API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 4th, 2020
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.61 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add admin-mac=64:D1:54:B0:94:E8 auto-mac=no comment=defconf name=bridge
  3. /interface ethernet
  4. set [ find default-name=ether1 ] comment=ISP
  5. /interface l2tp-server
  6. add name=L2TP-DeusEx user=DeusEx
  7. /interface ovpn-server
  8. add name=OVPN-DeusEx user=DeusEx
  9. /interface pptp-server
  10. add name=PPTP-DeusEx user=DeusEx
  11. /interface vlan
  12. add comment=ESXi interface=bridge name=vlan10 vlan-id=10
  13. add comment=Voice interface=bridge name=vlan11 vlan-id=11
  14. add comment=Site interface=bridge name=vlan12 vlan-id=12
  15. add comment=1C interface=bridge name=vlan13 vlan-id=13
  16. add comment=Video interface=bridge name=vlan14 vlan-id=14
  17. add comment=Radio interface=bridge name=vlan15 vlan-id=15
  18. add comment=Wi-Fi interface=bridge name=vlan16 vlan-id=16
  19. add comment=Management interface=bridge name=vlan20 vlan-id=20
  20. add comment=VPN interface=bridge name=vlan50 vlan-id=50
  21. /interface list
  22. add comment=defconf name=WAN
  23. add comment=defconf name=LAN
  24. /interface wireless security-profiles
  25. set [ find default=yes ] supplicant-identity=MikroTik
  26. add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=DeusEx supplicant-identity="" unicast-ciphers=tkip,aes-ccm
  27. /interface wireless
  28. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=russia disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge \
  29. security-profile=DeusEx ssid=DeusEx tx-power=30 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
  30. add disabled=no mac-address=66:D1:54:B0:94:EC master-interface=wlan1 name=wlan2 security-profile=DeusEx ssid=Service vlan-id=20 vlan-mode=use-tag wps-mode=disabled
  31. /ip pool
  32. add name=Vlan1 ranges=192.168.1.2-192.168.1.254
  33. add name=Vlan10 ranges=192.168.10.2-192.168.10.254
  34. add name=Vlan11 ranges=192.168.11.2-192.168.11.254
  35. add name=Vlan12 ranges=192.168.12.2-192.168.12.254
  36. add name=Vlan13 ranges=192.168.13.2-192.168.13.254
  37. add name=Vlan14 ranges=192.168.14.2-192.168.14.254
  38. add name=Vlan15 ranges=192.168.15.2-192.168.15.254
  39. add name=Vlan16 ranges=192.168.16.2-192.168.16.254
  40. add name=Vlan20 ranges=192.168.20.2-192.168.20.254
  41. add name=Vlan50 ranges=192.168.50.2-192.168.50.254
  42. /ip dhcp-server
  43. add address-pool=Vlan1 disabled=no interface=bridge lease-time=12h name=vlan1
  44. add address-pool=Vlan10 disabled=no interface=vlan10 lease-time=12h name=vlan10
  45. add address-pool=Vlan11 disabled=no interface=vlan11 lease-time=12h name=vlan11
  46. add address-pool=Vlan12 disabled=no interface=vlan12 lease-time=12h name=vlan12
  47. add address-pool=Vlan13 disabled=no interface=vlan13 lease-time=12h name=vlan13
  48. add address-pool=Vlan14 disabled=no interface=vlan14 lease-time=12h name=vlan14
  49. add address-pool=Vlan15 disabled=no interface=vlan15 lease-time=12h name=vlan15
  50. add address-pool=Vlan16 disabled=no interface=vlan16 lease-time=12h name=vlan16
  51. add address-pool=Vlan20 disabled=no interface=vlan20 lease-time=12h name=vlan20
  52. add address-pool=Vlan50 disabled=no interface=vlan50 lease-time=12h name=vlan50
  53. /ppp profile
  54. add local-address=Vlan50 name=VPN remote-address=Vlan50
  55. /interface l2tp-client
  56. add allow=mschap2 connect-to=95.78.164.203 name=L2TP-MegaService profile=VPN use-ipsec=yes user=DeusEx
  57. /interface pptp-client
  58. add allow=mschap2 connect-to=95.78.164.203 name=PPTP-MegaService profile=VPN user=DeusEx
  59. /interface bridge port
  60. add auto-isolate=yes bridge=bridge comment=defconf interface=ether2
  61. add auto-isolate=yes bridge=bridge comment=defconf interface=ether3
  62. add auto-isolate=yes bridge=bridge comment=defconf interface=ether4 pvid=10
  63. add auto-isolate=yes bridge=bridge comment=defconf interface=ether5
  64. add auto-isolate=yes bridge=bridge comment=defconf interface=wlan1
  65. add auto-isolate=yes bridge=bridge interface=wlan2
  66. /ip neighbor discovery-settings
  67. set discover-interface-list=WAN
  68. /interface bridge vlan
  69. add bridge=bridge untagged=bridge vlan-ids=""
  70. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=10
  71. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=11
  72. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=12
  73.  
  74. Александр Ковалевич, [04.01.20 23:30]
  75. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=13
  76. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=14
  77. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=15
  78. add bridge=bridge tagged=bridge,ether2,ether3 vlan-ids=16
  79. add bridge=bridge tagged=bridge,ether2,ether3 untagged=ether4 vlan-ids=20
  80. add bridge=wlan2 tagged=wlan2,vlan20,ether4 vlan-ids=20
  81. /interface detect-internet
  82. set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
  83. /interface l2tp-server server
  84. set authentication=mschap2 default-profile=VPN enabled=yes use-ipsec=yes
  85. /interface list member
  86. add comment=defconf interface=bridge list=LAN
  87. add comment=defconf interface=ether1 list=WAN
  88. add interface=vlan10 list=LAN
  89. add interface=vlan11 list=LAN
  90. add interface=vlan12 list=LAN
  91. add interface=vlan13 list=LAN
  92. add interface=vlan14 list=LAN
  93. add interface=vlan15 list=LAN
  94. add interface=vlan16 list=LAN
  95. add interface=vlan20 list=LAN
  96. add interface=vlan50 list=LAN
  97. /interface ovpn-server server
  98. set auth=sha1 certificate=SRV cipher=blowfish128,aes128,aes192,aes256 default-profile=VPN enabled=yes
  99. /interface pptp-server server
  100. set authentication=mschap2 default-profile=VPN enabled=yes
  101. /ip address
  102. add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
  103. add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
  104. add address=192.168.11.1/24 interface=vlan11 network=192.168.11.0
  105. add address=192.168.12.1/24 interface=vlan12 network=192.168.12.0
  106. add address=192.168.13.1/24 interface=vlan13 network=192.168.13.0
  107. add address=192.168.14.1/24 interface=vlan14 network=192.168.14.0
  108. add address=192.168.15.1/24 interface=vlan15 network=192.168.15.0
  109. add address=192.168.16.1/24 interface=vlan16 network=192.168.16.0
  110. add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
  111. add address=192.168.50.1/24 comment=VPN interface=vlan50 network=192.168.50.0
  112. /ip dhcp-client
  113. add comment=defconf disabled=no interface=ether1
  114. /ip dhcp-server lease
  115. add address=192.168.20.3 client-id=1:bc:ae:c5:3:dc:fe comment=KVM mac-address=BC:AE:C5:03:DC:FE server=vlan20
  116. add address=192.168.1.4 client-id=1:80:fa:5b:e:c5:e4 comment="NoteBook Lan" mac-address=80:FA:5B:0E:C5:E4 server=vlan1
  117. add address=192.168.1.3 client-id=1:a8:9c:ed:3b:7f:3 comment="DeusEx Phone" mac-address=A8:9C:ED:3B:7F:03 server=vlan1
  118. add address=192.168.14.2 client-id=1:2c:7:3c:0:1b:eb comment=Registrator mac-address=2C:07:3C:00:1B:EB server=vlan14
  119. add address=192.168.14.3 client-id=1:9c:14:63:c9:64:e1 comment=Camera1 mac-address=9C:14:63:C9:64:E1 server=vlan14
  120. add address=192.168.10.2 client-id=1:0:24:8c:e:e1:c8 comment="ESXi 1" mac-address=00:24:8C:0E:E1:C8 server=vlan10
  121. add address=192.168.20.2 client-id=cisco-58bf.ea91.60c1-Vl20 comment=Switch mac-address=58:BF:EA:91:60:C1 server=vlan20
  122. add address=192.168.20.4 client-id=1:0:c:29:b2:5c:10 comment=VCSA mac-address=00:0C:29:B2:5C:10 server=vlan20
  123. add address=192.168.11.5 comment=A510-IP mac-address=7C:2F:80:5F:E2:18 server=vlan11
  124. add address=192.168.11.3 client-id=1:38:3f:10:0:bd:cc comment=Goip-4 mac-address=38:3F:10:00:BD:CC server=vlan11
  125. add address=192.168.11.4 client-id=1:0:15:65:3f:52:e comment=SIP-T26P mac-address=00:15:65:3F:52:0E server=vlan11
  126. add address=192.168.13.2 client-id=1:0:50:56:8d:d0:8f comment=DC mac-address=00:50:56:8D:D0:8F server=vlan13
  127. add address=192.168.13.3 client-id=1:0:50:56:8d:e2:8b comment=SQL mac-address=00:50:56:8D:E2:8B server=vlan13
  128. add address=192.168.13.4 client-id=1:0:50:56:8d:fb:c2 comment=FS mac-address=00:50:56:8D:FB:C2 server=vlan13
  129. add address=192.168.20.5 client-id=1:0:c0:b7:96:51:f7 comment=APC mac-address=00:C0:B7:96:51:F7 server=vlan20
  130. add address=192.168.13.5 client-id=1:0:50:56:9c:7:50 comment=1C mac-address=00:50:56:9C:07:50 server=vlan13
  131. add address=192.168.20.6 comment=PCNS mac-address=00:50:56:9C:7B:9F server=vlan20
  132. add address=192.168.12.2 comment=Site mac-address=00:50:56:9C:01:A4 server=vlan12
  133. add address=192.168.1.254 client-id=1:88:5a:92:a7:6c:a5 comment=AccessPoint mac-address=88:5A:92:A7:6C:A5 server=vlan1
  134.  
  135. Александр Ковалевич, [04.01.20 23:30]
  136. /system identity
  137. set name="DeusEx Home"
  138. /tool mac-server
  139. set allowed-interface-list=LAN
  140. /tool mac-server mac-winbox
  141. set allowed-interface-list=LAN
  142. /tool romon
  143. set enabled=yes
  144.  
  145. Александр Ковалевич, [04.01.20 23:30]
  146. add address=192.168.1.5 client-id=1:ec:5c:68:7b:7a:85 comment=TV mac-address=EC:5C:68:7B:7A:85 server=vlan1
  147. add address=192.168.11.2 comment=SIP mac-address=00:50:56:2E:A6:BD server=vlan11
  148. /ip dhcp-server network
  149. add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1
  150. add address=192.168.10.0/24 gateway=192.168.10.1
  151. add address=192.168.11.0/24 dhcp-option=*1 gateway=192.168.11.1 netmask=24
  152. add address=192.168.12.0/24 gateway=192.168.12.1 netmask=24
  153. add address=192.168.13.0/24 dns-server=192.168.13.2,192.168.13.1 domain=office.it-sis.ru gateway=192.168.13.1 netmask=24 wins-server=192.168.13.2
  154. add address=192.168.14.0/24 gateway=192.168.14.1
  155. add address=192.168.15.0/24 gateway=192.168.15.1
  156. add address=192.168.16.0/24 gateway=192.168.16.1
  157. add address=192.168.20.0/24 gateway=192.168.20.1
  158. add address=192.168.50.0/24 gateway=192.168.50.1
  159. /ip dns
  160. set allow-remote-requests=yes cache-size=20480KiB
  161. /ip dns static
  162. add address=192.168.1.1 comment=defconf name=router.lan
  163. add address=192.168.20.4 name=vcsa.office.it-sis.ru
  164. add address=192.168.10.2 name=esxi.office.it-sis.ru
  165. add address=192.168.13.2 name=dc.office.it-sis.ru
  166. add address=192.168.13.3 name=sql.office.it-sis.ru
  167. add address=192.168.13.4 name=fs.office.it-sis.ru
  168. add address=192.168.13.5 name=1c.office.it-sis.ru
  169. /ip firewall filter
  170. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
  171. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  172. add action=drop chain=forward comment="Drop BlackList" in-interface-list=WAN src-address-list=BlackList
  173. add action=drop chain=forward comment="drop SIP brute forcers" in-interface-list=WAN src-address-list=SIP_blacklist
  174. add action=add-src-to-address-list address-list=SIP_blacklist address-list-timeout=none-dynamic chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp \
  175. src-address-list=SIP_stage3
  176. add action=add-src-to-address-list address-list=SIP_stage3 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address-list=\
  177. SIP_stage2
  178. add action=add-src-to-address-list address-list=SIP_stage2 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address-list=\
  179. SIP_stage1
  180. add action=add-src-to-address-list address-list=SIP_stage1 address-list-timeout=1h chain=forward connection-state=new dst-address=192.168.11.2 in-interface-list=WAN protocol=udp src-address=0.0.0.0/0
  181. add action=drop chain=input comment="drop ssh brute forcers" in-interface-list=WAN protocol=tcp src-address-list=SSH_blacklist
  182. add action=add-src-to-address-list address-list=SSH_blacklist address-list-timeout=none-dynamic chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=\
  183. SSH_stage3
  184. add action=add-src-to-address-list address-list=SSH_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=SSH_stage2
  185. add action=add-src-to-address-list address-list=SSH_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp src-address-list=SSH_stage1
  186. add action=add-src-to-address-list address-list=SSH_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22,9999 in-interface-list=WAN protocol=tcp
  187. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  188. add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  189. add action=accept chain=input comment=PPTP dst-port=1723 protocol=tcp
  190. add action=accept chain=input protocol=gre
  191. add action=accept chain=input comment=L2TP port=1701,500,4500 protocol=udp
  192. add action=accept chain=input protocol=ipsec-esp
