API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2020
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.91 KB | None | 0 0
raw download clone embed print report
  1.  
  2. /interface bridge
  3. add fast-forward=no name="BRIDGE LAN ID 10"
  4. add name="bridge-GUEST ID30"
  5. add igmp-snooping=yes name="bridge-HDMI ID20" protocol-mode=none
  6. add name="bridge-TVCC ID50"
  7. add name=bridge-VLAN200
  8. add name=bridge-elettrodomestici
  9.  
  10. /interface ethernet
  11. set [ find default-name=ether1 ] comment=WAN1
  12. set [ find default-name=ether2 ] comment="Camera lato strada" speed=100Mbps
  13. set [ find default-name=ether3 ] advertise=1000M-half,1000M-full comment=\
  14. Studio
  15. set [ find default-name=ether4 ] comment=vlan200-NAS
  16. set [ find default-name=ether5 ] comment="RB soggiorno"
  17. set [ find default-name=ether6 ] comment="Camera Matrimoniale"
  18. set [ find default-name=ether7 ] comment=Cucina
  19. set [ find default-name=ether8 ] comment="Camera lato strada"
  20. set [ find default-name=ether9 ] auto-negotiation=no comment=\
  21. "Stampante disimpegno" speed=10Mbps
  22. set [ find default-name=ether10 ] comment=TV-CC-LAN poe-out=off
  23.  
  24. /interface pppoe-client
  25. add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
  26. password=dfrbgg445 user=dfbfgd351bg51
  27.  
  28. /interface l2tp-client
  29. add connect-to=83.xx.xx.xxx disabled=no ipsec-secret=test@CHR_VPN max-mtu=\
  30. 1400 name="Vpn CHR" password=Trb@Fois use-ipsec=yes user=casa.test
  31.  
  32. /interface vlan
  33. add interface=ether4 name=vlan-200_NAS vlan-id=200
  34. add interface=ether5 name=vlan10-LAN vlan-id=10
  35. add interface=ether10 name=vlan10-lan vlan-id=10
  36. add interface=ether3 name=vlan10>>studio vlan-id=10
  37. add interface=ether5 name=vlan20-hdmi vlan-id=20
  38. add interface=ether5 name=vlan30_guest vlan-id=30
  39. add interface=ether5 name=vlan40-elettrodomestici vlan-id=40
  40. add interface=ether10 name=vlan50-tvcc vlan-id=50
  41. add interface=ether3 name=vlan50>>studio vlan-id=50
  42. add interface=ether1 name=vlan835 vlan-id=835
  43.  
  44. /ip pool
  45. add name=dhcp_pool_LAN ranges=10.246.159.150-10.246.159.155
  46. add name=dhcp_pool_privateNAS ranges=10.250.159.160-10.250.159.180
  47. add name=vpn_pool_private ranges=192.168.17.100-192.168.17.150
  48. add name=dhcp-serv_HDMI ranges=172.17.20.50-172.17.20.100
  49. add name=dhcp_pool_citofono ranges=10.246.161.100-10.246.161.200
  50. add name=dhcp-pool-guest ranges=172.16.20.2-172.16.20.50
  51. add name="dhcp pool elettrodomestici" ranges=10.246.162.100-10.246.162.120
  52.  
  53. /ip dhcp-server
  54. add address-pool=dhcp_pool_LAN authoritative=after-2sec-delay disabled=no \
  55. interface="BRIDGE LAN ID 10" lease-time=12h name="dhcp server LAN"
  56. add address-pool=dhcp_pool_privateNAS disabled=no interface=bridge-VLAN200 \
  57. lease-time=12h name=dhcp-privateNAS
  58. add address-pool=dhcp-serv_HDMI disabled=no interface="bridge-HDMI ID20" \
  59. lease-time=12h name=dhcp-serv.hdmi
  60. add address-pool=dhcp-pool-guest disabled=no interface="bridge-GUEST ID30" \
  61. lease-time=4h10m name=dhcp-server
  62. # DHCP server can not run on slave interface!
  63. add address-pool="dhcp pool elettrodomestici" disabled=no interface=\
  64. vlan40-elettrodomestici lease-time=1d10m name="dhcp server ELETTRODOM."
  65.  
  66. /ppp profile
  67. add change-tcp-mss=yes local-address=192.168.17.1 name="profile1-vpn private" \
  68. remote-address=vpn_pool_private use-encryption=yes
  69.  
  70.  
  71. /interface bridge port
  72. add bridge=bridge-VLAN200 interface=ether4
  73. add bridge="BRIDGE LAN ID 10" interface=vlan10-LAN
  74. add bridge="bridge-HDMI ID20" interface=ether6
  75. add bridge=bridge-VLAN200 interface=vlan-200_NAS
  76. add bridge="BRIDGE LAN ID 10" interface=ether7
  77. add bridge="BRIDGE LAN ID 10" interface=ether8
  78. add bridge="bridge-HDMI ID20" interface=vlan20-hdmi
  79. add bridge="BRIDGE LAN ID 10" interface=ether9
  80. add bridge="BRIDGE LAN ID 10" interface=wlan1
  81. add bridge="bridge-GUEST ID30" interface=wlan2
  82. add bridge="bridge-GUEST ID30" interface=vlan30-guest
  83. add bridge="bridge-TVCC ID50" interface=ether10
  84. add bridge="bridge-GUEST ID30" interface=vlan30_guest
  85. add bridge="BRIDGE LAN ID 10" interface=ether2
  86. add bridge="BRIDGE LAN ID 10" interface=vlan10-lan
  87. add bridge="bridge-TVCC ID50" interface=vlan50-tvcc
  88. add bridge="BRIDGE LAN ID 10" interface=vlan10>>studio
  89. add bridge="bridge-TVCC ID50" interface=vlan50>>studio
  90. add bridge="BRIDGE LAN ID 10" interface=vlan40-elettrodomestici
  91.  
  92. /interface l2tp-server server
  93. set default-profile="profile1-vpn private" enabled=yes ipsec-secret=xxxxxxxx \
  94. max-mtu=1400 use-ipsec=yes
  95.  
  96. /ip address
  97. add address=10.246.161.1/24 interface="bridge-TVCC ID50" network=10.246.161.0
  98. add address=10.246.159.50/24 interface="BRIDGE LAN ID 10" network=\
  99. 10.246.159.0
  100. add address=10.250.159.1/24 interface=bridge-VLAN200 network=10.250.159.0
  101. add address=172.17.20.1/24 interface="bridge-HDMI ID20" network=172.17.20.0
  102. add address=172.16.20.1/24 interface="bridge-GUEST ID30" network=172.16.20.0
  103. add address=192.168.178.2/24 interface=ether1 network=192.168.178.0
  104. add address=10.246.162.1/24 interface=vlan40-elettrodomestici network=\
  105. 10.246.162.0
  106.  
  107. /ip dns
  108. set allow-remote-requests=yes servers=1.1.1.1
  109.  
  110. /ip firewall address-list
  111. add address=10.246.159.3 list="IP FABIO"
  112. add address=10.246.159.5 list="IP FABIO"
  113. add address=10.246.159.7 list="IP FABIO"
  114. add address=10.246.159.2 list="IP FABIO"
  115. add address=10.246.159.4 list="IP FABIO"
  116. add address=10.246.159.30 list="IP FABIO"
  117. add address=10.165.43.0/24 list="IP VPN"
  118. add address=10.246.159.29 list="IP FABIO"
  119. add address=10.247.159.5 list="IP FABIO"
  120. add address=10.246.159.0/24 list="SUBNET FABIO"
  121. add address=10.247.159.0/24 list="SUBNET FABIO"
  122. add address=10.250.159.0/24 list="SUBNET FABIO"
  123. add address=10.247.159.7 list="IP FABIO"
  124. add address=10.246.161.2 list="OUT VPN"
  125. add address=10.246.161.3 list="OUT VPN"
  126. add address=35.160.221.193 list=DAHUA
  127. add address=54.218.39.76 list=DAHUA
  128. add address=192.168.17.0/24 list="IP VPN"
  129. add address=10.246.162.0/24 list=BLACK-LIST
  130. add address=10.246.161.0/24 list=BLACK-LIST
  131. add address=172.17.20.0/24 list=BLACK-LIST
  132. add address=172.16.20.0/24 list=BLACK-LIST
  133. add address=192.168.17.0/24 list="IP FABIO"
  134.  
  135. /ip firewall filter
  136. add action=fasttrack-connection chain=forward connection-state=\
  137. established,related
  138. add action=accept chain=forward comment="related, estabilished" \
  139. connection-state=established,related
  140. add action=drop chain=forward comment=invalid connection-state=invalid
  141. add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
  142. add action=accept chain=forward comment="Accept IP FABIO vs NAS" dst-address=\
  143. 10.250.159.0/24 src-address-list="IP FABIO"
  144. add action=accept chain=forward comment="Accept IP FABIO vs NAS" dst-address=\
  145. 10.250.159.0/24 src-address-list="IP VPN"
  146. add action=drop chain=forward comment="drop vs NAS" dst-address=\
  147. 10.250.159.0/24
  148. add action=accept chain=forward comment="ACCETTA I PACCHETTI DA TUTTI GLI IP F\
  149. ABIO INSERITI IN ADDRESS LIST SRC LIST VERSO IL 10.247.159.2" \
  150. dst-address=10.247.159.2 src-address-list="IP FABIO"
  151. add action=drop chain=forward comment="RIFIUTA I PACCHETTI DA TUTTA LA SUBNET \
  152. MA VIENE ESEGUITA PRIMA L'ALTRA REGOLA CHE PERMETTO L'ACCESSO DALL'IP 10.2\
  153. 46.159.5" dst-address=10.247.159.2
  154. add action=drop chain=forward comment="drop DAHUA" disabled=yes \
  155. dst-address-list=DAHUA dst-port=443 protocol=tcp src-address=10.246.161.2
  156. add action=drop chain=forward comment="firewall vs.lan" disabled=yes \
  157. dst-address-list="SUBNET FABIO" src-address-list=BLACK-LIST
  158.  
  159. /ip firewall nat
  160. add action=masquerade chain=srcnat comment=WAN out-interface=pppoe-out1
  161. add action=redirect chain=dstnat comment="DNS VERSO ROUTER" dst-port=53 \
  162. protocol=udp to-ports=53
  163. add action=masquerade chain=srcnat dst-address=192.168.178.0/24
  164. add action=masquerade chain=srcnat comment=VPN src-address=192.168.17.0/24
  165. add action=masquerade chain=srcnat comment="MASQUERADE DAHUA" out-interface=\
  166. "Vpn CHR" src-address-list="OUT VPN"
  167. add action=dst-nat chain=dstnat comment="PORT PORWARDING DAHUA" disabled=yes \
  168. dst-address=10.165.43.3 dst-port=37777 protocol=tcp to-addresses=\
  169. 10.246.161.2 to-ports=37777
  170.  
  171. /ip route
  172. add distance=1 gateway=10.165.43.1 routing-mark=OUT
  173. add distance=1 dst-address=10.245.159.0/24 gateway=10.165.43.1
  174. add distance=1 dst-address=10.247.159.0/24 gateway=192.168.17.2
  175. add comment="Route subnet 10.247.159.XX e 10.248.159.xx da pubblico che appart\
  176. engono al map mikrotik" distance=2 dst-address=10.247.159.0/24 gateway=\
  177. 10.165.43.1
  178. add comment="ISP1 route dns" disabled=yes distance=1 dst-address=\
  179. 104.244.42.1/32 gateway=192.168.1.1
  180. add distance=1 dst-address=192.168.8.0/24 gateway=10.165.43.1
  181.  
  182. /ip route rule
  183. add src-address=10.246.161.2/32 table=OUT
  184.  
  185. /ppp secret
  186. add name=ford.focus password=ford@focus profile="profile1-vpn private" \
  187. remote-address=192.168.17.2
  188. add name=abbio90 password=xxxxxxxxx profile="profile1-vpn private"
  189. add name=elettrodom.fabio password=xxxxxxxx profile=vpn-bridge
  190. /snmp
  191. set enabled=yes
  192. /system clock
  193. set time-zone-autodetect=no time-zone-name=Europe/Rome
  194. /system identity
  195. set name="Router CASA"
  196. /system ntp client
  197. set enabled=yes primary-ntp=193.204.114.105 secondary-ntp=193.204.114.105
  198. /system routerboard settings
  199. set silent-boot=yes
  200.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!