Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > /export compact
- # may/20/2014 20:30:48 by RouterOS 6.6
- # software id = RKFW-9LKQ
- #
- /interface bridge
- add l2mtu=1598 name=bridge1
- /interface ethernet
- set [ find default-name=ether1 ] arp=proxy-arp auto-negotiation=no speed=\
- 1Gbps
- set [ find default-name=ether2 ] arp=proxy-arp master-port=ether1
- set [ find default-name=ether4 ] master-port=ether1
- set [ find default-name=ether6 ] speed=1Gbps
- set [ find default-name=ether9 ] auto-negotiation=no full-duplex=no speed=\
- 10Mbps
- set [ find default-name=ether10 ] auto-negotiation=no speed=10Mbps
- set [ find default-name=ether11 ] mac-address=00:1B:11:4F:E4:E2
- set [ find default-name=ether12 ] auto-negotiation=no full-duplex=no speed=\
- 10Mbps
- /interface pppoe-client
- add comment=Corporate disabled=no interface=ether10 name=pppoe-out1 password=\
- *** use-peer-dns=yes user=***
- /ip neighbor discovery
- set pppoe-out1 comment=Corporate
- /ip pool
- add name=dhcp_pool2 ranges=192.168.3.100-192.168.3.200
- add name=vpn ranges=192.168.0.40-192.168.0.50
- add name=dhcp_pool1 ranges=192.168.0.30-192.168.0.200,192.168.0.254
- add name=dhcp_pool3 ranges=192.192.5.2-192.192.5.200
- /ip dhcp-server
- add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=1d name=\
- ailant
- add address-pool=dhcp_pool3 disabled=no interface=ether5 name=osa
- /port
- set 0 name=serial0
- set 1 name=serial1
- /ppp profile
- set 1 only-one=no
- /system logging action
- set 0 memory-lines=100
- set 1 disk-lines-per-file=100
- set 3 remote=0.0.0.0
- /tool user-manager customer
- add backup-allowed=yes disabled=no login=admin password="" \
- paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
- permissions=owner signup-allowed=no time-zone=-00:00
- /interface bridge port
- add bridge=bridge1 interface=ether1
- add bridge=bridge1 disabled=yes interface=ether5
- /interface l2tp-server server
- set default-profile=default enabled=yes max-mru=1460 max-mtu=1460
- /interface ovpn-server server
- set netmask=29
- /interface pptp-server server
- set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
- yes max-mru=1460 max-mtu=1460
- /ip address
- add address=192.168.0.253/24 comment="default configuration" interface=ether1 \
- network=192.168.0.0
- add address=172.30.5.18/30 interface=ether12 network=172.30.5.16
- add address=213.234.27.36/32 interface=ether12 network=213.234.27.36
- add address=88.87.90.201/32 interface=pppoe-out1 network=88.87.90.201
- add address=172.30.9.254/30 interface=ether8 network=172.30.9.252
- add address=192.168.5.253/24 interface=ether5 network=192.168.5.0
- /ip dhcp-server lease
- add address=192.168.0.130 client-id=1:6:e:9b:d0:c4:78 mac-address=\
- 06:0E:9B:D0:C4:78 server=ailant
- add address=192.168.0.133 always-broadcast=yes mac-address=00:02:B3:0A:A4:45 \
- server=ailant
- add address=192.168.0.205 client-id=1:78:2b:cb:59:3a:1a mac-address=\
- 78:2B:CB:59:3A:1A server=ailant
- add address=192.168.0.170 client-id=1:f8:d1:11:1c:af:4e comment=eduard \
- mac-address=F8:D1:11:1C:AF:4E server=ailant
- add address=192.168.0.203 client-id=1:74:f0:6d:6a:b4:17 comment=\
- "notebook wifi" disabled=yes mac-address=74:F0:6D:6A:B4:17 server=ailant
- add address=192.168.0.202 client-id=1:0:1f:d0:a2:a7:24 comment=my \
- mac-address=00:1F:D0:A2:A7:24 server=ailant
- add address=192.168.0.115 always-broadcast=yes client-id=1:38:60:77:3e:c9:67 \
- comment=irina mac-address=38:60:77:3E:C9:67 server=ailant
- add address=192.168.0.138 client-id=1:0:25:22:db:6a:59 comment=senya \
- mac-address=00:25:22:DB:6A:59 server=ailant
- add address=192.168.0.178 client-id=1:0:21:97:1:c1:ac comment=natasha \
- disabled=yes mac-address=00:21:97:01:C1:AC server=ailant
- add address=192.168.0.131 client-id=1:70:71:bc:9a:f3:43 mac-address=\
- 70:71:BC:9A:F3:43 server=ailant
- add address=192.168.0.202 client-id=1:20:cf:30:77:e9:b0 comment=\
- "notebook lan" disabled=yes mac-address=20:CF:30:77:E9:B0 server=ailant
- add address=192.168.0.203 client-id=1:0:16:eb:c:68:b6 mac-address=\
- 00:16:EB:0C:68:B6 server=ailant
- add address=192.168.0.135 mac-address=00:E0:4C:94:14:C8 server=ailant
- add address=192.168.0.77 client-id=1:20:68:9d:6a:b:9f mac-address=\
- 20:68:9D:6A:0B:9F server=ailant
- add address=192.168.0.20 client-id=1:24:be:5:eb:d2:e6 mac-address=\
- 24:BE:05:EB:D2:E6 server=ailant
- add address=192.168.0.212 client-id=1:0:25:90:7c:a7:ef mac-address=\
- 00:25:90:7C:A7:EF server=ailant
- add address=192.168.0.200 client-id=1:62:f1:6c:85:af:f3 mac-address=\
- 62:F1:6C:85:AF:F3 server=ailant
- add address=192.168.0.242 client-id=1:32:9f:6d:cc:f9:ec mac-address=\
- 32:9F:6D:CC:F9:EC server=ailant
- add address=192.168.0.30 client-id=1:0:24:1d:ec:c:d9 comment=\
- "\EF\EE\E3\F0\E5\E1\ED\FF\EA" mac-address=00:24:1D:EC:0C:D9 server=ailant
- add address=192.168.0.101 client-id=1:0:1c:c0:2a:c8:3e mac-address=\
- 00:1C:C0:2A:C8:3E server=ailant
- add address=192.168.0.22 always-broadcast=yes client-id=1:fc:15:b4:78:c3:ef \
- mac-address=FC:15:B4:78:C3:EF server=ailant
- /ip dhcp-server network
- add address=192.168.0.0/24 boot-file-name=5.1.54/wtware.pxe dns-server=\
- 192.168.0.253,192.168.0.237 domain=ailant.com.ru gateway=192.168.0.253 \
- next-server=192.168.0.242 ntp-server=192.168.0.220 wins-server=\
- 192.168.0.220
- add address=192.168.5.0/24 dns-server=192.168.5.250 gateway=192.168.5.253 \
- ntp-server=192.168.5.250 wins-server=192.168.5.250
- /ip dns
- set allow-remote-requests=yes max-udp-packet-size=512 servers=\
- 88.87.64.6,8.8.8.8,88.87.65.3
- /ip dns static
- add address=192.168.0.2 name=srv-ats.ailant.com.ru
- add address=192.168.0.2 name=srv-ats.ailant.org
- add address=192.168.0.2 name=srv-ats.ailant.su
- add address=192.168.0.217 name=srv-pg.ailant.com.ru
- add address=192.168.0.217 name=srv-pg.ailant.org
- add address=192.168.0.217 name=srv-pg.ailant.su
- add address=192.168.0.220 name=srv-dc.ailant.com.ru
- add address=192.168.0.220 name=srv-dc.ailant.org
- add address=192.168.0.220 name=srv-dc
- add address=192.168.0.220 name=srv-dc.ailant.su
- add address=192.168.0.236 name=srv-mail.ailant.com.ru
- add address=192.168.0.236 name=srv-mail.ailant.org
- add address=192.168.0.236 name=srv-mail.ailant.su
- add address=192.168.0.237 name=srv-bdc.ailant.com.ru
- add address=192.168.0.237 name=srv-bdc.ailant.org
- add address=192.168.0.237 name=srv-bdc.ailant.su
- add address=192.168.0.216 name=srv-web.ailant.com.ru
- add address=192.168.0.216 name=srv-web.ailant.org
- add address=192.168.0.216 name=srv-web.ailant.su
- add address=192.168.0.29 name=store00.ailant.com.ru
- add address=192.168.0.29 name=store00.ailant.org
- add address=192.168.0.29 name=store00.ailant.su
- add address=192.168.0.253 name=proxy.ailant.com.ru
- add address=192.168.0.253 name=proxy.ailant.org
- add address=192.168.0.253 name=proxy.ailant.su
- add address=192.168.0.240 name=ipmi00.ailant.com.ru
- add address=192.168.0.240 name=ipmi00.ailant.org
- add address=192.168.0.240 name=ipmi00.ailant.su
- add address=192.168.0.213 name=ipmi01.ailant.com.ru
- add address=192.168.0.213 name=ipmi01.ailant.org
- add address=192.168.0.213 name=ipmi01.ailant.su
- add address=192.168.0.214 name=kvm00.ailant.com.ru
- add address=192.168.0.214 name=kvm00.ailant.org
- add address=192.168.0.214 name=kvm00.ailant.su
- add address=192.168.0.215 name=srv-1c.ailant.com.ru
- add address=192.168.0.215 name=srv-1c.ailant.org
- add address=192.168.0.215 name=srv-1c.ailant.su
- add address=192.168.0.215 name=1c.ailant.com.ru
- add address=192.168.0.215 name=1c.ailant.org
- add address=192.168.0.215 name=1c.ailant.su
- add address=192.168.0.216 name=web.ailant.com.ru
- add address=192.168.0.216 name=web.ailant.org
- add address=192.168.0.216 name=web.ailant.su
- add address=192.168.0.215 name=1cweb.ailant.com.ru
- add address=192.168.0.215 name=1cweb.ailant.org
- add address=192.168.0.215 name=1cweb.ailant.su
- add address=192.168.0.215 name=1c82.ailant.com.ru
- add address=192.168.0.215 name=1c82.ailant.org
- add address=192.168.0.215 name=1c82.ailant.su
- add address=192.168.0.215 name=1c81.ailant.com.ru
- add address=192.168.0.215 name=1c81.ailant.org
- add address=192.168.0.215 name=1c81.ailant.su
- add address=192.168.0.217 name=pgsql.ailant.com.ru
- add address=192.168.0.217 name=pgsql.ailant.org
- add address=192.168.0.217 name=pgsql.ailant.su
- add address=192.168.0.2 name=ats.ailant.com.ru
- add address=192.168.0.2 name=ats.ailant.org
- add address=192.168.0.2 name=ats.ailant.su
- add address=192.168.0.218 name=srv-class.ailant.com.ru
- add address=192.168.0.218 name=srv-class.ailant.org
- add address=192.168.0.218 name=srv-class.ailant.su
- add address=192.168.0.218 name=kav-update.ailant.com.ru
- add address=192.168.0.218 name=kav-update.ailant.org
- add address=192.168.0.218 name=kav-update.ailant.su
- add address=192.168.0.236 name=smtp.ailant.com.ru
- add address=192.168.0.236 name=smtp.ailant.org
- add address=192.168.0.236 name=smtp.ailant.su
- add address=192.168.0.236 name=pop3.ailant.com.ru
- add address=192.168.0.236 name=pop3.ailant.org
- add address=192.168.0.236 name=pop3.ailant.su
- add address=192.168.0.236 name=imap.ailant.com.ru
- add address=192.168.0.236 name=imap.ailant.org
- add address=192.168.0.236 name=mail.ailant.org
- add address=192.168.0.236 name=mail.ailant.com.ru
- add address=192.168.0.236 name=mail.ailant.su
- add address=192.168.0.236 name=imap.ailant.su
- add address=192.168.0.220 name=ldap01.ailant.com.ru
- add address=192.168.0.220 name=ldap01.ailant.org
- add address=192.168.0.220 name=ldap01.ailant.su
- add address=192.168.0.220 name=ldap02.ailant.com.ru
- add address=192.168.0.220 name=ldap02.ailant.org
- add address=192.168.0.220 name=ldap02.ailant.su
- add address=92.53.112.23 name=nalog.ailant.com.ru
- add address=92.53.112.23 name=nalog.ailant.org
- add address=92.53.112.23 name=nalog.ailant.su
- add address=192.168.0.15 name=prn-fran00
- add address=192.168.0.15 name=prn-fran00.ailant.com.ru
- add address=192.168.0.16 name=prn-trade01
- add address=192.168.0.16 name=prn-trade01.ailant.com.ru
- add address=192.168.0.17 name=prn-trade00
- add address=192.168.0.17 name=prn-trade00.ailant.com.ru
- add address=192.168.0.18 name=prn-store00
- add address=192.168.0.18 name=prn-store00.ailant.com.ru
- add address=192.168.0.19 name=prn-account00
- add address=192.168.0.20 name=prn-as00
- add address=192.168.0.135 name=adm00
- add address=192.168.0.230 name=1cosa
- add address=192.168.0.244 name=arsen
- add address=192.168.0.238 name=testweb1
- add address=192.168.0.239 name=testweb2
- add address=192.168.0.239 name=testweb2.ailant.org
- add address=192.168.0.238 name=testweb1.ailant.com.ru
- add address=192.168.0.238 name=testweb1.ailant.org
- add address=192.168.0.244 name=domosed
- add address=192.168.0.244 name=arsen.ailant.org
- add address=192.168.0.244 name=domosed.ailant.org
- add address=192.168.0.244 name=arsen.ailant.com.ru
- add address=192.168.0.244 name=domosed.ailant.com.ru
- add address=192.168.0.135 name=adm00.ailant.su
- add address=192.168.0.135 name=adm00.ailant.org
- add address=192.168.0.135 name=adm00.ailant.com.ru
- add address=192.168.0.20 name=prn-as00.ailant.com.ru
- add address=192.168.0.216 name=portal.ailant.com.ru
- add address=192.168.0.216 name=portal.ailant.org
- add address=192.168.0.216 name=portal.ailant.su
- add address=192.168.0.216 name=test.ailant.com.ru
- add address=192.168.0.216 name=test.ailant.org
- add address=192.168.0.216 name=test.ailant.su
- add address=95.85.7.210 name=www.ailant.com.ru
- add address=95.85.7.210 name=www.ailant.org
- add address=95.85.7.210 name=www.ailant.su
- add address=192.168.0.219 disabled=yes name=newmail
- add address=192.168.0.239 name=testweb2.ailant.com.ru
- add address=192.168.0.219 disabled=yes name=newmail.ailant.org
- add address=192.168.0.219 disabled=yes name=newmail.ailant.com.ru
- add address=192.168.0.241 name=srv-xen01.ailant.com.ru
- add address=192.168.0.241 name=srv-xen01.ailant.su
- add address=192.168.0.241 name=srv-xen01.ailant.org
- add address=192.168.0.241 name=srv-xen01
- /ip firewall address-list
- add address=192.168.0.203 list=sip
- add address=87.106.167.103 list=spam
- add address=217.199.163.68 list=spam
- add address=196.22.98.42 list=spam
- add address=162.243.37.139 list=spam
- /ip firewall connection tracking
- set tcp-established-timeout=1h
- /ip firewall filter
- add chain=forward src-address=192.168.5.250
- add chain=output src-address=192.168.5.250
- add chain=input src-address=192.168.5.250
- add chain=forward src-address=192.168.5.250
- add action=drop chain=forward disabled=yes layer7-protocol=test
- add chain=forward protocol=gre
- add chain=forward dst-port=30000-65535 protocol=udp
- add chain=input connection-state=related
- add action=drop chain=forward disabled=yes dst-address=192.168.0.0/24 \
- src-address=192.168.0.170
- add chain=forward dst-address=192.168.0.0/23 src-address=192.168.3.0/24
- add action=add-src-to-address-list address-list=sip chain=forward dst-port=\
- 5060 protocol=udp
- add action=drop chain=input comment="Drop invalid connection packets" \
- connection-state=invalid
- add chain=forward comment="Allow related connections" connection-state=\
- related
- add chain=input comment="Allow established connections" connection-state=\
- established
- add chain=input comment="Allow related connections" connection-state=related
- add chain=input comment="Allow UDP" protocol=udp
- add chain=input comment="Allow ICMP Ping" protocol=icmp
- add action=drop chain=forward comment="Drop invalid connection packets" \
- connection-state=invalid disabled=yes
- add chain=forward comment="Allow established connections" connection-state=\
- established
- add chain=forward comment="Allow UDP" protocol=udp
- add chain=forward comment="Allow ICMP Ping" protocol=icmp
- add chain=forward protocol=gre
- add chain=input protocol=gre
- add chain=output protocol=gre
- add chain=forward dst-port=1723 protocol=tcp
- add chain=output dst-port=1723 protocol=tcp
- add chain=input dst-port=1723 protocol=tcp
- add chain=forward dst-port=1723 protocol=udp
- add chain=forward dst-address=192.168.0.236 dst-port=\
- 20-21,25,110,143,225,993,465,80,1143,1993,1495 in-interface=pppoe-out1 \
- protocol=tcp
- add chain=forward comment="for new mail-server" dst-address=192.168.0.236 \
- in-interface=pppoe-out1 protocol=tcp src-port=25
- add chain=forward comment=#3 dst-address=192.168.0.236 dst-port=\
- 25,110,143,225,993,465,80,1143,1993,1465 in-interface=ether12 protocol=\
- tcp
- add action=add-src-to-address-list address-list=spammer address-list-timeout=\
- 2d chain=forward comment="\C1\EB\F3\EA\E8\F0\F3\E5\EC 25 \EF\EE\F0\F2 \EA\
- \F0\EE\EC\E5 \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0" dst-port=\
- 25 in-interface=ether1 protocol=tcp src-address=!192.168.0.236 \
- src-address-list=!spammer
- add action=drop chain=forward comment="\C1\EB\EE\EA\E8\F0\F3\E5\EC 25 \EF\EE\
- \F0\F2 \EA\F0\EE\EC\E5 \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0" \
- disabled=yes dst-port=25 in-interface=ether1 protocol=tcp src-address=\
- !192.168.0.236 src-address-list=""
- add action=drop chain=input comment=\
- "\C7\E0\EA\F0\FB\E2\E0\E5\EC \EB\E8\F8\ED\E5\E5" dst-port=2000 \
- in-interface=!ether1 protocol=tcp
- add action=drop chain=input comment=\
- "\C7\E0\EA\F0\FB\E2\E0\E5\EC \EB\E8\F8\ED\E5\E5" disabled=yes dst-port=\
- 8080 in-interface=!ether1 protocol=tcp
- add action=drop chain=input dst-port=221-223 in-interface=!ether1 protocol=\
- tcp
- add action=drop chain=input dst-port=83 in-interface=!ether1 protocol=tcp
- add action=drop chain=input dst-port=2000 in-interface=!ether1 protocol=udp
- add action=drop chain=input dst-port=221-223 in-interface=!ether1 protocol=\
- udp
- add action=drop chain=input dst-port=83 in-interface=!ether1 protocol=udp
- /ip firewall mangle
- add chain=output comment=accept-proxy disabled=yes dscp=4
- add action=mark-routing chain=prerouting dst-port=3389 new-routing-mark=\
- to_rezerv protocol=tcp src-address=192.168.0.242
- add action=mark-routing chain=prerouting new-routing-mark=to_private \
- src-address=192.168.0.218
- add action=mark-routing chain=prerouting new-routing-mark=to_private \
- src-address=192.168.0.82
- add action=mark-routing chain=prerouting new-routing-mark=to_private \
- src-address=192.168.0.74
- add action=mark-routing chain=prerouting new-routing-mark=to_private \
- src-address=192.168.0.138
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
- to_private src-address=192.168.3.0/24
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
- to_private src-address=192.168.5.0/24
- add action=mark-routing chain=prerouting disabled=yes dst-port=\
- 80,25,465,143,993 new-routing-mark=to_corporate protocol=tcp src-address=\
- 192.168.0.253
- add action=mark-routing chain=prerouting comment="for- new mail-server" \
- disabled=yes dst-port=25,465,143,993 new-routing-mark=to_corporate \
- protocol=tcp src-address=192.168.0.236
- add action=mark-routing chain=prerouting disabled=yes dst-port=80,5000 \
- new-routing-mark=to_rezerv protocol=tcp src-address=192.168.0.0/24
- add action=mark-routing chain=prerouting disabled=yes dst-port=\
- 80,5000,1755,8081 new-routing-mark=to_private protocol=tcp src-address=\
- 192.168.0.0/24
- add action=mark-routing chain=prerouting disabled=yes dst-port=500,10000,4500 \
- new-routing-mark=to_rezerv protocol=udp src-address=192.168.0.0/24
- add action=mark-routing chain=prerouting comment=ICQ disabled=yes dst-port=\
- 443,5190 new-routing-mark=to_rezerv protocol=tcp src-address=\
- 192.168.0.0/24
- add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
- to_corporate src-address=192.168.0.5-192.168.0.199
- add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
- to_corporate src-address=192.168.3.250
- add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
- to_corporate src-address=192.168.0.210-192.168.0.220
- add action=mark-routing chain=prerouting comment=ICQ disabled=yes \
- new-routing-mark=to_corporate src-address=192.168.0.230-192.168.0.251
- add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
- to_rezerv src-address=192.168.0.1-192.168.0.199
- add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=osa \
- src-address=192.168.5.1-192.168.5.254
- add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn \
- tcp-mss=1453-65535
- add action=mark-routing chain=prerouting disabled=yes dst-port=3389 \
- new-routing-mark=to_corporate protocol=tcp src-address=192.168.0.200
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.203
- add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
- src-address=192.168.0.202
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.202
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=osa \
- src-address=192.168.0.202
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.78
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.131
- add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
- src-address=192.168.0.150
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.77
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.131
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.88
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.39
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.145
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.83
- add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
- src-address=192.168.0.2
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.2
- add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
- src-address=192.168.0.236
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.236
- add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
- src-address=192.168.0.216
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.216
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
- to_corporate src-address=192.168.0.32
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.68
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
- to_corporate src-address=192.168.0.242
- add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
- src-address=192.168.0.138
- add action=mark-routing chain=prerouting disabled=yes dst-port=3389 \
- new-routing-mark=clients protocol=tcp src-address=192.168.0.51
- add action=mark-routing chain=prerouting connection-mark=ertelecom disabled=\
- yes new-routing-mark=to_corporate
- add action=mark-routing chain=prerouting connection-mark=svyaz disabled=yes \
- new-routing-mark=to_rezerv
- add action=mark-connection chain=forward in-interface=ether12 \
- new-connection-mark=svyazinform
- add action=mark-connection chain=forward in-interface=pppoe-out1 \
- new-connection-mark=ertelecom
- /ip firewall nat
- add action=masquerade chain=srcnat disabled=yes src-address=192.168.3.0/24
- add action=masquerade chain=srcnat src-address=192.168.5.0/24
- add action=dst-nat chain=dstnat disabled=yes protocol=gre to-addresses=\
- 192.168.0.200
- add action=masquerade chain=srcnat comment=NAT src-address=192.168.5.0/24
- add action=masquerade chain=srcnat comment=NAT src-address=192.168.0.0/24
- add action=masquerade chain=srcnat comment=NAT src-address=192.168.199.0/24
- add action=dst-nat chain=dstnat comment=MAIL dst-port=4190 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.236 to-ports=4190
- add action=dst-nat chain=dstnat dst-port=4190 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=4190
- add action=dst-nat chain=dstnat dst-port=25 in-interface=ether12 protocol=tcp \
- to-addresses=192.168.0.236
- add action=dst-nat chain=dstnat dst-port=25 in-interface=pppoe-out1 protocol=\
- tcp to-addresses=192.168.0.236
- add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=\
- tcp to-addresses=192.168.0.216
- add action=dst-nat chain=dstnat disabled=yes dst-port=21 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.238
- add action=dst-nat chain=dstnat dst-port=88 in-interface=pppoe-out1 protocol=\
- tcp to-addresses=192.168.0.238 to-ports=88
- add action=dst-nat chain=dstnat dst-port=80 in-interface=ether12 protocol=tcp \
- to-addresses=192.168.0.216
- add action=dst-nat chain=dstnat dst-port=143 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=143
- add action=dst-nat chain=dstnat dst-port=995 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=995
- add action=dst-nat chain=dstnat dst-port=110 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=110
- add action=dst-nat chain=dstnat dst-port=143 in-interface=pppoe-out1 \
- protocol=tcp to-addresses=192.168.0.236 to-ports=143
- add action=dst-nat chain=dstnat dst-port=995 in-interface=pppoe-out1 \
- protocol=tcp to-addresses=192.168.0.236 to-ports=995
- add action=dst-nat chain=dstnat dst-port=110 in-interface=pppoe-out1 \
- protocol=tcp to-addresses=192.168.0.236 to-ports=110
- add action=dst-nat chain=dstnat dst-port=465 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=465
- add action=dst-nat chain=dstnat dst-port=465 in-interface=pppoe-out1 \
- protocol=tcp to-addresses=192.168.0.236 to-ports=465
- add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out1 protocol=\
- tcp to-addresses=192.168.0.220 to-ports=22
- add action=dst-nat chain=dstnat disabled=yes dst-port=1540 in-interface=\
- ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
- to-ports=1540
- add action=dst-nat chain=dstnat disabled=yes dst-port=1561 in-interface=\
- ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
- to-ports=1561
- add action=dst-nat chain=dstnat disabled=yes dst-port=1560 in-interface=\
- ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
- to-ports=1560
- add action=dst-nat chain=dstnat disabled=yes dst-port=1542 in-interface=\
- ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
- to-ports=1542
- add action=dst-nat chain=dstnat disabled=yes dst-port=1541 in-interface=\
- ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
- to-ports=1541
- add action=dst-nat chain=dstnat dst-port=993 in-interface=ether12 protocol=\
- tcp to-addresses=192.168.0.236 to-ports=993
- add action=dst-nat chain=dstnat dst-port=993 in-interface=pppoe-out1 \
- protocol=tcp to-addresses=192.168.0.236 to-ports=993
- add action=dst-nat chain=dstnat disabled=yes dst-port=2222 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.203 to-ports=22
- add action=dst-nat chain=dstnat disabled=yes dst-port=2223 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.203 to-ports=80
- add action=dst-nat chain=dstnat disabled=yes dst-port=161 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=161
- add action=dst-nat chain=dstnat disabled=yes dst-port=161 in-interface=\
- ether12 protocol=tcp to-addresses=192.168.0.2 to-ports=161
- add action=dst-nat chain=dstnat disabled=yes dst-port=162 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=162
- add action=dst-nat chain=dstnat disabled=yes dst-port=162 in-interface=\
- ether12 protocol=tcp to-addresses=192.168.0.2 to-ports=162
- add action=dst-nat chain=dstnat disabled=yes dst-port=22222 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=22222
- add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" dst-port=5060 \
- in-interface=pppoe-out1 protocol=udp src-address=212.220.0.132 \
- to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" dst-port=5060 \
- in-interface=pppoe-out1 protocol=udp src-address=195.242.217.26 \
- to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat comment="yellow pages" dst-port=5060 \
- in-interface=pppoe-out1 protocol=udp src-address=213.219.249.28 \
- to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" disabled=yes \
- dst-port=1747 in-interface=pppoe-out1 protocol=udp src-address=\
- 46.255.96.79 to-addresses=192.168.0.2 to-ports=1747
- add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
- protocol=tcp src-address=176.58.113.88 to-addresses=192.168.0.203 \
- to-ports=10050
- add action=dst-nat chain=dstnat dst-port=5060 in-interface=pppoe-out1 \
- protocol=udp src-address=91.221.49.238 to-addresses=192.168.0.2 to-ports=\
- 5060
- add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
- protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.203 \
- to-ports=10050
- add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
- protocol=tcp src-address=212.119.203.2 to-addresses=192.168.0.203 \
- to-ports=10050
- add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
- protocol=tcp src-address=212.119.203.2 to-addresses=192.168.0.203 \
- to-ports=10051
- add action=dst-nat chain=dstnat disabled=yes dst-port=10000-20000 \
- in-interface=pppoe-out1 protocol=udp src-address=89.249.227.74 \
- to-addresses=192.168.0.2 to-ports=10000-20000
- add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
- protocol=tcp src-address=95.85.7.210 to-addresses=192.168.0.203 to-ports=\
- 10050
- add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
- protocol=tcp src-address=88.87.95.191 to-addresses=192.168.0.203 \
- to-ports=10050
- add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
- protocol=tcp src-address=176.58.113.88 to-addresses=192.168.0.203 \
- to-ports=10051
- add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
- protocol=tcp src-address=162.242.147.13 to-addresses=192.168.0.203 \
- to-ports=10051
- add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
- protocol=tcp src-address=88.87.95.191 to-addresses=192.168.0.203 \
- to-ports=10051
- add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
- protocol=tcp src-address=95.85.7.210 to-addresses=192.168.0.203 to-ports=\
- 10051
- add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether12 protocol=\
- udp src-address=212.220.0.132 to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat dst-port=5060 in-interface=pppoe-out1 \
- protocol=udp src-address=91.202.77.27 to-addresses=192.168.0.2 to-ports=\
- 5060
- add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether12 protocol=\
- udp src-address=91.202.77.27 to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface=\
- ether12 protocol=udp to-addresses=192.168.0.2 to-ports=5060
- add action=dst-nat chain=dstnat dst-port=9000-9300 in-interface=pppoe-out1 \
- protocol=udp to-addresses=192.168.0.2 to-ports=9000-9300
- add action=dst-nat chain=dstnat dst-port=9000-9300 in-interface=ether12 \
- protocol=udp to-addresses=192.168.0.2 to-ports=9000-9300
- add action=dst-nat chain=dstnat comment="AGAT ENDED" disabled=yes \
- dst-address=88.87.90.201 dst-port=81 protocol=tcp to-addresses=\
- 192.168.0.236 to-ports=80
- add action=dst-nat chain=dstnat comment="\F0\E4\EF \EC\EE\E9" dst-address=\
- 88.87.90.201 dst-port=12345 protocol=tcp to-addresses=192.168.0.202 \
- to-ports=3389
- add action=dst-nat chain=dstnat comment="\F0\E4\EF \EC\EE\E9" dst-address=\
- 88.87.90.201 dst-port=54321 protocol=tcp to-addresses=192.168.0.254 \
- to-ports=3389
- add action=dst-nat chain=dstnat comment=clients dst-address=88.87.90.201 \
- dst-port=3389 protocol=tcp to-addresses=192.168.0.200 to-ports=3389
- add action=dst-nat chain=dstnat comment=srv-class01 dst-port=33389 \
- in-interface=!ether1 protocol=tcp to-addresses=192.168.0.242 to-ports=\
- 3389
- add action=dst-nat chain=dstnat comment="\F3\E2\E0\F0\EE\E2\E0" dst-port=5001 \
- in-interface=!ether1 protocol=tcp to-addresses=192.168.0.32 to-ports=3389
- add action=dst-nat chain=dstnat comment="\EF\EE\E3\F0\E5\E1\ED\FF\EA" \
- dst-port=5002 in-interface=!ether1 protocol=tcp to-addresses=192.168.0.30 \
- to-ports=3389
- add action=dst-nat chain=dstnat comment="\EC\EE\F0\EE\E7\EE\E2\E0" dst-port=\
- 1234 in-interface=!ether1 protocol=tcp to-addresses=192.168.0.115 \
- to-ports=3389
- add action=dst-nat chain=dstnat comment=ASolodkov dst-port=5500 in-interface=\
- !ether1 protocol=tcp to-addresses=192.168.0.109 to-ports=3389
- /ip firewall service-port
- set sip ports=5060,5061,15060
- /ip proxy
- set enabled=yes max-cache-size=none parent-proxy=0.0.0.0
- /ip route
- add check-gateway=ping comment=GW_3 distance=1 gateway=172.30.5.17 \
- routing-mark=to_rezerv target-scope=30
- add check-gateway=ping comment=GW_3 distance=1 gateway=172.30.9.253 \
- routing-mark=osa target-scope=30
- add disabled=yes distance=1 dst-address=192.168.0.4/32 gateway=192.168.0.11 \
- routing-mark=clients
- add comment=GW_2 distance=1 gateway=pppoe-out1 target-scope=30
- add disabled=yes distance=1 dst-address=192.168.5.0/24 gateway=192.168.0.253 \
- scope=10
- /ip service
- set telnet address=192.168.0.0/23 port=223
- set ftp address=192.168.0.0/23 port=221
- set www address=192.168.0.0/23 port=83
- set ssh address=192.168.0.0/23 port=222
- set www-ssl address=192.168.0.0/23 disabled=no
- set api address=192.168.0.0/23
- set winbox address=192.168.0.0/23
- /ip smb
- set enabled=yes interfaces=ether1
- /ip smb shares
- add directory=/ name=share1
- add directory=/micro-sd1 name=share2
- /ppp profile
- set 0 bridge="(unknown)" change-tcp-mss=no only-one=no
- /ppp secret
- /queue interface
- set ether12 queue=ethernet-default
- set ether13 queue=ethernet-default
- set ether11 queue=ethernet-default
- set ether6 queue=ethernet-default
- set ether7 queue=ethernet-default
- set ether8 queue=ethernet-default
- set ether9 queue=ethernet-default
- set ether10 queue=ethernet-default
- set ether1 queue=ethernet-default
- set ether2 queue=ethernet-default
- set ether3 queue=ethernet-default
- set ether4 queue=ethernet-default
- set ether5 queue=ethernet-default
- /system clock manual
- set time-zone=+04:00
- /system health
- set use-fan=auxiliary
- /system ntp client
- set enabled=yes primary-ntp=62.149.0.30
- /system script
- add name=sendmailspamer policy=\
- ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
- source="local item;\r\
- \nlocal spam;\r\
- \n:foreach i in=[/ip firewall address-list find list=spammer ] do={\r\
- \n:set item ([/ip firewall address-list get \\\$i address]);\r\
- \n:set text (\\\$text . \\\$item); \
- \_ \r\
- \n:set text (\\\$text . \\\"\\\\n\\\"); \r\
- \n:set spam 1; \
- \_ \r\
- \n}; \
- \_ \r\
- \n:if (\\\$spam = 1) do {\\r\\ \
- \_ \r\
- \n\\n/tool e-mail send body=\\\"\\\$text\\\" to=\\\"admin@ailant.org\\\" s\
- ubject=\\\"ALERT Mikrotik spammer or virus list\\\"; \\n}\""
- /tool graphing interface
- add
- /tool sniffer
- set filter-interface=bridge1 filter-ip-address=83.220.163.62/32 \
- filter-stream=yes streaming-enabled=yes
- [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement