API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 17th, 2012
273
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.72 KB | None | 0 0
raw download clone embed print report
  1. # jan/01/2002 15:12:03 by RouterOS 5.20
  2. # software id = FGS6-IMGC
  3. #
  4. /interface bridge
  5. add admin-mac=D4:CA:6D:2C:DE:67 ageing-time=5m arp=enabled auto-mac=no \
  6. disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
  7. name=bridge-local priority=0x8000 protocol-mode=none transmit-hold-count=\
  8. 6
  9. /interface l2tp-server
  10. add disabled=no name=l2tp-in1 user=""
  11. /interface ethernet switch
  12. set 0 mirror-source=none mirror-target=none name=switch1
  13. set 1 mirror-source=none mirror-target=none name=switch2
  14. /ip ipsec proposal
  15. set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
  16. lifetime=30m name=default pfs-group=modp1024
  17. /ip pool
  18. add name=dhcp_pool1 ranges=10.0.0.1-10.0.0.50
  19. /ip dhcp-server
  20. add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
  21. static disabled=no interface=bridge-local lease-time=3d name="LAN"
  22. /ppp profile
  23. set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
  24. default use-encryption=default use-mpls=default use-vj-compression=\
  25. default
  26. add bridge=bridge-local change-tcp-mss=default name=Inc-VPN only-one=default \
  27. use-compression=default use-encryption=default use-mpls=default \
  28. use-vj-compression=default
  29. set 2 change-tcp-mss=yes name=default-encryption only-one=default \
  30. use-compression=default use-encryption=yes use-mpls=default \
  31. use-vj-compression=default
  32. /interface l2tp-client
  33. add add-default-route=yes allow=pap,chap connect-to=ISP-Address \
  34. dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 mrru=disabled \
  35. name=vpn password=PASS profile=default-encryption user=USER
  36. /queue type
  37. set 0 kind=pfifo name=default pfifo-limit=50
  38. set 1 kind=pfifo name=ethernet-default pfifo-limit=50
  39. set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
  40. set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
  41. red-limit=60 red-max-threshold=50 red-min-threshold=10
  42. set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
  43. set 5 kind=none name=only-hardware-queue
  44. set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
  45. set 7 kind=pfifo name=default-small pfifo-limit=10
  46. /routing bgp instance
  47. set default as=65530 client-to-client-reflection=yes disabled=no \
  48. ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
  49. no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
  50. redistribute-static=no router-id=0.0.0.0 routing-table=""
  51. /routing ospf instance
  52. set [ find default=yes ] disabled=no distribute-default=never in-filter=\
  53. ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
  54. metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
  55. out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
  56. redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
  57. router-id=0.0.0.0
  58. /routing ospf area
  59. set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
  60. backbone type=default
  61. /snmp community
  62. set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
  63. authentication-protocol=MD5 encryption-password="" encryption-protocol=\
  64. DES name=public read-access=yes security=none write-access=no
  65. /system logging action
  66. set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
  67. set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
  68. disk-stop-on-full=no name=disk target=disk
  69. set 2 name=echo remember=yes target=echo
  70. set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
  71. syslog-facility=daemon syslog-severity=auto target=remote
  72. /tool user-manager customer
  73. add backup-allowed=yes disabled=no login=admin password="" \
  74. paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
  75. permissions=owner signup-allowed=no time-zone=-00:00
  76. /tool user-manager profile
  77. add name=test name-for-users="" override-shared-users=off owner=admin price=0 \
  78. starts-at=logon validity=0s
  79. /user group
  80. set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
  81. eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
  82. set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
  83. ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
  84. set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
  85. winbox,password,web,sniff,sensitive,api" skin=default
  86. /interface bridge port
