Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTikRB951] > export
- # apr/20/2017 00:37:54 by RouterOS 6.38.5
- # software id =
- #
- /interface bridge
- add admin-mac=E4:8D:8C:xx:xx:xx auto-mac=no comment=defconf name=bridge
- add name=bridge-iptv-RT priority=0xFFFF protocol-mode=none
- /interface ethernet
- set [ find default-name=ether2 ] name=ether2-master
- set [ find default-name=ether3 ] master-port=ether2-master
- set [ find default-name=ether4 ] master-port=ether2-master
- /interface pppoe-client
- add add-default-route=yes disabled=no interface=bridge-iptv-RT max-mru=1480 \
- max-mtu=1480 mrru=1600 name=pppoe-rostelecom password=xxxxxxxxx user=\
- pppoe-xxxx
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
- country=russia2 disabled=no distance=indoors frequency=2447 mode=ap-bridge \
- ssid=AAA wireless-protocol=802.11
- /ip neighbor discovery
- set ether1 discover=no
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
- group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik \
- wpa-pre-shared-key=xxxxxxxxx wpa2-pre-shared-key=xxxxxxxxx
- /ip ipsec policy group
- add name=SecretGr
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc
- /ip pool
- add name=default-dhcp ranges=192.168.170.10-192.168.170.254
- add name=openvpn ranges=172.21.108.2-172.21.108.14
- add name=l2tp ranges=172.21.107.2-172.21.107.14
- /ip dhcp-server
- add address-pool=default-dhcp disabled=no interface=bridge name=defconf
- /ppp profile
- add change-tcp-mss=yes dns-server=77.88.8.1,77.88.8.8 local-address=\
- 172.21.108.1 name=openvpn_profile remote-address=openvpn
- add change-tcp-mss=yes local-address=172.21.107.1 name=l2tp_prifile \
- remote-address=l2tp
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2-master
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge-iptv-RT interface=ether5
- add bridge=bridge-iptv-RT interface=ether1
- /interface l2tp-server server
- set authentication=mschap2 default-profile=l2tp_prifile enabled=yes \
- ipsec-secret="xxxxxx" keepalive-timeout=15 max-mru=1300 max-mtu=1300
- /interface ovpn-server server
- set certificate=server.crt_0 cipher=blowfish128,aes128,aes192,aes256 \
- default-profile=openvpn_profile enabled=yes max-mtu=1400 \
- require-client-certificate=yes
- /ip address
- add address=192.168.170.1/24 comment=defconf interface=bridge network=\
- 192.168.170.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
- bridge-iptv-RT
- /ip dhcp-server lease
- add address=192.168.170.175 mac-address=50:B7:C3:xx:xx:xx
- /ip dhcp-server network
- add address=192.168.170.0/24 comment=defconf gateway=192.168.170.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=xxxxxx.dyndns.org list=myrouter
- add address=xxxxxxx.sn.mynetname.net list=mymikrotik
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input dst-port=1194 in-interface=bridge-iptv-RT \
- protocol=tcp
- add action=accept chain=input src-address-list=mymikrotik
- add action=accept chain=input src-address-list=myrouter
- add action=accept chain=input src-address=11.11.11.11
- add action=accept chain=input comment="defconf: accept establieshed,related" \
- connection-state=established,related
- add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
- bridge-iptv-RT
- add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
- pppoe-rostelecom
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related" \
- connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=bridge-iptv-RT
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=pppoe-rostelecom
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
- bridge-iptv-RT
- add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
- pppoe-rostelecom
- /ip ipsec peer
- add address=0.0.0.0/0 dpd-interval=15s dpd-maximum-failures=2 enc-algorithm=\
- aes-256 generate-policy=port-strict hash-algorithm=md5 nat-traversal=no \
- policy-template-group=SecretGr secret=xxxxxx send-initial-contact=no
- /ip ipsec policy
- set 0 group=SecretGr
- /ip route
- add distance=1 dst-address=192.168.180.0/24 gateway=172.21.107.15
- /ip service
- set www-ssl certificate=server.crt_0 disabled=no
- set api-ssl certificate=server.crt_0
- /ip upnp
- set enabled=yes
- /ip upnp interfaces
- add interface=pppoe-rostelecom type=external
- /ppp secret
- add name=openvpn password=xxxxxx profile=openvpn_profile service=ovpn
- add name=openvpnn password=xxxxxx profile=openvpn_profile service=ovpn
- add name=l2tp password="xxxxxx'" profile=l2tp_prifile remote-address=\
- 172.21.107.15 service=l2tp
- /system clock
- set time-zone-name=Asia/Vladivostok
- /system identity
- set name=MikroTikRB951
- /system leds
- set 5 interface=wlan1
- /system routerboard settings
- set init-delay=0s
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=bridge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement