API tools faq
paste
Advertisement
Guest User

Ring

a guest
Nov 23rd, 2016
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.64 KB | None | 0 0
raw download clone embed print report
  1. nov/23/2016 14:23:28 by RouterOS 6.36
  2. # software id = UPA0-2NBC
  3. #
  4. /interface ethernet
  5. set [ find default-name=ether1 ] comment="Wan ISP1" name=ether1_wan_1
  6. set [ find default-name=ether3 ] advertise=\
  7. 100M-half,100M-full,1000M-half,1000M-full comment=Local name=ether2_lan
  8. set [ find default-name=ether2 ] comment="Wan ISP2" mtu=1492 name=ether3_wan_2
  9. /interface pppoe-client
  10. add add-default-route=yes default-route-distance=5 disabled=no interface=\
  11. ether3_wan_2 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out_wan_2 \
  12. password=2xaw692b user=v848446
  13. /ip neighbor discovery
  14. set pppoe-out_wan_2 discover=no
  15. /interface vlan
  16. add comment="Management device network" interface=ether2_lan name=\
  17. ManagementVlan2 vlan-id=2
  18. add comment="Restoran Dublin" interface=ether2_lan name=RestoranDublinVlan5 \
  19. vlan-id=5
  20. add comment="Restoran London" interface=ether2_lan name=RestoranLondonVlan6 \
  21. vlan-id=6
  22. add comment="Network of Servers" interface=ether2_lan name=ServersVlan3 \
  23. vlan-id=3
  24. add comment="Stage 1" interface=ether2_lan name=Stage1Vlan10 vlan-id=10
  25. add comment="Stage 2" interface=ether2_lan name=Stage2Vlan20 vlan-id=20
  26. add comment="Stage 3" interface=ether2_lan name=Stage3Vlan30 vlan-id=30
  27. add comment="Stage 4 " interface=ether2_lan name=Stage4Vlan40 vlan-id=40
  28. add comment="Personal " interface=ether2_lan name=Teh.PersonalVlan9 vlan-id=9
  29. add comment="Network VIP" interface=ether2_lan name=UnlimitedSpeedVlan7 \
  30. vlan-id=7
  31. add comment="Network Video" interface=ether2_lan name=VideoVlan4 vlan-id=4
  32. /ip neighbor discovery
  33. set ManagementVlan2 comment="Management device network"
  34. set RestoranDublinVlan5 comment="Restoran Dublin" discover=no
  35. set RestoranLondonVlan6 comment="Restoran London" discover=no
  36. set ServersVlan3 comment="Network of Servers"
  37. set Stage1Vlan10 comment="Stage 1" discover=no
  38. set Stage2Vlan20 comment="Stage 2" discover=no
  39. set Stage3Vlan30 comment="Stage 3" discover=no
  40. set Stage4Vlan40 comment="Stage 4 " discover=no
  41. set Teh.PersonalVlan9 comment="Personal "
  42. set UnlimitedSpeedVlan7 comment="Network VIP" discover=no
  43. set VideoVlan4 comment="Network Video" discover=no
  44. /interface list
  45. add name=Local
  46. add name=WAN
  47. /ip ipsec proposal
  48. set [ find default=yes ] enc-algorithms=\
  49. aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
  50. /ip pool
  51. add name=poolVlan3 ranges=172.16.3.30-172.16.3.254
  52. add name=poolVlan9 ranges=172.16.9.30-172.16.9.254
  53. add name=poolVlan10 ranges=172.16.10.30-172.16.10.254
  54. add name=poolVan20 ranges=172.16.20.30-172.16.20.254
  55. add name=poolVlan30 ranges=172.16.30.30-172.16.30.254
  56. add name=poolVlan40 ranges=172.16.40.30-172.16.40.254
  57. add name=poolVlan2 ranges=172.16.1.30-172.16.1.254
  58. add name=poolVlan4 ranges=172.16.4.30-172.16.4.254
  59. add name=poolVlan5 ranges=172.16.5.30-172.16.5.254
  60. add name=poolVlan6 ranges=172.16.6.30-172.16.6.254
  61. add name=poolVlan7 ranges=172.16.7.30-172.16.7.254
  62. /ip dhcp-server
  63. add add-arp=yes address-pool=poolVlan2 authoritative=yes disabled=no interface=\
  64. ManagementVlan2 lease-time=1d name=ServerdhcpVlan2
  65. add add-arp=yes address-pool=poolVlan3 authoritative=yes disabled=no interface=\
  66. ServersVlan3 lease-time=1d name=ServerdhcpVlan3
  67. add add-arp=yes address-pool=poolVlan9 authoritative=yes disabled=no interface=\
  68. Teh.PersonalVlan9 lease-time=1d name=ServerdhcpVlan9
  69. add add-arp=yes address-pool=poolVlan10 authoritative=yes disabled=no \
  70. interface=Stage1Vlan10 lease-time=1d name=ServerdhcpVlan10
  71. add add-arp=yes address-pool=poolVlan40 authoritative=yes disabled=no \
  72. interface=Stage4Vlan40 lease-time=1d name=ServerdhcpVlan40
  73. add add-arp=yes address-pool=poolVlan30 authoritative=yes disabled=no \
  74. interface=Stage3Vlan30 lease-time=1d name=ServerdhcpVlan30
  75. add add-arp=yes address-pool=poolVan20 authoritative=yes disabled=no interface=\
  76. Stage2Vlan20 lease-time=1d name=ServerdhcpVlan20
  77. add add-arp=yes address-pool=poolVlan4 authoritative=yes disabled=no interface=\