  87. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  88. interface=ether2 path-cost=10 point-to-point=auto priority=0x80
  89. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  90. interface=ether3 path-cost=10 point-to-point=auto priority=0x80
  91. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  92. interface=ether4 path-cost=10 point-to-point=auto priority=0x80
  93. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  94. interface=ether5 path-cost=10 point-to-point=auto priority=0x80
  95. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  96. interface=ether1 path-cost=10 point-to-point=auto priority=0x80
  97. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  98. interface=ether9 path-cost=10 point-to-point=auto priority=0x80
  99. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  100. interface=ether7 path-cost=10 point-to-point=auto priority=0x80
  101. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  102. interface=ether8 path-cost=10 point-to-point=auto priority=0x80
  103. add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
  104. interface=ether6 path-cost=10 point-to-point=auto priority=0x80
  105. /interface bridge settings
  106. set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
  107. use-ip-firewall-for-vlan=yes
  108. /interface ethernet switch port
  109. set 0 vlan-header=leave-as-is vlan-mode=disabled
  110. set 1 vlan-header=leave-as-is vlan-mode=disabled
  111. set 2 vlan-header=leave-as-is vlan-mode=disabled
  112. set 3 vlan-header=leave-as-is vlan-mode=disabled
  113. set 4 vlan-header=leave-as-is vlan-mode=disabled
  114. set 5 vlan-header=leave-as-is vlan-mode=disabled
  115. set 6 vlan-header=leave-as-is vlan-mode=disabled
  116. set 7 vlan-header=leave-as-is vlan-mode=disabled
  117. set 8 vlan-header=leave-as-is vlan-mode=disabled
  118. set 9 vlan-header=leave-as-is vlan-mode=disabled
  119. set 10 vlan-header=leave-as-is vlan-mode=disabled
  120. set 11 vlan-header=leave-as-is vlan-mode=disabled
  121. /interface l2tp-server server
  122. set authentication=pap,chap,mschap1,mschap2 default-profile=\
  123. default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
  124. /interface ovpn-server server
  125. set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
  126. default enabled=no keepalive-timeout=60 mac-address=FE:42:1E:F3:19:99 \
  127. max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
  128. /interface pptp-server server
  129. set authentication=chap,mschap1,mschap2 enabled=yes keepalive-timeout=30 \
  130. max-mru=1460 max-mtu=1460 mrru=disabled
  131. /interface sstp-server server
  132. set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
  133. default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
  134. disabled port=443 verify-client-certificate=no
  135. /ip accounting
  136. set account-local-traffic=no enabled=no threshold=256
  137. /ip accounting web-access
  138. set accessible-via-web=no address=0.0.0.0/0
  139. /ip address
  140. add address=10.0.0.254/24 comment=LAN disabled=no interface=bridge-local \
  141. network=10.0.0.0
  142. add address=XXXXXXXXXX200/32 comment="Virtual IP WAN" disabled=no \
  143. interface=vpn network=XXXXXXXXXX200
  144. add address=XXXXXXXXXX202/32 disabled=no interface=vpn network=\
  145. XXXXXXXXXX202
  146. add address=XXXXXXXXXX201/32 disabled=no interface=vpn network=\
  147. XXXXXXXXXX201
  148. add address=XXXXXXXXXX203/32 disabled=no interface=vpn network=\
  149. XXXXXXXXXX203
  150. /ip dhcp-client
  151. add add-default-route=yes comment="default configuration" \
  152. default-route-distance=1 disabled=no interface=ether1 use-peer-dns=yes \
  153. use-peer-ntp=yes
  154. add add-default-route=yes default-route-distance=0 disabled=no interface=WAN \
  155. use-peer-dns=yes use-peer-ntp=yes
  156. /ip dhcp-server config
  157. set store-leases-disk=5m
  158. /ip dhcp-server lease
  159. add address=10.0.0.251 client-id="Linksys AP" disabled=no mac-address=\
  160. 54:E6:FC:B4:C9:46
  161. add address=10.0.0.1 client-id=1:0:1f:c6:44:db:62 disabled=no mac-address=\
  162. 00:1F:C6:44:DB:62
  163. add address=10.0.0.10 client-id=1:0:1f:d0:26:d5:98 disabled=no mac-address=\
  164. 00:1F:D0:26:D5:98
  165. add address=10.0.0.14 client-id=1:0:1:6c:91:f9:94 disabled=no mac-address=\
  166. 00:01:6C:91:F9:94
  167. add address=10.0.0.20 disabled=no mac-address=98:4B:E1:FE:B8:25 use-src-mac=\
  168. yes
  169. /ip dhcp-server network
  170. add address=10.0.0.0/24 dhcp-option="" dns-server=8.8.8.8,8.8.4.4 domain=\
  171. LAN gateway=10.0.0.254 ntp-server="" wins-server=""
  172.  
  173. /ip dns
  174. set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
  175. max-udp-packet-size=4096 servers=8.8.8.8
  176. /ip dns static
  177. add address=192.168.88.1 disabled=no name=router ttl=1d
  178. /ip firewall connection tracking
  179. set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
  180. tcp-close-wait-timeout=10s tcp-established-timeout=1d \
  181. tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
  182. tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
  183. tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
  184. /ip firewall filter
  185. add action=log chain=input disabled=yes in-interface=vpn log-prefix="" \
  186. protocol=icmp
  187. add action=drop chain=input disabled=no dst-port=22 in-interface=vpn \
  188. protocol=tcp
  189. add action=accept chain=input disabled=no dst-port=1723 in-interface=vpn \
  190. protocol=tcp
  191. add action=accept chain=input disabled=no in-interface=vpn protocol=gre
  192. add action=accept chain=output disabled=no
  193. add action=accept chain=input disabled=yes dst-port=80 protocol=tcp
  194. add action=drop chain=input disabled=no in-interface=vpn
  195. add action=accept chain=input disabled=no in-interface=vpn protocol=icmp
  196. add action=accept chain=input disabled=no
  197. /ip firewall mangle
  198. add action=mark-routing chain=prerouting disabled=no new-routing-mark=vpn \
  199. passthrough=yes src-address=10.0.0.0/24
  200. /ip firewall nat
  201. add action=dst-nat chain=dstnat disabled=yes dst-address-type=local protocol=\
  202. tcp to-addresses=10.0.0.254
  203. add action=netmap chain=dstnat comment="NAT TO Shahar LAP 202" disabled=yes \
  204. dst-address=XXXXXXXXXX202 to-addresses=10.0.0.48
  205. add action=netmap chain=srcnat comment="NAT TO Shahar LAP 202" disabled=yes \
  206. src-address=10.0.0.48 to-addresses=XXXXXXXXXX202
  207. add action=masquerade chain=srcnat disabled=no src-address=10.0.0.0/24
  208. add action=netmap chain=dstnat disabled=yes dst-address=XXXXXXXXXX200 \
  209. to-addresses=10.0.0.0/24
  210.  
  211. /ip firewall service-port
  212. set ftp disabled=no ports=21
  213. set tftp disabled=no ports=69
  214. set irc disabled=no ports=6667
  215. set h323 disabled=no
  216. set sip disabled=no ports=5060,5061 sip-direct-media=yes
  217. set pptp disabled=no
  218. /ip neighbor discovery
  219. set ether1 disabled=yes
  220. set ether2 disabled=no
  221. set ether3 disabled=no
  222. set ether4 disabled=no
  223. set ether5 disabled=no
  224. set ether6 disabled=no
  225. set ether7 disabled=no
  226. set ether8 disabled=no
  227. set ether9 disabled=no
  228. set WAN disabled=no
  229. set bridge-local disabled=no
  230. set vpn disabled=yes
  231. set l2tp-in1 disabled=yes
  232. /ip proxy
  233. set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
  234. cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
  235. 600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
  236. parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
  237. 0.0.0.0
  238. /ip route
  239. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=vpn routing-mark=vpn \
  240. scope=10 target-scope=10
  241. add disabled=no distance=1 dst-address=0.0.0.0/1 gateway=vpn scope=30 \
  242. target-scope=10
  243. add disabled=no distance=1 dst-address=10.0.0.0/24 gateway=bridge-local \
  244. scope=30 target-scope=10
  245. add disabled=no distance=1 dst-address=128.0.0.0/1 gateway=vpn scope=30 \
  246. target-scope=10
  247. add disabled=no distance=1 dst-address=192.168.0.0/24 gateway="(unknown)" \
  248. scope=30 target-scope=10
  249. add disabled=no distance=1 dst-address=ISP-GATEWAY/32 gateway=WAN scope=\
  250. 30 target-scope=10
  251. /ip service
  252. set telnet address="" disabled=no port=23
  253. set ftp address="" disabled=no port=21
  254. set www address="" disabled=no port=80
  255. set ssh address="" disabled=no port=22
  256. set www-ssl address="" certificate=none disabled=yes port=443
  257. set api address="" disabled=yes port=8728
  258. set winbox address="" disabled=no port=8291
  259. /ip smb
  260. set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
  261. all
  262. /ip smb shares
  263. set [ find default=yes ] comment="default share" directory=/pub disabled=no \
  264. max-sessions=10 name=pub
  265. /ip smb users
  266. set [ find default=yes ] disabled=no name=guest password="" read-only=yes
  267. /ip socks
  268. set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
  269. /ip traffic-flow
  270. set active-flow-timeout=30m cache-entries=4k enabled=no \
  271. inactive-flow-timeout=15s interfaces=all
  272. /ip upnp
  273. set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
  274. /lcd
  275. set backlight-timeout=30m enabled=no
  276. /metarouter interface
  277. add disabled=no static-interface=bridge-local type=static vm-mac-address=\
  278. 02:64:88:54:D7:78
  279. /port firmware
  280. set directory=firmware ignore-directip-modem=no
  281. /ppp aaa
  282. set accounting=yes interim-update=0s use-radius=no
  283. /ppp secret
  284. add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
  285. local-address=10.0.0.71 name=shahar password=testing profile=Inc-VPN \
  286. remote-address=10.0.0.70 routes="" service=any
  287. /queue interface
  288. set ether1 queue=only-hardware-queue
  289. set ether2 queue=only-hardware-queue
  290. set ether3 queue=only-hardware-queue
  291. set ether4 queue=only-hardware-queue
  292. set ether5 queue=only-hardware-queue
  293. set ether6 queue=only-hardware-queue
  294. set ether7 queue=only-hardware-queue
  295. set ether8 queue=only-hardware-queue
  296. set ether9 queue=only-hardware-queue
  297. set WAN queue=only-hardware-queue
  298. /radius incoming
  299. set accept=no port=3799
  300. /routing bfd interface
  301. set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
  302. multiplier=5
  303. /routing mme
  304. set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
  305. gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
  306. 0.0.0.0 timeout=1m ttl=50
  307. /routing rip
  308. set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
  309. metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
  310. redistribute-connected=no redistribute-ospf=no redistribute-static=no \
  311. routing-table=main timeout-timer=3m update-timer=30s
  312. /snmp
  313. set contact="" enabled=no engine-id="" location="" trap-generators="" \
  314. trap-target="" trap-version=1
  315. /system clock
  316. set time-zone-name=Asia/Jerusalem
  317. /system clock manual
  318. set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
  319. "jan/01/1970 00:00:00" time-zone=+00:00
  320. /system identity
  321. set name="Router"
  322. /system logging
  323. set 0 action=memory disabled=no prefix=FW topics=firewall
  324. set 1 action=memory disabled=no prefix="" topics=error
  325. set 2 action=memory disabled=no prefix="" topics=warning
  326. set 3 action=memory disabled=no prefix="" topics=critical
  327. /system note
  328. set note="" show-at-login=yes
  329. /system ntp client
  330. set enabled=yes mode=unicast primary-ntp=192.114.62.250 secondary-ntp=\
  331. 192.114.62.250
  332. /system ntp server
  333. set broadcast=no broadcast-addresses="" enabled=yes manycast=yes multicast=no
  334. /system resource irq
  335. set 0 cpu=auto
  336. set 1 cpu=auto
  337. set 2 cpu=auto
  338. /system routerboard settings
  339. set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
  340. 600MHz force-backup-booter=no memory-frequency=225MHz silent-boot=no
  341. /system upgrade mirror
  342. set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
  343. 0.0.0.0 user=""
  344. /system watchdog
  345. set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
  346. none watchdog-timer=yes
  347. /tool bandwidth-server
  348. set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
  349. 100
  350. /tool e-mail
  351. set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
  352. /tool graphing
  353. set page-refresh=300 store-every=5min
  354. /tool mac-server
  355. set [ find default=yes ] disabled=yes interface=all
  356. add disabled=no interface=ether2
  357. add disabled=no interface=ether3
  358. add disabled=no interface=ether4
  359. add disabled=no interface=ether5
  360. add disabled=no interface=ether6
  361. add disabled=no interface=ether7
  362. add disabled=no interface=ether8
  363. add disabled=no interface=ether9
  364. add disabled=no interface=bridge-local
  365. /tool mac-server mac-winbox
  366. set [ find default=yes ] disabled=yes interface=all
  367. add disabled=no interface=ether2
  368. add disabled=no interface=ether3
  369. add disabled=no interface=ether4
  370. add disabled=no interface=ether5
  371. add disabled=no interface=ether6
  372. add disabled=no interface=ether7
  373. add disabled=no interface=ether8
  374. add disabled=no interface=ether9
  375. add disabled=no interface=bridge-local
  376. /tool mac-server ping
  377. set enabled=yes
  378. /tool sms
  379. set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
  380. /tool sniffer
  381. set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
  382. "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
  383. filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
  384. only-headers=no streaming-enabled=no streaming-server=0.0.0.0
  385. /tool traffic-generator
  386. set latency-distribution-scale=10 test-id=0
  387. /tool traffic-monitor
  388. add disabled=yes interface=vpn name=tmon1 on-event="" threshold=0 traffic=\
  389. received trigger=above
  390. /user aaa
  391. set accounting=yes default-group=read exclude-groups="" interim-update=0s \
  392. use-radius=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!