API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2021
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.94 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add admin-mac=E4:8D:XX:XX:XX:B9 auto-mac=no comment=defconf name=bridge
  3. add name=bridge-eoip-tunnel1
  4. add name=bridge-wlan
  5. add name=loopback
  6. /interface eoip
  7. add !keepalive local-address=192.168.99.1 mac-address=02:B1:XX:XX:XX:2F name=\
  8. eoip-tunnel1 remote-address=192.168.99.2 tunnel-id=10
  9. /interface list
  10. add comment=defconf name=WAN
  11. add comment=defconf name=LAN
  12. add name=ifl.l2admin
  13. /ip ipsec mode-config
  14. add address=192.168.99.2 address-prefix-length=30 name=ike2-gre \
  15. split-include=192.168.99.1/32 system-dns=no
  16. /ip ipsec policy group
  17. add name=ike2-gre
  18. /ip ipsec profile
  19. add dh-group=ecp256 enc-algorithm=aes-128 hash-algorithm=md5 name=ike2
  20. /ip ipsec peer
  21. add exchange-mode=ike2 name=ike2 passive=yes profile=ike2
  22. /ip ipsec proposal
  23. add auth-algorithms=md5 enc-algorithms=des lifetime=1d name=ike2-gre \
  24. pfs-group=none
  25. /ip pool
  26. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
  27. /ip dhcp-server
  28. add address-pool=default-dhcp disabled=no interface=bridge lease-time=4w2d \
  29. name=defconf
  30. /user group
  31. set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
  32. sword,web,sniff,sensitive,api,romon,dude,tikapp"
  33. /interface bridge port
  34. add bridge=bridge-eoip-tunnel1 interface=eoip-tunnel1
  35. add bridge=bridge-eoip-tunnel1 interface=ether4
  36. add bridge=bridge-eoip-tunnel1 interface=wlan1
  37. add bridge=bridge-wlan interface=ether2
  38. add bridge=bridge-wlan interface=ether1
  39. add bridge=bridge-wlan interface=ether3
  40. /ip neighbor discovery-settings
  41. set discover-interface-list=LAN
  42. /interface list member
  43. add comment=defconf interface=bridge list=LAN
  44. add comment=defconf interface=ether1 list=WAN
  45. add interface=ether3 list=LAN
  46. add interface=ether2 list=LAN
  47. /ip address
  48. add address=192.168.88.1/24 comment=defconf interface=bridge network=\
  49. 192.168.88.0
  50. add address=192.168.99.1/30 interface=loopback network=192.168.99.0
  51. /ip cloud
  52. set ddns-enabled=yes ddns-update-interval=5m
  53. /ip dhcp-client
  54. # DHCP client can not run on slave interface!
  55. add comment=defconf disabled=no interface=ether1
  56. /ip dhcp-server config
  57. set store-leases-disk=never
  58. /ip dhcp-server network
  59. add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
  60. /ip dns
  61. set allow-remote-requests=yes
  62. /ip dns static
  63. add address=192.168.88.1 name=router.lan
  64. /ip firewall filter
  65. add action=accept chain=input comment=\
  66. "defconf: accept established,related,untracked" connection-state=\
  67. established,related,untracked
  68. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  69. invalid
  70. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  71. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  72. ipsec-policy=in,ipsec
  73. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  74. ipsec-policy=out,ipsec
  75. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  76. connection-state=established,related
  77. add action=accept chain=forward comment=\
  78. "defconf: accept established,related, untracked" connection-state=\
  79. established,related,untracked
  80. add action=drop chain=forward comment="defconf: drop invalid" \
  81. connection-state=invalid
  82. /ip firewall nat
  83. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  84. ipsec-policy=out,none out-interface-list=WAN
  85. add action=masquerade chain=srcnat out-interface=loopback
  86. /ip ipsec identity
  87. add generate-policy=port-strict mode-config=ike2-gre peer=ike2 \
  88. policy-template-group=ike2-gre
  89. /ip ipsec policy
  90. add dst-address=192.168.99.2/32 group=ike2-gre proposal=ike2-gre src-address=\
  91. 192.168.99.1/32 template=yes
  92. /ip ssh
  93. set always-allow-password-login=yes forwarding-enabled=remote
  94. /system identity
  95. set name=xxx8
  96. /system logging
  97. set 3 action=memory
  98. /tool bandwidth-server
  99. set authenticate=no
  100. /tool graphing
  101. set store-every=24hours
  102. /tool mac-server
  103. set allowed-interface-list=LAN
  104. /tool mac-server mac-winbox
  105. set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!