Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add admin-mac=4C:5E:0C:2C:1D:C6 auto-mac=no mtu=1500 name=bridge-local
- /interface ethernet
- set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
- ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
- "WAN FTTH" name=ether1-gateway speed=100Mbps
- set [ find default-name=ether2 ] advertise="10M-half,10M-full,100M-half,100M-f\
- ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
- "LAN Madrid" name=ether2-master-local speed=100Mbps
- # el resto de bocas no se usan
- set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
- set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
- set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
- set [ find default-name=ether6 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether7 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether8 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether9 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether10 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=sfp1 ] name=spf
- /interface wireless
- set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=canada \
- disabled=no frequency-mode=manual-txpower mode=ap-bridge ssid=HOME \
- tx-power-mode=all-rates-fixed wireless-protocol=802.11
- /interface vlan
- add interface=ether1-gateway name=vlan3 vlan-id=3
- add interface=ether1-gateway name=vlan6 vlan-id=6
- /interface pppoe-client
- add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 \
- keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=\
- adslppp use-peer-dns=yes user=adslppp@telefonicanetpa
- /interface list
- add name=WAN
- add name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
- supplicant-identity=MikroTik wpa-pre-shared-key=11 \
- wpa2-pre-shared-key=11
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=3des
- /ip pool
- add name=dhcp ranges=192.168.1.201-192.168.1.249
- add name=vpn ranges=192.168.3.10-192.168.3.20
- /ip dhcp-server
- add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
- bridge-local lease-time=3d name=dhcp1
- /ppp profile
- set *FFFFFFFE dns-server=192.168.3.250 local-address=192.168.3.250 \
- remote-address=vpn
- /interface bridge port
- add bridge=bridge-local interface=ether2-master-local
- add bridge=bridge-local interface=wlan1
- add bridge=bridge-local interface=ether3-slave-local
- add bridge=bridge-local interface=ether4-slave-local
- add bridge=bridge-local interface=ether5-slave-local
- /interface list member
- add interface=ether1-gateway list=WAN
- add interface=bridge-local list=LAN
- /interface pptp-server server
- set authentication=mschap2 enabled=yes
- /ip address
- add address=192.168.1.1/24 comment="default configuration" interface=\
- ether2-master-local network=192.168.1.0
- /ip dhcp-client
- add add-default-route=no disabled=no interface=vlan3 use-peer-ntp=no
- add disabled=no interface=ether1-gateway
- /ip dhcp-server lease
- add address=192.168.1.20 client-id=1:0:21:b7:22:69:20 mac-address=\
- 00:21:B7:22:69:20 server=dhcp1
- /ip dhcp-server network
- add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
- netmask=24
- /ip dns
- set allow-remote-requests=yes servers=1.1.1.1,199.85.127.10
- /ip dns static
- add address=192.168.1.1 name=router
- add address=192.168.144.1 name=conversor-medios
- /ip firewall filter
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" disabled=yes \
- icmp-options=11:0 protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
- protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
- protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
- protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
- protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=output dst-address=192.168.1.242
- add action=accept chain=forward dst-address=192.168.1.242
- add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
- protocol=icmp
- add action=drop chain=forward icmp-options=3:3 protocol=icmp
- add action=accept chain=output comment="Drop Brute Force" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=Blacklist \
- address-list-timeout=23h chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=accept chain=forward comment="default configuration" \
- connection-state=established
- add action=accept chain=forward comment="default configuration" \
- connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=accept chain=input protocol=icmp
- add action=accept chain=input connection-state=established
- add action=accept chain=input connection-state=related
- add action=drop chain=input in-interface-list=!LAN
- add action=fasttrack-connection chain=forward connection-state=\
- established,related
- add action=accept chain=forward connection-state=established,related
- add action=drop chain=forward connection-state=invalid
- add action=fasttrack-connection chain=forward connection-state=\
- established,related
- add action=accept chain=forward connection-state=established,related
- /ip firewall mangle
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- /ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=vlan3
- /ip ipsec policy
- set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
- /ip proxy
- set cache-path=web-proxy1
- /ip route
- add disabled=yes distance=255 gateway=255.255.255.255
- add disabled=yes distance=255 gateway=255.255.255.255
- add distance=255 gateway=255.255.255.255
- add distance=255 gateway=255.255.255.255
- add distance=255 gateway=255.255.255.255
- add distance=255 gateway=255.255.255.255
- /ip ssh
- set allow-none-crypto=yes forwarding-enabled=remote
- /ip upnp
- set enabled=yes
- /ip upnp interfaces
- add interface=bridge-local type=internal
- add interface=pppoe-out1 type=external
- /lcd
- set enabled=no touch-screen=disabled
- /routing rip interface
- add interface=vlan3 passive=yes receive=v2
- /routing rip network
- add network=10.0.0.0/8
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Madrid
- /system logging
- set 1 action=disk
- /system ntp client
- set enabled=yes primary-ntp=150.214.94.5 secondary-ntp=163.117.202.33
- /tool graphing interface
- add interface=ether1-gateway
- add interface=ether1-gateway
- add interface=ether1-gateway
- add interface=ether1-gateway
- add interface=ether1-gateway
- add interface=ether1-gateway
- /tool graphing queue
- add
- add
- add
- add
- add
- add
- /tool graphing resource
- add
- add
- add
- add
- add
- add
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement