Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jan/01/2002 15:12:03 by RouterOS 5.20
- # software id = FGS6-IMGC
- #
- /interface bridge
- add admin-mac=D4:CA:6D:2C:DE:67 ageing-time=5m arp=enabled auto-mac=no \
- disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
- name=bridge-local priority=0x8000 protocol-mode=none transmit-hold-count=\
- 6
- /interface l2tp-server
- add disabled=no name=l2tp-in1 user=""
- /interface ethernet switch
- set 0 mirror-source=none mirror-target=none name=switch1
- set 1 mirror-source=none mirror-target=none name=switch2
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
- lifetime=30m name=default pfs-group=modp1024
- /ip pool
- add name=dhcp_pool1 ranges=10.0.0.1-10.0.0.50
- /ip dhcp-server
- add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
- static disabled=no interface=bridge-local lease-time=3d name="LAN"
- /ppp profile
- set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
- default use-encryption=default use-mpls=default use-vj-compression=\
- default
- add bridge=bridge-local change-tcp-mss=default name=Inc-VPN only-one=default \
- use-compression=default use-encryption=default use-mpls=default \
- use-vj-compression=default
- set 2 change-tcp-mss=yes name=default-encryption only-one=default \
- use-compression=default use-encryption=yes use-mpls=default \
- use-vj-compression=default
- /interface l2tp-client
- add add-default-route=yes allow=pap,chap connect-to=ISP-Address \
- dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 mrru=disabled \
- name=vpn password=PASS profile=default-encryption user=USER
- /queue type
- set 0 kind=pfifo name=default pfifo-limit=50
- set 1 kind=pfifo name=ethernet-default pfifo-limit=50
- set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
- set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
- red-limit=60 red-max-threshold=50 red-min-threshold=10
- set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
- set 5 kind=none name=only-hardware-queue
- set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
- set 7 kind=pfifo name=default-small pfifo-limit=10
- /routing bgp instance
- set default as=65530 client-to-client-reflection=yes disabled=no \
- ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
- no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
- redistribute-static=no router-id=0.0.0.0 routing-table=""
- /routing ospf instance
- set [ find default=yes ] disabled=no distribute-default=never in-filter=\
- ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
- metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
- out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
- redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
- router-id=0.0.0.0
- /routing ospf area
- set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
- backbone type=default
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
- authentication-protocol=MD5 encryption-password="" encryption-protocol=\
- DES name=public read-access=yes security=none write-access=no
- /system logging action
- set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
- set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
- disk-stop-on-full=no name=disk target=disk
- set 2 name=echo remember=yes target=echo
- set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
- syslog-facility=daemon syslog-severity=auto target=remote
- /tool user-manager customer
- add backup-allowed=yes disabled=no login=admin password="" \
- paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
- permissions=owner signup-allowed=no time-zone=-00:00
- /tool user-manager profile
- add name=test name-for-users="" override-shared-users=off owner=admin price=0 \
- starts-at=logon validity=0s
- /user group
- set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
- eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
- set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
- ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
- set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
- winbox,password,web,sniff,sensitive,api" skin=default
- /interface bridge port
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether2 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether3 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether4 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether5 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether1 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether9 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether7 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether8 path-cost=10 point-to-point=auto priority=0x80
- add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
- interface=ether6 path-cost=10 point-to-point=auto priority=0x80
- /interface bridge settings
- set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
- use-ip-firewall-for-vlan=yes
- /interface ethernet switch port
- set 0 vlan-header=leave-as-is vlan-mode=disabled
- set 1 vlan-header=leave-as-is vlan-mode=disabled
- set 2 vlan-header=leave-as-is vlan-mode=disabled
- set 3 vlan-header=leave-as-is vlan-mode=disabled
- set 4 vlan-header=leave-as-is vlan-mode=disabled
- set 5 vlan-header=leave-as-is vlan-mode=disabled
- set 6 vlan-header=leave-as-is vlan-mode=disabled
- set 7 vlan-header=leave-as-is vlan-mode=disabled
- set 8 vlan-header=leave-as-is vlan-mode=disabled
- set 9 vlan-header=leave-as-is vlan-mode=disabled
- set 10 vlan-header=leave-as-is vlan-mode=disabled
- set 11 vlan-header=leave-as-is vlan-mode=disabled