  78. VideoVlan4 lease-time=1d name=ServerdhcpVlan4
  79. add add-arp=yes address-pool=poolVlan5 authoritative=yes disabled=no interface=\
  80. RestoranDublinVlan5 lease-time=1d name=ServerdhcpVlan5
  81. add add-arp=yes address-pool=poolVlan6 authoritative=yes disabled=no interface=\
  82. RestoranLondonVlan6 lease-time=1d name=ServerdhcpVlan6
  83. add add-arp=yes address-pool=poolVlan7 authoritative=yes disabled=no interface=\
  84. UnlimitedSpeedVlan7 lease-time=1d name=ServerdhcpVlan7
  85. /queue simple
  86. add comment="Unlimited speed personal" name="UpLoad\\downloadVlan9" target=\
  87. Teh.PersonalVlan9
  88. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  89. "Speed limit 20 Mbit/s stage 1" max-limit=20M/20M name=\
  90. "UpLoad\\downloadVlan10" target=Stage1Vlan10
  91. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  92. "Speed limit 20 Mbit/s stage 2" max-limit=20M/20M name=\
  93. "UpLoad\\downloadVlan20" target=Stage2Vlan20
  94. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  95. "Speed limit 20 Mbit/s stage 3" max-limit=20M/20M name=\
  96. "UpLoad\\downloadVlan30" target=Stage3Vlan30
  97. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  98. "Speed limit 20 Mbit/s stage 4" max-limit=20M/20M name=\
  99. "UpLoad\\downloadVlan40" target=Stage4Vlan40
  100. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  101. "Speed limit 20 Mbit/s restaraunt Dublin" max-limit=20M/20M name=\
  102. "Upload\\downloadVlan5" target=RestoranDublinVlan5
  103. add burst-threshold=20M/20M burst-time=30s/30s comment=\
  104. "Speed limit 20 Mbit/s restaraunt London" max-limit=20M/20M name=\
  105. "UpLoad\\downloadVlan6" target=RestoranLondonVlan6
  106. add burst-time=30s/30s comment="Unlimited VIP netwok" name=\
  107. "Upload\\download vlan7" target=UnlimitedSpeedVlan7
  108. add comment="Unlimited VideoNetwork " name=VideoNetwork target=VideoVlan4
  109. /queue interface
  110. set ether1_wan_1 queue=ethernet-default
  111. set ether2_lan queue=ethernet-default
  112. set ether3_wan_2 queue=ethernet-default
  113. /ip neighbor discovery
  114. set ether1_wan_1 comment="Wan ISP1" discover=no
  115. set ether2_lan comment=Local discover=no
  116. set ether3_wan_2 comment="Wan ISP2" discover=no
  117. /system logging action
  118. set 0 memory-lines=65000
  119. /interface list member
  120. add interface=ether2_lan list=Local
  121. add interface=ManagementVlan2 list=Local
  122. add interface=RestoranDublinVlan5 list=Local
  123. add interface=RestoranLondonVlan6 list=Local
  124. add interface=ServersVlan3 list=Local
  125. add interface=Stage1Vlan10 list=Local
  126. add interface=Stage2Vlan20 list=Local
  127. add interface=Stage3Vlan30 list=Local
  128. add interface=Stage4Vlan40 list=Local
  129. add interface=Teh.PersonalVlan9 list=Local
  130. add interface=UnlimitedSpeedVlan7 list=Local
  131. add interface=VideoVlan4 list=Local
  132. add interface=pppoe-out_wan_2 list=WAN
  133. add interface=ether3_wan_2 list=WAN
  134. add interface=ether1_wan_1 list=WAN
  135. /interface pptp-server server
  136. set enabled=yes
  137. /ip address
  138. add address=172.16.1.1/24 comment="Network Device Management" interface=\
  139. ManagementVlan2 network=172.16.1.0
  140. add address=172.16.9.1/24 comment=Personal interface=Teh.PersonalVlan9 network=\
  141. 172.16.9.0
  142. add address=172.16.10.1/24 comment="Stage 1" interface=Stage1Vlan10 network=\
  143. 172.16.10.0
  144. add address=172.16.20.1/24 comment="Stage 2" interface=Stage2Vlan20 network=\
  145. 172.16.20.0
  146. add address=172.16.30.1/24 comment="Stage 3" interface=Stage3Vlan30 network=\
  147. 172.16.30.0
  148. add address=172.16.40.1/24 comment="Stage 4" interface=Stage4Vlan40 network=\
  149. 172.16.40.0
  150. add address=172.16.3.1/24 comment="Server Network" interface=ServersVlan3 \
  151. network=172.16.3.0
  152. add address=172.16.4.1/24 comment="CCTV network" interface=VideoVlan4 network=\
  153. 172.16.4.0
  154. add address=172.16.5.1/24 comment="Restaurant Dublin" interface=\
  155. RestoranDublinVlan5 network=172.16.5.0
  156. add address=172.16.6.1/24 comment="Restaurant London" interface=\
  157. RestoranLondonVlan6 network=172.16.6.0
  158. add address=172.16.7.1/24 comment="Unlimited speed" interface=\
  159. UnlimitedSpeedVlan7 network=172.16.7.0
  160. add address=85.172.120.102/24 interface=ether1_wan_1 network=85.172.120.0
  161. /ip dhcp-server network
  162. add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1
  163. add address=172.16.3.0/24 dns-server=172.16.3.1,172.16.3.6 gateway=172.16.3.1
  164. add address=172.16.4.0/24 dns-server=172.16.4.1 gateway=172.16.4.1
  165. add address=172.16.5.0/24 dns-server=172.16.5.1 gateway=172.16.5.1
  166. add address=172.16.6.0/24 dns-server=172.16.6.1 gateway=172.16.6.1
  167. add address=172.16.7.0/24 dns-server=172.16.7.1 gateway=172.16.7.1
  168. add address=172.16.9.0/24 dns-server=172.16.9.1,172.16.3.6 gateway=172.16.9.1
  169. add address=172.16.10.0/24 dns-server=172.16.10.1 gateway=172.16.10.1
  170. add address=172.16.20.0/24 dns-server=172.16.20.1 gateway=172.16.20.1
  171. add address=172.16.30.0/24 dns-server=172.16.30.1 gateway=172.16.30.1
  172. add address=172.16.40.0/24 dns-server=172.16.40.1 gateway=172.16.40.1
  173. /ip dns
  174. set allow-remote-requests=yes servers=\
  175. 83.239.129.4,178.35.148.196,88.87.64.6,88.87.65.3,8.8.8.8
  176. /ip firewall address-list
  177. add address=83.239.129.4 list=dns
  178. add address=178.35.148.196 list=dns
  179. add address=88.87.64.6 list=dns
  180. add address=88.87.65.3 list=dns
  181. add address=8.8.8.8 list=dns
  182. /ip firewall filter
  183. add action=accept chain=forward comment=FTP dst-port=21 log-prefix="" protocol=\
  184. tcp
  185. add action=accept chain=input dst-port=53 log-prefix="" protocol=udp \
  186. src-address-list=dns
  187. add action=accept chain=forward connection-limit=40,32 log-prefix="" protocol=\
  188. udp src-address-list=torrent_limit
  189. add action=drop chain=input dst-port=53 in-interface=pppoe-out_wan_2 \
  190. log-prefix="" protocol=udp
  191. add action=drop chain=input comment="Dns " dst-port=53 in-interface=\
  192. ether1_wan_1 log-prefix="" protocol=udp
  193. add action=accept chain=input comment="Allow IKE" dst-port=500 log-prefix="" \
  194. protocol=udp
  195. add action=accept chain=input comment="Allow IPSec-esp" log-prefix="" protocol=\
  196. ipsec-esp
  197. add action=accept chain=input comment="Allow IPSec-ah" log-prefix="" protocol=\
  198. ipsec-ah
  199. add action=accept chain=input comment="Allow UDP" log-prefix="" protocol=udp
  200. add action=accept chain=input comment="Allow ping" log-prefix="" protocol=icmp
  201. add action=accept chain=forward comment=SSH dst-port=22 log-prefix="" protocol=\
  202. tcp
  203. add action=accept chain=input comment="PPTP VPN " dst-port=1723 log-prefix="" \
  204. protocol=tcp
  205. add action=accept chain=input comment=Winbox connection-state=new dst-port=8291 \
  206. log-prefix="" protocol=tcp
  207. add action=accept chain=input dst-port=7777 log-prefix="" protocol=tcp
  208. add action=accept chain=input comment=GRE log-prefix="" protocol=gre
  209. add action=accept chain=input comment="Filter rules firewall" connection-state=\
  210. established log-prefix=""
  211. add action=accept chain=input connection-state=related log-prefix=""
  212. add action=accept chain=forward comment="Forward rule" dst-port=3389 \
  213. log-prefix="" protocol=tcp
  214. add action=accept chain=forward comment=Video dst-port=88 log-prefix="" \
  215. protocol=tcp
  216. add action=accept chain=forward comment="IIS Server" dst-port=80 log-prefix="" \
  217. protocol=tcp
  218. add action=accept chain=forward dst-port=90 log-prefix="" protocol=tcp
  219. add action=accept chain=forward comment=Ping log-prefix="" protocol=icmp
  220. add action=accept chain=input comment="Allow from Local list" \
  221. in-interface-list=Local log-prefix=""
  222. add action=drop chain=input in-interface-list=WAN log-prefix=""
  223. add action=accept chain=forward comment="Allow ALL from Local LIST" \
  224. in-interface-list=Local log-prefix=""
  225. add action=accept chain=forward comment="Filter rules firewall" \
  226. connection-state=established log-prefix=""
  227. add action=accept chain=forward connection-state=related log-prefix=""
  228. add action=drop chain=forward log-prefix=""
  229. add action=drop chain=forward comment=invalid connection-state=invalid \
  230. log-prefix=""
  231. add action=drop chain=input connection-state=invalid log-prefix=""
  232. /ip firewall mangle
  233. add action=mark-connection chain=input connection-mark=no-mark in-interface=\
  234. ether1_wan_1 log-prefix="" new-connection-mark=input_wan_1 passthrough=no
  235. add action=mark-routing chain=output connection-mark=input_wan_1 log-prefix="" \
  236. new-routing-mark=WAN_1 passthrough=no
  237. add action=mark-connection chain=input connection-mark=no-mark in-interface=\
  238. pppoe-out_wan_2 log-prefix="" new-connection-mark=input_wan_2 passthrough=\
  239. no
  240. add action=mark-routing chain=output connection-mark=input_wan_2 log-prefix="" \
  241. new-routing-mark=WAN_2 passthrough=no
  242. /ip firewall nat
  243. add action=accept chain=srcnat comment="IpSec tunnel" dst-address=10.8.0.0/24 \
  244. log-prefix="" src-address=172.16.9.0/24
  245. add action=dst-nat chain=dstnat comment=Videonabl dst-port=88 in-interface=\
  246. pppoe-out_wan_2 log-prefix="" protocol=tcp to-addresses=172.16.4.2 \
  247. to-ports=34567
  248. add action=dst-nat chain=dstnat comment=Terminal dst-port=6984 in-interface=\
  249. ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=\
  250. 3389
  251. add action=dst-nat chain=dstnat dst-port=88 in-interface=ether1_wan_1 \
  252. log-prefix="" protocol=tcp to-addresses=172.16.4.2 to-ports=34567
  253. add action=masquerade chain=srcnat comment="Nat Rostekekom " log-prefix="" \
  254. out-interface=ether1_wan_1
  255. add action=dst-nat chain=dstnat dst-port=6984 in-interface=pppoe-out_wan_2 \
  256. log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=3389
  257. add action=masquerade chain=srcnat comment="Nat Dom.ru" log-prefix="" \
  258. out-interface=pppoe-out_wan_2
  259. add action=dst-nat chain=dstnat comment=Ftp dst-port=21 in-interface=\
  260. ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=21
  261. add action=dst-nat chain=dstnat comment=Apache dst-port=80 in-interface=\
  262. ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=80
  263. add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out_wan_2 \
  264. log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=80
  265. add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out_wan_2 \
  266. log-prefix="" protocol=tcp to-addresses=172.16.3.7 to-ports=22
  267. /ip firewall service-port
  268. set ftp disabled=yes
  269. set tftp disabled=yes
  270. set irc disabled=yes
  271. set h323 disabled=yes
  272. set sip disabled=yes
  273. /ip ipsec peer
  274. add address=213.234.25.92/32 dh-group=modp1536 exchange-mode=main-l2tp \
  275. generate-policy=port-override passive=yes secret=HXXB4-XR9QR
  276. /ip route
  277. add check-gateway=ping distance=5 gateway=85.172.120.101 routing-mark=WAN_1
  278. add check-gateway=ping distance=5 gateway=pppoe-out_wan_2 routing-mark=WAN_2
  279. add check-gateway=ping distance=1 gateway=\
  280. "pppoe-out_wan_2,85.172.120.101@(unknown)"
  281. add check-gateway=arp distance=2 gateway=pppoe-out_wan_2
  282. add check-gateway=ping distance=10 gateway=85.172.120.101
  283. /ip route rule
  284. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.10.0/24
  285. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.3.0/24
  286. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.10.0/24
  287. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.1.0/24
  288. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.10.0/24
  289. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.10.0/24
  290. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.4.0/24
  291. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.6.0/24
  292. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.5.0/24
  293. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.6.0/24
  294. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.7.0/24
  295. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.6.0/24
  296. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.9.0/24
  297. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.6.0/24
  298. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.9.0/24
  299. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.5.0/24
  300. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.7.0/24
  301. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.5.0/24
  302. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.6.0/24
  303. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.4.0/24
  304. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.5.0/24
  305. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.3.0/24
  306. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.5.0/24
  307. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.1.0/24
  308. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.5.0/24
  309. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.40.0/24
  310. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.10.0/24
  311. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.9.0/24
  312. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.40.0/24
  313. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.7.0/24
  314. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.40.0/24
  315. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.6.0/24
  316. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.40.0/24
  317. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.5.0/24
  318. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.40.0/24
  319. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.4.0/24
  320. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.40.0/24
  321. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.3.0/24
  322. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.40.0/24
  323. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.1.0/24
  324. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.40.0/24
  325. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.1.0/24
  326. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.30.0/24
  327. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.3.0/24
  328. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.30.0/24
  329. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.4.0/24
  330. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.30.0/24
  331. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.5.0/24
  332. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.30.0/24
  333. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.6.0/24
  334. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.30.0/24
  335. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.10.0/24
  336. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.9.0/24
  337. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.30.0/24
  338. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.30.0/24
  339. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.7.0/24
  340. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.30.0/24
  341. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.40.0/24
  342. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.30.0/24
  343. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.40.0/24
  344. add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.20.0/24
  345. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.30.0/24
  346. add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.20.0/24
  347. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.10.0/24
  348. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.20.0/24
  349. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.9.0/24
  350. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.20.0/24
  351. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.7.0/24
  352. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.20.0/24
  353. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.6.0/24
  354. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.20.0/24
  355. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.5.0/24
  356. add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.20.0/24
  357. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.4.0/24
  358. add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.20.0/24
  359. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.3.0/24
  360. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.20.0/24
  361. add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.1.0/24
  362. add action=unreachable disabled=yes dst-address=172.16.10.0/24 src-address=\
  363. 172.16.9.0/24
  364. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.20.0/24
  365. add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.10.0/24
  366. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.7.0/24
  367. add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.10.0/24
  368. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.6.0/24
  369. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.10.0/24
  370. add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.5.0/24
  371. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.1.0/24
  372. add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.6.0/24
  373. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.3.0/24
  374. add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.6.0/24
  375. add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.4.0/24
  376. /ip service
  377. set telnet disabled=yes
  378. set ftp disabled=yes
  379. set www address="178.236.242.166/32,172.16.9.0/24,172.16.3.0/24,213.234.25.92/32\
  380. ,85.172.120.102/32,93.94.221.180/32,213.234.25.174/32" port=89
  381. set ssh disabled=yes port=24
  382. set api disabled=yes
  383. set winbox address="172.16.9.0/24,172.16.3.0/24,93.94.221.180/32,213.234.25.92/3\
  384. 2,178.236.242.166/32,213.234.25.174/32" port=7777
  385. set api-ssl disabled=yes
  386. /ppp secret
  387. add comment="Admin network" local-address=172.16.9.1 name=Wizart password=\
  388. HXXB4-XR9QR remote-address=172.16.9.3 service=pptp
  389. add comment=Buhgalter local-address=172.16.9.1 name=Sayadyan password=\
  390. Gfhjkm1978 remote-address=172.16.9.9 service=pptp
  391. /system clock
  392. set time-zone-autodetect=no time-zone-name=Europe/Moscow
  393. /system clock manual
  394. set time-zone=+03:00
  395. /system ntp client
  396. set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=88.147.254.235
  397. /system scheduler
  398. add interval=1w3d name="Reboot routers" on-event=" /system reboot" policy=\
  399. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  400. aug/06/2016 start-time=05:00:00
  401. add interval=1w3d name="Backup settings" on-event=Backup_to_mail policy=\
  402. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  403. aug/07/2016 start-time=06:00:10
  404. /system script
  405. add comment="Backup settings" name=Backup_to_mail owner=Wizart policy=\
  406. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
  407. \n:log info \"Starting Backup Script...\";\r\
  408. \n:local sysname [/system identity get name];\r\
  409. \n:local sysver [/system package get system version];\r\
  410. \n:log info \"Flushing DNS cache...\";\r\
  411. \n/ip dns cache flush;\r\
  412. \n:delay 2;\r\
  413. \n:log info \"Deleting last Backups...\";\r\
  414. \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \
  415. \\\r\
  416. \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
  417. \n:delay 2;\r\
  418. \n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
  419. \n:local Eaccount \"igor.krivintsov@gmail.com\";\r\
  420. \n:local pass \"Gfhjkm1978\";\r\
  421. \n:local backupfile (\"\$sysname-backup-\" . \\\r\
  422. \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
  423. \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\")\
  424. ;\r\
  425. \n:log info \"Creating new Full Backup file...\";\r\
  426. \n/system backup save name=\$backupfile;\r\
  427. \n:delay 2;\r\
  428. \n:log info \"Sending Full Backup file via E-mail...\";\r\
  429. \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\
  430. \r\
  431. \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \
  432. \\\r\
  433. \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \
  434. \\\r\
  435. \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \
  436. \\\r\
  437. \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\
  438. \r\
  439. \n[/system clock get date]);\r\
  440. \n:delay 5;\r\
  441. \n:local exportfile (\"\$sysname-backup-\" . \\\r\
  442. \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
  443. \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
  444. \n:log info \"Creating new Setup Script file...\";\r\
  445. \n/export verbose file=\$exportfile;\r\
  446. \n:delay 2;\r\
  447. \n:log info \"Sending Setup Script file via E-mail...\";\r\
  448. \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\
  449. \r\
  450. \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \
  451. \\\r\
  452. \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \
  453. \\\r\
  454. \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \
  455. \\\r\
  456. \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \
  457. \" \\\r\
  458. \n\" . [/system clock get date]);\r\
  459. \n:delay 5;\r\
  460. \n:log info \"All System Backups emailed successfully.\\nBackuping completed\
  461. .\";\r\
  462. \n}"
  463. /tool graphing interface
  464. add
  465. /tool graphing queue
  466. add
  467. /tool graphing resource
  468. add
  469. /tool mac-server
  470. set [ find default=yes ] disabled=yes
  471. add interface=ServersVlan3
  472. add interface=Teh.PersonalVlan9
  473. /tool mac-server mac-winbox
  474. add interface=Teh.PersonalVlan9
  475. add interface=ServersVlan3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!