API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 16th, 2020
1,225
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.57 KB | None | 0 0
raw download clone embed print report
  1.  
  2. /interface bridge
  3. add admin-mac=4C:5E:0C:2C:1D:C6 auto-mac=no mtu=1500 name=bridge-local
  4. /interface ethernet
  5. set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
  6. ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
  7. "WAN FTTH" name=ether1-gateway speed=100Mbps
  8. set [ find default-name=ether2 ] advertise="10M-half,10M-full,100M-half,100M-f\
  9. ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
  10. "LAN Madrid" name=ether2-master-local speed=100Mbps
  11. # el resto de bocas no se usan
  12. set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
  13. set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
  14. set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
  15. set [ find default-name=ether6 ] advertise=\
  16. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  17. set [ find default-name=ether7 ] advertise=\
  18. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  19. set [ find default-name=ether8 ] advertise=\
  20. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  21. set [ find default-name=ether9 ] advertise=\
  22. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  23. set [ find default-name=ether10 ] advertise=\
  24. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  25. set [ find default-name=sfp1 ] name=spf
  26. /interface wireless
  27. set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=canada \
  28. disabled=no frequency-mode=manual-txpower mode=ap-bridge ssid=HOME \
  29. tx-power-mode=all-rates-fixed wireless-protocol=802.11
  30. /interface vlan
  31. add interface=ether1-gateway name=vlan3 vlan-id=3
  32. add interface=ether1-gateway name=vlan6 vlan-id=6
  33. /interface pppoe-client
  34. add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 \
  35. keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=\
  36. adslppp use-peer-dns=yes user=adslppp@telefonicanetpa
  37. /interface list
  38. add name=WAN
  39. add name=LAN
  40. /interface wireless security-profiles
  41. set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
  42. supplicant-identity=MikroTik wpa-pre-shared-key=11 \
  43. wpa2-pre-shared-key=11
  44. /ip ipsec proposal
  45. set [ find default=yes ] enc-algorithms=3des
  46. /ip pool
  47. add name=dhcp ranges=192.168.1.201-192.168.1.249
  48. add name=vpn ranges=192.168.3.10-192.168.3.20
  49. /ip dhcp-server
  50. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
  51. bridge-local lease-time=3d name=dhcp1
  52. /ppp profile
  53. set *FFFFFFFE dns-server=192.168.3.250 local-address=192.168.3.250 \
  54. remote-address=vpn
  55. /interface bridge port
  56. add bridge=bridge-local interface=ether2-master-local
  57. add bridge=bridge-local interface=wlan1
  58. add bridge=bridge-local interface=ether3-slave-local
  59. add bridge=bridge-local interface=ether4-slave-local
  60. add bridge=bridge-local interface=ether5-slave-local
  61. /interface list member
  62. add interface=ether1-gateway list=WAN
  63. add interface=bridge-local list=LAN
  64. /interface pptp-server server
  65. set authentication=mschap2 enabled=yes
  66. /ip address
  67. add address=192.168.1.1/24 comment="default configuration" interface=\
  68. ether2-master-local network=192.168.1.0
  69. /ip dhcp-client
  70. add add-default-route=no disabled=no interface=vlan3 use-peer-ntp=no
  71. add disabled=no interface=ether1-gateway
  72. /ip dhcp-server lease
  73. add address=192.168.1.20 client-id=1:0:21:b7:22:69:20 mac-address=\
  74. 00:21:B7:22:69:20 server=dhcp1
  75. /ip dhcp-server network
  76. add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
  77. netmask=24
  78. /ip dns
  79. set allow-remote-requests=yes servers=1.1.1.1,199.85.127.10
  80. /ip dns static
  81. add address=192.168.1.1 name=router
  82. add address=192.168.144.1 name=conversor-medios
  83. /ip firewall filter
  84. add action=accept chain=output dst-address=192.168.1.242
  85. add action=accept chain=forward dst-address=192.168.1.242
  86. add action=drop chain=forward comment="Drop Traceroute" disabled=yes \
  87. icmp-options=11:0 protocol=icmp
  88. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  89. add action=accept chain=output comment="Drop Brute Force" content=\
  90. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  91. add action=add-dst-to-address-list address-list=Blacklist \
  92. address-list-timeout=23h chain=output content="530 Login incorrect" \
  93. protocol=tcp
  94. add action=accept chain=forward comment="default configuration" \
  95. connection-state=established
  96. add action=accept chain=forward comment="default configuration" \
  97. connection-state=related
  98. add action=drop chain=forward comment="default configuration" \
  99. connection-state=invalid
  100. add action=accept chain=output dst-address=192.168.1.242
  101. add action=accept chain=forward dst-address=192.168.1.242
  102. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  103. protocol=icmp
  104. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  105. add action=accept chain=output comment="Drop Brute Force" content=\
  106. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  107. add action=add-dst-to-address-list address-list=Blacklist \
  108. address-list-timeout=23h chain=output content="530 Login incorrect" \
  109. protocol=tcp
  110. add action=accept chain=forward comment="default configuration" \
  111. connection-state=established
  112. add action=accept chain=forward comment="default configuration" \
  113. connection-state=related
  114. add action=drop chain=forward comment="default configuration" \
  115. connection-state=invalid
  116. add action=accept chain=output dst-address=192.168.1.242
  117. add action=accept chain=forward dst-address=192.168.1.242
  118. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  119. protocol=icmp
  120. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  121. add action=accept chain=output comment="Drop Brute Force" content=\
  122. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  123. add action=add-dst-to-address-list address-list=Blacklist \
  124. address-list-timeout=23h chain=output content="530 Login incorrect" \
  125. protocol=tcp
  126. add action=accept chain=forward comment="default configuration" \
  127. connection-state=established
  128. add action=accept chain=forward comment="default configuration" \
  129. connection-state=related
  130. add action=drop chain=forward comment="default configuration" \
  131. connection-state=invalid
  132. add action=accept chain=output dst-address=192.168.1.242
  133. add action=accept chain=forward dst-address=192.168.1.242
  134. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  135. protocol=icmp
  136. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  137. add action=accept chain=output comment="Drop Brute Force" content=\
  138. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  139. add action=add-dst-to-address-list address-list=Blacklist \
  140. address-list-timeout=23h chain=output content="530 Login incorrect" \
  141. protocol=tcp
  142. add action=accept chain=forward comment="default configuration" \
  143. connection-state=established
  144. add action=accept chain=forward comment="default configuration" \
  145. connection-state=related
  146. add action=drop chain=forward comment="default configuration" \
  147. connection-state=invalid
  148. add action=accept chain=output dst-address=192.168.1.242
  149. add action=accept chain=forward dst-address=192.168.1.242
  150. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  151. protocol=icmp
  152. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  153. add action=accept chain=output comment="Drop Brute Force" content=\
  154. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  155. add action=add-dst-to-address-list address-list=Blacklist \
  156. address-list-timeout=23h chain=output content="530 Login incorrect" \
  157. protocol=tcp
  158. add action=accept chain=forward comment="default configuration" \
  159. connection-state=established
  160. add action=accept chain=forward comment="default configuration" \
  161. connection-state=related
  162. add action=drop chain=forward comment="default configuration" \
  163. connection-state=invalid
  164. add action=accept chain=output dst-address=192.168.1.242
  165. add action=accept chain=forward dst-address=192.168.1.242
  166. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  167. protocol=icmp
  168. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  169. add action=accept chain=output comment="Drop Brute Force" content=\
  170. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  171. add action=add-dst-to-address-list address-list=Blacklist \
  172. address-list-timeout=23h chain=output content="530 Login incorrect" \
  173. protocol=tcp
  174. add action=accept chain=forward comment="default configuration" \
  175. connection-state=established
  176. add action=accept chain=forward comment="default configuration" \
  177. connection-state=related
  178. add action=drop chain=forward comment="default configuration" \
  179. connection-state=invalid
  180. add action=accept chain=input protocol=icmp
  181. add action=accept chain=input connection-state=established
  182. add action=accept chain=input connection-state=related
  183. add action=drop chain=input in-interface-list=!LAN
  184. add action=fasttrack-connection chain=forward connection-state=\
  185. established,related
  186. add action=accept chain=forward connection-state=established,related
  187. add action=drop chain=forward connection-state=invalid
  188. add action=fasttrack-connection chain=forward connection-state=\
  189. established,related
  190. add action=accept chain=forward connection-state=established,related
  191. /ip firewall mangle
  192. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  193. passthrough=yes
  194. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  195. pppoe-out1 passthrough=yes
  196. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  197. passthrough=yes
  198. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  199. pppoe-out1 passthrough=yes
  200. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  201. passthrough=yes
  202. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  203. pppoe-out1 passthrough=yes
  204. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  205. passthrough=yes
  206. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  207. pppoe-out1 passthrough=yes
  208. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  209. passthrough=yes
  210. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  211. pppoe-out1 passthrough=yes
  212. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  213. passthrough=yes
  214. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  215. pppoe-out1 passthrough=yes
  216. /ip firewall nat
  217. add action=masquerade chain=srcnat comment="default configuration" \
  218. out-interface=pppoe-out1
  219. add action=masquerade chain=srcnat comment="default configuration" \
  220. out-interface=ether1-gateway
  221. add action=masquerade chain=srcnat comment="default configuration" \
  222. out-interface=vlan3
  223. add action=masquerade chain=srcnat comment="default configuration" \
  224. out-interface=pppoe-out1
  225. add action=masquerade chain=srcnat comment="default configuration" \
  226. out-interface=ether1-gateway
  227. add action=masquerade chain=srcnat comment="default configuration" \
  228. out-interface=vlan3
  229. add action=masquerade chain=srcnat comment="default configuration" \
  230. out-interface=pppoe-out1
  231. add action=masquerade chain=srcnat comment="default configuration" \
  232. out-interface=ether1-gateway
  233. add action=masquerade chain=srcnat comment="default configuration" \
  234. out-interface=vlan3
  235. add action=masquerade chain=srcnat comment="default configuration" \
  236. out-interface=pppoe-out1
  237. add action=masquerade chain=srcnat comment="default configuration" \
  238. out-interface=ether1-gateway
  239. add action=masquerade chain=srcnat comment="default configuration" \
  240. out-interface=vlan3
  241. add action=masquerade chain=srcnat comment="default configuration" \
  242. out-interface=pppoe-out1
  243. add action=masquerade chain=srcnat comment="default configuration" \
  244. out-interface=ether1-gateway
  245. add action=masquerade chain=srcnat comment="default configuration" \
  246. out-interface=vlan3
  247. add action=masquerade chain=srcnat comment="default configuration" \
  248. out-interface=pppoe-out1
  249. add action=masquerade chain=srcnat comment="default configuration" \
  250. out-interface=ether1-gateway
  251. add action=masquerade chain=srcnat comment="default configuration" \
  252. out-interface=vlan3
  253. /ip ipsec policy
  254. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  255. /ip proxy
  256. set cache-path=web-proxy1
  257. /ip route
  258. add disabled=yes distance=255 gateway=255.255.255.255
  259. add disabled=yes distance=255 gateway=255.255.255.255
  260. add distance=255 gateway=255.255.255.255
  261. add distance=255 gateway=255.255.255.255
  262. add distance=255 gateway=255.255.255.255
  263. add distance=255 gateway=255.255.255.255
  264. /ip ssh
  265. set allow-none-crypto=yes forwarding-enabled=remote
  266. /ip upnp
  267. set enabled=yes
  268. /ip upnp interfaces
  269. add interface=bridge-local type=internal
  270. add interface=pppoe-out1 type=external
  271. /lcd
  272. set enabled=no touch-screen=disabled
  273. /routing rip interface
  274. add interface=vlan3 passive=yes receive=v2
  275. /routing rip network
  276. add network=10.0.0.0/8
  277. /system clock
  278. set time-zone-autodetect=no time-zone-name=Europe/Madrid
  279. /system logging
  280. set 1 action=disk
  281. /system ntp client
  282. set enabled=yes primary-ntp=150.214.94.5 secondary-ntp=163.117.202.33
  283. /tool graphing interface
  284. add interface=ether1-gateway
  285. add interface=ether1-gateway
  286. add interface=ether1-gateway
  287. add interface=ether1-gateway
  288. add interface=ether1-gateway
  289. add interface=ether1-gateway
  290. /tool graphing queue
  291. add
  292. add
  293. add
  294. add
  295. add
  296. add
  297. /tool graphing resource
  298. add
  299. add
  300. add
  301. add
  302. add
  303. add
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!