API tools faq
paste
Serenity_kg

Untitled

Serenity_kg
Apr 5th, 2021
37
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.70 KB | None | 0 0
raw download clone embed print report
  1. # apr/05/2021 10:58:14 by RouterOS 6.48.1
  2. # software id = CTX1-NPFV
  3. #
  4. # model = RouterBOARD 3011UiAS
  5. # serial number = 780E072CFBC2
  6. /interface bridge add name=bridge-LAN
  7. /interface ethernet set [ find default-name=ether1 ] comment="to WAN Saima"
  8. /interface ethernet set [ find default-name=ether2 ] comment="to WAN Aknet"
  9. /interface list add comment="For Internet" name=WAN
  10. /interface list add comment="For Local Area" name=LAN
  11. /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
  12. /ip pool add name=dhcp_pool3 ranges=192.168.10.50-192.168.10.200
  13. /ip pool add name=dhcp_pool4 ranges=192.168.8.2-192.168.11.254
  14. /ip pool add name=dhcp_pool2 next-pool=dhcp_pool3 ranges=192.168.9.1-192.168.9.250
  15. /ip pool add name=dhcp_pool1 next-pool=dhcp_pool2 ranges=192.168.8.20-192.168.8.250
  16. /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=bridge-LAN lease-time=1h name=dhcp1
  17. /system logging action set 0 memory-lines=1200
  18. /interface bridge port add bridge=bridge-LAN interface=ether3 multicast-router=disabled
  19. /interface bridge port add bridge=bridge-LAN interface=ether10 multicast-router=disabled
  20. /interface bridge port add bridge=bridge-LAN interface=ether4 multicast-router=disabled
  21. /interface bridge port add bridge=bridge-LAN interface=ether5 multicast-router=disabled
  22. /interface bridge port add bridge=bridge-LAN interface=ether6 multicast-router=disabled
  23. /interface bridge port add bridge=bridge-LAN interface=ether7 multicast-router=disabled
  24. /interface bridge port add bridge=bridge-LAN interface=ether8 multicast-router=disabled
  25. /interface bridge port add bridge=bridge-LAN interface=ether9 multicast-router=disabled
  26. /ip neighbor discovery-settings set discover-interface-list=LAN
  27. /interface list member add comment=WAN-Saima interface=ether1 list=WAN
  28. /interface list member add comment=WAN-Aknet interface=ether2 list=WAN
  29. /interface list member add comment=LAN1 interface=ether3 list=LAN
  30. /interface list member add comment=LAN2 interface=ether4 list=LAN
  31. /interface list member add comment=LAN3 interface=ether5 list=LAN
  32. /interface list member add comment=LAN4 interface=ether6 list=LAN
  33. /interface list member add comment=LAN5 interface=ether7 list=LAN
  34. /interface list member add comment=LAN6 interface=ether8 list=LAN
  35. /interface list member add comment=LAN7 interface=ether9 list=LAN
  36. /interface list member add comment=LAN8 interface=ether10 list=LAN
  37. /ip address add address=217.29.xxx.xxx/30 comment=Saima interface=ether1 network=217.29.xxx.xxx
  38. /ip address add address=192.168.8.1/22 comment=LAN interface=bridge-LAN network=192.168.8.0
  39. /ip address add address=212.112.xxx.xxx/27 comment=Aknet disabled=yes interface=ether2 network=212.112.xxx.xxx
  40. /ip dhcp-server network add address=192.168.8.0/22 gateway=192.168.8.1
  41. /ip dns set servers=192.168.10.255,192.168.10.254,8.8.8.8
  42. /ip firewall address-list add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
  43. /ip firewall address-list add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
  44. /ip firewall address-list add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=BOGONS
  45. /ip firewall address-list add address=127.0.0.0/8 comment=Loopback list=BOGONS
  46. /ip firewall address-list add address=169.254.0.0/16 comment="Link Local" list=BOGONS
  47. /ip firewall address-list add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
  48. /ip firewall address-list add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
  49. /ip firewall address-list add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
  50. /ip firewall address-list add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
  51. /ip firewall address-list add address=198.18.0.0/15 comment="Network Interconnect Device Benchmark Testing" list=BOGONS
  52. /ip firewall address-list add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
  53. /ip firewall address-list add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
  54. /ip firewall address-list add address=224.0.0.0/4 comment=Multicast list=BOGONS
  55. /ip firewall address-list add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
  56. /ip firewall address-list add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
  57. /ip firewall address-list add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
  58. /ip firewall filter add action=accept chain=input comment="Related Established Untracked Allow" connection-state=established,related,untracked
  59. /ip firewall filter add action=accept chain=input comment="ICMP from ALL" protocol=icmp
  60. /ip firewall filter add action=drop chain=input comment="All other WAN Drop" in-interface-list=WAN log=yes
  61. /ip firewall filter add action=accept chain=forward comment="Established, Related, Untracked allow" connection-state=established,related,untracked
  62. /ip firewall filter add action=drop chain=forward comment="Invalid drop" connection-state=invalid
  63. /ip firewall filter add action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  64. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
  65. /ip firewall nat add action=masquerade chain=srcnat disabled=yes out-interface=ether2
  66. /ip route add comment=Saima distance=1 gateway=217.29.xxx.xxx
  67. /ip route add comment=Aknet disabled=yes distance=2 gateway=212.112.xxx.xxx
  68. /ip service set telnet disabled=yes
  69. /ip service set ftp disabled=yes
  70. /ip service set www address=192.168.8.0/22
  71. /ip service set ssh disabled=yes
  72. /ip service set api disabled=yes
  73. /ip service set winbox address=192.168.8.0/22
  74. /ip service set api-ssl disabled=yes
  75. /system clock set time-zone-name=Asia/Bishkek
  76. /tool mac-server set allowed-interface-list=LAN
  77. /tool mac-server mac-winbox set allowed-interface-list=LAN
  78.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!