no routing-mark=WAN7 table=WAN7

add action=lookup-only-in-table disabled=no routing-mark=WAN8 table=WAN8

add action=lookup-only-in-table disabled=no routing-mark=WAN9 table=WAN9

add action=lookup-only-in-table disabled=no routing-mark=WAN10 table=WAN10

add action=lookup-only-in-table disabled=no routing-mark=WAN11 table=WAN11

add action=lookup-only-in-table disabled=no routing-mark=WAN12 table=WAN12

add action=lookup-only-in-table disabled=no routing-mark=WAN13 table=WAN13

add action=lookup-only-in-table disabled=no routing-mark=WAN14 table=WAN14

add action=lookup-only-in-table disabled=no routing-mark=WAN15 table=WAN15

add action=lookup-only-in-table disabled=no routing-mark=WAN16 table=WAN16

add action=lookup-only-in-table disabled=no routing-mark=WAN17 table=WAN17

add action=lookup-only-in-table disabled=no routing-mark=WAN18 table=WAN18

add action=lookup-only-in-table disabled=no routing-mark=WAN19 table=WAN19

add action=lookup-only-in-table disabled=no routing-mark=WAN20 table=WAN20

:for i from=1 to=100 do={

    /routing rule add action=lookup-only-in-table routing-mark=("WAN".$i) table=("WAN".$i) disabled=no

}

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

#MANGLE

:for i from=2 to=254 do={

    /ip firewall mangle add chain=prerouting src-address=("192.168.1." . $i) action=mark-routing new-routing-mark=WAN1 passthrough=yes

}

# MARK ROUTING FOR VNPT

:for i from=11 to=180 do={

  /ip firewall mangle add chain=prerouting \

    src-address=("192.168.1." . $i) \

    protocol=tcp \

    src-port=!3128,1080 \

    action=mark-routing \

    new-routing-mark=("WAN" . ($i - 10)) \

    passthrough=yes

}

#NAT PROXY

:for i from=11 to=180 do={

  /ip firewall nat add chain=dstnat \

    protocol=tcp \

    dst-port=(55000 + ($i - 10)) \

    action=dst-nat \

    to-addresses=("192.168.1." . $i) \

    to-ports=3128

}

#VETH + ADD BRIDGE

:for i from=1 to=200 do={

    :local ip ($i + 50)

    :local vethName ("3proxy".$i)

    # Kiểm tra interface đã tồn tại chưa

    :if ([:len [/interface/veth find where name=$vethName]] = 0) do={

        /interface/veth add name=$vethName address=("192.168.1.".$ip."/24") gateway=192.168.1.1

        /interface/bridge/port add interface=$vethName bridge=bridgeLAN

        :put ("Đã tạo và gán vào bridgeLAN: ".$vethName)

    } else={

        :put ("Đã tồn tại, bỏ qua: ".$vethName)

    }

}

#ENVS

:for i from=50 to=100 do={

    :local envName ("3proxy_envs".$i)

    /container/envs add name=$envName key=PROXY_LOGIN value=gaugau

    /container/envs add name=$envName key=PROXY_PASSWORD value=gaugau

}

#MARK ROUTING

:for i from=51 to=58 do={

  /ip firewall mangle add chain=prerouting src-address=("192.168.1." . $i) action=mark-routing new-routing-mark=("WAN" . ($i - 50)) passthrough=yes comment=("Proxy" . ($i - 50))

}

/container config

set registry-url=https://registry-1.docker.io tmpdir=docker/pull

:for i from=1 to=100 do={

    /container add \

        envlist=("3proxy_envs".$i) \

        interface=("3proxy".$i) \

        logging=no \

        root-dir=("docker/3proxy".$i) \

        start-on-boot=yes \

        workdir=/app \

        remote-image=riftbit/3proxy

    :delay 10s

}

:foreach i in={1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;16;17;18;19;20;21;22;23;24;25;26;27;28;29;30} do={

    :local n ("pppoe-out" . $i)

    [/interface disable $n]; :delay 0s; [/interface enable $n]

}

#SHOW IP

:for x from=1 to=20 do={  # Thay số 20 bằng số lượng PPPoE tối đa bạn có

  :local iface ("pppoe-out" . $x)

  :foreach i in=[/ip address find where interface=$iface] do={

    :local ip [/ip address get $i address]

    :put [:pick $ip 0 [:find $ip "/"]]

  }

}

#BACKUP

/export file=config_backup

# ACTIVATE CONTAINER

/system/device-mode/print 

/system/device-mode/update container=yes