API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 19th, 2017
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.68 KB | None | 0 0
raw download clone embed print report
  1. [admin@MikroTikRB951] > export
  2. # apr/20/2017 00:37:54 by RouterOS 6.38.5
  3. # software id =
  4. #
  5. /interface bridge
  6. add admin-mac=E4:8D:8C:xx:xx:xx auto-mac=no comment=defconf name=bridge
  7. add name=bridge-iptv-RT priority=0xFFFF protocol-mode=none
  8. /interface ethernet
  9. set [ find default-name=ether2 ] name=ether2-master
  10. set [ find default-name=ether3 ] master-port=ether2-master
  11. set [ find default-name=ether4 ] master-port=ether2-master
  12. /interface pppoe-client
  13. add add-default-route=yes disabled=no interface=bridge-iptv-RT max-mru=1480 \
  14. max-mtu=1480 mrru=1600 name=pppoe-rostelecom password=xxxxxxxxx user=\
  15. pppoe-xxxx
  16. /interface wireless
  17. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
  18. country=russia2 disabled=no distance=indoors frequency=2447 mode=ap-bridge \
  19. ssid=AAA wireless-protocol=802.11
  20. /ip neighbor discovery
  21. set ether1 discover=no
  22. /interface wireless security-profiles
  23. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
  24. group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik \
  25. wpa-pre-shared-key=xxxxxxxxx wpa2-pre-shared-key=xxxxxxxxx
  26. /ip ipsec policy group
  27. add name=SecretGr
  28. /ip ipsec proposal
  29. set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc
  30. /ip pool
  31. add name=default-dhcp ranges=192.168.170.10-192.168.170.254
  32. add name=openvpn ranges=172.21.108.2-172.21.108.14
  33. add name=l2tp ranges=172.21.107.2-172.21.107.14
  34. /ip dhcp-server
  35. add address-pool=default-dhcp disabled=no interface=bridge name=defconf
  36. /ppp profile
  37. add change-tcp-mss=yes dns-server=77.88.8.1,77.88.8.8 local-address=\
  38. 172.21.108.1 name=openvpn_profile remote-address=openvpn
  39. add change-tcp-mss=yes local-address=172.21.107.1 name=l2tp_prifile \
  40. remote-address=l2tp
  41. /interface bridge port
  42. add bridge=bridge comment=defconf interface=ether2-master
  43. add bridge=bridge comment=defconf interface=wlan1
  44. add bridge=bridge-iptv-RT interface=ether5
  45. add bridge=bridge-iptv-RT interface=ether1
  46. /interface l2tp-server server
  47. set authentication=mschap2 default-profile=l2tp_prifile enabled=yes \
  48. ipsec-secret="xxxxxx" keepalive-timeout=15 max-mru=1300 max-mtu=1300
  49. /interface ovpn-server server
  50. set certificate=server.crt_0 cipher=blowfish128,aes128,aes192,aes256 \
  51. default-profile=openvpn_profile enabled=yes max-mtu=1400 \
  52. require-client-certificate=yes
  53. /ip address
  54. add address=192.168.170.1/24 comment=defconf interface=bridge network=\
  55. 192.168.170.0
  56. /ip cloud
  57. set ddns-enabled=yes
  58. /ip dhcp-client
  59. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
  60. bridge-iptv-RT
  61. /ip dhcp-server lease
  62. add address=192.168.170.175 mac-address=50:B7:C3:xx:xx:xx
  63. /ip dhcp-server network
  64. add address=192.168.170.0/24 comment=defconf gateway=192.168.170.1
  65. /ip dns
  66. set allow-remote-requests=yes
  67. /ip dns static
  68. add address=192.168.88.1 name=router
  69. /ip firewall address-list
  70. add address=xxxxxx.dyndns.org list=myrouter
  71. add address=xxxxxxx.sn.mynetname.net list=mymikrotik
  72. /ip firewall filter
  73. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  74. add action=accept chain=input dst-port=1194 in-interface=bridge-iptv-RT \
  75. protocol=tcp
  76. add action=accept chain=input src-address-list=mymikrotik
  77. add action=accept chain=input src-address-list=myrouter
  78. add action=accept chain=input src-address=11.11.11.11
  79. add action=accept chain=input comment="defconf: accept establieshed,related" \
  80. connection-state=established,related
  81. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
  82. bridge-iptv-RT
  83. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
  84. pppoe-rostelecom
  85. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  86. connection-state=established,related
  87. add action=accept chain=forward comment="defconf: accept established,related" \
  88. connection-state=established,related
  89. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  90. invalid
  91. add action=drop chain=forward comment=\
  92. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  93. connection-state=new in-interface=bridge-iptv-RT
  94. add action=drop chain=forward comment=\
  95. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  96. connection-state=new in-interface=pppoe-rostelecom
  97. /ip firewall nat
  98. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
  99. bridge-iptv-RT
  100. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
  101. pppoe-rostelecom
  102. /ip ipsec peer
  103. add address=0.0.0.0/0 dpd-interval=15s dpd-maximum-failures=2 enc-algorithm=\
  104. aes-256 generate-policy=port-strict hash-algorithm=md5 nat-traversal=no \
  105. policy-template-group=SecretGr secret=xxxxxx send-initial-contact=no
  106. /ip ipsec policy
  107. set 0 group=SecretGr
  108. /ip route
  109. add distance=1 dst-address=192.168.180.0/24 gateway=172.21.107.15
  110. /ip service
  111. set www-ssl certificate=server.crt_0 disabled=no
  112. set api-ssl certificate=server.crt_0
  113. /ip upnp
  114. set enabled=yes
  115. /ip upnp interfaces
  116. add interface=pppoe-rostelecom type=external
  117. /ppp secret
  118. add name=openvpn password=xxxxxx profile=openvpn_profile service=ovpn
  119. add name=openvpnn password=xxxxxx profile=openvpn_profile service=ovpn
  120. add name=l2tp password="xxxxxx'" profile=l2tp_prifile remote-address=\
  121. 172.21.107.15 service=l2tp
  122. /system clock
  123. set time-zone-name=Asia/Vladivostok
  124. /system identity
  125. set name=MikroTikRB951
  126. /system leds
  127. set 5 interface=wlan1
  128. /system routerboard settings
  129. set init-delay=0s
  130. /tool mac-server
  131. set [ find default=yes ] disabled=yes
  132. add interface=bridge
  133. /tool mac-server mac-winbox
  134. set [ find default=yes ] disabled=yes
  135. add interface=bridge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!