Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/29/2018 21:56:28 by RouterOS 6.40.8
- #
- # model = RouterBOARD 962UiGS-5HacT2HnT
- /interface bridge
- add admin-mac=CC:2D:E0:A9:A6:69 auto-mac=no comment=defconf name=bridge
- /interface ethernet
- set [ find default-name=ether1 ] advertise=1000M-half,1000M-full speed=1Gbps
- set [ find default-name=ether2 ] advertise=1000M-half,1000M-full name=\
- ether2-master
- set [ find default-name=ether3 ] advertise=1000M-half,1000M-full master-port=\
- ether2-master
- set [ find default-name=ether4 ] advertise=1000M-half,1000M-full master-port=\
- ether2-master
- set [ find default-name=ether5 ] advertise=1000M-half,1000M-full master-port=\
- ether2-master
- /interface pppoe-client
- add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
- password=Random8390Password91 use-peer-dns=yes user=kevlar
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
- disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
- Military_Base_2 wireless-protocol=802.11
- set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
- 20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
- ap-bridge ssid=Military_Base_5 wireless-protocol=802.11
- /ip neighbor discovery
- set ether1 discover=no
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
- dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=kevlar7420 \
- wpa2-pre-shared-key=kevlar7420
- /ip ipsec policy group
- add name=policy_group1
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-256-ctr,3des
- /ip pool
- add name=dhcp ranges=192.168.88.1-192.168.88.40
- add name=vpn_pool ranges=192.168.88.230-192.168.88.250
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=bridge name=defconf
- /ppp profile
- add change-tcp-mss=yes local-address=vpn_pool name=l2tp remote-address=\
- vpn_pool use-upnp=yes
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2-master
- add bridge=bridge comment=defconf interface=sfp1
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge comment=defconf interface=wlan2
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=l2tp ipsec-secret=\
- "8390KevLaR(!oFFipsec" use-ipsec=yes
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- /ip address
- add address=192.168.88.50/24 comment=defconf interface=ether2-master network=\
- 192.168.88.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid interface=ether1
- /ip dhcp-server lease
- add address=192.168.88.105 always-broadcast=yes client-id=1:c0:b6:f9:13:27:4d \
- mac-address=C0:B6:F9:13:27:4D server=defconf use-src-mac=yes
- add address=192.168.88.101 always-broadcast=yes client-id=1:8:f6:9c:15:c1:57 \
- mac-address=08:F6:9C:15:C1:57 server=defconf use-src-mac=yes
- add address=192.168.88.102 always-broadcast=yes client-id=1:90:60:f1:3a:44:f5 \
- mac-address=90:60:F1:3A:44:F5 server=defconf
- add address=192.168.88.104 always-broadcast=yes client-id=1:c8:d9:d2:7c:49:52 \
- mac-address=C8:D9:D2:7C:49:52 server=defconf
- add address=192.168.88.103 client-id=1:50:8f:4c:58:52:f6 mac-address=\
- 50:8F:4C:58:52:F6 server=defconf
- add address=192.168.88.254 mac-address=00:15:5D:00:96:06 server=defconf
- /ip dhcp-server network
- add address=192.168.88.0/24 comment=defconf gateway=192.168.88.50 netmask=24
- /ip dns
- set servers=77.88.8.8
- /ip dns static
- add address=192.168.88.50 name=router.lan
- /ip firewall address-list
- add address=kevlar.ml list=wan-ip
- /ip firewall filter
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=accept chain=input dst-port=202 protocol=tcp
- add action=accept chain=input dst-port=1194 protocol=udp
- add action=accept chain=input disabled=yes protocol=icmp
- add action=accept chain=input connection-state=established
- add action=accept chain=input connection-state=related
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- add action=drop chain=input in-interface=pppoe-out1
- add action=drop chain=input comment="drop ping packets" in-interface-list=WAN \
- log=yes log-prefix=ping_drop_ protocol=icmp
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface-list=WAN
- add action=masquerade chain=srcnat out-interface=pppoe-out1
- add action=netmap chain=dstnat dst-port=28202 protocol=tcp to-addresses=\
- 192.168.88.254 to-ports=22
- add action=netmap chain=dstnat comment="dmz for vpn server" dst-port=1194 \
- log=yes log-prefix=ovpn_ protocol=udp to-addresses=192.168.88.254 \
- to-ports=1194
- add action=dst-nat chain=dstnat comment="web - server - 80" in-interface=\
- pppoe-out1 log=yes log-prefix="web - titan - 80 -" protocol=tcp \
- to-addresses=192.168.88.151
- /ip firewall service-port
- set ftp ports=32
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes
- set dccp disabled=yes
- set sctp disabled=yes
- /ip ipsec peer
- add address=0.0.0.0/0 enc-algorithm=aes-256,aes-128,3des exchange-mode=\
- main-l2tp generate-policy=port-override passive=yes \
- policy-template-group=policy_group1 secret="8390KevLaR(!oFF"
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes port=79
- set ssh disabled=yes
- set www-ssl port=4443
- set api disabled=yes
- set winbox address=192.168.88.0/24
- set api-ssl disabled=yes
- /ip upnp
- set enabled=yes
- /ip upnp interfaces
- add interface=bridge type=internal
- add interface=pppoe-out1 type=external
- /ppp secret
- add name=kevlar password="8390KevLaR(!oFF" profile=l2tp service=l2tp
- /system clock
- set time-zone-name=Asia/Yekaterinburg
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=bridge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement