API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 27th, 2016
339
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.94 KB | None | 0 0
raw download clone embed print report
  1. [admin@MikroTik] > /export hide-sensitive compact
  2. # feb/27/2016 23:48:22 by RouterOS 6.34.1
  3. # software id = 64RV-JMEM
  4. #
  5. /interface bridge
  6. add admin-mac=00:0C:42:FD:2F:92 auto-mac=no name=bridge-local
  7. /interface ethernet
  8. set [ find default-name=ether1 ] name=eth1-gateway
  9. set [ find default-name=ether2 ] name=eth2-master
  10. set [ find default-name=ether3 ] master-port=eth2-master name=eth3-slave
  11. set [ find default-name=ether4 ] master-port=eth2-master name=eth4-slave
  12. set [ find default-name=ether5 ] master-port=eth2-master name=eth5-slave
  13. set [ find default-name=ether6 ] name=eth6-master rx-flow-control=auto tx-flow-control=auto
  14. set [ find default-name=ether7 ] master-port=eth6-master name=eth7-slave
  15. set [ find default-name=ether8 ] master-port=eth6-master name=eth8-slave
  16. set [ find default-name=ether9 ] master-port=eth6-master name=eth9-slave
  17. set [ find default-name=ether10 ] master-port=eth6-master name=eth10-slave
  18. /interface wireless
  19. set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" default-authentication=no disabled=no distance=indoors frequency=2462 mode=ap-bridge ssid="Hidden network" wireless-protocol=802.11
  20. /ip neighbor discovery
  21. set eth1-gateway discover=no
  22. set eth2-master discover=no
  23. set eth3-slave discover=no
  24. set eth4-slave discover=no
  25. set eth5-slave discover=no
  26. set eth6-master discover=no
  27. set eth7-slave discover=no
  28. set eth8-slave discover=no
  29. set eth9-slave discover=no
  30. set eth10-slave discover=no
  31. set sfp1 discover=no
  32. set wlan1 discover=no
  33. set bridge-local discover=no
  34. /interface wireless nstreme
  35. set wlan1 enable-polling=no
  36. /interface wireless security-profiles
  37. set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys radius-mac-authentication=yes
  38. /ip pool
  39. add name=dhcp ranges=192.168.88.10-192.168.88.254
  40. /ip dhcp-server
  41. add add-arp=yes address-pool=dhcp disabled=no interface=bridge-local name=default
  42. /system logging action
  43. set 0 memory-lines=100
  44. /tool traffic-generator port
  45. add interface=eth2-master name=port1
  46. add interface=eth3-slave name=port2
  47. /user group
  48. add name=ftp policy=ftp,!local,!telnet,!ssh,!reboot,!read,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api
  49. /interface bridge port
  50. add bridge=bridge-local interface=eth2-master
  51. add bridge=bridge-local interface=sfp1
  52. add bridge=bridge-local interface=wlan1
  53. /interface wireless access-list
  54. add comment=Mobile-J mac-address=B0:45:19:2E:3A:3B vlan-mode=no-tag
  55. add comment="Desktop Wireless" disabled=yes interface=wlan1 mac-address=88:9F:FA:4C:88:34 vlan-mode=no-tag
  56. /ip address
  57. add address=192.168.88.1/24 comment="default configuration" interface=eth2-master network=192.168.88.0
  58. /ip arp
  59. add address=192.168.88.254 comment=Desktop interface=bridge-local mac-address=84:2B:2B:98:B7:D7
  60. add address=192.168.88.252 comment=Mobile-J interface=bridge-local mac-address=B0:45:19:2E:3A:3B
  61. add address=192.168.88.253 comment=HTPC interface=bridge-local mac-address=C8:60:00:C9:A7:5A
  62. add address=192.168.88.249 comment="Desktop Wireless" interface=bridge-local mac-address=88:9F:FA:4C:88:34
  63. /ip dhcp-client
  64. add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=eth1-gateway
  65. /ip dhcp-server lease
  66. add address=192.168.88.254 client-id=1:84:2b:2b:98:b7:d7 comment=Desktop mac-address=84:2B:2B:98:B7:D7 server=default
  67. add address=192.168.88.253 comment=HTPC mac-address=C8:60:00:C9:A7:5A server=default
  68. add address=192.168.88.252 comment=Mobile-J mac-address=B0:45:19:2E:3A:3B server=default
  69. add address=192.168.88.249 client-id=1:88:9f:fa:4c:88:34 comment="Desktop Wireless" mac-address=88:9F:FA:4C:88:34 server=default
  70. /ip dhcp-server network
  71. add address=192.168.88.0/24 comment="default configuration" gateway=192.168.88.1 netmask=24
  72. /ip dns static
  73. add address=192.168.88.1 name=router
  74. /ip firewall address-list
  75. add address=192.168.88.0/24 list=admin-access
  76. /ip firewall filter
  77. add chain=forward comment=QBittorrent dst-port=45175 in-interface=eth1-gateway protocol=tcp
  78. add chain=forward dst-port=45175 in-interface=eth1-gateway protocol=udp
  79. add chain=forward dst-port=59853 in-interface=eth1-gateway protocol=tcp
  80. add action=fasttrack-connection chain=forward comment="Start of rules given here http://bit.ly/1jkLMqU" connection-state=established,related
  81. add action=fasttrack-connection chain=input connection-state=established,related
  82. add action=jump chain=forward jump-target=sanity-check
  83. add action=jump chain=input jump-target=sanity-check
  84. add action=jump chain=sanity-check connection-state=invalid jump-target=drop
  85. add chain=sanity-check connection-state=established,related
  86. add chain=input comment="Rules to block FTP, SSH, etc. externally. Found in this forum post http://bit.ly/1MSC1bQ" src-address-list=admin-access
  87. add action=drop chain=input dst-port=21,22,23,53,80,443,8080,8291 protocol=tcp
  88. add action=jump chain=input comment="Drop external traffic inboud to the router" in-interface=eth1-gateway jump-target=drop
  89. add chain=input in-interface=bridge-local
  90. add chain=forward connection-nat-state=dstnat
  91. add chain=forward in-interface=bridge-local
  92. add action=jump chain=input jump-target=drop
  93. add action=jump chain=forward jump-target=drop
  94. add action=drop chain=drop comment="Enable when you need to see log of dropped traffic" disabled=yes log=yes log-prefix=drop-log
  95. add chain=forward comment="Emby Server HTTP & HTTPS" disabled=yes dst-port=8096 in-interface=eth1-gateway protocol=tcp
  96. add chain=forward disabled=yes dst-port=8920 in-interface=eth1-gateway protocol=tcp
  97. /ip firewall nat
  98. add action=masquerade chain=srcnat comment="Default SRCNAT for outbound on ETH1" out-interface=eth1-gateway
  99. add action=dst-nat chain=dstnat comment="Torrent TCP & UDP" dst-port=45175 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=45175
  100. add action=dst-nat chain=dstnat dst-port=45175 in-interface=eth1-gateway protocol=udp to-addresses=192.168.88.254 to-ports=45175
  101. add action=dst-nat chain=dstnat comment="Torrent WebUI Port Forward" dst-port=59853 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=59853
  102. add action=dst-nat chain=dstnat comment="Emby Port HTTP & HTTPS" disabled=yes dst-port=8096 in-interface=eth1-gateway log=yes protocol=tcp to-addresses=192.168.88.254 to-ports=8096
  103. add action=dst-nat chain=dstnat disabled=yes dst-port=8920 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=8920
  104. /ip service
  105. set telnet disabled=yes
  106. set ftp address=192.168.88.0/24
  107. set www disabled=yes
  108. set ssh address=192.168.88.0/24
  109. set api disabled=yes
  110. set winbox address=192.168.88.0/24
  111. set api-ssl disabled=yes
  112. /ip upnp interfaces
  113. add interface=bridge-local type=internal
  114. add interface=eth1-gateway type=external
  115. /lcd
  116. set enabled=no
  117. /lcd interface pages
  118. set 0 interfaces=sfp1,eth1-gateway,eth2-master,eth3-slave,eth4-slave,eth5-slave,eth6-master,eth7-slave,eth8-slave,eth9-slave,eth10-slave
  119. /system clock
  120. set time-zone-name=America/Detroit
  121. /system scheduler
  122. add comment="Automated daily backup" interval=1d name="daily backup" on-event="system backup save name=current-working.backup" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  123. jan/01/1970 start-time=00:00:00
  124. /tool bandwidth-server
  125. set enabled=no
  126. /tool mac-server
  127. set [ find default=yes ] disabled=yes
  128. add interface=eth2-master
  129. add interface=eth3-slave
  130. add interface=eth4-slave
  131. add interface=eth5-slave
  132. add interface=eth6-master
  133. add interface=eth7-slave
  134. add interface=eth8-slave
  135. add interface=eth9-slave
  136. add interface=eth10-slave
  137. add interface=sfp1
  138. add interface=wlan1
  139. add interface=bridge-local
  140. /tool mac-server mac-winbox
  141. set [ find default=yes ] disabled=yes
  142. add interface=eth2-master
  143. add interface=eth3-slave
  144. add interface=eth4-slave
  145. add interface=eth5-slave
  146. add interface=eth6-master
  147. add interface=eth7-slave
  148. add interface=eth8-slave
  149. add interface=eth9-slave
  150. add interface=eth10-slave
  151. add interface=sfp1
  152. add interface=wlan1
  153. add interface=bridge-local
  154. /tool romon port
  155. add
  156. /tool sniffer
  157. set filter-interface=all
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!