  193. add action=accept chain=input comment=OVPN dst-port=1194 protocol=tcp
  194. add action=accept chain=forward comment=DevLine dst-port=9786 protocol=tcp
  195.  
  196. Александр Ковалевич, [04.01.20 23:30]
  197. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
  198. add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  199. add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  200. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
  201. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
  202. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  203. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  204. add action=accept chain=input comment="Accept port`s WAN TCP" disabled=yes dst-port=53 in-interface=ether1 protocol=tcp
  205. add action=accept chain=input disabled=yes dst-port=80 in-interface=ether1 protocol=tcp
  206. add action=accept chain=input disabled=yes dst-port=443 in-interface=ether1 protocol=tcp
  207. add action=accept chain=input disabled=yes dst-port=873 in-interface=ether1 protocol=tcp
  208. add action=accept chain=input disabled=yes dst-port=2221 in-interface=ether1 protocol=tcp
  209. add action=accept chain=input disabled=yes dst-port=8887 in-interface=ether1 protocol=tcp
  210. add action=accept chain=input disabled=yes dst-port=8888 in-interface=ether1 protocol=tcp
  211. add action=accept chain=input disabled=yes dst-port=9090 in-interface=ether1 protocol=tcp
  212. add action=accept chain=input disabled=yes dst-port=9998 in-interface=ether1 protocol=tcp
  213. add action=accept chain=input disabled=yes dst-port=9999 in-interface=ether1 protocol=tcp
  214. add action=accept chain=input disabled=yes dst-port=50000 in-interface=ether1 protocol=tcp
  215. add action=accept chain=input disabled=yes dst-port=50001 in-interface=ether1 protocol=tcp
  216. add action=accept chain=input comment="Accept port`s WAN UDP" disabled=yes dst-port=53 in-interface=ether1 protocol=udp
  217. add action=accept chain=input disabled=yes dst-port=80 in-interface=ether1 protocol=udp
  218. add action=accept chain=input disabled=yes dst-port=443 in-interface=ether1 protocol=udp
  219. add action=accept chain=input disabled=yes dst-port=873 in-interface=ether1 protocol=udp
  220. add action=accept chain=input disabled=yes dst-port=2221 in-interface=ether1 protocol=udp
  221. add action=accept chain=input disabled=yes dst-port=8887 in-interface=ether1 protocol=udp
  222. add action=accept chain=input disabled=yes dst-port=8888 in-interface=ether1 protocol=udp
  223. add action=accept chain=input disabled=yes dst-port=9999 in-interface=ether1 protocol=udp
  224. add action=accept chain=input disabled=yes dst-port=50000 in-interface=ether1 protocol=udp
  225. add action=accept chain=input disabled=yes dst-port=50001 in-interface=ether1 protocol=udp
  226. add action=accept chain=input disabled=yes dst-port=5004-5082,10000-20000 in-interface=ether1 protocol=udp
  227. add action=accept chain=forward comment="Accept port`s WAN TCP" disabled=yes dst-port=53 in-interface=ether1 protocol=tcp
  228. add action=accept chain=forward disabled=yes dst-port=80 in-interface=ether1 protocol=tcp
  229. add action=accept chain=forward disabled=yes dst-port=443 in-interface=ether1 protocol=tcp
  230. add action=accept chain=forward disabled=yes dst-port=873 in-interface=ether1 protocol=tcp
  231. add action=accept chain=forward disabled=yes dst-port=2221 in-interface=ether1 protocol=tcp
  232. add action=accept chain=forward disabled=yes dst-port=8887 in-interface=ether1 protocol=tcp
  233. add action=accept chain=forward disabled=yes dst-port=8888 in-interface=ether1 protocol=tcp
  234. add action=accept chain=forward disabled=yes dst-port=9090 in-interface=ether1 protocol=tcp
  235. add action=accept chain=forward disabled=yes dst-port=9998 in-interface=ether1 protocol=tcp
  236. add action=accept chain=forward disabled=yes dst-port=9999 in-interface=ether1 protocol=tcp
  237. add action=accept chain=forward disabled=yes dst-port=50000 in-interface=ether1 protocol=tcp
  238. add action=accept chain=forward disabled=yes dst-port=50001 in-interface=ether1 protocol=tcp
  239.  
  240. Александр Ковалевич, [04.01.20 23:30]
  241. add action=accept chain=forward comment="Accept port`s WAN UDP" disabled=yes dst-port=53 in-interface=ether1 protocol=udp
  242. add action=accept chain=forward disabled=yes dst-port=80 in-interface=ether1 protocol=udp
  243. add action=accept chain=forward disabled=yes dst-port=443 in-interface=ether1 protocol=udp
  244. add action=accept chain=forward disabled=yes dst-port=873 in-interface=ether1 protocol=udp
  245. add action=accept chain=forward disabled=yes dst-port=2221 in-interface=ether1 protocol=udp
  246. add action=accept chain=forward disabled=yes dst-port=8000 in-interface=ether1 protocol=udp
  247. add action=accept chain=forward disabled=yes dst-port=8887 in-interface=ether1 protocol=udp
  248. add action=accept chain=forward disabled=yes dst-port=8888 in-interface=ether1 protocol=udp
  249. add action=accept chain=forward disabled=yes dst-port=9999 in-interface=ether1 protocol=udp
  250. add action=accept chain=forward disabled=yes dst-port=50000 in-interface=ether1 protocol=udp
  251. add action=accept chain=forward disabled=yes dst-port=50001 in-interface=ether1 protocol=udp
  252. add action=accept chain=forward disabled=yes dst-port=5004-5082,10000-20000 protocol=udp
  253. /ip firewall nat
  254. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
  255. add action=dst-nat chain=dstnat comment=Site dst-address=55.55.55.55 dst-port=80 protocol=tcp to-addresses=192.168.12.2
  256. add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=443 protocol=tcp to-addresses=192.168.12.2
  257. add action=dst-nat chain=dstnat comment=DevLine dst-address=55.55.55.55 dst-port=9786 protocol=tcp to-addresses=192.168.12.2
  258. add action=masquerade chain=srcnat comment="Client 1C" dst-port=9090 protocol=tcp
  259. add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=9090 protocol=tcp to-addresses=192.168.13.5
  260. add action=dst-nat chain=dstnat comment="DNS for DC" dst-address=55.55.55.55 dst-port=53 protocol=tcp to-addresses=192.168.13.2
  261. add action=masquerade chain=srcnat comment="Eset Rules" dst-address=55.55.55.55 dst-port=2221 protocol=tcp src-address=192.168.13.0/24
  262. add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=2221 protocol=tcp to-addresses=192.168.13.4
  263. add action=masquerade chain=srcnat comment="RDP ELENA" dst-address=55.55.55.55 dst-port=50001 protocol=tcp src-address=192.168.13.0/24
  264. add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=50001 protocol=tcp to-addresses=192.168.13.5 to-ports=3389
  265. add action=dst-nat chain=dstnat comment="SSH to 192.168.11.2 > 22" dst-address=55.55.55.55 dst-port=9999 protocol=tcp to-addresses=192.168.11.2 to-ports=22
  266. add action=masquerade chain=srcnat comment=Rsync dst-address=55.55.55.55 dst-port=873 protocol=tcp src-address=192.168.13.0/24
  267. add action=dst-nat chain=dstnat dst-address=55.55.55.55 dst-port=873 protocol=tcp to-addresses=192.168.13.4 to-ports=873
  268. add action=masquerade chain=srcnat comment="Loop To Local TCP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=tcp src-address=192.168.1.0/24
  269. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=tcp src-address=192.168.1.0/24
  270. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=tcp src-address=192.168.1.0/24
  271. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=8000 protocol=tcp src-address=192.168.1.0/24
  272. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9090 protocol=tcp src-address=192.168.1.0/24
  273. add action=masquerade chain=srcnat comment=DevLine disabled=yes dst-address=55.55.55.55 dst-port=9786 protocol=tcp src-address=192.168.1.0/24
  274. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9999 protocol=tcp src-address=192.168.1.0/24
  275. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=tcp src-address=192.168.1.0/24
  276. add action=masquerade chain=srcnat comment="Loop To Local UDP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=udp src-address=192.168.1.0/24
  277.  
  278. Александр Ковалевич, [04.01.20 23:30]
  279. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=udp src-address=192.168.1.0/24
  280. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=udp src-address=192.168.1.0/24
  281. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=873 protocol=udp src-address=192.168.1.0/24
  282. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=2221 protocol=udp src-address=192.168.1.0/24
  283. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9998 protocol=udp src-address=192.168.1.0/24
  284. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=9999 protocol=udp src-address=192.168.1.0/24
  285. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=udp src-address=192.168.1.0/24
  286. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=50001 protocol=udp src-address=192.168.1.0/24
  287. add action=masquerade chain=srcnat disabled=yes dst-address=55.55.55.55 dst-port=5004-5082,10000-20000 protocol=udp src-address=192.168.1.0/24
  288. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5900 protocol=tcp to-addresses=192.168.100.10
  289. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=8000 protocol=tcp to-addresses=192.168.1.220
  290. add action=dst-nat chain=dstnat comment="UAH RDP" disabled=yes dst-address=55.55.55.55 dst-port=5000 protocol=tcp to-addresses=192.168.2.2 to-ports=3389
  291. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=9999 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.100 to-ports=22
  292. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=9998 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.154 to-ports=22
  293. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=tcp to-addresses=192.168.1.150 to-ports=3389
  294. add action=dst-nat chain=dstnat comment="DST-NAT UDP" disabled=yes dst-address=55.55.55.55 dst-port=53 protocol=udp to-addresses=192.168.1.150
  295. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=80 protocol=udp to-addresses=192.168.1.154
  296. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=443 protocol=udp to-addresses=192.168.1.154
  297. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=873 protocol=udp to-addresses=192.168.1.152 to-ports=873
  298. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=2221 protocol=udp to-addresses=192.168.1.152
  299. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5060 protocol=udp to-addresses=192.168.1.100
  300. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50000 protocol=udp to-addresses=192.168.1.150 to-ports=3389
  301. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=50001 protocol=udp to-addresses=192.168.1.153 to-ports=3389
  302. add action=dst-nat chain=dstnat disabled=yes dst-address=55.55.55.55 dst-port=5004-5082,10000-20000 protocol=udp to-addresses=192.168.1.100
  303. /ip firewall service-port
  304. set ftp disabled=yes
  305. set tftp disabled=yes
  306. set irc disabled=yes
  307. set h323 disabled=yes
  308. set sip sip-timeout=10m
  309. set udplite disabled=yes
  310. set dccp disabled=yes
  311. set sctp disabled=yes
  312. /ip route
  313. add distance=100 dst-address=192.168.10.0/24 gateway=PPTP-MegaService
  314. add distance=100 dst-address=192.168.10.0/24 gateway=L2TP-MegaService
  315. /ip route rule
  316. add action=unreachable disabled=yes dst-address=192.168.10.0/24 src-address=192.168.1.0/24
  317. add action=unreachable disabled=yes dst-address=192.168.1.0/24 src-address=192.168.10.0/24
  318. /ip service
  319. set telnet disabled=yes
  320. set ftp disabled=yes
  321. set www address=192.168.20.0/24,192.168.1.0/24
  322. set ssh address=192.168.20.0/24
  323. set api disabled=yes
  324. set winbox address=192.168.20.0/24,192.168.1.0/24
  325. set api-ssl disabled=yes
  326. /ip smb
  327. set domain=WORKGROUP
  328. /ppp secret
  329. add name=DeusEx profile=VPN
  330. /system clock
  331. set time-zone-name=Asia/Yekaterinburg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!