Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jun/26/2017 13:17:36 by RouterOS 6.30.4
- # software id = HBRI-IJDB
- #
- /interface bridge
- add name="GuestAP Bridge"
- add admin-mac=E4:8D:8C:59:E6:D8 auto-mac=no name=bridge-local
- /interface ethernet
- set [ find default-name=ether1 ] comment="DHCP from Charter Reset ever 5 min." \
- name="ether1-gateway Charter WAN"
- set [ find default-name=ether2 ] name=ether2-master-local
- set [ find default-name=ether3 ] comment="DHCP from Trash every 5 min." name=\
- "ether3- DSL WAN"
- set [ find default-name=ether4 ] master-port=ether2-master-local name=\
- ether4-slave-local
- set [ find default-name=ether5 ] master-port=ether2-master-local name=\
- ether5-slave-local
- set [ find default-name=ether6 ] master-port=ether2-master-local name=\
- ether6-slave-local
- set [ find default-name=ether7 ] master-port=ether2-master-local name=\
- ether7-slave-local
- set [ find default-name=ether8 ] master-port=ether2-master-local name=\
- ether8-slave-local
- set [ find default-name=ether9 ] master-port=ether2-master-local name=\
- ether9-slave-local
- set [ find default-name=ether10 ] master-port=ether2-master-local name=\
- ether10-slave-local
- set [ find default-name=ether11 ] master-port=ether2-master-local name=\
- ether11-slave-local
- set [ find default-name=ether12 ] master-port=ether2-master-local name=\
- ether12-slave-local
- set [ find default-name=ether13 ] master-port=ether2-master-local name=\
- ether13-slave-local
- set [ find default-name=ether14 ] master-port=ether2-master-local name=\
- ether14-slave-local
- set [ find default-name=ether15 ] master-port=ether2-master-local name=\
- ether15-slave-local
- set [ find default-name=ether16 ] master-port=ether2-master-local name=\
- ether16-slave-local
- set [ find default-name=ether17 ] master-port=ether2-master-local name=\
- ether17-slave-local
- set [ find default-name=ether18 ] master-port=ether2-master-local name=\
- ether18-slave-local
- set [ find default-name=ether19 ] master-port=ether2-master-local name=\
- ether19-slave-local
- set [ find default-name=ether20 ] master-port=ether2-master-local name=\
- ether20-slave-local
- set [ find default-name=ether21 ] master-port=ether2-master-local name=\
- ether21-slave-local
- set [ find default-name=ether22 ] master-port=ether2-master-local name=\
- ether22-slave-local
- set [ find default-name=ether23 ] master-port=ether2-master-local name=\
- ether23-slave-local
- set [ find default-name=ether24 ] master-port=ether2-master-local name=\
- ether24-slave-local
- set [ find default-name=sfp1 ] master-port=ether2-master-local name=\
- sfp1-slave-local
- /interface pppoe-client
- add comment="PPPoE Account for Frontier (Broken when Modem set to Bridge Mode)" \
- interface="ether3- DSL WAN" keepalive-timeout=disabled max-mru=1480 \
- max-mtu=1492 mrru=1600 name="Frontier PPPoE" password="Willamina123!\?" \
- user=willyt@connect.frontier.com
- /ip neighbor discovery
- set "ether1-gateway Charter WAN" comment="DHCP from Charter Reset ever 5 min." \
- discover=no
- set "ether3- DSL WAN" comment="DHCP from Trash every 5 min."
- set "Frontier PPPoE" comment=\
- "PPPoE Account for Frontier (Broken when Modem set to Bridge Mode)"
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
- mode=dynamic-keys name=ProDog supplicant-identity="" wpa2-pre-shared-key=\
- Diggity123
- add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
- GuestDog supplicant-identity="" wpa-pre-shared-key=TomsGuest \
- wpa2-pre-shared-key=Guest123
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
- comment="Main WiFi Limited to 10M" default-ap-tx-limit=15000000 \
- default-client-tx-limit=10000000 disabled=no distance=indoors frequency=\
- auto l2mtu=1600 mode=ap-bridge security-profile=ProDog ssid=TomsAuto
- /interface wireless manual-tx-power-table
- set wlan1 comment="Main WiFi Limited to 10M"
- /interface wireless nstreme
- set wlan1 comment="Main WiFi Limited to 10M"
- /ip neighbor discovery
- set wlan1 comment="Main WiFi Limited to 10M"
- /interface wireless
- add comment="Limited to 5M" default-ap-tx-limit=5000000 \
- default-client-tx-limit=5000000 disabled=no l2mtu=1600 mac-address=\
- E6:8D:8C:59:E6:F0 master-interface=wlan1 name=GuestAP security-profile=\
- GuestDog ssid=TomsGuest wds-cost-range=0 wds-default-bridge=\
- "GuestAP Bridge" wds-default-cost=0
- /interface wireless manual-tx-power-table
- set GuestAP comment="Limited to 5M"
- /interface wireless nstreme
- set *1C comment="Limited to 5M"
- /ip neighbor discovery
- set GuestAP comment="Limited to 5M"
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=\
- 3des,aes-128-cbc,aes-192-cbc,aes-256-cbc
- /ip pool
- add name="Main /16" ranges=10.10.0.10-10.10.255.254
- add name="Guest /24" ranges=10.2.0.2-10.2.0.254
- add name="VPN /24" ranges=10.11.0.2-10.11.0.255
- /ip dhcp-server
- add address-pool="Main /16" disabled=no interface=bridge-local name=\
- "Main Network"
- add address-pool="Guest /24" disabled=no interface="GuestAP Bridge" name=\
- "Guest DHCP"
- /ppp profile
- add change-tcp-mss=yes local-address="VPN /24" name=pptp-profile \
- remote-address="VPN /24"
- add change-tcp-mss=yes local-address="VPN /24" name=l2tp remote-address=\
- "VPN /24"
- set *FFFFFFFE local-address="VPN /24" remote-address="VPN /24"
- /interface bridge port
- add bridge=bridge-local interface=ether2-master-local
- add bridge=bridge-local interface=wlan1
- add bridge="GuestAP Bridge" interface=GuestAP
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=pptp-profile enabled=yes \
- ipsec-secret=techy3210 max-mru=1460 max-mtu=1460 use-ipsec=yes
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=10.10.0.1/16 comment="Main Network Charter Connection Port 1" \
- interface=bridge-local network=10.10.0.0
- add address=10.2.0.1/24 comment="Guest AP" interface="GuestAP Bridge" network=\
- 10.2.0.0
- add address=10.10.0.2/16 comment="Fronteir Port 3 Connection" interface=\
- "ether3- DSL WAN" network=10.10.0.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add comment="Main Connection to Charter" dhcp-options=hostname,clientid \
- disabled=no interface="ether1-gateway Charter WAN"
- add comment="Backup Connection to Trash" default-route-distance=2 dhcp-options=\
- hostname,clientid disabled=no interface="ether3- DSL WAN"
- /ip dhcp-server network
- add address=10.2.0.0/24 comment="Guest Network" dns-server=\
- 71.10.216.1,8.8.8.8,8.8.4.4,71.10.216.2 gateway=10.2.0.1 netmask=24
- add address=10.10.0.0/16 comment="Main Network DHCP" gateway=10.10.0.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,74.40.74.40,74.40.74.41
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=10.10.0.0/16 list="Main Network"
- add address=10.2.0.0/24 list="Guest AP"
- /ip firewall filter
- add chain=input comment="Let Tech In" src-address=\
- 24.216.245.0/24
- add chain=input comment="VPN Port" disabled=yes dst-port=1723 protocol=tcp
- add chain=input comment="VPN Also" disabled=yes protocol=gre
- add action=drop chain=input comment="Mangled Packet Drop" connection-state=\
- invalid
- add action=drop chain=input comment="Drop Traffic from Main Network to Guest" \
- dst-address=10.2.0.0/24 src-address=10.10.0.0/16
- add action=drop chain=input comment="Drop Traffic from Guest to Main" \
- dst-address=10.10.0.0/16 src-address=10.2.0.0/24
- add chain=input comment="default configuration" protocol=icmp
- add chain=input comment="default configuration" connection-state=\
- established,related
- add action=drop chain=input comment="Basic Security" in-interface=\
- "ether1-gateway Charter WAN"
- add action=fasttrack-connection chain=forward comment="default configuration" \
- connection-state=established,related
- add chain=forward comment="default configuration" connection-state=\
- established,related
- add action=drop chain=forward comment="Basic Security" connection-state=invalid
- add action=drop chain=forward comment="NAT killer" connection-nat-state=!dstnat \
- connection-state=new in-interface="ether1-gateway Charter WAN"
- /ip firewall mangle
- add chain=input comment="Mark Connections from Charter" connection-mark=\
- Wan1_Charter in-interface="ether1-gateway Charter WAN"
- add chain=input comment="Mark Connections from Frontier" connection-mark=\
- Wan2_frontier in-interface="ether3- DSL WAN"
- add action=mark-routing chain=output comment="Mark Outgoing Charter Traffic" \
- connection-mark=Wan1_Charter new-routing-mark=to_Wan1
- add action=mark-routing chain=output comment="Mark Outgoing Frontier Traffic" \
- connection-mark=Wan2_frontier new-routing-mark=to_Wan2
- add chain=prerouting comment="PreRouting for Charter" dst-address=10.10.0.0/16 \
- in-interface="ether1-gateway Charter WAN"
- add chain=prerouting comment="PreRouting for Frontier" dst-address=10.10.0.0/16 \
- in-interface="ether3- DSL WAN"
- add action=mark-connection chain=prerouting comment=\
- "Mark Non - Local Traffic Charter" dst-address-type=!local in-interface=\
- "ether1-gateway Charter WAN" new-connection-mark=Wan1_Charter \
- per-connection-classifier=both-addresses-and-ports:2/0
- add action=mark-connection chain=prerouting comment=\
- "Mark Non-Local Traffic Frontier" dst-address-type=!local in-interface=\
- "ether3- DSL WAN" new-connection-mark=Wan2_frontier \
- per-connection-classifier=both-addresses-and-ports:2/0
- add action=mark-routing chain=prerouting comment="Mark Port Specific Charter" \
- connection-mark=Wan1_Charter in-interface="ether1-gateway Charter WAN" \
- new-routing-mark=to_Wan1
- add action=mark-routing chain=prerouting comment="Mark Port Specific Frontier" \
- connection-mark=Wan2_frontier in-interface="ether3- DSL WAN" \
- new-routing-mark=to_Wan2
- /ip firewall nat
- add action=masquerade chain=srcnat comment="NAT for all traffic" out-interface=\
- "ether1-gateway Charter WAN"
- add action=masquerade chain=srcnat comment="NAT for Guest Network" \
- out-interface="ether1-gateway Charter WAN" src-address=10.2.0.0/24
- add action=masquerade chain=srcnat comment="Masquerade for Charter WAN" \
- out-interface="ether1-gateway Charter WAN"
- add action=masquerade chain=srcnat comment="Masquerade for Frontier WAN" \
- out-interface="ether3- DSL WAN"
- /ip ipsec peer
- add address=0.0.0.0/0 enc-algorithm=3des,aes-128,aes-192,aes-256 exchange-mode=\
- main-l2tp generate-policy=port-strict secret=billy3210
- /ip route
- add check-gateway=ping comment="Ping Charter to See if Up" distance=1 gateway=\
- "ether1-gateway Charter WAN" routing-mark=to_Wan1
- add check-gateway=ping comment="Ping Frontier to See if Up" distance=1 gateway=\
- "ether3- DSL WAN" routing-mark=to_Wan2
- /lcd
- set default-screen=informative-slideshow touch-screen=disabled
- /ppp secret
- add comment="Tom VPN" name=billy password=billy3210 profile=pptp-profile service=\
- pptp
- add comment="Tom VPN" name=billy password=billy3210 profile=l2tp service=l2tp
- /system clock
- set time-zone-name=America/Los_Angeles
- /system identity
- set name=TomsCore
- /system ntp client
- set enabled=yes primary-ntp=38.229.71.1 secondary-ntp=129.6.15.29
- /system routerboard settings
- set protected-routerboot=disabled
- /system scheduler
- add comment="Force DynDNS Update" interval=5m name="Update DynDNS" on-event=\
- "/ip cloud force-update" policy=\
- reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jun/05/2017 start-time=21:47:21
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface="ether3- DSL WAN"
- add interface=ether4-slave-local
- add interface=ether5-slave-local
- add interface=ether6-slave-local
- add interface=ether7-slave-local
- add interface=ether8-slave-local
- add interface=ether9-slave-local
- add interface=ether10-slave-local
- add interface=ether11-slave-local
- add interface=ether12-slave-local
- add interface=ether13-slave-local
- add interface=ether14-slave-local
- add interface=ether15-slave-local
- add interface=ether16-slave-local
- add interface=ether17-slave-local
- add interface=ether18-slave-local
- add interface=ether19-slave-local
- add interface=ether20-slave-local
- add interface=ether21-slave-local
- add interface=ether22-slave-local
- add interface=ether23-slave-local
- add interface=ether24-slave-local
- add interface=sfp1-slave-local
- add interface=wlan1
- add interface=bridge-local
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface="ether3- DSL WAN"
- add interface=ether4-slave-local
- add interface=ether5-slave-local
- add interface=ether6-slave-local
- add interface=ether7-slave-local
- add interface=ether8-slave-local
- add interface=ether9-slave-local
- add interface=ether10-slave-local
- add interface=ether11-slave-local
- add interface=ether12-slave-local
- add interface=ether13-slave-local
- add interface=ether14-slave-local
- add interface=ether15-slave-local
- add interface=ether16-slave-local
- add interface=ether17-slave-local
- add interface=ether18-slave-local
- add interface=ether19-slave-local
- add interface=ether20-slave-local
- add interface=ether21-slave-local
- add interface=ether22-slave-local
- add interface=ether23-slave-local
- add interface=ether24-slave-local
- add interface=sfp1-slave-local
- add interface=wlan1
- add interface=bridge-local
- /tool romon port
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement