Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MMM MMM KKK TTTTTTTTTTT KKK
- MMMM MMMM KKK TTTTTTTTTTT KKK
- MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
- MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
- MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
- MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
- MikroTik RouterOS 6.43.1 (c) 1999-2018 http://www.mikrotik.com/
- [?] Gives the list of available commands
- command [?] Gives help on the command and list of arguments
- [Tab] Completes the command/word. If the input is ambiguous,
- a second [Tab] gives possible options
- / Move up to base level
- .. Move up one level
- /command Use command at the base level
- [admin@MikroTik] > export hide-sen=yes
- expected end of command (line 1 column 16)
- [admin@MikroTik] > /export hide
- compact file terse verbose
- [admin@MikroTik] > /export hide
- [admin@MikroTik] > /export
- # sep/21/2018 17:36:12 by RouterOS 6.43.1
- # software id = KFMF-AWZ7
- #
- # model = RouterBOARD 3011UiAS
- # serial number = 8EEA08624D5C
- /interface pptp-client
- add add-default-route=yes connect-to=vpn.ivedu.ru max-mtu=1420 name=pptp-out1 password=A734834TT user=tehnopark
- /interface bridge
- add admin-mac=CC:2D:E0:16:DA:52 auto-mac=no comment=defconf disabled=yes name=bridge
- /interface ethernet
- set [ find default-name=ether1 ] speed=100Mbps
- set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
- set [ find default-name=ether3 ] speed=100Mbps
- set [ find default-name=ether4 ] speed=100Mbps
- set [ find default-name=ether5 ] speed=100Mbps
- set [ find default-name=ether6 ] name=ether6-master speed=100Mbps
- set [ find default-name=ether7 ] speed=100Mbps
- set [ find default-name=ether8 ] speed=100Mbps
- set [ find default-name=ether9 ] speed=100Mbps
- set [ find default-name=ether10 ] speed=100Mbps
- set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- /interface vlan
- add comment=adm interface=ether5 name=ether5.10 vlan-id=10
- add comment=stud interface=ether5 name=ether5.20 vlan-id=20
- add comment=guest interface=ether5 name=ether5.30 vlan-id=30
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- add name=LAN
- add name=WAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip neighbor discovery-settings
- set discover-interface-list=discover
- /interface list member
- add interface=ether3 list=discover
- add interface=ether2-master list=WAN
- add interface=ether5.10 list=LAN
- add interface=ether5.20 list=LAN
- add interface=ether5 list=LAN
- add interface=ether5.30 list=LAN
- add interface=ether3 list=mac-winbox
- add interface=ether3 list=mactel
- /ip address
- add address=172.16.94.202/29 interface=ether2-master network=172.16.94.200
- add address=10.136.1.1/24 interface=ether5.10 network=10.136.1.0
- add address=10.136.2.1/24 interface=ether5.20 network=10.136.2.0
- add address=10.136.3.1/24 interface=ether5.30 network=10.136.3.0
- add address=10.136.0.1/24 interface=ether5 network=10.136.0.0
- /ip dhcp-server
- add address-pool=adm disabled=no interface=ether5.10 lease-time=3d name=adm
- add address-pool=stud disabled=no interface=ether5.20 lease-time=3d name=stud
- add address-pool=guest disabled=no interface=ether5.30 lease-time=3d name=guest
- /ip dhcp-server network
- add address=10.136.1.0/24 dns-server=10.136.1.1 gateway=10.136.1.1 netmask=24
- add address=10.136.2.0/24 dns-server=10.136.2.1 gateway=10.136.2.1 netmask=24
- add address=10.136.3.0/24 dns-server=10.136.3.1 gateway=10.136.3.1 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=172.16.94.201
- /ip firewall address-list
- add address=172.16.94.202 list=allowed
- /ip firewall filter
- add action=accept chain=input comment="accept established, related" connection-state=established,related
- add action=accept chain=input comment="allowed ssh and winbox allowed list" dst-port=22,8291 protocol=tcp src-address-list=allowed
- add action=add-src-to-address-list address-list=allowed address-list-timeout=10m chain=input log=yes log-prefix=ALLOW packet-size=151 protocol=icmp
- add action=reject chain=input packet-size=151 protocol=icmp reject-with=icmp-admin-prohibited
- add action=drop chain=input comment="drop all from WAN" in-interface-list=WAN
- add action=accept chain=forward comment="accept established, related" connection-state=established,related
- add action=drop chain=forward comment="drop invalid" connection-state=invalid
- add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
- add action=drop chain=forward dst-port=137-139,445 out-interface-list=WAN protocol=tcp
- add action=drop chain=forward dst-port=137-139,445 out-interface-list=WAN protocol=udp
- add action=drop chain=forward dst-port=!80,443,1688 in-interface=ether5.20 out-interface-list=WAN protocol=tcp
- add action=drop chain=forward dst-port=!80,443 in-interface=ether5.30 out-interface-list=WAN protocol=tcp
- /ip firewall nat
- # pptp-out1 not ready
- add action=src-nat chain=srcnat out-interface=pptp-out1 to-addresses=192.168.1.230
- /ip pool
- add name=adm next-pool=adm ranges=10.136.1.100-10.136.1.200
- add name=stud next-pool=stud ranges=10.136.2.100-10.136.2.200
- add name=guest next-pool=guest ranges=10.136.3.100-10.136.3.200
- /ip route
- add check-gateway=ping distance=2 gateway=172.16.94.201
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=Europe/Moscow
- /system ntp client
- set enabled=yes primary-ntp=194.190.168.1 secondary-ntp=195.211.77.74
- /system routerboard settings
- set silent-boot=no
- /tool mac-server
- set allowed-interface-list=mactel
- /tool mac-server mac-winbox
- set allowed-interface-list=mac-winbox
- [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
