API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 20th, 2014
419
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.76 KB | None | 0 0
raw download clone embed print report
  1. [admin@MikroTik] > /export compact
  2. # may/20/2014 20:30:48 by RouterOS 6.6
  3. # software id = RKFW-9LKQ
  4. #
  5. /interface bridge
  6. add l2mtu=1598 name=bridge1
  7. /interface ethernet
  8. set [ find default-name=ether1 ] arp=proxy-arp auto-negotiation=no speed=\
  9. 1Gbps
  10. set [ find default-name=ether2 ] arp=proxy-arp master-port=ether1
  11. set [ find default-name=ether4 ] master-port=ether1
  12. set [ find default-name=ether6 ] speed=1Gbps
  13. set [ find default-name=ether9 ] auto-negotiation=no full-duplex=no speed=\
  14. 10Mbps
  15. set [ find default-name=ether10 ] auto-negotiation=no speed=10Mbps
  16. set [ find default-name=ether11 ] mac-address=00:1B:11:4F:E4:E2
  17. set [ find default-name=ether12 ] auto-negotiation=no full-duplex=no speed=\
  18. 10Mbps
  19. /interface pppoe-client
  20. add comment=Corporate disabled=no interface=ether10 name=pppoe-out1 password=\
  21. *** use-peer-dns=yes user=***
  22. /ip neighbor discovery
  23. set pppoe-out1 comment=Corporate
  24. /ip pool
  25. add name=dhcp_pool2 ranges=192.168.3.100-192.168.3.200
  26. add name=vpn ranges=192.168.0.40-192.168.0.50
  27. add name=dhcp_pool1 ranges=192.168.0.30-192.168.0.200,192.168.0.254
  28. add name=dhcp_pool3 ranges=192.192.5.2-192.192.5.200
  29. /ip dhcp-server
  30. add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=1d name=\
  31. ailant
  32. add address-pool=dhcp_pool3 disabled=no interface=ether5 name=osa
  33. /port
  34. set 0 name=serial0
  35. set 1 name=serial1
  36. /ppp profile
  37. set 1 only-one=no
  38. /system logging action
  39. set 0 memory-lines=100
  40. set 1 disk-lines-per-file=100
  41. set 3 remote=0.0.0.0
  42. /tool user-manager customer
  43. add backup-allowed=yes disabled=no login=admin password="" \
  44. paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
  45. permissions=owner signup-allowed=no time-zone=-00:00
  46. /interface bridge port
  47. add bridge=bridge1 interface=ether1
  48. add bridge=bridge1 disabled=yes interface=ether5
  49. /interface l2tp-server server
  50. set default-profile=default enabled=yes max-mru=1460 max-mtu=1460
  51. /interface ovpn-server server
  52. set netmask=29
  53. /interface pptp-server server
  54. set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
  55. yes max-mru=1460 max-mtu=1460
  56. /ip address
  57. add address=192.168.0.253/24 comment="default configuration" interface=ether1 \
  58. network=192.168.0.0
  59. add address=172.30.5.18/30 interface=ether12 network=172.30.5.16
  60. add address=213.234.27.36/32 interface=ether12 network=213.234.27.36
  61. add address=88.87.90.201/32 interface=pppoe-out1 network=88.87.90.201
  62. add address=172.30.9.254/30 interface=ether8 network=172.30.9.252
  63. add address=192.168.5.253/24 interface=ether5 network=192.168.5.0
  64. /ip dhcp-server lease
  65. add address=192.168.0.130 client-id=1:6:e:9b:d0:c4:78 mac-address=\
  66. 06:0E:9B:D0:C4:78 server=ailant
  67. add address=192.168.0.133 always-broadcast=yes mac-address=00:02:B3:0A:A4:45 \
  68. server=ailant
  69. add address=192.168.0.205 client-id=1:78:2b:cb:59:3a:1a mac-address=\
  70. 78:2B:CB:59:3A:1A server=ailant
  71. add address=192.168.0.170 client-id=1:f8:d1:11:1c:af:4e comment=eduard \
  72. mac-address=F8:D1:11:1C:AF:4E server=ailant
  73. add address=192.168.0.203 client-id=1:74:f0:6d:6a:b4:17 comment=\
  74. "notebook wifi" disabled=yes mac-address=74:F0:6D:6A:B4:17 server=ailant
  75. add address=192.168.0.202 client-id=1:0:1f:d0:a2:a7:24 comment=my \
  76. mac-address=00:1F:D0:A2:A7:24 server=ailant
  77. add address=192.168.0.115 always-broadcast=yes client-id=1:38:60:77:3e:c9:67 \
  78. comment=irina mac-address=38:60:77:3E:C9:67 server=ailant
  79. add address=192.168.0.138 client-id=1:0:25:22:db:6a:59 comment=senya \
  80. mac-address=00:25:22:DB:6A:59 server=ailant
  81. add address=192.168.0.178 client-id=1:0:21:97:1:c1:ac comment=natasha \
  82. disabled=yes mac-address=00:21:97:01:C1:AC server=ailant
  83. add address=192.168.0.131 client-id=1:70:71:bc:9a:f3:43 mac-address=\
  84. 70:71:BC:9A:F3:43 server=ailant
  85. add address=192.168.0.202 client-id=1:20:cf:30:77:e9:b0 comment=\
  86. "notebook lan" disabled=yes mac-address=20:CF:30:77:E9:B0 server=ailant
  87. add address=192.168.0.203 client-id=1:0:16:eb:c:68:b6 mac-address=\
  88. 00:16:EB:0C:68:B6 server=ailant
  89. add address=192.168.0.135 mac-address=00:E0:4C:94:14:C8 server=ailant
  90. add address=192.168.0.77 client-id=1:20:68:9d:6a:b:9f mac-address=\
  91. 20:68:9D:6A:0B:9F server=ailant
  92. add address=192.168.0.20 client-id=1:24:be:5:eb:d2:e6 mac-address=\
  93. 24:BE:05:EB:D2:E6 server=ailant
  94. add address=192.168.0.212 client-id=1:0:25:90:7c:a7:ef mac-address=\
  95. 00:25:90:7C:A7:EF server=ailant
  96. add address=192.168.0.200 client-id=1:62:f1:6c:85:af:f3 mac-address=\
  97. 62:F1:6C:85:AF:F3 server=ailant
  98. add address=192.168.0.242 client-id=1:32:9f:6d:cc:f9:ec mac-address=\
  99. 32:9F:6D:CC:F9:EC server=ailant
  100. add address=192.168.0.30 client-id=1:0:24:1d:ec:c:d9 comment=\
  101. "\EF\EE\E3\F0\E5\E1\ED\FF\EA" mac-address=00:24:1D:EC:0C:D9 server=ailant
  102. add address=192.168.0.101 client-id=1:0:1c:c0:2a:c8:3e mac-address=\
  103. 00:1C:C0:2A:C8:3E server=ailant
  104. add address=192.168.0.22 always-broadcast=yes client-id=1:fc:15:b4:78:c3:ef \
  105. mac-address=FC:15:B4:78:C3:EF server=ailant
  106. /ip dhcp-server network
  107. add address=192.168.0.0/24 boot-file-name=5.1.54/wtware.pxe dns-server=\
  108. 192.168.0.253,192.168.0.237 domain=ailant.com.ru gateway=192.168.0.253 \
  109. next-server=192.168.0.242 ntp-server=192.168.0.220 wins-server=\
  110. 192.168.0.220
  111. add address=192.168.5.0/24 dns-server=192.168.5.250 gateway=192.168.5.253 \
  112. ntp-server=192.168.5.250 wins-server=192.168.5.250
  113. /ip dns
  114. set allow-remote-requests=yes max-udp-packet-size=512 servers=\
  115. 88.87.64.6,8.8.8.8,88.87.65.3
  116. /ip dns static
  117. add address=192.168.0.2 name=srv-ats.ailant.com.ru
  118. add address=192.168.0.2 name=srv-ats.ailant.org
  119. add address=192.168.0.2 name=srv-ats.ailant.su
  120. add address=192.168.0.217 name=srv-pg.ailant.com.ru
  121. add address=192.168.0.217 name=srv-pg.ailant.org
  122. add address=192.168.0.217 name=srv-pg.ailant.su
  123. add address=192.168.0.220 name=srv-dc.ailant.com.ru
  124. add address=192.168.0.220 name=srv-dc.ailant.org
  125. add address=192.168.0.220 name=srv-dc
  126. add address=192.168.0.220 name=srv-dc.ailant.su
  127. add address=192.168.0.236 name=srv-mail.ailant.com.ru
  128. add address=192.168.0.236 name=srv-mail.ailant.org
  129. add address=192.168.0.236 name=srv-mail.ailant.su
  130. add address=192.168.0.237 name=srv-bdc.ailant.com.ru
  131. add address=192.168.0.237 name=srv-bdc.ailant.org
  132. add address=192.168.0.237 name=srv-bdc.ailant.su
  133. add address=192.168.0.216 name=srv-web.ailant.com.ru
  134. add address=192.168.0.216 name=srv-web.ailant.org
  135. add address=192.168.0.216 name=srv-web.ailant.su
  136. add address=192.168.0.29 name=store00.ailant.com.ru
  137. add address=192.168.0.29 name=store00.ailant.org
  138. add address=192.168.0.29 name=store00.ailant.su
  139. add address=192.168.0.253 name=proxy.ailant.com.ru
  140. add address=192.168.0.253 name=proxy.ailant.org
  141. add address=192.168.0.253 name=proxy.ailant.su
  142. add address=192.168.0.240 name=ipmi00.ailant.com.ru
  143. add address=192.168.0.240 name=ipmi00.ailant.org
  144. add address=192.168.0.240 name=ipmi00.ailant.su
  145. add address=192.168.0.213 name=ipmi01.ailant.com.ru
  146. add address=192.168.0.213 name=ipmi01.ailant.org
  147. add address=192.168.0.213 name=ipmi01.ailant.su
  148. add address=192.168.0.214 name=kvm00.ailant.com.ru
  149. add address=192.168.0.214 name=kvm00.ailant.org
  150. add address=192.168.0.214 name=kvm00.ailant.su
  151. add address=192.168.0.215 name=srv-1c.ailant.com.ru
  152. add address=192.168.0.215 name=srv-1c.ailant.org
  153. add address=192.168.0.215 name=srv-1c.ailant.su
  154. add address=192.168.0.215 name=1c.ailant.com.ru
  155. add address=192.168.0.215 name=1c.ailant.org
  156. add address=192.168.0.215 name=1c.ailant.su
  157. add address=192.168.0.216 name=web.ailant.com.ru
  158. add address=192.168.0.216 name=web.ailant.org
  159. add address=192.168.0.216 name=web.ailant.su
  160. add address=192.168.0.215 name=1cweb.ailant.com.ru
  161. add address=192.168.0.215 name=1cweb.ailant.org
  162. add address=192.168.0.215 name=1cweb.ailant.su
  163. add address=192.168.0.215 name=1c82.ailant.com.ru
  164. add address=192.168.0.215 name=1c82.ailant.org
  165. add address=192.168.0.215 name=1c82.ailant.su
  166. add address=192.168.0.215 name=1c81.ailant.com.ru
  167. add address=192.168.0.215 name=1c81.ailant.org
  168. add address=192.168.0.215 name=1c81.ailant.su
  169. add address=192.168.0.217 name=pgsql.ailant.com.ru
  170. add address=192.168.0.217 name=pgsql.ailant.org
  171. add address=192.168.0.217 name=pgsql.ailant.su
  172. add address=192.168.0.2 name=ats.ailant.com.ru
  173. add address=192.168.0.2 name=ats.ailant.org
  174. add address=192.168.0.2 name=ats.ailant.su
  175. add address=192.168.0.218 name=srv-class.ailant.com.ru
  176. add address=192.168.0.218 name=srv-class.ailant.org
  177. add address=192.168.0.218 name=srv-class.ailant.su
  178. add address=192.168.0.218 name=kav-update.ailant.com.ru
  179. add address=192.168.0.218 name=kav-update.ailant.org
  180. add address=192.168.0.218 name=kav-update.ailant.su
  181. add address=192.168.0.236 name=smtp.ailant.com.ru
  182. add address=192.168.0.236 name=smtp.ailant.org
  183. add address=192.168.0.236 name=smtp.ailant.su
  184. add address=192.168.0.236 name=pop3.ailant.com.ru
  185. add address=192.168.0.236 name=pop3.ailant.org
  186. add address=192.168.0.236 name=pop3.ailant.su
  187. add address=192.168.0.236 name=imap.ailant.com.ru
  188. add address=192.168.0.236 name=imap.ailant.org
  189. add address=192.168.0.236 name=mail.ailant.org
  190. add address=192.168.0.236 name=mail.ailant.com.ru
  191. add address=192.168.0.236 name=mail.ailant.su
  192. add address=192.168.0.236 name=imap.ailant.su
  193. add address=192.168.0.220 name=ldap01.ailant.com.ru
  194. add address=192.168.0.220 name=ldap01.ailant.org
  195. add address=192.168.0.220 name=ldap01.ailant.su
  196. add address=192.168.0.220 name=ldap02.ailant.com.ru
  197. add address=192.168.0.220 name=ldap02.ailant.org
  198. add address=192.168.0.220 name=ldap02.ailant.su
  199. add address=92.53.112.23 name=nalog.ailant.com.ru
  200. add address=92.53.112.23 name=nalog.ailant.org
  201. add address=92.53.112.23 name=nalog.ailant.su
  202. add address=192.168.0.15 name=prn-fran00
  203. add address=192.168.0.15 name=prn-fran00.ailant.com.ru
  204. add address=192.168.0.16 name=prn-trade01
  205. add address=192.168.0.16 name=prn-trade01.ailant.com.ru
  206. add address=192.168.0.17 name=prn-trade00
  207. add address=192.168.0.17 name=prn-trade00.ailant.com.ru
  208. add address=192.168.0.18 name=prn-store00
  209. add address=192.168.0.18 name=prn-store00.ailant.com.ru
  210. add address=192.168.0.19 name=prn-account00
  211. add address=192.168.0.20 name=prn-as00
  212. add address=192.168.0.135 name=adm00
  213. add address=192.168.0.230 name=1cosa
  214. add address=192.168.0.244 name=arsen
  215. add address=192.168.0.238 name=testweb1
  216. add address=192.168.0.239 name=testweb2
  217. add address=192.168.0.239 name=testweb2.ailant.org
  218. add address=192.168.0.238 name=testweb1.ailant.com.ru
  219. add address=192.168.0.238 name=testweb1.ailant.org
  220. add address=192.168.0.244 name=domosed
  221. add address=192.168.0.244 name=arsen.ailant.org
  222. add address=192.168.0.244 name=domosed.ailant.org
  223. add address=192.168.0.244 name=arsen.ailant.com.ru
  224. add address=192.168.0.244 name=domosed.ailant.com.ru
  225. add address=192.168.0.135 name=adm00.ailant.su
  226. add address=192.168.0.135 name=adm00.ailant.org
  227. add address=192.168.0.135 name=adm00.ailant.com.ru
  228. add address=192.168.0.20 name=prn-as00.ailant.com.ru
  229. add address=192.168.0.216 name=portal.ailant.com.ru
  230. add address=192.168.0.216 name=portal.ailant.org
  231. add address=192.168.0.216 name=portal.ailant.su
  232. add address=192.168.0.216 name=test.ailant.com.ru
  233. add address=192.168.0.216 name=test.ailant.org
  234. add address=192.168.0.216 name=test.ailant.su
  235. add address=95.85.7.210 name=www.ailant.com.ru
  236. add address=95.85.7.210 name=www.ailant.org
  237. add address=95.85.7.210 name=www.ailant.su
  238. add address=192.168.0.219 disabled=yes name=newmail
  239. add address=192.168.0.239 name=testweb2.ailant.com.ru
  240. add address=192.168.0.219 disabled=yes name=newmail.ailant.org
  241. add address=192.168.0.219 disabled=yes name=newmail.ailant.com.ru
  242. add address=192.168.0.241 name=srv-xen01.ailant.com.ru
  243. add address=192.168.0.241 name=srv-xen01.ailant.su
  244. add address=192.168.0.241 name=srv-xen01.ailant.org
  245. add address=192.168.0.241 name=srv-xen01
  246. /ip firewall address-list
  247. add address=192.168.0.203 list=sip
  248. add address=87.106.167.103 list=spam
  249. add address=217.199.163.68 list=spam
  250. add address=196.22.98.42 list=spam
  251. add address=162.243.37.139 list=spam
  252. /ip firewall connection tracking
  253. set tcp-established-timeout=1h
  254. /ip firewall filter
  255. add chain=forward src-address=192.168.5.250
  256. add chain=output src-address=192.168.5.250
  257. add chain=input src-address=192.168.5.250
  258. add chain=forward src-address=192.168.5.250
  259. add action=drop chain=forward disabled=yes layer7-protocol=test
  260. add chain=forward protocol=gre
  261. add chain=forward dst-port=30000-65535 protocol=udp
  262. add chain=input connection-state=related
  263. add action=drop chain=forward disabled=yes dst-address=192.168.0.0/24 \
  264. src-address=192.168.0.170
  265. add chain=forward dst-address=192.168.0.0/23 src-address=192.168.3.0/24
  266. add action=add-src-to-address-list address-list=sip chain=forward dst-port=\
  267. 5060 protocol=udp
  268. add action=drop chain=input comment="Drop invalid connection packets" \
  269. connection-state=invalid
  270. add chain=forward comment="Allow related connections" connection-state=\
  271. related
  272. add chain=input comment="Allow established connections" connection-state=\
  273. established
  274. add chain=input comment="Allow related connections" connection-state=related
  275. add chain=input comment="Allow UDP" protocol=udp
  276. add chain=input comment="Allow ICMP Ping" protocol=icmp
  277. add action=drop chain=forward comment="Drop invalid connection packets" \
  278. connection-state=invalid disabled=yes
  279. add chain=forward comment="Allow established connections" connection-state=\
  280. established
  281. add chain=forward comment="Allow UDP" protocol=udp
  282. add chain=forward comment="Allow ICMP Ping" protocol=icmp
  283. add chain=forward protocol=gre
  284. add chain=input protocol=gre
  285. add chain=output protocol=gre
  286. add chain=forward dst-port=1723 protocol=tcp
  287. add chain=output dst-port=1723 protocol=tcp
  288. add chain=input dst-port=1723 protocol=tcp
  289. add chain=forward dst-port=1723 protocol=udp
  290. add chain=forward dst-address=192.168.0.236 dst-port=\
  291. 20-21,25,110,143,225,993,465,80,1143,1993,1495 in-interface=pppoe-out1 \
  292. protocol=tcp
  293. add chain=forward comment="for new mail-server" dst-address=192.168.0.236 \
  294. in-interface=pppoe-out1 protocol=tcp src-port=25
  295. add chain=forward comment=#3 dst-address=192.168.0.236 dst-port=\
  296. 25,110,143,225,993,465,80,1143,1993,1465 in-interface=ether12 protocol=\
  297. tcp
  298. add action=add-src-to-address-list address-list=spammer address-list-timeout=\
  299. 2d chain=forward comment="\C1\EB\F3\EA\E8\F0\F3\E5\EC 25 \EF\EE\F0\F2 \EA\
  300. \F0\EE\EC\E5 \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0" dst-port=\
  301. 25 in-interface=ether1 protocol=tcp src-address=!192.168.0.236 \
  302. src-address-list=!spammer
  303. add action=drop chain=forward comment="\C1\EB\EE\EA\E8\F0\F3\E5\EC 25 \EF\EE\
  304. \F0\F2 \EA\F0\EE\EC\E5 \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0" \
  305. disabled=yes dst-port=25 in-interface=ether1 protocol=tcp src-address=\
  306. !192.168.0.236 src-address-list=""
  307. add action=drop chain=input comment=\
  308. "\C7\E0\EA\F0\FB\E2\E0\E5\EC \EB\E8\F8\ED\E5\E5" dst-port=2000 \
  309. in-interface=!ether1 protocol=tcp
  310. add action=drop chain=input comment=\
  311. "\C7\E0\EA\F0\FB\E2\E0\E5\EC \EB\E8\F8\ED\E5\E5" disabled=yes dst-port=\
  312. 8080 in-interface=!ether1 protocol=tcp
  313. add action=drop chain=input dst-port=221-223 in-interface=!ether1 protocol=\
  314. tcp
  315. add action=drop chain=input dst-port=83 in-interface=!ether1 protocol=tcp
  316. add action=drop chain=input dst-port=2000 in-interface=!ether1 protocol=udp
  317. add action=drop chain=input dst-port=221-223 in-interface=!ether1 protocol=\
  318. udp
  319. add action=drop chain=input dst-port=83 in-interface=!ether1 protocol=udp
  320. /ip firewall mangle
  321. add chain=output comment=accept-proxy disabled=yes dscp=4
  322. add action=mark-routing chain=prerouting dst-port=3389 new-routing-mark=\
  323. to_rezerv protocol=tcp src-address=192.168.0.242
  324. add action=mark-routing chain=prerouting new-routing-mark=to_private \
  325. src-address=192.168.0.218
  326. add action=mark-routing chain=prerouting new-routing-mark=to_private \
  327. src-address=192.168.0.82
  328. add action=mark-routing chain=prerouting new-routing-mark=to_private \
  329. src-address=192.168.0.74
  330. add action=mark-routing chain=prerouting new-routing-mark=to_private \
  331. src-address=192.168.0.138
  332. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
  333. to_private src-address=192.168.3.0/24
  334. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
  335. to_private src-address=192.168.5.0/24
  336. add action=mark-routing chain=prerouting disabled=yes dst-port=\
  337. 80,25,465,143,993 new-routing-mark=to_corporate protocol=tcp src-address=\
  338. 192.168.0.253
  339. add action=mark-routing chain=prerouting comment="for- new mail-server" \
  340. disabled=yes dst-port=25,465,143,993 new-routing-mark=to_corporate \
  341. protocol=tcp src-address=192.168.0.236
  342. add action=mark-routing chain=prerouting disabled=yes dst-port=80,5000 \
  343. new-routing-mark=to_rezerv protocol=tcp src-address=192.168.0.0/24
  344. add action=mark-routing chain=prerouting disabled=yes dst-port=\
  345. 80,5000,1755,8081 new-routing-mark=to_private protocol=tcp src-address=\
  346. 192.168.0.0/24
  347. add action=mark-routing chain=prerouting disabled=yes dst-port=500,10000,4500 \
  348. new-routing-mark=to_rezerv protocol=udp src-address=192.168.0.0/24
  349. add action=mark-routing chain=prerouting comment=ICQ disabled=yes dst-port=\
  350. 443,5190 new-routing-mark=to_rezerv protocol=tcp src-address=\
  351. 192.168.0.0/24
  352. add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
  353. to_corporate src-address=192.168.0.5-192.168.0.199
  354. add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
  355. to_corporate src-address=192.168.3.250
  356. add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
  357. to_corporate src-address=192.168.0.210-192.168.0.220
  358. add action=mark-routing chain=prerouting comment=ICQ disabled=yes \
  359. new-routing-mark=to_corporate src-address=192.168.0.230-192.168.0.251
  360. add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=\
  361. to_rezerv src-address=192.168.0.1-192.168.0.199
  362. add action=mark-routing chain=prerouting comment=ICQ new-routing-mark=osa \
  363. src-address=192.168.5.1-192.168.5.254
  364. add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn \
  365. tcp-mss=1453-65535
  366. add action=mark-routing chain=prerouting disabled=yes dst-port=3389 \
  367. new-routing-mark=to_corporate protocol=tcp src-address=192.168.0.200
  368. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  369. src-address=192.168.0.203
  370. add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
  371. src-address=192.168.0.202
  372. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  373. src-address=192.168.0.202
  374. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=osa \
  375. src-address=192.168.0.202
  376. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  377. src-address=192.168.0.78
  378. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  379. src-address=192.168.0.131
  380. add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
  381. src-address=192.168.0.150
  382. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  383. src-address=192.168.0.77
  384. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  385. src-address=192.168.0.131
  386. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  387. src-address=192.168.0.88
  388. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  389. src-address=192.168.0.39
  390. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  391. src-address=192.168.0.145
  392. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  393. src-address=192.168.0.83
  394. add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
  395. src-address=192.168.0.2
  396. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  397. src-address=192.168.0.2
  398. add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
  399. src-address=192.168.0.236
  400. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  401. src-address=192.168.0.236
  402. add action=mark-routing chain=prerouting new-routing-mark=to_rezerv \
  403. src-address=192.168.0.216
  404. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  405. src-address=192.168.0.216
  406. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
  407. to_corporate src-address=192.168.0.32
  408. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  409. src-address=192.168.0.68
  410. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
  411. to_corporate src-address=192.168.0.242
  412. add action=mark-routing chain=prerouting new-routing-mark=to_corporate \
  413. src-address=192.168.0.138
  414. add action=mark-routing chain=prerouting disabled=yes dst-port=3389 \
  415. new-routing-mark=clients protocol=tcp src-address=192.168.0.51
  416. add action=mark-routing chain=prerouting connection-mark=ertelecom disabled=\
  417. yes new-routing-mark=to_corporate
  418. add action=mark-routing chain=prerouting connection-mark=svyaz disabled=yes \
  419. new-routing-mark=to_rezerv
  420. add action=mark-connection chain=forward in-interface=ether12 \
  421. new-connection-mark=svyazinform
  422. add action=mark-connection chain=forward in-interface=pppoe-out1 \
  423. new-connection-mark=ertelecom
  424. /ip firewall nat
  425. add action=masquerade chain=srcnat disabled=yes src-address=192.168.3.0/24
  426. add action=masquerade chain=srcnat src-address=192.168.5.0/24
  427. add action=dst-nat chain=dstnat disabled=yes protocol=gre to-addresses=\
  428. 192.168.0.200
  429. add action=masquerade chain=srcnat comment=NAT src-address=192.168.5.0/24
  430. add action=masquerade chain=srcnat comment=NAT src-address=192.168.0.0/24
  431. add action=masquerade chain=srcnat comment=NAT src-address=192.168.199.0/24
  432. add action=dst-nat chain=dstnat comment=MAIL dst-port=4190 in-interface=\
  433. pppoe-out1 protocol=tcp to-addresses=192.168.0.236 to-ports=4190
  434. add action=dst-nat chain=dstnat dst-port=4190 in-interface=ether12 protocol=\
  435. tcp to-addresses=192.168.0.236 to-ports=4190
  436. add action=dst-nat chain=dstnat dst-port=25 in-interface=ether12 protocol=tcp \
  437. to-addresses=192.168.0.236
  438. add action=dst-nat chain=dstnat dst-port=25 in-interface=pppoe-out1 protocol=\
  439. tcp to-addresses=192.168.0.236
  440. add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=\
  441. tcp to-addresses=192.168.0.216
  442. add action=dst-nat chain=dstnat disabled=yes dst-port=21 in-interface=\
  443. pppoe-out1 protocol=tcp to-addresses=192.168.0.238
  444. add action=dst-nat chain=dstnat dst-port=88 in-interface=pppoe-out1 protocol=\
  445. tcp to-addresses=192.168.0.238 to-ports=88
  446. add action=dst-nat chain=dstnat dst-port=80 in-interface=ether12 protocol=tcp \
  447. to-addresses=192.168.0.216
  448. add action=dst-nat chain=dstnat dst-port=143 in-interface=ether12 protocol=\
  449. tcp to-addresses=192.168.0.236 to-ports=143
  450. add action=dst-nat chain=dstnat dst-port=995 in-interface=ether12 protocol=\
  451. tcp to-addresses=192.168.0.236 to-ports=995
  452. add action=dst-nat chain=dstnat dst-port=110 in-interface=ether12 protocol=\
  453. tcp to-addresses=192.168.0.236 to-ports=110
  454. add action=dst-nat chain=dstnat dst-port=143 in-interface=pppoe-out1 \
  455. protocol=tcp to-addresses=192.168.0.236 to-ports=143
  456. add action=dst-nat chain=dstnat dst-port=995 in-interface=pppoe-out1 \
  457. protocol=tcp to-addresses=192.168.0.236 to-ports=995
  458. add action=dst-nat chain=dstnat dst-port=110 in-interface=pppoe-out1 \
  459. protocol=tcp to-addresses=192.168.0.236 to-ports=110
  460. add action=dst-nat chain=dstnat dst-port=465 in-interface=ether12 protocol=\
  461. tcp to-addresses=192.168.0.236 to-ports=465
  462. add action=dst-nat chain=dstnat dst-port=465 in-interface=pppoe-out1 \
  463. protocol=tcp to-addresses=192.168.0.236 to-ports=465
  464. add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out1 protocol=\
  465. tcp to-addresses=192.168.0.220 to-ports=22
  466. add action=dst-nat chain=dstnat disabled=yes dst-port=1540 in-interface=\
  467. ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
  468. to-ports=1540
  469. add action=dst-nat chain=dstnat disabled=yes dst-port=1561 in-interface=\
  470. ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
  471. to-ports=1561
  472. add action=dst-nat chain=dstnat disabled=yes dst-port=1560 in-interface=\
  473. ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
  474. to-ports=1560
  475. add action=dst-nat chain=dstnat disabled=yes dst-port=1542 in-interface=\
  476. ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
  477. to-ports=1542
  478. add action=dst-nat chain=dstnat disabled=yes dst-port=1541 in-interface=\
  479. ether12 protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.215 \
  480. to-ports=1541
  481. add action=dst-nat chain=dstnat dst-port=993 in-interface=ether12 protocol=\
  482. tcp to-addresses=192.168.0.236 to-ports=993
  483. add action=dst-nat chain=dstnat dst-port=993 in-interface=pppoe-out1 \
  484. protocol=tcp to-addresses=192.168.0.236 to-ports=993
  485. add action=dst-nat chain=dstnat disabled=yes dst-port=2222 in-interface=\
  486. pppoe-out1 protocol=tcp to-addresses=192.168.0.203 to-ports=22
  487. add action=dst-nat chain=dstnat disabled=yes dst-port=2223 in-interface=\
  488. pppoe-out1 protocol=tcp to-addresses=192.168.0.203 to-ports=80
  489. add action=dst-nat chain=dstnat disabled=yes dst-port=161 in-interface=\
  490. pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=161
  491. add action=dst-nat chain=dstnat disabled=yes dst-port=161 in-interface=\
  492. ether12 protocol=tcp to-addresses=192.168.0.2 to-ports=161
  493. add action=dst-nat chain=dstnat disabled=yes dst-port=162 in-interface=\
  494. pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=162
  495. add action=dst-nat chain=dstnat disabled=yes dst-port=162 in-interface=\
  496. ether12 protocol=tcp to-addresses=192.168.0.2 to-ports=162
  497. add action=dst-nat chain=dstnat disabled=yes dst-port=22222 in-interface=\
  498. pppoe-out1 protocol=tcp to-addresses=192.168.0.2 to-ports=22222
  499. add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" dst-port=5060 \
  500. in-interface=pppoe-out1 protocol=udp src-address=212.220.0.132 \
  501. to-addresses=192.168.0.2 to-ports=5060
  502. add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" dst-port=5060 \
  503. in-interface=pppoe-out1 protocol=udp src-address=195.242.217.26 \
  504. to-addresses=192.168.0.2 to-ports=5060
  505. add action=dst-nat chain=dstnat comment="yellow pages" dst-port=5060 \
  506. in-interface=pppoe-out1 protocol=udp src-address=213.219.249.28 \
  507. to-addresses=192.168.0.2 to-ports=5060
  508. add action=dst-nat chain=dstnat comment="MAIL ENDED AGAT" disabled=yes \
  509. dst-port=1747 in-interface=pppoe-out1 protocol=udp src-address=\
  510. 46.255.96.79 to-addresses=192.168.0.2 to-ports=1747
  511. add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
  512. protocol=tcp src-address=176.58.113.88 to-addresses=192.168.0.203 \
  513. to-ports=10050
  514. add action=dst-nat chain=dstnat dst-port=5060 in-interface=pppoe-out1 \
  515. protocol=udp src-address=91.221.49.238 to-addresses=192.168.0.2 to-ports=\
  516. 5060
  517. add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
  518. protocol=tcp src-address=89.249.227.74 to-addresses=192.168.0.203 \
  519. to-ports=10050
  520. add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
  521. protocol=tcp src-address=212.119.203.2 to-addresses=192.168.0.203 \
  522. to-ports=10050
  523. add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
  524. protocol=tcp src-address=212.119.203.2 to-addresses=192.168.0.203 \
  525. to-ports=10051
  526. add action=dst-nat chain=dstnat disabled=yes dst-port=10000-20000 \
  527. in-interface=pppoe-out1 protocol=udp src-address=89.249.227.74 \
  528. to-addresses=192.168.0.2 to-ports=10000-20000
  529. add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
  530. protocol=tcp src-address=95.85.7.210 to-addresses=192.168.0.203 to-ports=\
  531. 10050
  532. add action=dst-nat chain=dstnat dst-port=10050 in-interface=pppoe-out1 \
  533. protocol=tcp src-address=88.87.95.191 to-addresses=192.168.0.203 \
  534. to-ports=10050
  535. add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
  536. protocol=tcp src-address=176.58.113.88 to-addresses=192.168.0.203 \
  537. to-ports=10051
  538. add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
  539. protocol=tcp src-address=162.242.147.13 to-addresses=192.168.0.203 \
  540. to-ports=10051
  541. add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
  542. protocol=tcp src-address=88.87.95.191 to-addresses=192.168.0.203 \
  543. to-ports=10051
  544. add action=dst-nat chain=dstnat dst-port=10051 in-interface=pppoe-out1 \
  545. protocol=tcp src-address=95.85.7.210 to-addresses=192.168.0.203 to-ports=\
  546. 10051
  547. add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether12 protocol=\
  548. udp src-address=212.220.0.132 to-addresses=192.168.0.2 to-ports=5060
  549. add action=dst-nat chain=dstnat dst-port=5060 in-interface=pppoe-out1 \
  550. protocol=udp src-address=91.202.77.27 to-addresses=192.168.0.2 to-ports=\
  551. 5060
  552. add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether12 protocol=\
  553. udp src-address=91.202.77.27 to-addresses=192.168.0.2 to-ports=5060
  554. add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface=\
  555. ether12 protocol=udp to-addresses=192.168.0.2 to-ports=5060
  556. add action=dst-nat chain=dstnat dst-port=9000-9300 in-interface=pppoe-out1 \
  557. protocol=udp to-addresses=192.168.0.2 to-ports=9000-9300
  558. add action=dst-nat chain=dstnat dst-port=9000-9300 in-interface=ether12 \
  559. protocol=udp to-addresses=192.168.0.2 to-ports=9000-9300
