Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # dec/05/2016 09:35:31 by RouterOS 6.37.3
- # software id = ****-****
- #
- /caps-man channel
- add band=2ghz-g/n frequency=2472 name=channel13 tx-power=10 width=20
- add band=2ghz-g/n frequency=2412 name=channel1 tx-power=20 width=20
- add band=2ghz-g/n frequency=2417 name=channel2 tx-power=20 width=20
- add band=2ghz-g/n frequency=2422 name=channel3 tx-power=20 width=20
- add band=2ghz-g/n frequency=2427 name=channel4 tx-power=20 width=20
- add band=2ghz-g/n frequency=2432 name=channel5 tx-power=20 width=20
- add band=2ghz-g/n frequency=2437 name=channel6 tx-power=20 width=20
- add band=2ghz-g/n frequency=2442 name=channel7 tx-power=20 width=20
- add band=2ghz-g/n frequency=2447 name=channel8 tx-power=20 width=20
- add band=2ghz-g/n frequency=2452 name=channel9 tx-power=20 width=20
- add band=2ghz-g/n frequency=2457 name=channel10 tx-power=20 width=20
- add band=2ghz-g/n frequency=2462 name=channel11 tx-power=20 width=20
- add band=2ghz-g/n frequency=2467 name=channel12 tx-power=20 width=20
- add band=2ghz-g/n frequency=2472 name=channel13hi tx-power=20 width=20
- /interface bridge
- add name=br_lan
- /interface ethernet
- set [ find default-name=ether5 ] name=WAN
- set [ find default-name=ether2 ] name=eth2-lan1
- set [ find default-name=ether3 ] master-port=eth2-lan1 name=eth3-lan2
- set [ find default-name=ether4 ] master-port=eth2-lan1 name=eth4-lan3
- /caps-man datapath
- add bridge=br_lan client-to-client-forwarding=yes local-forwarding=yes name=datapath1
- /interface ethernet
- set [ find default-name=ether1 ] master-port=eth2-lan1 name=eth1-poe
- /caps-man security
- add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security1 passphrase=WiFiPass
- /caps-man configuration
- add channel=channel13 country=russia datapath=datapath1 mode=ap name=cfg1 security=security1 ssid=WiFiName
- add channel=channel13hi country=russia datapath=datapath1 mode=ap name=cfg2 security=security1 ssid=WiFiName
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=wpa2 supplicant-identity="" wpa-pre-shared-key=WiFiPass wpa2-pre-shared-key=WiFiPass
- /interface wireless
- # managed by CAPsMAN
- set [ find default-name=wlan1 ] band=2ghz-g/n country=russia frequency=2472 mode=ap-bridge security-profile=wpa2 ssid=WiFiName3 wireless-protocol=802.11
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
- add auth-algorithms=md5 enc-algorithms=3des name=proposal-sky
- add auth-algorithms=md5 enc-algorithms=3des name=proposal-earth pfs-group=none
- /ip pool
- add name=dhcp_42 ranges=192.168.42.100-192.168.42.200
- /ip dhcp-server
- add address-pool=dhcp_42 disabled=no interface=br_lan lease-time=8h name=dhcp_srv
- /caps-man access-list
- add comment="SONY VGN" disabled=no mac-address=00:00:00:00:14:97 ssid-regexp=""
- add comment="BOOST II SE" disabled=no mac-address=00:00:00:00:51:B7 signal-range=-120..-70 ssid-regexp=""
- add action=reject disabled=no signal-range=-120..-70 ssid-regexp=""
- /caps-man manager
- set enabled=yes upgrade-policy=require-same-version
- /caps-man provisioning
- add action=create-dynamic-enabled comment=mAP disabled=yes master-configuration=cfg1 name-format=prefix-identity name-prefix=CAP
- add action=create-dynamic-enabled comment=RB951G-2HnD master-configuration=cfg1 name-format=prefix-identity name-prefix=CAP radio-mac=00:00:00:00:24:09
- add action=create-dynamic-enabled comment=mAP master-configuration=cfg2 name-format=prefix-identity name-prefix=CAP radio-mac=00:00:00:00:15:B8
- /interface bridge port
- add bridge=br_lan interface=wlan1
- add bridge=br_lan interface=eth2-lan1
- /interface wireless access-list
- add comment="SONY VGN" interface=wlan1 mac-address=00:00:00:00:14:97 vlan-mode=no-tag
- add comment="BOOST II SE" interface=wlan1 mac-address=00:00:00:00:51:B7 vlan-mode=no-tag
- add comment=HUAWEI interface=wlan1 mac-address=00:00:00:00:1F:5A vlan-mode= no-tag
- add comment="Android TV Box1" interface=wlan1 mac-address=00:00:00:00:67:EA vlan-mode=no-tag
- /interface wireless cap
- #
- set bridge=br_lan caps-man-addresses=192.168.42.1 enabled=yes interfaces=wlan1
- /ip address
- add address=192.168.42.1 interface=br_lan network=255.255.255.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add default-route-distance=50 dhcp-options=hostname,clientid disabled=no interface=WAN
- /ip dhcp-server lease
- add address=192.168.42.200 always-broadcast=yes comment=iLO mac-address=00:00:00:00:86:22 server=dhcp_srv
- add address=192.168.42.201 comment=HIVE mac-address=00:00:00:00:C9:00 server=dhcp_srv
- add address=192.168.42.253 comment=pfSense mac-address=00:00:00:00:13:07 server=dhcp_srv
- add address=192.168.42.203 comment=NAS4FREE mac-address=00:00:00:00:86:31 server=dhcp_srv
- add address=192.168.42.249 comment=TRACCAR-01 mac-address=00:00:00:00:86:41 server=dhcp_srv
- add address=192.168.42.254 comment="NETGEAR DGFV338" mac-address=00:00:00:00:CA:92 server=dhcp_srv
- add address=192.168.42.105 client-id=1:00:00:00:00:57:65 comment="internal NIC" mac-address=00:00:00:00:57:65 server=dhcp_srv
- add address=192.168.42.3 always-broadcast=yes client-id=1:00:00:00:00:15:b7 comment="mAP 2nD eth2" mac-address=00:00:00:00:15:B7 server=dhcp_srv
- add address=192.168.42.2 client-id=1:00:00:00:00:15:b8 comment="mAP 2nD eth1" mac-address=00:00:00:00:15:B8 server=dhcp_srv
- /ip dhcp-server network
- add address=192.168.42.0/24 dns-server=192.168.42.1 domain=umbrela gateway=192.168.42.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8
- /ip firewall address-list
- add address=111.1.111.88 comment=TushNet list="Work IPs"
- add address=222.22.22.146 comment=SkyNet list="Work IPs"
- add address=192.168.4.0/24 comment="Sky LAN" list="IPSec LANs"
- add address=192.168.42.0/24 comment="HomeNet LAN" list="IPSec LANs"
- add address=222.22.22.150 comment="SkyNet(ASUS)" list="Work IPs"
- /ip firewall filter
- add action=accept chain=input disabled=yes dst-address=192.168.42.1 src-address=192.168.42.1
- add action=accept chain=input in-interface=WAN protocol=icmp
- add action=accept chain=input comment="From LAN" in-interface=br_lan
- add action=accept chain=output comment="To LAN" out-interface=br_lan
- add action=accept chain=input in-interface=WAN protocol=icmp
- add action=accept chain=input comment="Allow IKE" dst-port=500 protocol=udp src-address-list="Work IPs"
- add action=accept chain=input comment="Allow IPSec-esp" protocol=ipsec-esp src-address-list="Work IPs"
- add action=accept chain=input comment="Allow IPSec-ah" protocol=ipsec-ah src-address-list="Work IPs"
- add action=accept chain=input comment=connection-state=new dst-port=80,8291,22 in-interface=br_lan protocol=tcp src-address=192.168.42.0/24
- add action=accept chain=input comment="allow All TCP from LAN" connection-state=new in-interface=br_lan protocol=tcp src-address=192.168.42.0/24
- add action=accept chain=input comment="allow All UDP from LAN" connection-state=new in-interface=br_lan protocol=udp src-address=192.168.42.0/24
- add action=drop chain=forward comment="NAS4Free WebGUI only for Work" dst-address=192.168.42.203 dst-port=443 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
- add action=drop chain=forward comment=SQL dst-address=192.168.42.201 dst-port=1433 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
- add action=drop chain=forward comment="pfSense OpenVPN only for Work" dst-address=192.168.42.253 dst-port=1194 in-interface=WAN out-interface=br_lan protocol=udp src-address-list="!Work IPs"
- add action=drop chain=forward comment="pfSense OpenVPN only for Work" dst-address=192.168.42.253 dst-port=1194 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
- add action=drop chain=forward comment="NAS4Free WebGUI only for Work" dst-address=192.168.42.203 dst-port=59091 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
- add action=accept chain=input connection-state=established,related
- add action=accept chain=forward disabled=yes dst-address-list="IPSec LANs" src-address-list="IPSec LANs"
- add action=accept chain=forward in-interface=br_lan out-interface=WAN src-address=192.168.42.0/24
- add action=accept chain=forward dst-address=192.168.42.0/24 in-interface=WAN out-interface=br_lan
- add action=accept chain=forward dst-address=192.168.42.0/24 in-interface=br_lan out-interface=br_lan src-address=192.168.42.0/24
- add action=accept chain=output connection-state=!invalid
- add action=drop chain=input
- add action=drop chain=output
- add action=drop chain=forward
- /ip firewall nat
- add action=accept chain=srcnat comment="IPSEC to earth" dst-address=192.168.44.0/24 src-address=192.168.42.0/24
- add action=accept chain=srcnat disabled=yes ipsec-policy=out,ipsec out-interface=WAN
- add action=dst-nat chain=dstnat comment=pfSense dst-port=59444 in-interface=WAN protocol=tcp to-addresses=192.168.42.253 to-ports=443
- add action=dst-nat chain=dstnat comment=SQL dst-port=1433 in-interface=WAN protocol=tcp to-addresses=192.168.42.201 to-ports=1433
- add action=dst-nat chain=dstnat comment="OpenVPN(pfSense)" dst-port=1194 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=1194
- add action=dst-nat chain=dstnat comment="IPSec(pfSense)" disabled=yes dst-port=500 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=500
- add action=dst-nat chain=dstnat comment="IPSec(pfSense)" disabled=yes dst-port=4500 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=4500
- add action=dst-nat chain=dstnat comment="OpenVPN(pfSense)" dst-port=1194 in-interface=WAN protocol=tcp to-addresses=192.168.42.253 to-ports=1194
- add action=dst-nat chain=dstnat comment="NAS4Free Transmission Remote" dst-port=59091 in-interface=WAN protocol=tcp to-addresses=192.168.42.203 to-ports=59091
- add action=dst-nat chain=dstnat comment="Traccar WebGUI" dst-port=12345 protocol=tcp to-addresses=192.168.42.249 to-ports=8082
- add action=dst-nat chain=dstnat comment="Traccar TK103 port" dst-port=5002 protocol=tcp to-addresses=192.168.42.249 to-ports=5002
- add action=dst-nat chain=dstnat comment="Traccar Client port" dst-port=5055 protocol=tcp to-addresses=192.168.42.249 to-ports=5055
- add action=dst-nat chain=dstnat comment="NAS4Free Torrent" dst-port=56666 in-interface=WAN protocol=tcp to-addresses=192.168.42.203 to-ports=56666
- add action=masquerade chain=srcnat comment="Traccar WebGUI(for LAN users)" dst-address=192.168.42.249 dst-port=8082 out-interface=br_lan protocol=tcp src-address=192.168.42.0/24
- add action=netmap chain=dstnat comment="NAS4Free WebGUI" dst-port=59991 protocol=tcp to-addresses=192.168.42.203 to-ports=443
- add action=masquerade chain=srcnat comment="NAS4Free WebGUI(for LAN users)" dst-address=192.168.42.203 dst-port=443 out-interface=br_lan protocol=tcp src-address=192.168.42.0/24
- add action=masquerade chain=srcnat out-interface=WAN routing-table=main
- /ip ipsec peer
- add address=111.1.111.88/32 comment="earth DYNAMIC" enc-algorithm=3des hash-algorithm=md5 lifetime=1w1d local-address=0.0.0.0 nat-traversal=no secret=VeryStrongPassword
- /ip ipsec policy
- add comment="earth DYNAMIC" dst-address=192.168.44.0/24 proposal=proposal-earth sa-dst-address=111.1.111.88 sa-src-address=0.0.0.0 src-address=192.168.42.0/24 tunnel=yes
- /ip route
- add distance=1 dst-address=192.168.4.0/24 gateway=192.168.42.253
- add distance=1 dst-address=192.168.42.0/24 gateway=br_lan
- add distance=1 dst-address=192.168.44.0/24 gateway=br_lan
- /ip service
- set telnet disabled=yes
- /system clock
- set time-zone-name=Europe/Moscow
- /system identity
- set name=RB951G-2HnD
- /system logging
- add topics=ipsec
- /system routerboard settings
- set init-delay=0s
- /tool graphing interface
- add
- add interface=WAN
- add
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement