Advertisement
Guest User

Untitled

a guest
Feb 16th, 2020
1,009
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.57 KB | None
  1.  
  2. /interface bridge
  3. add admin-mac=4C:5E:0C:2C:1D:C6 auto-mac=no mtu=1500 name=bridge-local
  4. /interface ethernet
  5. set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
  6. ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
  7. "WAN FTTH" name=ether1-gateway speed=100Mbps
  8. set [ find default-name=ether2 ] advertise="10M-half,10M-full,100M-half,100M-f\
  9. ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
  10. "LAN Madrid" name=ether2-master-local speed=100Mbps
  11. # el resto de bocas no se usan
  12. set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
  13. set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
  14. set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
  15. set [ find default-name=ether6 ] advertise=\
  16. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  17. set [ find default-name=ether7 ] advertise=\
  18. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  19. set [ find default-name=ether8 ] advertise=\
  20. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  21. set [ find default-name=ether9 ] advertise=\
  22. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  23. set [ find default-name=ether10 ] advertise=\
  24. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  25. set [ find default-name=sfp1 ] name=spf
  26. /interface wireless
  27. set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=canada \
  28. disabled=no frequency-mode=manual-txpower mode=ap-bridge ssid=HOME \
  29. tx-power-mode=all-rates-fixed wireless-protocol=802.11
  30. /interface vlan
  31. add interface=ether1-gateway name=vlan3 vlan-id=3
  32. add interface=ether1-gateway name=vlan6 vlan-id=6
  33. /interface pppoe-client
  34. add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 \
  35. keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=\
  36. adslppp use-peer-dns=yes user=adslppp@telefonicanetpa
  37. /interface list
  38. add name=WAN
  39. add name=LAN
  40. /interface wireless security-profiles
  41. set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
  42. supplicant-identity=MikroTik wpa-pre-shared-key=11 \
  43. wpa2-pre-shared-key=11
  44. /ip ipsec proposal
  45. set [ find default=yes ] enc-algorithms=3des
  46. /ip pool
  47. add name=dhcp ranges=192.168.1.201-192.168.1.249
  48. add name=vpn ranges=192.168.3.10-192.168.3.20
  49. /ip dhcp-server
  50. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
  51. bridge-local lease-time=3d name=dhcp1
  52. /ppp profile
  53. set *FFFFFFFE dns-server=192.168.3.250 local-address=192.168.3.250 \
  54. remote-address=vpn
  55. /interface bridge port
  56. add bridge=bridge-local interface=ether2-master-local
  57. add bridge=bridge-local interface=wlan1
  58. add bridge=bridge-local interface=ether3-slave-local
  59. add bridge=bridge-local interface=ether4-slave-local
  60. add bridge=bridge-local interface=ether5-slave-local
  61. /interface list member
  62. add interface=ether1-gateway list=WAN
  63. add interface=bridge-local list=LAN
  64. /interface pptp-server server
  65. set authentication=mschap2 enabled=yes
  66. /ip address
  67. add address=192.168.1.1/24 comment="default configuration" interface=\
  68. ether2-master-local network=192.168.1.0
  69. /ip dhcp-client
  70. add add-default-route=no disabled=no interface=vlan3 use-peer-ntp=no
  71. add disabled=no interface=ether1-gateway
  72. /ip dhcp-server lease
  73. add address=192.168.1.20 client-id=1:0:21:b7:22:69:20 mac-address=\
  74. 00:21:B7:22:69:20 server=dhcp1
  75. /ip dhcp-server network
  76. add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
  77. netmask=24
  78. /ip dns
  79. set allow-remote-requests=yes servers=1.1.1.1,199.85.127.10
  80. /ip dns static
  81. add address=192.168.1.1 name=router
  82. add address=192.168.144.1 name=conversor-medios
  83. /ip firewall filter
  84. add action=accept chain=output dst-address=192.168.1.242
  85. add action=accept chain=forward dst-address=192.168.1.242
  86. add action=drop chain=forward comment="Drop Traceroute" disabled=yes \
  87. icmp-options=11:0 protocol=icmp
  88. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  89. add action=accept chain=output comment="Drop Brute Force" content=\
  90. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  91. add action=add-dst-to-address-list address-list=Blacklist \
  92. address-list-timeout=23h chain=output content="530 Login incorrect" \
  93. protocol=tcp
  94. add action=accept chain=forward comment="default configuration" \
  95. connection-state=established
  96. add action=accept chain=forward comment="default configuration" \
  97. connection-state=related
  98. add action=drop chain=forward comment="default configuration" \
  99. connection-state=invalid
  100. add action=accept chain=output dst-address=192.168.1.242
  101. add action=accept chain=forward dst-address=192.168.1.242
  102. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  103. protocol=icmp
  104. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  105. add action=accept chain=output comment="Drop Brute Force" content=\
  106. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  107. add action=add-dst-to-address-list address-list=Blacklist \
  108. address-list-timeout=23h chain=output content="530 Login incorrect" \
  109. protocol=tcp
  110. add action=accept chain=forward comment="default configuration" \
  111. connection-state=established
  112. add action=accept chain=forward comment="default configuration" \
  113. connection-state=related
  114. add action=drop chain=forward comment="default configuration" \
  115. connection-state=invalid
  116. add action=accept chain=output dst-address=192.168.1.242
  117. add action=accept chain=forward dst-address=192.168.1.242
  118. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  119. protocol=icmp
  120. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  121. add action=accept chain=output comment="Drop Brute Force" content=\
  122. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  123. add action=add-dst-to-address-list address-list=Blacklist \
  124. address-list-timeout=23h chain=output content="530 Login incorrect" \
  125. protocol=tcp
  126. add action=accept chain=forward comment="default configuration" \
  127. connection-state=established
  128. add action=accept chain=forward comment="default configuration" \
  129. connection-state=related
  130. add action=drop chain=forward comment="default configuration" \
  131. connection-state=invalid
  132. add action=accept chain=output dst-address=192.168.1.242
  133. add action=accept chain=forward dst-address=192.168.1.242
  134. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  135. protocol=icmp
  136. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  137. add action=accept chain=output comment="Drop Brute Force" content=\
  138. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  139. add action=add-dst-to-address-list address-list=Blacklist \
  140. address-list-timeout=23h chain=output content="530 Login incorrect" \
  141. protocol=tcp
  142. add action=accept chain=forward comment="default configuration" \
  143. connection-state=established
  144. add action=accept chain=forward comment="default configuration" \
  145. connection-state=related
  146. add action=drop chain=forward comment="default configuration" \
  147. connection-state=invalid
  148. add action=accept chain=output dst-address=192.168.1.242
  149. add action=accept chain=forward dst-address=192.168.1.242
  150. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  151. protocol=icmp
  152. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  153. add action=accept chain=output comment="Drop Brute Force" content=\
  154. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  155. add action=add-dst-to-address-list address-list=Blacklist \
  156. address-list-timeout=23h chain=output content="530 Login incorrect" \
  157. protocol=tcp
  158. add action=accept chain=forward comment="default configuration" \
  159. connection-state=established
  160. add action=accept chain=forward comment="default configuration" \
  161. connection-state=related
  162. add action=drop chain=forward comment="default configuration" \
  163. connection-state=invalid
  164. add action=accept chain=output dst-address=192.168.1.242
  165. add action=accept chain=forward dst-address=192.168.1.242
  166. add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
  167. protocol=icmp
  168. add action=drop chain=forward icmp-options=3:3 protocol=icmp
  169. add action=accept chain=output comment="Drop Brute Force" content=\
  170. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  171. add action=add-dst-to-address-list address-list=Blacklist \
  172. address-list-timeout=23h chain=output content="530 Login incorrect" \
  173. protocol=tcp
  174. add action=accept chain=forward comment="default configuration" \
  175. connection-state=established
  176. add action=accept chain=forward comment="default configuration" \
  177. connection-state=related
  178. add action=drop chain=forward comment="default configuration" \
  179. connection-state=invalid
  180. add action=accept chain=input protocol=icmp
  181. add action=accept chain=input connection-state=established
  182. add action=accept chain=input connection-state=related
  183. add action=drop chain=input in-interface-list=!LAN
  184. add action=fasttrack-connection chain=forward connection-state=\
  185. established,related
  186. add action=accept chain=forward connection-state=established,related
  187. add action=drop chain=forward connection-state=invalid
  188. add action=fasttrack-connection chain=forward connection-state=\
  189. established,related
  190. add action=accept chain=forward connection-state=established,related
  191. /ip firewall mangle
  192. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  193. passthrough=yes
  194. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  195. pppoe-out1 passthrough=yes
  196. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  197. passthrough=yes
  198. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  199. pppoe-out1 passthrough=yes
  200. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  201. passthrough=yes
  202. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  203. pppoe-out1 passthrough=yes
  204. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  205. passthrough=yes
  206. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  207. pppoe-out1 passthrough=yes
  208. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  209. passthrough=yes
  210. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  211. pppoe-out1 passthrough=yes
  212. add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
  213. passthrough=yes
  214. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  215. pppoe-out1 passthrough=yes
  216. /ip firewall nat
  217. add action=masquerade chain=srcnat comment="default configuration" \
  218. out-interface=pppoe-out1
  219. add action=masquerade chain=srcnat comment="default configuration" \
  220. out-interface=ether1-gateway
  221. add action=masquerade chain=srcnat comment="default configuration" \
  222. out-interface=vlan3
  223. add action=masquerade chain=srcnat comment="default configuration" \
  224. out-interface=pppoe-out1
  225. add action=masquerade chain=srcnat comment="default configuration" \
  226. out-interface=ether1-gateway
  227. add action=masquerade chain=srcnat comment="default configuration" \
  228. out-interface=vlan3
  229. add action=masquerade chain=srcnat comment="default configuration" \
  230. out-interface=pppoe-out1
  231. add action=masquerade chain=srcnat comment="default configuration" \
  232. out-interface=ether1-gateway
  233. add action=masquerade chain=srcnat comment="default configuration" \
  234. out-interface=vlan3
  235. add action=masquerade chain=srcnat comment="default configuration" \
  236. out-interface=pppoe-out1
  237. add action=masquerade chain=srcnat comment="default configuration" \
  238. out-interface=ether1-gateway
  239. add action=masquerade chain=srcnat comment="default configuration" \
  240. out-interface=vlan3
  241. add action=masquerade chain=srcnat comment="default configuration" \
  242. out-interface=pppoe-out1
  243. add action=masquerade chain=srcnat comment="default configuration" \
  244. out-interface=ether1-gateway
  245. add action=masquerade chain=srcnat comment="default configuration" \
  246. out-interface=vlan3
  247. add action=masquerade chain=srcnat comment="default configuration" \
  248. out-interface=pppoe-out1
  249. add action=masquerade chain=srcnat comment="default configuration" \
  250. out-interface=ether1-gateway
  251. add action=masquerade chain=srcnat comment="default configuration" \
  252. out-interface=vlan3
  253. /ip ipsec policy
  254. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  255. /ip proxy
  256. set cache-path=web-proxy1
  257. /ip route
  258. add disabled=yes distance=255 gateway=255.255.255.255
  259. add disabled=yes distance=255 gateway=255.255.255.255
  260. add distance=255 gateway=255.255.255.255
  261. add distance=255 gateway=255.255.255.255
  262. add distance=255 gateway=255.255.255.255
  263. add distance=255 gateway=255.255.255.255
  264. /ip ssh
  265. set allow-none-crypto=yes forwarding-enabled=remote
  266. /ip upnp
  267. set enabled=yes
  268. /ip upnp interfaces
  269. add interface=bridge-local type=internal
  270. add interface=pppoe-out1 type=external
  271. /lcd
  272. set enabled=no touch-screen=disabled
  273. /routing rip interface
  274. add interface=vlan3 passive=yes receive=v2
  275. /routing rip network
  276. add network=10.0.0.0/8
  277. /system clock
  278. set time-zone-autodetect=no time-zone-name=Europe/Madrid
  279. /system logging
  280. set 1 action=disk
  281. /system ntp client
  282. set enabled=yes primary-ntp=150.214.94.5 secondary-ntp=163.117.202.33
  283. /tool graphing interface
  284. add interface=ether1-gateway
  285. add interface=ether1-gateway
  286. add interface=ether1-gateway
  287. add interface=ether1-gateway
  288. add interface=ether1-gateway
  289. add interface=ether1-gateway
  290. /tool graphing queue
  291. add
  292. add
  293. add
  294. add
  295. add
  296. add
  297. /tool graphing resource
  298. add
  299. add
  300. add
  301. add
  302. add
  303. add
Advertisement
RAW Paste Data Copied
Advertisement