  560. add action=dst-nat chain=dstnat comment="AGAT ENDED" disabled=yes \
  561. dst-address=88.87.90.201 dst-port=81 protocol=tcp to-addresses=\
  562. 192.168.0.236 to-ports=80
  563. add action=dst-nat chain=dstnat comment="\F0\E4\EF \EC\EE\E9" dst-address=\
  564. 88.87.90.201 dst-port=12345 protocol=tcp to-addresses=192.168.0.202 \
  565. to-ports=3389
  566. add action=dst-nat chain=dstnat comment="\F0\E4\EF \EC\EE\E9" dst-address=\
  567. 88.87.90.201 dst-port=54321 protocol=tcp to-addresses=192.168.0.254 \
  568. to-ports=3389
  569. add action=dst-nat chain=dstnat comment=clients dst-address=88.87.90.201 \
  570. dst-port=3389 protocol=tcp to-addresses=192.168.0.200 to-ports=3389
  571. add action=dst-nat chain=dstnat comment=srv-class01 dst-port=33389 \
  572. in-interface=!ether1 protocol=tcp to-addresses=192.168.0.242 to-ports=\
  573. 3389
  574. add action=dst-nat chain=dstnat comment="\F3\E2\E0\F0\EE\E2\E0" dst-port=5001 \
  575. in-interface=!ether1 protocol=tcp to-addresses=192.168.0.32 to-ports=3389
  576. add action=dst-nat chain=dstnat comment="\EF\EE\E3\F0\E5\E1\ED\FF\EA" \
  577. dst-port=5002 in-interface=!ether1 protocol=tcp to-addresses=192.168.0.30 \
  578. to-ports=3389
  579. add action=dst-nat chain=dstnat comment="\EC\EE\F0\EE\E7\EE\E2\E0" dst-port=\
  580. 1234 in-interface=!ether1 protocol=tcp to-addresses=192.168.0.115 \
  581. to-ports=3389
  582. add action=dst-nat chain=dstnat comment=ASolodkov dst-port=5500 in-interface=\
  583. !ether1 protocol=tcp to-addresses=192.168.0.109 to-ports=3389
  584. /ip firewall service-port
  585. set sip ports=5060,5061,15060
  586. /ip proxy
  587. set enabled=yes max-cache-size=none parent-proxy=0.0.0.0
  588. /ip route
  589. add check-gateway=ping comment=GW_3 distance=1 gateway=172.30.5.17 \
  590. routing-mark=to_rezerv target-scope=30
  591. add check-gateway=ping comment=GW_3 distance=1 gateway=172.30.9.253 \
  592. routing-mark=osa target-scope=30
  593. add disabled=yes distance=1 dst-address=192.168.0.4/32 gateway=192.168.0.11 \
  594. routing-mark=clients
  595. add comment=GW_2 distance=1 gateway=pppoe-out1 target-scope=30
  596. add disabled=yes distance=1 dst-address=192.168.5.0/24 gateway=192.168.0.253 \
  597. scope=10
  598. /ip service
  599. set telnet address=192.168.0.0/23 port=223
  600. set ftp address=192.168.0.0/23 port=221
  601. set www address=192.168.0.0/23 port=83
  602. set ssh address=192.168.0.0/23 port=222
  603. set www-ssl address=192.168.0.0/23 disabled=no
  604. set api address=192.168.0.0/23
  605. set winbox address=192.168.0.0/23
  606. /ip smb
  607. set enabled=yes interfaces=ether1
  608. /ip smb shares
  609. add directory=/ name=share1
  610. add directory=/micro-sd1 name=share2
  611. /ppp profile
  612. set 0 bridge="(unknown)" change-tcp-mss=no only-one=no
  613. /ppp secret
  614. /queue interface
  615. set ether12 queue=ethernet-default
  616. set ether13 queue=ethernet-default
  617. set ether11 queue=ethernet-default
  618. set ether6 queue=ethernet-default
  619. set ether7 queue=ethernet-default
  620. set ether8 queue=ethernet-default
  621. set ether9 queue=ethernet-default
  622. set ether10 queue=ethernet-default
  623. set ether1 queue=ethernet-default
  624. set ether2 queue=ethernet-default
  625. set ether3 queue=ethernet-default
  626. set ether4 queue=ethernet-default
  627. set ether5 queue=ethernet-default
  628. /system clock manual
  629. set time-zone=+04:00
  630. /system health
  631. set use-fan=auxiliary
  632. /system ntp client
  633. set enabled=yes primary-ntp=62.149.0.30
  634. /system script
  635. add name=sendmailspamer policy=\
  636. ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
  637. source="local item;\r\
  638. \nlocal spam;\r\
  639. \n:foreach i in=[/ip firewall address-list find list=spammer ] do={\r\
  640. \n:set item ([/ip firewall address-list get \\\$i address]);\r\
  641. \n:set text (\\\$text . \\\$item); \
  642. \_ \r\
  643. \n:set text (\\\$text . \\\"\\\\n\\\"); \r\
  644. \n:set spam 1; \
  645. \_ \r\
  646. \n}; \
  647. \_ \r\
  648. \n:if (\\\$spam = 1) do {\\r\\ \
  649. \_ \r\
  650. \n\\n/tool e-mail send body=\\\"\\\$text\\\" to=\\\"admin@ailant.org\\\" s\
  651. ubject=\\\"ALERT Mikrotik spammer or virus list\\\"; \\n}\""
  652. /tool graphing interface
  653. add
  654. /tool sniffer
  655. set filter-interface=bridge1 filter-ip-address=83.220.163.62/32 \
  656. filter-stream=yes streaming-enabled=yes
  657. [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!