- /interface l2tp-server server
- set authentication=pap,chap,mschap1,mschap2 default-profile=\
- default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
- /interface ovpn-server server
- set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
- default enabled=no keepalive-timeout=60 mac-address=FE:42:1E:F3:19:99 \
- max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
- /interface pptp-server server
- set authentication=chap,mschap1,mschap2 enabled=yes keepalive-timeout=30 \
- max-mru=1460 max-mtu=1460 mrru=disabled
- /interface sstp-server server
- set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
- default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
- disabled port=443 verify-client-certificate=no
- /ip accounting
- set account-local-traffic=no enabled=no threshold=256
- /ip accounting web-access
- set accessible-via-web=no address=0.0.0.0/0
- /ip address
- add address=10.0.0.254/24 comment=LAN disabled=no interface=bridge-local \
- network=10.0.0.0
- add address=XXXXXXXXXX200/32 comment="Virtual IP WAN" disabled=no \
- interface=vpn network=XXXXXXXXXX200
- add address=XXXXXXXXXX202/32 disabled=no interface=vpn network=\
- XXXXXXXXXX202
- add address=XXXXXXXXXX201/32 disabled=no interface=vpn network=\
- XXXXXXXXXX201
- add address=XXXXXXXXXX203/32 disabled=no interface=vpn network=\
- XXXXXXXXXX203
- /ip dhcp-client
- add add-default-route=yes comment="default configuration" \
- default-route-distance=1 disabled=no interface=ether1 use-peer-dns=yes \
- use-peer-ntp=yes
- add add-default-route=yes default-route-distance=0 disabled=no interface=WAN \
- use-peer-dns=yes use-peer-ntp=yes
- /ip dhcp-server config
- set store-leases-disk=5m
- /ip dhcp-server lease
- add address=10.0.0.251 client-id="Linksys AP" disabled=no mac-address=\
- 54:E6:FC:B4:C9:46
- add address=10.0.0.1 client-id=1:0:1f:c6:44:db:62 disabled=no mac-address=\
- 00:1F:C6:44:DB:62
- add address=10.0.0.10 client-id=1:0:1f:d0:26:d5:98 disabled=no mac-address=\
- 00:1F:D0:26:D5:98
- add address=10.0.0.14 client-id=1:0:1:6c:91:f9:94 disabled=no mac-address=\
- 00:01:6C:91:F9:94
- add address=10.0.0.20 disabled=no mac-address=98:4B:E1:FE:B8:25 use-src-mac=\
- yes
- /ip dhcp-server network
- add address=10.0.0.0/24 dhcp-option="" dns-server=8.8.8.8,8.8.4.4 domain=\
- LAN gateway=10.0.0.254 ntp-server="" wins-server=""
- /ip dns
- set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
- max-udp-packet-size=4096 servers=8.8.8.8
- /ip dns static
- add address=192.168.88.1 disabled=no name=router ttl=1d
- /ip firewall connection tracking
- set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
- tcp-close-wait-timeout=10s tcp-established-timeout=1d \
- tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
- tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
- tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
- /ip firewall filter
- add action=log chain=input disabled=yes in-interface=vpn log-prefix="" \
- protocol=icmp
- add action=drop chain=input disabled=no dst-port=22 in-interface=vpn \
- protocol=tcp
- add action=accept chain=input disabled=no dst-port=1723 in-interface=vpn \
- protocol=tcp
- add action=accept chain=input disabled=no in-interface=vpn protocol=gre
- add action=accept chain=output disabled=no
- add action=accept chain=input disabled=yes dst-port=80 protocol=tcp
- add action=drop chain=input disabled=no in-interface=vpn
- add action=accept chain=input disabled=no in-interface=vpn protocol=icmp
- add action=accept chain=input disabled=no
- /ip firewall mangle
- add action=mark-routing chain=prerouting disabled=no new-routing-mark=vpn \
- passthrough=yes src-address=10.0.0.0/24
- /ip firewall nat
- add action=dst-nat chain=dstnat disabled=yes dst-address-type=local protocol=\
- tcp to-addresses=10.0.0.254
- add action=netmap chain=dstnat comment="NAT TO Shahar LAP 202" disabled=yes \
- dst-address=XXXXXXXXXX202 to-addresses=10.0.0.48
- add action=netmap chain=srcnat comment="NAT TO Shahar LAP 202" disabled=yes \
- src-address=10.0.0.48 to-addresses=XXXXXXXXXX202
- add action=masquerade chain=srcnat disabled=no src-address=10.0.0.0/24
- add action=netmap chain=dstnat disabled=yes dst-address=XXXXXXXXXX200 \
- to-addresses=10.0.0.0/24
- /ip firewall service-port
- set ftp disabled=no ports=21
- set tftp disabled=no ports=69
- set irc disabled=no ports=6667
- set h323 disabled=no
- set sip disabled=no ports=5060,5061 sip-direct-media=yes
- set pptp disabled=no
- /ip neighbor discovery
- set ether1 disabled=yes
- set ether2 disabled=no
- set ether3 disabled=no
- set ether4 disabled=no
- set ether5 disabled=no
- set ether6 disabled=no
- set ether7 disabled=no
- set ether8 disabled=no
- set ether9 disabled=no
- set WAN disabled=no
- set bridge-local disabled=no
- set vpn disabled=yes
- set l2tp-in1 disabled=yes
- /ip proxy
- set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
- cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
- 600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
- parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
- 0.0.0.0
- /ip route
- add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=vpn routing-mark=vpn \
- scope=10 target-scope=10
- add disabled=no distance=1 dst-address=0.0.0.0/1 gateway=vpn scope=30 \
- target-scope=10
- add disabled=no distance=1 dst-address=10.0.0.0/24 gateway=bridge-local \
- scope=30 target-scope=10
- add disabled=no distance=1 dst-address=128.0.0.0/1 gateway=vpn scope=30 \
- target-scope=10
- add disabled=no distance=1 dst-address=192.168.0.0/24 gateway="(unknown)" \
- scope=30 target-scope=10
- add disabled=no distance=1 dst-address=ISP-GATEWAY/32 gateway=WAN scope=\
- 30 target-scope=10
- /ip service
- set telnet address="" disabled=no port=23
- set ftp address="" disabled=no port=21
- set www address="" disabled=no port=80
- set ssh address="" disabled=no port=22
- set www-ssl address="" certificate=none disabled=yes port=443
- set api address="" disabled=yes port=8728
- set winbox address="" disabled=no port=8291
- /ip smb
- set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
- all
- /ip smb shares
- set [ find default=yes ] comment="default share" directory=/pub disabled=no \
- max-sessions=10 name=pub
- /ip smb users
- set [ find default=yes ] disabled=no name=guest password="" read-only=yes
- /ip socks
- set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
- /ip traffic-flow
- set active-flow-timeout=30m cache-entries=4k enabled=no \
- inactive-flow-timeout=15s interfaces=all
- /ip upnp
- set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
- /lcd
- set backlight-timeout=30m enabled=no
- /metarouter interface
- add disabled=no static-interface=bridge-local type=static vm-mac-address=\
- 02:64:88:54:D7:78
- /port firmware
- set directory=firmware ignore-directip-modem=no
- /ppp aaa
- set accounting=yes interim-update=0s use-radius=no
- /ppp secret
- add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
- local-address=10.0.0.71 name=shahar password=testing profile=Inc-VPN \
- remote-address=10.0.0.70 routes="" service=any
- /queue interface
- set ether1 queue=only-hardware-queue
- set ether2 queue=only-hardware-queue
- set ether3 queue=only-hardware-queue
- set ether4 queue=only-hardware-queue
- set ether5 queue=only-hardware-queue
- set ether6 queue=only-hardware-queue
- set ether7 queue=only-hardware-queue
- set ether8 queue=only-hardware-queue
- set ether9 queue=only-hardware-queue
- set WAN queue=only-hardware-queue
- /radius incoming
- set accept=no port=3799
- /routing bfd interface
- set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
- multiplier=5
- /routing mme
- set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
- gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
- 0.0.0.0 timeout=1m ttl=50
- /routing rip
- set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
- metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
- redistribute-connected=no redistribute-ospf=no redistribute-static=no \
- routing-table=main timeout-timer=3m update-timer=30s
- /snmp
- set contact="" enabled=no engine-id="" location="" trap-generators="" \
- trap-target="" trap-version=1
- /system clock
- set time-zone-name=Asia/Jerusalem
- /system clock manual
- set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
- "jan/01/1970 00:00:00" time-zone=+00:00
- /system identity
- set name="Router"
- /system logging
- set 0 action=memory disabled=no prefix=FW topics=firewall
- set 1 action=memory disabled=no prefix="" topics=error
- set 2 action=memory disabled=no prefix="" topics=warning
- set 3 action=memory disabled=no prefix="" topics=critical
- /system note
- set note="" show-at-login=yes
- /system ntp client
- set enabled=yes mode=unicast primary-ntp=192.114.62.250 secondary-ntp=\
- 192.114.62.250
- /system ntp server
- set broadcast=no broadcast-addresses="" enabled=yes manycast=yes multicast=no
- /system resource irq
- set 0 cpu=auto
- set 1 cpu=auto
- set 2 cpu=auto
- /system routerboard settings
- set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
- 600MHz force-backup-booter=no memory-frequency=225MHz silent-boot=no
- /system upgrade mirror
- set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
- 0.0.0.0 user=""
- /system watchdog
- set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
- none watchdog-timer=yes
- /tool bandwidth-server
- set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
- 100
- /tool e-mail
- set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
- /tool graphing
- set page-refresh=300 store-every=5min
- /tool mac-server
- set [ find default=yes ] disabled=yes interface=all
- add disabled=no interface=ether2
- add disabled=no interface=ether3
- add disabled=no interface=ether4
- add disabled=no interface=ether5
- add disabled=no interface=ether6
- add disabled=no interface=ether7
- add disabled=no interface=ether8
- add disabled=no interface=ether9
- add disabled=no interface=bridge-local
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes interface=all
- add disabled=no interface=ether2
- add disabled=no interface=ether3
- add disabled=no interface=ether4
- add disabled=no interface=ether5
- add disabled=no interface=ether6
- add disabled=no interface=ether7
- add disabled=no interface=ether8
- add disabled=no interface=ether9
- add disabled=no interface=bridge-local
- /tool mac-server ping
- set enabled=yes
- /tool sms
- set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
- /tool sniffer
- set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
- "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
- filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
- only-headers=no streaming-enabled=no streaming-server=0.0.0.0
- /tool traffic-generator
- set latency-distribution-scale=10 test-id=0
- /tool traffic-monitor
- add disabled=yes interface=vpn name=tmon1 on-event="" threshold=0 traffic=\
- received trigger=above
- /user aaa
- set accounting=yes default-group=read exclude-groups="" interim-update=0s \
- use-radius=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement