Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/03/2017 10:23:41 by RouterOS 6.32.2
- # software id = 2HJJ-HQ9U
- #
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-TTK-inet
- set [ find default-name=ether2 ] name=ether2-TVT-inet
- set [ find default-name=ether3 ] name=ether3-SE-local
- set [ find default-name=ether4 ] name=ether4-LAN
- set [ find default-name=sfp1 ] name=sfp1-TPK1
- /interface pppoe-client
- add add-default-route=yes default-route-distance=2 disabled=no interface=\
- ether2-TVT-inet max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out-TVT \
- password=****** user=2002832/3
- /interface l2tp-server
- add comment=VPN_Svobodny name=L2TP_Svobodny user=Svobodny
- /interface ipip
- add comment="\D1\E2\FF\E7\FC \DD\ED\E5\F0\E3\EE" !keepalive local-address=\
- 10.10.10.3 name=ipip-SE-4505 remote-address=10.10.10.1
- add !keepalive local-address=10.10.10.3 name=ipip-SE-KipM remote-address=\
- 10.10.10.2
- add comment=SFP !keepalive local-address=10.10.10.10 name=ipip-SFP-TPK1 \
- remote-address=10.10.10.9
- add comment=tattelecom !keepalive local-address=172.22.33.162 name=\
- ipip-TTK-4505 remote-address=172.22.33.178
- add !keepalive local-address=172.22.33.162 name=ipip-TTK-TPK1 remote-address=\
- 172.22.33.170
- add comment=TVT !keepalive local-address=83.151.14.163 name=ipip-TVT-4505 \
- remote-address=83.151.14.101
- add !keepalive local-address=83.151.14.163 name=ipip-TVT-TPK remote-address=\
- 83.151.14.168
- /ip neighbor discovery
- set L2TP_Svobodny comment=VPN_Svobodny
- set ipip-SE-4505 comment="\D1\E2\FF\E7\FC \DD\ED\E5\F0\E3\EE"
- set ipip-SFP-TPK1 comment=SFP
- set ipip-TTK-4505 comment=tattelecom
- set ipip-TVT-4505 comment=TVT
- /ip dhcp-server option
- add code=252 name=wpad_url value="'http://sm1.riat.ru/wpad.dat\
- \n'"
- /ip pool
- add name=pool1_dhcp ranges=10.104.2.0-10.104.3.254
- /ip dhcp-server
- add add-arp=yes address-pool=pool1_dhcp always-broadcast=yes authoritative=\
- yes disabled=no interface=ether4-LAN lease-time=1d10m name=DHCP
- /ppp profile
- add change-tcp-mss=yes name=TDRZ use-compression=yes use-encryption=yes
- /queue simple
- add disabled=yes max-limit=40M/40M name=svideo target=10.100.8.10/32
- /interface l2tp-server server
- set default-profile=TDRZ enabled=yes
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=10.104.0.1/22 interface=ether4-LAN network=10.104.0.0
- add address=172.22.33.162/27 interface=ether1-TTK-inet network=172.22.33.160
- add address=10.10.10.10/30 interface=sfp1-TPK1 network=10.10.10.8
- add address=10.10.10.3/29 interface=ether3-SE-local network=10.10.10.0
- /ip dhcp-server lease
- add address=10.104.3.21 client-id=1:0:b:82:5b:66:e8 mac-address=\
- 00:0B:82:5B:66:E8 server=DHCP
- add address=10.104.3.8 client-id=1:0:17:c8:e:22:7d mac-address=\
- 00:17:C8:0E:22:7D server=DHCP
- add address=10.104.2.215 client-id=1:0:12:12:3c:9f:f mac-address=\
- 00:12:12:3C:9F:0F server=DHCP
- add address=10.104.2.202 client-id=1:c4:2f:90:63:f:e4 mac-address=\
- C4:2F:90:63:0F:E4 server=DHCP
- add address=10.104.2.192 client-id=1:c4:2f:90:63:f:cc mac-address=\
- C4:2F:90:63:0F:CC server=DHCP
- add address=10.104.2.190 client-id=1:c4:2f:90:63:21:45 mac-address=\
- C4:2F:90:63:21:45 server=DHCP
- add address=10.104.2.167 client-id=1:c4:2f:90:3d:87:d6 mac-address=\
- C4:2F:90:3D:87:D6 server=DHCP
- add address=10.104.0.208 client-id=1:0:25:ab:39:9b:6c mac-address=\
- 00:25:AB:39:9B:6C server=DHCP
- add address=10.104.0.190 always-broadcast=yes client-id=1:0:23:68:f4:bf:56 \
- mac-address=00:23:68:F4:BF:56 server=DHCP
- add address=10.104.0.172 client-id=1:0:0:21:4:41:8d mac-address=\
- 00:00:21:04:41:8D server=DHCP
- add address=10.104.0.126 mac-address=00:25:0B:00:5D:A7 server=DHCP
- add address=10.104.0.125 mac-address=00:25:0B:00:8A:B1 server=DHCP
- add address=10.104.0.79 mac-address=00:C0:EE:DC:30:7D server=DHCP
- add address=10.104.2.30 always-broadcast=yes client-id=1:bc:ae:c5:da:7:a6 \
- mac-address=BC:AE:C5:DA:07:A6 server=DHCP
- add address=10.104.3.58 comment="\D1\F7\E8\F2\FB\E2\E0\F2\E5\EB\FC \C0\C1\CA" \
- mac-address=00:25:0B:01:2F:2E server=DHCP
- /ip dhcp-server network
- add address=10.104.0.0/22 dns-server=10.104.0.4,10.100.1.4 gateway=10.104.0.1 \
- ntp-server=10.100.1.4 wins-server=10.104.0.4,10.100.1.4
- /ip dns
- set servers=10.100.1.4,10.100.8.3
- /ip firewall address-list
- add address=10.104.2.30 comment="\C8\EB\FC\FE\F8\E5\ED\EA\EE\E2" list=\
- direct-inet
- add address=10.104.0.80 comment=SZR list=direct-inet
- add address=10.104.0.208 comment=Lobov list=direct-inet
- add address=10.104.0.252 comment=Rivali-cafe-WIFI list=direct-inet
- add address=10.104.0.253 comment=CPA-WIFI list=direct-inet
- add address=10.104.0.4 comment=SDC2 list=direct-inet
- add address=85.26.232.22 list=blacklist
- add address=10.104.2.23 comment="\E2\F0\E5\EC\E5\ED\ED\FB\E9" disabled=yes \
- list=direct-inet
- add address=10.104.0.112 comment=KASSA-bufet list=direct-inet
- add address=10.104.0.113 comment=KASSA-TD-RZCH list=direct-inet
- /ip firewall filter
- add action=drop chain=forward comment="Black list - \F1\EF\E8\F1\EE\EA IP \EA\
- \EE\F2\EE\F0\FB\E9 \ED\E5\EE\E1\F5\EE\E4\E8\EC\EE \E1\EB\EE\EA\E8\F0\EE\E2\
- \E0\F2\FC" connection-state=new src-address-list=blacklist
- add action=drop chain=forward comment="drop invalid" connection-state=invalid
- add action=drop chain=input connection-state=invalid
- add chain=forward comment="Accept established,related" connection-state=\
- established,related
- add chain=input connection-state=established,related
- add chain=input comment="SSH router" dst-port=22 protocol=tcp
- add chain=forward comment="SSH All" dst-port=22 protocol=tcp
- add chain=forward comment="Accept telnet" dst-port=23 protocol=tcp
- add chain=forward comment="Accept SMB" dst-port=139 protocol=udp
- add chain=forward dst-port=139 protocol=tcp
- add chain=input comment="Winbox Router" connection-state=related dst-port=\
- 8291 protocol=tcp
- add chain=forward comment="Winbox All Routers" dst-port=8291 protocol=tcp
- add action=log chain=forward comment="\CF\F0\E0\E2\E8\EB\E0 \E2\FB\F8\E5 \ED\
- \E5 \F2\F0\EE\E3\E0\F2\FC - \E4\EE\F1\F2\F3\EF \EA \E0\E4\EC\E8\ED\EA\E5" \
- disabled=yes
- add chain=forward comment="Accept tunnel" in-interface=ipip-SE-4505
- add chain=forward in-interface=ipip-SE-KipM
- add chain=forward in-interface=ipip-SFP-TPK1 log-prefix=SFP
- add chain=input comment="Accept L2TP" dst-port=1701 protocol=udp
- add chain=forward comment="Accept VIDEO" dst-port=8080 protocol=tcp
- add chain=forward dst-port=8000 protocol=tcp
- add chain=forward dst-port=4433 protocol=tcp
- add chain=forward dst-port=3084 protocol=tcp
- add chain=forward dst-port=3084 protocol=udp
- add chain=forward dst-port=3081 protocol=tcp
- add chain=forward dst-port=3081 protocol=udp
- add chain=forward dst-port=3080 protocol=tcp
- add chain=forward dst-port=5432 protocol=tcp
- add chain=forward dst-port=554 protocol=tcp
- add chain=forward dst-port=554 protocol=udp
- add chain=forward dst-port=555 protocol=tcp
- add chain=forward comment="Accept RDP" dst-port=3389 protocol=tcp
- add chain=forward comment="Accept 1c key hasp" dst-port=475 protocol=tcp
- add chain=forward dst-port=475 protocol=udp
- add chain=forward comment="Accept PROXY http" dst-port=4480 protocol=tcp
- add chain=forward dst-port=80 protocol=tcp
- add chain=forward dst-port=443 protocol=tcp
- add chain=forward comment=SELMA dst-port=8087-8091 protocol=tcp
- add chain=forward comment="Accept Zabbix agent" dst-port=10051 protocol=tcp
- add chain=forward dst-port=10050 protocol=tcp
- add action=drop chain=forward comment=FS-8525 dst-address=10.100.1.46 \
- dst-port=10500 protocol=tcp
- add chain=forward comment="Accept CapsMan" dst-port=161 protocol=udp
- add chain=input comment="Accept PPTP" dst-port=1723 protocol=tcp
- add chain=forward dst-port=1723 protocol=tcp
- add chain=forward comment="HP print services" dst-port=9100 protocol=tcp
- add chain=forward comment="Accept ping" protocol=icmp
- add chain=forward comment="Accept FTP" dst-port=21 protocol=tcp
- add chain=input protocol=icmp
- add chain=forward comment="Accept Asterisk" dst-port=10000-20000 protocol=udp
- add chain=forward dst-port=5004-5020 protocol=udp
- add chain=forward dst-port=5060-5064 protocol=udp
- add chain=forward comment="Accept DNS" dst-port=53 protocol=udp
- add chain=forward dst-port=137 protocol=udp
- add chain=forward dst-port=445 protocol=tcp
- add chain=forward dst-port=135-139 protocol=tcp
- add chain=forward dst-port=135-139 protocol=udp
- add chain=forward comment="Accept NTP" dst-port=123 protocol=udp
- add chain=forward comment="Accept LDAP" dst-port=389 protocol=udp
- add chain=forward dst-port=389 protocol=tcp
- add chain=forward dst-port=3268 protocol=udp
- add chain=input comment="Accept LAN" in-interface=ether4-LAN src-address=\
- 10.104.0.0/22
- add chain=forward in-interface=ether4-LAN src-address=10.104.0.0/22
- add chain=forward comment="Accept mail" dst-port=25 protocol=tcp
- add chain=forward dst-port=143 protocol=tcp
- add chain=forward dst-port=110 protocol=tcp
- add chain=forward dst-port=3000 protocol=tcp
- add chain=forward comment="Accept miranda" dst-port=5222 protocol=tcp
- add chain=forward comment="Accept tunnel" in-interface=ipip-TTK-4505
- add chain=forward in-interface=ipip-TTK-TPK1
- add chain=forward in-interface=ipip-TVT-4505
- add chain=forward in-interface=ipip-TVT-TPK
- add action=drop chain=forward log=yes log-prefix="\$\$\$\$\$\$"
- /ip firewall mangle
- add action=change-mss chain=forward in-interface=all-ppp new-mss=1440 \
- protocol=tcp tcp-flags=syn tcp-mss=1441-65535
- add action=change-mss chain=forward new-mss=1440 out-interface=all-ppp \
- protocol=tcp tcp-flags=syn tcp-mss=1441-65535
- add action=mark-packet chain=postrouting dst-port=4480 new-packet-mark=\
- proxy_pac out-interface=ipip-SE-4505 protocol=tcp
- add action=mark-packet chain=postrouting dst-address=10.100.0.100 \
- new-packet-mark=asterisk_pac out-interface=ipip-SE-4505
- add action=mark-routing chain=prerouting dst-address=8.8.8.8 \
- new-routing-mark=test
- add action=mark-connection chain=input disabled=yes dst-address=83.151.14.163 \
- in-interface=pppoe-out-TVT new-connection-mark=TVT
- add action=mark-routing chain=output connection-mark=TVT disabled=yes \
- new-routing-mark=TVT-r
- /ip firewall nat
- add action=netmap chain=dstnat comment="SZR rdp" dst-port=7898 in-interface=\
- pppoe-out-TVT protocol=tcp to-addresses=10.104.0.80 to-ports=3389
- add action=masquerade chain=srcnat comment=SIP-dorhan-smirnov dst-address=\
- 91.209.94.230 out-interface=pppoe-out-TVT src-address=10.104.2.60
- add action=masquerade chain=srcnat comment=\
- "\CF\F0\FF\EC\EE\E9 \E8\ED\F2\E5\F0\ED\E5\F2 \EF\EE address-list" \
- out-interface=pppoe-out-TVT src-address-list=direct-inet
- add action=masquerade chain=srcnat comment="\D1\E2\EE\E1\EE\E4\ED\FB\E9" \
- out-interface=L2TP_Svobodny
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- /ip route
- add check-gateway=ping distance=1 dst-address=10.100.0.0/22 gateway=\
- ipip-SE-4505
- add check-gateway=ping comment=45/05 distance=20 dst-address=10.100.0.0/22 \
- gateway=ipip-TTK-4505
- add check-gateway=ping distance=30 dst-address=10.100.0.0/22 gateway=\
- ipip-TVT-4505
- add check-gateway=ping comment=TPK1 distance=1 dst-address=10.100.8.0/22 \
- gateway=ipip-SFP-TPK1
- add check-gateway=ping comment=TPK1 distance=20 dst-address=10.100.8.0/22 \
- gateway=ipip-TVT-TPK
- add check-gateway=ping comment=TPK1 distance=30 dst-address=10.100.8.0/22 \
- gateway=ipip-SE-4505
- add check-gateway=ping comment=TPK1 distance=40 dst-address=10.100.8.0/22 \
- gateway=ipip-TVT-4505
- add check-gateway=ping comment=TPK1 distance=50 dst-address=10.100.8.0/22 \
- gateway=ipip-TTK-4505
- add comment=KipMaster distance=1 dst-address=10.100.12.0/24 gateway=\
- ipip-SE-KipM
- add check-gateway=ping comment=KipMaster distance=20 dst-address=\
- 10.100.12.0/24 gateway=ipip-SE-4505
- add check-gateway=ping comment=KipMaster distance=30 dst-address=\
- 10.100.12.0/24 gateway=ipip-TVT-4505
- add check-gateway=ping comment=KipMaster distance=40 dst-address=\
- 10.100.12.0/24 gateway=ipip-TTK-4505
- add distance=1 dst-address=10.100.13.64/26 gateway=ipip-SE-4505
- add distance=1 dst-address=10.100.13.128/26 gateway=ipip-SE-KipM
- add distance=1 dst-address=10.100.13.192/26 gateway=ipip-SFP-TPK1
- add comment="\C0\C2\C7" distance=1 dst-address=10.101.4.0/24 gateway=\
- ipip-SFP-TPK1
- add distance=1 dst-address=172.31.0.0/16 gateway=ipip-TTK-4505
- add comment=KAZAN distance=1 dst-address=192.168.80.0/24 gateway=ipip-SE-4505
- add distance=1 dst-address=192.168.80.0/24 gateway=ipip-TVT-4505
- add comment="\D3\F4\E0" distance=1 dst-address=192.168.81.0/24 gateway=\
- ipip-SE-4505
- add distance=2 dst-address=192.168.81.0/24 gateway=ipip-TVT-4505
- add comment="\CD\E8\E6\ED\E5\E2\E0\F0\F2\EE\E2\F1\EA" distance=1 dst-address=\
- 192.168.82.0/24 gateway=ipip-SE-4505
- add comment=Svobodny distance=1 dst-address=192.168.83.0/24 gateway=\
- 10.50.0.11 pref-src=10.50.0.10
- add comment=Guest distance=1 dst-address=192.168.100.0/24 gateway=\
- ipip-SE-4505
- add distance=1 dst-address=192.168.100.0/24 gateway=ipip-TVT-4505
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- /lcd
- set time-interval=hour
- /ppp secret
- add local-address=10.50.0.10 name=Svobodny password=****** profile=TDRZ \
- remote-address=10.50.0.11 service=l2tp
- add local-address=10.50.0.10 name=NV password=****** profile=TDRZ \
- remote-address=10.50.0.11 service=l2tp
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Moscow
- /system identity
- set name=MikroTik_TPK4
- /system ntp client
- set enabled=yes primary-ntp=10.104.0.4 secondary-ntp=10.100.1.4
- /system routerboard settings
- set protected-routerboot=disabled
- /tool sniffer
- set only-headers=yes
- /tool traffic-generator packet-template
- add data=random name=packet-template1
- /tool traffic-generator stream
- add name=str1 packet-size=1500 tx-template=packet-template1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement