API tools faq
paste
Guest User

Untitled

a guest
Nov 30th, 2020
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.71 KB | None | 0 0
raw download clone embed print report
  1. # nov/23/2020 13:59:33 by RouterOS 6.44.6
  2. # software id = Y0YF-5FGH
  3. #
  4. # model = 2011UiAS
  5. # serial number = 4CA904B4A19C
  6. /interface bridge
  7. add fast-forward=no name=loopback
  8. /interface ethernet
  9. set [ find default-name=ether1 ] speed=100Mbps
  10. set [ find default-name=ether2 ] comment=RT speed=100Mbps
  11. set [ find default-name=ether3 ] comment=RT_SIP speed=100Mbps
  12. set [ find default-name=ether4 ] speed=100Mbps
  13. set [ find default-name=ether5 ] speed=100Mbps
  14. set [ find default-name=ether6 ] advertise=\
  15. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=LAN
  16. set [ find default-name=ether7 ] advertise=\
  17. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  18. set [ find default-name=ether8 ] advertise=\
  19. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  20. set [ find default-name=ether9 ] advertise=\
  21. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  22. set [ find default-name=ether10 ] advertise=\
  23. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  24. /interface pptp-client
  25. add connect-to=195.151.255.45 mrru=1600 name=vpn1 user=office_spaceport
  26. add connect-to=88.200.151.210 mrru=1600 name=vpn2 user=office_spaceport
  27. /interface vlan
  28. add disabled=yes interface=ether10 name=Vlan667 vlan-id=667
  29. /interface wireless security-profiles
  30. set [ find default=yes ] supplicant-identity=MikroTik
  31. /ip ipsec proposal
  32. set [ find default=yes ] enc-algorithms=3des
  33. /ip pool
  34. add name=pool1 ranges=192.168.84.100-192.168.84.140
  35. /ip dhcp-server
  36. add address-pool=pool1 authoritative=after-2sec-delay bootp-support=none \
  37. interface=ether6 lease-time=3d name=server1
  38. /ppp profile
  39. add name=profile1 use-encryption=required
  40. /interface ovpn-client
  41. add auth=md5 certificate=cert_export_office-remote.crt_0 cipher=aes192 \
  42. connect-to=********** mac-address=02:0C:E6:65:26:6C name=ovpn-mk-0 \
  43. profile=default-encryption user=office_84
  44. add auth=md5 certificate=cert_export_remote-office-85.crt_0 cipher=aes192 \
  45. connect-to=************** disabled=yes mac-address=02:0C:E6:65:26:6C name=\
  46. ovpn-mk-85 profile=default-encryption user=office_spaceport
  47. add auth=md5 certificate=cert_export_office-remote.crt_0 cipher=aes192 \
  48. connect-to=************** disabled=yes mac-address=02:0C:E6:65:26:6C \
  49. name=ovpn-mk97 profile=default-encryption user=office_spaceport
  50. /routing ospf area
  51. set [ find default=yes ] disabled=yes
  52. /routing ospf instance
  53. set [ find default=yes ] disabled=yes router-id=10.255.255.84
  54. /snmp community
  55. set [ find default=yes ] addresses=10.0.0.0/8
  56. /system logging action
  57. set 0 memory-lines=100
  58. set 1 disk-lines-per-file=100
  59.  
  60. /ip address
  61. add address=192.168.84.1/24 interface=ether6 network=192.168.84.0
  62. add address=1.1.1.198/30 interface=ether2 network=1.1.1.196
  63. add address=10.255.255.84 interface=loopback network=10.255.255.84
  64. add address=2.2.2.146/25 interface=ether3 network=2.2.2.128
  65. add address=10.84.9.1/24 interface=ether9 network=10.84.9.0
  66. add address=10.84.10.1/24 interface=ether10 network=10.84.10.0
  67.  
  68. /ip dhcp-server network
  69. add address=192.168.84.0/24 dns-server=10.20.0.3,10.40.0.130 gateway=\
  70. 192.168.84.1
  71. /ip dns
  72. set servers=8.8.8.8,8.8.4.4
  73. /ip firewall address-list
  74. add address=192.168.0.0/16 list=LAN
  75. add address=192.168.87.0/24 list=KB_87
  76. add address=172.0.0.0/8 list=LAN
  77. add address=10.10.10.0/24 list=LAN
  78. add address=10.20.0.0/16 list=LAN
  79. add address=10.84.0.0/16 list=LAN
  80.  
  81. /ip firewall filter
  82. add action=drop chain=input comment=BLACK_LIST src-address-list=BLACK_LIST
  83. add action=drop chain=output comment=BLACK_LIST src-address-list=BLACK_LIST
  84. add action=drop chain=forward comment=BLACK_LIST src-address-list=BLACK_LIST
  85. add action=add-src-to-address-list address-list=BAN_LIST \
  86. address-list-timeout=1d chain=input comment="Drop incoming DNS requests" \
  87. dst-port=53 protocol=udp src-address-list=!LAN
  88. add action=drop chain=input comment="DROP BAN LIST" src-address-list=BAN_LIST
  89. add action=accept chain=input comment=TRUST src-address-list=TRUST
  90. add action=accept chain=input comment=LAN src-address-list=LAN
  91. add action=accept chain=forward
  92. add action=accept chain=output
  93. add action=accept chain=input comment=Established connection-state=\
  94. established
  95. add action=accept chain=input comment=Established connection-state=related
  96. add action=drop chain=input comment=Established disabled=yes
  97.  
  98. /ip firewall nat
  99. add action=masquerade chain=srcnat comment=RT_SIP dst-address=95.84.225.100 \
  100. out-interface=ether3 src-address=192.168.84.245
  101. add action=dst-nat chain=dstnat comment=RT_SIP dst-address=37.204.176.146 \
  102. to-addresses=192.168.84.245
  103. add action=masquerade chain=srcnat comment="Work time 08:00 - 22:00" \
  104. dst-address-list=!LAN src-address-list=LAN time=\
  105. 8h-21h59m59s,sun,mon,tue,wed,thu,fri,sat
  106. add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=*E \
  107. protocol=tcp src-address=195.144.29.9 src-address-list=TRUST \
  108. to-addresses=192.168.87.10 to-ports=80
  109.  
  110. /ip firewall service-port
  111. set sip disabled=yes
  112. /ip ipsec policy
  113. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  114.  
  115. /ip route
  116. add distance=1 gateway=1.1.1.197
  117. add distance=1 dst-address=95.84.225.100/32 gateway=2.2.2.129
  118.  
  119. /ip service
  120. set telnet disabled=yes
  121. set ftp disabled=yes
  122. set www address=192.168.84.0/24
  123. set ssh disabled=yes
  124. set api address=**** disabled=yes
  125. set api-ssl disabled=yes
  126. /ip ssh
  127. set allow-none-crypto=yes forwarding-enabled=remote
  128. /lcd
  129. set default-screen=informative-slideshow read-only-mode=yes
  130. /routing ospf network
  131. add area=backbone disabled=yes network=172.31.1.1/32
  132. add area=backbone disabled=yes network=192.168.84.0/24
  133. add area=backbone disabled=yes network=172.31.0.1/32
  134. /routing rip interface
  135. add authentication=simple key-chain=kb receive=v2
  136. /routing rip keys
  137. add chain=kb from-date=jun/27/2017 key=*********** key-id=0 to-date=forever
  138. /routing rip neighbor
  139. add address=172.31.1.1
  140. /routing rip network
  141. add network=192.168.84.0/24
  142. add network=10.84.0.0/16
  143. /snmp
  144. set contact="CosmoRouter" enabled=yes
  145. /system clock
  146. set time-zone-autodetect=no time-zone-name=Europe/Moscow
  147. /system identity
  148. set name=KB_84
  149. /system logging
  150. add prefix=OVPN topics=ovpn
  151. /system ntp client
  152. set enabled=yes primary-ntp=78.140.251.2 secondary-ntp=195.3.254.2
  153. /system package update
  154. set channel=long-term
  155. /system scheduler
  156. add interval=1d name=schedule1 on-event=backup policy=\
  157. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  158. oct/01/2015 start-time=08:01:30
  159.  
  160. /tool netwatch
  161. add disabled=yes down-script="/interface pptp-client disable vpn1\r\
  162. \n/interface pptp-client enable vpn2\r\
  163. \n" host=195.151.255.45 interval=30s up-script="/interface pptp-client dis\
  164. able vpn2\r\
  165. \n/interface pptp-client enable vpn1\r\
  166. \n"
  167. /tool romon port
  168. add
  169.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!