禁止内网PING :点击IP -> Firewall -> Filter Rules -> 右面选中 output -> "+" -> General -> Protocol 中选择 icmp ,在同级界
面上点击Action 中,将Action选择为"drop",按"OK"确认
禁止外网PING :点击IP -> Firewall -> Filter Rules -> 右面选中 input -> "+" -> General -> Protocol 中选择 icmp ,在同级界
面上点击Action 中,将Action选择为"drop",按"OK"确认
------------------------------------------------------------------------------------------
ROS的密码忘记了,但有台机子里的winbox里保存了密码,可用下面的方法:
如果是win2K/XP/2003,密码就在C:\Documents and Settings\你的用户名\Application Data\Mikrotik\Winbox\winbox.cfg文件里,你用记事本
打开,里面有类似下面的语句:
typeaddr host192.168.0.1 loginadmin note keep-pwd pwd12345 pwd后面就是密码.
-------------------------------------------------------------------------------------------
使用高负载ROS的技巧
如果ros的防火墙会话数很高,建议修改相应会话超时参数如下:
[admin@cddst] > ip fire conn tra pr
enabled: yes
tcp-syn-sent-timeout: 30s
tcp-syn-received-timeout: 30s
tcp-established-timeout: 120h
tcp-fin-wait-timeout: 30s
tcp-close-wait-timeout: 30s
tcp-last-ack-timeout: 30s
tcp-time-wait-timeout: 30s
tcp-close-timeout: 10s
udp-timeout: 30s
udp-stream-timeout: 3m
icmp-timeout: 30s
generic-timeout: 10m
