API tools faq
paste
Advertisement
Guest User

MiConfig

a guest
Dec 5th, 2016
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 11.54 KB | None | 0 0
raw download clone embed print report
  1. # dec/05/2016 09:35:31 by RouterOS 6.37.3
  2. # software id = ****-****
  3. #
  4. /caps-man channel
  5. add band=2ghz-g/n frequency=2472 name=channel13 tx-power=10 width=20
  6. add band=2ghz-g/n frequency=2412 name=channel1 tx-power=20 width=20
  7. add band=2ghz-g/n frequency=2417 name=channel2 tx-power=20 width=20
  8. add band=2ghz-g/n frequency=2422 name=channel3 tx-power=20 width=20
  9. add band=2ghz-g/n frequency=2427 name=channel4 tx-power=20 width=20
  10. add band=2ghz-g/n frequency=2432 name=channel5 tx-power=20 width=20
  11. add band=2ghz-g/n frequency=2437 name=channel6 tx-power=20 width=20
  12. add band=2ghz-g/n frequency=2442 name=channel7 tx-power=20 width=20
  13. add band=2ghz-g/n frequency=2447 name=channel8 tx-power=20 width=20
  14. add band=2ghz-g/n frequency=2452 name=channel9 tx-power=20 width=20
  15. add band=2ghz-g/n frequency=2457 name=channel10 tx-power=20 width=20
  16. add band=2ghz-g/n frequency=2462 name=channel11 tx-power=20 width=20
  17. add band=2ghz-g/n frequency=2467 name=channel12 tx-power=20 width=20
  18. add band=2ghz-g/n frequency=2472 name=channel13hi tx-power=20 width=20
  19. /interface bridge
  20. add name=br_lan
  21. /interface ethernet
  22. set [ find default-name=ether5 ] name=WAN
  23. set [ find default-name=ether2 ] name=eth2-lan1
  24. set [ find default-name=ether3 ] master-port=eth2-lan1 name=eth3-lan2
  25. set [ find default-name=ether4 ] master-port=eth2-lan1 name=eth4-lan3
  26. /caps-man datapath
  27. add bridge=br_lan client-to-client-forwarding=yes local-forwarding=yes name=datapath1
  28. /interface ethernet
  29. set [ find default-name=ether1 ] master-port=eth2-lan1 name=eth1-poe
  30. /caps-man security
  31. add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security1 passphrase=WiFiPass
  32. /caps-man configuration
  33. add channel=channel13 country=russia datapath=datapath1 mode=ap name=cfg1 security=security1 ssid=WiFiName
  34. add channel=channel13hi country=russia datapath=datapath1 mode=ap name=cfg2 security=security1 ssid=WiFiName
  35. /interface wireless security-profiles
  36. set [ find default=yes ] supplicant-identity=MikroTik
  37. add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=wpa2 supplicant-identity="" wpa-pre-shared-key=WiFiPass wpa2-pre-shared-key=WiFiPass
  38. /interface wireless
  39. # managed by CAPsMAN
  40. set [ find default-name=wlan1 ] band=2ghz-g/n country=russia frequency=2472 mode=ap-bridge security-profile=wpa2 ssid=WiFiName3 wireless-protocol=802.11
  41. /ip ipsec proposal
  42. set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
  43. add auth-algorithms=md5 enc-algorithms=3des name=proposal-sky
  44. add auth-algorithms=md5 enc-algorithms=3des name=proposal-earth pfs-group=none
  45. /ip pool
  46. add name=dhcp_42 ranges=192.168.42.100-192.168.42.200
  47. /ip dhcp-server
  48. add address-pool=dhcp_42 disabled=no interface=br_lan lease-time=8h name=dhcp_srv
  49. /caps-man access-list
  50. add comment="SONY VGN" disabled=no mac-address=00:00:00:00:14:97 ssid-regexp=""
  51. add comment="BOOST II SE" disabled=no mac-address=00:00:00:00:51:B7 signal-range=-120..-70 ssid-regexp=""
  52. add action=reject disabled=no signal-range=-120..-70 ssid-regexp=""
  53. /caps-man manager
  54. set enabled=yes upgrade-policy=require-same-version
  55. /caps-man provisioning
  56. add action=create-dynamic-enabled comment=mAP disabled=yes master-configuration=cfg1 name-format=prefix-identity name-prefix=CAP
  57. add action=create-dynamic-enabled comment=RB951G-2HnD master-configuration=cfg1 name-format=prefix-identity name-prefix=CAP radio-mac=00:00:00:00:24:09
  58. add action=create-dynamic-enabled comment=mAP master-configuration=cfg2 name-format=prefix-identity name-prefix=CAP radio-mac=00:00:00:00:15:B8
  59. /interface bridge port
  60. add bridge=br_lan interface=wlan1
  61. add bridge=br_lan interface=eth2-lan1
  62. /interface wireless access-list
  63. add comment="SONY VGN" interface=wlan1 mac-address=00:00:00:00:14:97 vlan-mode=no-tag
  64. add comment="BOOST II SE" interface=wlan1 mac-address=00:00:00:00:51:B7  vlan-mode=no-tag
  65. add comment=HUAWEI interface=wlan1 mac-address=00:00:00:00:1F:5A vlan-mode= no-tag
  66. add comment="Android TV Box1" interface=wlan1 mac-address=00:00:00:00:67:EA  vlan-mode=no-tag
  67. /interface wireless cap
  68. #
  69. set bridge=br_lan caps-man-addresses=192.168.42.1 enabled=yes interfaces=wlan1
  70. /ip address
  71. add address=192.168.42.1 interface=br_lan network=255.255.255.0
  72. /ip cloud
  73. set ddns-enabled=yes
  74. /ip dhcp-client
  75. add default-route-distance=50 dhcp-options=hostname,clientid disabled=no interface=WAN
  76. /ip dhcp-server lease
  77. add address=192.168.42.200 always-broadcast=yes comment=iLO mac-address=00:00:00:00:86:22 server=dhcp_srv
  78. add address=192.168.42.201 comment=HIVE mac-address=00:00:00:00:C9:00 server=dhcp_srv
  79. add address=192.168.42.253 comment=pfSense mac-address=00:00:00:00:13:07 server=dhcp_srv
  80. add address=192.168.42.203 comment=NAS4FREE mac-address=00:00:00:00:86:31 server=dhcp_srv
  81. add address=192.168.42.249 comment=TRACCAR-01 mac-address=00:00:00:00:86:41 server=dhcp_srv
  82. add address=192.168.42.254 comment="NETGEAR DGFV338" mac-address=00:00:00:00:CA:92 server=dhcp_srv
  83. add address=192.168.42.105 client-id=1:00:00:00:00:57:65 comment="internal NIC" mac-address=00:00:00:00:57:65 server=dhcp_srv
  84. add address=192.168.42.3 always-broadcast=yes client-id=1:00:00:00:00:15:b7 comment="mAP 2nD eth2" mac-address=00:00:00:00:15:B7 server=dhcp_srv
  85. add address=192.168.42.2 client-id=1:00:00:00:00:15:b8 comment="mAP 2nD eth1" mac-address=00:00:00:00:15:B8 server=dhcp_srv
  86. /ip dhcp-server network
  87. add address=192.168.42.0/24 dns-server=192.168.42.1 domain=umbrela gateway=192.168.42.1
  88. /ip dns
  89. set allow-remote-requests=yes servers=8.8.8.8
  90. /ip firewall address-list
  91. add address=111.1.111.88 comment=TushNet list="Work IPs"
  92. add address=222.22.22.146 comment=SkyNet list="Work IPs"
  93. add address=192.168.4.0/24 comment="Sky LAN" list="IPSec LANs"
  94. add address=192.168.42.0/24 comment="HomeNet LAN" list="IPSec LANs"
  95. add address=222.22.22.150 comment="SkyNet(ASUS)" list="Work IPs"
  96. /ip firewall filter
  97. add action=accept chain=input disabled=yes dst-address=192.168.42.1 src-address=192.168.42.1
  98. add action=accept chain=input  in-interface=WAN protocol=icmp
  99. add action=accept chain=input comment="From LAN" in-interface=br_lan
  100. add action=accept chain=output comment="To LAN" out-interface=br_lan
  101. add action=accept chain=input in-interface=WAN protocol=icmp
  102. add action=accept chain=input comment="Allow IKE" dst-port=500 protocol=udp src-address-list="Work IPs"
  103. add action=accept chain=input comment="Allow IPSec-esp" protocol=ipsec-esp src-address-list="Work IPs"
  104. add action=accept chain=input comment="Allow IPSec-ah" protocol=ipsec-ah src-address-list="Work IPs"
  105. add action=accept chain=input comment=connection-state=new dst-port=80,8291,22 in-interface=br_lan protocol=tcp src-address=192.168.42.0/24
  106. add action=accept chain=input comment="allow All TCP from LAN" connection-state=new in-interface=br_lan protocol=tcp src-address=192.168.42.0/24
  107. add action=accept chain=input comment="allow All UDP from LAN" connection-state=new in-interface=br_lan protocol=udp src-address=192.168.42.0/24
  108. add action=drop chain=forward comment="NAS4Free WebGUI only for Work" dst-address=192.168.42.203 dst-port=443 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
  109. add action=drop chain=forward comment=SQL dst-address=192.168.42.201 dst-port=1433 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
  110. add action=drop chain=forward comment="pfSense OpenVPN only for Work" dst-address=192.168.42.253 dst-port=1194 in-interface=WAN out-interface=br_lan protocol=udp src-address-list="!Work IPs"
  111. add action=drop chain=forward comment="pfSense OpenVPN only for Work" dst-address=192.168.42.253 dst-port=1194 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
  112. add action=drop chain=forward comment="NAS4Free WebGUI only for Work" dst-address=192.168.42.203 dst-port=59091 in-interface=WAN out-interface=br_lan protocol=tcp src-address-list="!Work IPs"
  113. add action=accept chain=input connection-state=established,related
  114. add action=accept chain=forward disabled=yes dst-address-list="IPSec LANs" src-address-list="IPSec LANs"
  115. add action=accept chain=forward in-interface=br_lan out-interface=WAN src-address=192.168.42.0/24
  116. add action=accept chain=forward dst-address=192.168.42.0/24 in-interface=WAN out-interface=br_lan
  117. add action=accept chain=forward dst-address=192.168.42.0/24 in-interface=br_lan out-interface=br_lan src-address=192.168.42.0/24
  118. add action=accept chain=output connection-state=!invalid
  119. add action=drop chain=input
  120. add action=drop chain=output
  121. add action=drop chain=forward
  122. /ip firewall nat
  123. add action=accept chain=srcnat comment="IPSEC to earth" dst-address=192.168.44.0/24 src-address=192.168.42.0/24
  124. add action=accept chain=srcnat disabled=yes ipsec-policy=out,ipsec out-interface=WAN
  125. add action=dst-nat chain=dstnat comment=pfSense dst-port=59444 in-interface=WAN protocol=tcp to-addresses=192.168.42.253 to-ports=443
  126. add action=dst-nat chain=dstnat comment=SQL dst-port=1433 in-interface=WAN protocol=tcp to-addresses=192.168.42.201 to-ports=1433
  127. add action=dst-nat chain=dstnat comment="OpenVPN(pfSense)" dst-port=1194 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=1194
  128. add action=dst-nat chain=dstnat comment="IPSec(pfSense)" disabled=yes dst-port=500 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=500
  129. add action=dst-nat chain=dstnat comment="IPSec(pfSense)" disabled=yes dst-port=4500 in-interface=WAN protocol=udp to-addresses=192.168.42.253 to-ports=4500
  130. add action=dst-nat chain=dstnat comment="OpenVPN(pfSense)" dst-port=1194 in-interface=WAN protocol=tcp to-addresses=192.168.42.253 to-ports=1194
  131. add action=dst-nat chain=dstnat comment="NAS4Free Transmission Remote" dst-port=59091 in-interface=WAN protocol=tcp to-addresses=192.168.42.203 to-ports=59091
  132. add action=dst-nat chain=dstnat comment="Traccar WebGUI" dst-port=12345 protocol=tcp to-addresses=192.168.42.249 to-ports=8082
  133. add action=dst-nat chain=dstnat comment="Traccar TK103 port" dst-port=5002 protocol=tcp to-addresses=192.168.42.249 to-ports=5002
  134. add action=dst-nat chain=dstnat comment="Traccar Client port" dst-port=5055 protocol=tcp to-addresses=192.168.42.249 to-ports=5055
  135. add action=dst-nat chain=dstnat comment="NAS4Free Torrent" dst-port=56666 in-interface=WAN protocol=tcp to-addresses=192.168.42.203 to-ports=56666
  136. add action=masquerade chain=srcnat comment="Traccar WebGUI(for LAN users)" dst-address=192.168.42.249 dst-port=8082 out-interface=br_lan protocol=tcp src-address=192.168.42.0/24
  137. add action=netmap chain=dstnat comment="NAS4Free WebGUI" dst-port=59991 protocol=tcp to-addresses=192.168.42.203 to-ports=443
  138. add action=masquerade chain=srcnat comment="NAS4Free WebGUI(for LAN users)" dst-address=192.168.42.203 dst-port=443 out-interface=br_lan protocol=tcp src-address=192.168.42.0/24
  139. add action=masquerade chain=srcnat out-interface=WAN routing-table=main
  140. /ip ipsec peer
  141. add address=111.1.111.88/32 comment="earth DYNAMIC" enc-algorithm=3des hash-algorithm=md5 lifetime=1w1d local-address=0.0.0.0 nat-traversal=no secret=VeryStrongPassword
  142. /ip ipsec policy
  143. add comment="earth DYNAMIC" dst-address=192.168.44.0/24 proposal=proposal-earth sa-dst-address=111.1.111.88 sa-src-address=0.0.0.0 src-address=192.168.42.0/24 tunnel=yes
  144. /ip route
  145. add distance=1 dst-address=192.168.4.0/24 gateway=192.168.42.253
  146. add distance=1 dst-address=192.168.42.0/24 gateway=br_lan
  147. add distance=1 dst-address=192.168.44.0/24 gateway=br_lan
  148. /ip service
  149. set telnet disabled=yes
  150. /system clock
  151. set time-zone-name=Europe/Moscow
  152. /system identity
  153. set name=RB951G-2HnD
  154. /system logging
  155. add topics=ipsec
  156. /system routerboard settings
  157. set init-delay=0s
  158. /tool graphing interface
  159. add
  160. add interface=WAN
  161. add
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!