API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 28th, 2025
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.04 KB | None | 0 0
raw download clone embed print report
  1. # 2025-05-28 18:25:11 by RouterOS 7.18
  2. # software id = TLQZ-WEZB
  3. #
  4. # model = RB3011UiAS
  5. # serial number = HF209FGWVQT
  6. /interface bridge
  7. add admin-mac=78:9A:18:56:DD:91 arp=proxy-arp auto-mac=no comment=defconf name=bridge port-cost-mode=short vlan-filtering=yes
  8. /interface ethernet
  9. set [ find default-name=ether1 ] arp=proxy-arp comment=WAN
  10. set [ find default-name=ether2 ] comment="Kraso PC - VLAN10"
  11. set [ find default-name=ether3 ] comment="Server 1 - VLAN20"
  12. set [ find default-name=ether4 ] comment="Server 2 - VLAN20"
  13. set [ find default-name=ether5 ] disabled=yes
  14. set [ find default-name=ether6 ] disabled=yes
  15. set [ find default-name=ether7 ] disabled=yes
  16. set [ find default-name=ether8 ] comment="Mercusys AP"
  17. set [ find default-name=ether9 ] comment=IMM
  18. set [ find default-name=ether10 ] poe-out=off
  19. set [ find default-name=sfp1 ] disabled=yes
  20. /interface vlan
  21. add comment="VLAN Pro klienty" interface=bridge name=vlan10 vlan-id=10
  22. add comment="VLAN Pro servery" interface=bridge name=vlan20 vlan-id=20
  23. /interface list
  24. add comment=defconf name=WAN
  25. add comment=defconf name=LAN
  26. add comment="List v\9Aech vlan\F9" name=VLANy
  27. /interface lte apn
  28. set [ find default=yes ] ip-type=ipv4 use-network-apn=no
  29. /interface wireless security-profiles
  30. set [ find default=yes ] supplicant-identity=MikroTik
  31. /ip hotspot profile
  32. set [ find default=yes ] html-directory=hotspot
  33. /ip pool
  34. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
  35. add name=vlan20 ranges=192.168.20.2-192.168.20.254
  36. add name=vlan10 ranges=192.168.10.2-192.168.10.249
  37. add name=vlan10-vpn ranges=192.168.10.251-192.168.10.254
  38. /ip dhcp-server
  39. add address-pool=vlan20 interface=vlan20 lease-time=10m name=dhcp-servery
  40. add address-pool=vlan10 interface=vlan10 lease-time=10m name=dhcp-klienti
  41. /ip smb users
  42. set [ find default=yes ] disabled=yes
  43. /port
  44. set 0 name=serial0
  45. /ppp profile
  46. add bridge=bridge dns-server=192.168.10.1,1.1.1.1 interface-list=LAN local-address=192.168.10.250 name=ovpn remote-address=vlan10-vpn use-encryption=yes use-ipv6=no
  47. /routing bgp template
  48. set default disabled=no output.network=bgp-networks
  49. /routing ospf instance
  50. add disabled=yes name=default-v2
  51. /routing ospf area
  52. add disabled=yes instance=default-v2 name=backbone-v2
  53. /routing table
  54. add disabled=no fib name=to-mk
  55. /interface bridge port
  56. add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 pvid=10
  57. add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 pvid=20
  58. add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 pvid=20
  59. add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 pvid=20
  60. add bridge=bridge comment=defconf ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10
  61. add bridge=bridge comment=defconf ingress-filtering=no interface=ether7 internal-path-cost=10 path-cost=10
  62. add bridge=bridge comment=defconf ingress-filtering=no interface=ether8 internal-path-cost=10 path-cost=10 pvid=10
  63. add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1 internal-path-cost=10 path-cost=10
  64. add bridge=bridge ingress-filtering=no interface=ether9 internal-path-cost=10 path-cost=10 pvid=20
  65. add bridge=bridge interface=ether10 pvid=20
  66. /interface bridge settings
  67. set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
  68. /ip firewall connection tracking
  69. set udp-timeout=10s
  70. /ip neighbor discovery-settings
  71. set discover-interface-list=LAN
  72. /ip settings
  73. set max-neighbor-entries=8192
  74. /ipv6 settings
  75. set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191
  76. /interface bridge vlan
  77. add bridge=bridge tagged=bridge untagged=ether3,ether4,ether5,ether9,ether10 vlan-ids=20
  78. add bridge=bridge tagged=bridge untagged=ether2,ether8 vlan-ids=10
  79. /interface l2tp-server server
  80. set authentication=mschap1,mschap2 default-profile=ovpn max-mru=1400 max-mtu=1400 max-sessions=3 use-ipsec=yes
  81. /interface list member
  82. add comment=defconf interface=bridge list=LAN
  83. add comment=defconf interface=ether1 list=WAN
  84. add interface=vlan10 list=VLANy
  85. add interface=vlan20 list=VLANy
  86. /interface ovpn-server server
  87. add auth=sha1,md5 certificate=server cipher=blowfish128,aes128-cbc,aes192-cbc,aes256-cbc default-profile=ovpn disabled=no mac-address=FE:D7:E9:78:D6:9E name=\
  88. ovpn-server1 require-client-certificate=yes
  89. /ip address
  90. add address=192.168.20.1/24 comment="Gateway pro servery" interface=vlan20 network=192.168.20.0
  91. add address=192.168.10.1/24 comment="Gateway pro klienty" interface=vlan10 network=192.168.10.0
  92. add address=192.168.10.250 comment="Gateway pro VPN" interface=vlan10 network=192.168.10.0
  93. add address=192.168.88.1 disabled=yes interface=ether8 network=192.168.88.0
  94. add address=111.111.111.193/28 interface=ether1 network=111.111.111.192
  95. /ip cloud
  96. set ddns-update-interval=1m
  97. /ip dhcp-client
  98. add comment=defconf interface=ether1
  99. add add-default-route=no disabled=yes interface=ether9 use-peer-dns=no use-peer-ntp=no
  100. /ip dhcp-server lease
  101. add address=192.168.10.3 client-id=1:0:eb:d8:34:34:df mac-address=00:EB:D8:34:34:DF server=dhcp-klienti
  102. add address=192.168.20.4 client-id=ff:e9:bb:23:7b:0:1:0:1:2f:4d:28:ef:40:f2:e9:bb:23:7b mac-address=40:F2:E9:BB:23:7B server=dhcp-servery
  103. add address=192.168.20.2 client-id=ff:41:ec:62:e8:0:2:0:0:ab:11:c6:d9:44:7f:2:9a:98:44 mac-address=C2:CD:76:E7:E8:45 server=dhcp-servery
  104. add address=192.168.10.248 client-id=1:84:47:9:f:dc:94 mac-address=84:47:09:0F:DC:94 server=dhcp-klienti
  105. /ip dhcp-server network
  106. add address=192.168.10.0/24 dns-server=192.168.20.1,1.1.1.1 gateway=192.168.10.1
  107. add address=192.168.20.0/24 dns-server=192.168.20.1,1.1.1.1 gateway=192.168.20.1
  108. add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
  109. /ip dns
  110. set allow-remote-requests=yes servers=1.1.1.1
  111. /ip firewall address-list
  112. <truncated>
  113. add list=Attempt
  114. /ip firewall filter
  115. add action=accept chain=input dst-address=111.111.111.193
  116. add action=accept chain=input comment="Override, allow bonin ALL" src-address-list=BoninVerified
  117. add action=accept chain=input comment="Allow openVPN" port=1194 protocol=tcp
  118. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
  119. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  120. add action=accept chain=input comment="allow ICMP" protocol=icmp
  121. add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  122. add action=accept chain=input comment="Allow DNS requests to router" dst-port=53 in-interface-list=VLANy protocol=udp
  123. add action=accept chain=forward comment="Allow returns from VLAN20 -> VLAN10" connection-state=established,related in-interface=vlan20 out-interface=vlan10
  124. add action=accept chain=forward comment="Allow VLAN10 -> VLAN20" connection-state=new in-interface=vlan10 out-interface=vlan20
  125. add action=drop chain=forward comment="Drop VLAN20 -> VLAN10" in-interface=vlan20 out-interface=vlan10
  126. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
  127. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
  128. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
  129. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  130. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  131. /ip firewall nat
  132. add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
  133. add action=dst-nat chain=dstnat comment="NAT SSH FOR SERVER" dst-port=2222 in-interface=ether1 protocol=tcp src-address=0.0.0.0/0 to-addresses=192.168.20.2 to-ports=\
  134. 22
  135. add action=dst-nat chain=dstnat comment="NAT SSH FOR SERVER2" dst-port=2223 in-interface=ether1 protocol=tcp src-address=0.0.0.0/0 to-addresses=192.168.20.4 \
  136. to-ports=22
  137. add action=dst-nat chain=dstnat comment="NAT HTTP FOR SERVER - CERT VALIDATION" dst-port=80 in-interface=ether1 protocol=tcp src-address=0.0.0.0/0 to-addresses=\
  138. 192.168.20.4 to-ports=80
  139. add action=dst-nat chain=dstnat comment="NAT WINGS API FOR SERVER" dst-port=6954 in-interface-list=WAN protocol=tcp to-addresses=192.168.20.2 to-ports=6954
  140. add action=dst-nat chain=dstnat comment="NAT WINGS SFTP FOR SERVER" dst-port=4789 in-interface-list=WAN protocol=tcp to-addresses=192.168.20.2 to-ports=4789
  141. add action=dst-nat chain=dstnat comment="NAT GAME RANGE FOR SERVER - TCP" dst-port=7777-8000 in-interface=ether1 protocol=tcp src-address=0.0.0.0/0 to-addresses=\
  142. 192.168.20.2 to-ports=7777-8000
  143. add action=dst-nat chain=dstnat comment="NAT GAME RANGE FOR SERVER - UDP" dst-port=7777-8000 in-interface=ether1 protocol=udp to-addresses=192.168.20.2 to-ports=\
  144. 7777-8000
  145. add action=add-src-to-address-list address-list=Attempt address-list-timeout=none-dynamic chain=dstnat comment="NAT ARMA RANGE FOR SERVER - UDP LOG" dst-port=\
  146. 2302-2306 in-interface=ether1 protocol=udp
  147. add action=dst-nat chain=dstnat comment="NAT ARMA RANGE FOR SERVER - UDP" dst-port=2302-2306 in-interface=ether1 protocol=udp to-addresses=192.168.20.2 to-ports=\
  148. 2302-2306
  149. add action=dst-nat chain=dstnat comment="NAT ARMA RANGE FOR SERVER - TCP" dst-port=2302-2306 in-interface=ether1 protocol=tcp to-addresses=192.168.20.2 to-ports=\
  150. 2302-2306
  151. add action=dst-nat chain=dstnat comment="NAT BMC TO ALLOW LIST " disabled=yes dst-port=65501 in-interface=ether1 protocol=tcp src-address-list=BoninVerified \
  152. to-addresses=192.168.88.251 to-ports=443
  153. add action=dst-nat chain=dstnat comment="NAT BMC TO ALLOW LIST " disabled=yes dst-port=65500 in-interface=ether1 protocol=tcp src-address-list=BoninVerified \
  154. to-addresses=192.168.20.3 to-ports=443
  155. add action=dst-nat chain=dstnat disabled=yes dst-port=9090 protocol=tcp src-address-list=BoninVerified to-addresses=192.168.20.2 to-ports=9090
  156. add action=dst-nat chain=dstnat comment="NAT WINGS API FOR SERVER2" dst-port=5454 in-interface-list=WAN protocol=tcp to-addresses=192.168.20.4 to-ports=5454
  157. add action=dst-nat chain=dstnat comment="NAT WINGS SFTP FOR SERVER2" dst-port=2443 in-interface-list=WAN protocol=tcp to-addresses=192.168.20.4 to-ports=2443
  158. add action=src-nat chain=srcnat dst-address=10.192.2.151 protocol=tcp src-address-list=BoninVerified to-addresses=10.192.2.1
  159. add action=dst-nat chain=dstnat dst-port=65531 in-interface=ether1 protocol=tcp src-address=109.164.34.126 to-addresses=10.192.2.151 to-ports=3211
  160. add action=dst-nat chain=dstnat dst-port=3389 in-interface-list=WAN protocol=tcp to-addresses=192.168.10.248 to-ports=3389
  161. /ip ipsec profile
  162. set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
  163. /ip route
  164. add disabled=no dst-address=192.168.1.1/32 gateway=ether9
  165. add disabled=no dst-address=0.0.0.0/0 gateway=172.16.200.67 routing-table=to-mk suppress-hw-offload=no
  166. /ip service
  167. set www port=8080
  168. set www-ssl certificate=HTTPS disabled=no
  169. set winbox port=65530
  170. /ip smb shares
  171. set [ find default=yes ] directory=/pub
  172. /ip ssh
  173. set forwarding-enabled=both strong-crypto=yes
  174. /lcd
  175. set time-interval=daily
  176. /lcd pin
  177. set pin-number=7658
  178. /ppp secret
  179. add local-address=192.168.10.250 name=bonin routes="192.168.10.0/24, 192.168.20.0/24" service=ovpn
  180. /routing bfd configuration
  181. add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
  182. /routing rule
  183. add action=lookup disabled=no dst-address=111.111.111.192/28 table=to-mk
  184. add action=lookup disabled=no src-address=111.111.111.192/28 table=to-mk
  185. /system clock
  186. set time-zone-name=Europe/Bratislava
  187. /system identity
  188. set name=R01_GameCore
  189. /system logging
  190. add disabled=yes topics=ppp,debug
  191. add topics=ovpn,debug
  192. /system note
  193. set show-at-login=no
  194. /system ntp client
  195. set enabled=yes
  196. /system ntp client servers
  197. add address=132.163.96.2
  198. /tool graphing interface
  199. add
  200. /tool mac-server
  201. set allowed-interface-list=LAN
  202. /tool mac-server mac-winbox
  203. set allowed-interface-list=LAN
  204. /tool mac-server ping
  205. set enabled=no
  206.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!