API tools faq
paste
Guest User

Untitled

a guest
May 27th, 2020
31
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.35 KB | None | 0 0
raw download clone embed print report
  1. # may/28/2020 08:23:34 by RouterOS 6.46.6
  2.  
  3. #
  4. # model = RouterBOARD 3011UiAS
  5.  
  6. /interface bridge
  7. add admin-mac=******************* arp=proxy-arp auto-mac=no comment=defconf name=\
  8. bridge
  9. add name=bridge2-mts
  10. /interface ethernet
  11. set [ find default-name=ether1 ] speed=100Mbps
  12. set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
  13. set [ find default-name=ether3 ] speed=100Mbps
  14. set [ find default-name=ether4 ] speed=100Mbps
  15. set [ find default-name=ether5 ] speed=100Mbps
  16. set [ find default-name=ether6 ] name=ether6-master speed=100Mbps
  17. set [ find default-name=ether7 ] speed=100Mbps
  18. set [ find default-name=ether8 ] speed=100Mbps
  19. set [ find default-name=ether9 ] speed=100Mbps
  20. set [ find default-name=ether10 ] speed=100Mbps
  21. set [ find default-name=sfp1 ] advertise=\
  22. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  23. /interface list
  24. add comment=defconf name=WAN
  25. add comment=defconf name=LAN
  26. add exclude=dynamic name=discover
  27. add name=mactel
  28. add name=mac-winbox
  29. /interface wireless security-profiles
  30. set [ find default=yes ] supplicant-identity=MikroTik
  31. /ip pool
  32. add name=dhcp ranges=10.225.1.10-10.225.1.254
  33. add name=l2tp ranges=10.225.3.2-10.225.3.254
  34. /ip dhcp-server
  35. add address-pool=dhcp disabled=no interface=bridge name=defconf
  36. /ppp profile
  37. add bridge=bridge interface-list=LAN local-address=dhcp name=l2tp \
  38. remote-address=l2tp use-encryption=yes
  39. add bridge=bridge local-address=dhcp name=ovpn remote-address=l2tp \
  40. use-encryption=yes
  41. /interface l2tp-client
  42. add allow=mschap1,mschap2 connect-to=айпи 2-го прова disabled=no ipsec-secret=\
  43. *********** keepalive-timeout=disabled name=l2tp-***** password=******** \
  44. profile=l2tp use-ipsec=yes user=tmn-l2tp
  45. /user group
  46. set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
  47. ord,web,sniff,sensitive,api,romon,dude,tikapp"
  48. /interface bridge port
  49. add bridge=bridge comment=defconf interface=ether2-master
  50. add bridge=bridge comment=defconf interface=ether6-master
  51. add bridge=bridge comment=defconf hw=no interface=sfp1
  52. add bridge=bridge hw=no interface=ether1
  53. add bridge=bridge2-mts hw=no interface=ether5
  54. add bridge=bridge interface=ether3
  55. add bridge=bridge interface=ether4
  56. add bridge=bridge interface=ether7
  57. add bridge=bridge interface=ether8
  58. add bridge=bridge interface=ether9
  59. add bridge=bridge interface=ether10
  60. /ip neighbor discovery-settings
  61. set discover-interface-list=discover
  62. /interface l2tp-server server
  63. set authentication=mschap1,mschap2 default-profile=l2tp enabled=yes \
  64. ipsec-secret=****************** use-ipsec=required
  65. /interface list member
  66. add comment=defconf interface=bridge list=LAN
  67. add interface=bridge2-mts list=WAN
  68. add interface=ether2-master list=discover
  69. add interface=ether3 list=discover
  70. add interface=ether4 list=discover
  71. add interface=ether5 list=discover
  72. add interface=sfp1 list=discover
  73. add interface=ether6-master list=discover
  74. add interface=ether7 list=discover
  75. add interface=ether8 list=discover
  76. add interface=ether9 list=discover
  77. add interface=ether10 list=discover
  78. add interface=bridge list=discover
  79. add list=discover
  80. add interface=bridge2-mts list=discover
  81. add list=discover
  82. add interface=l2tp-***** list=discover
  83. add interface=ether1 list=mactel
  84. add interface=ether2-master list=mactel
  85. add interface=ether6-master list=mactel
  86. add interface=ether1 list=mac-winbox
  87. add interface=sfp1 list=mactel
  88. add interface=ether2-master list=mac-winbox
  89. add interface=ether6-master list=mac-winbox
  90. add interface=sfp1 list=mac-winbox
  91. /interface ovpn-server server
  92. set auth=sha1 certificate=tmn-ovpn cipher=blowfish128,aes128,aes192,aes256 \
  93. default-profile=l2tp enabled=yes port=*******
  94. /ip accounting
  95. set account-local-traffic=yes enabled=yes
  96. /ip address
  97. add address=10.225.1.1/24 comment=defconf interface=ether1 network=10.225.1.0
  98. add address=белый айпи прова ТМН/24 interface=bridge2-mts network=сеть прова ТМН
  99. /ip dhcp-server lease
  100.  
  101. /ip dhcp-server network
  102. add address=10.225.1.0/24 comment=defconf dns-server=10.225.1.17,10.225.1.1 \
  103. gateway=10.225.1.1 netmask=24
  104. /ip dns
  105. set allow-remote-requests=yes servers=******************
  106. /ip dns static
  107. add address=10.225.1.1 name=router.lan
  108. /ip firewall filter
  109. add action=accept chain=forward comment="accept ykt to tmn" dst-address=\
  110. 10.225.0.0/16 src-address=10.221.0.0/16
  111. add action=accept chain=forward dst-address=10.225.0.0/16 src-address=\
  112. 10.10.5.0/24
  113. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  114. ipsec-policy=in,ipsec
  115. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  116. ipsec-policy=out,ipsec
  117. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  118. connection-state=established,related
  119. add action=accept chain=forward comment=\
  120. "defconf: accept established,related, untracked" connection-state=\
  121. established,related,untracked
  122. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  123. invalid
  124. add action=drop chain=forward comment=\
  125. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  126. connection-state=new in-interface-list=WAN
  127. add action=accept chain=input protocol=icmp
  128. add action=accept chain=input connection-state=established
  129. add action=accept chain=input connection-state=related
  130. # lte1 not ready
  131. add action=drop chain=input in-interface=*D
  132. /ip firewall nat
  133. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
  134. out,none out-interface-list=WAN
  135. add action=masquerade chain=srcnat comment="srcnat L2TP" disabled=yes \
  136. ipsec-policy=out,none out-interface=l2tp-*****
  137. # lte1 not ready
  138. add action=masquerade chain=srcnat out-interface=*D
  139. /ip route
  140. add check-gateway=ping distance=1 gateway=bridge2-mts pref-src=Айпи прова ТМН
  141. add check-gateway=ping distance=1 dst-address=10.221.0.0/16 gateway=l2tp-*****
  142. add disabled=yes distance=1 dst-address=10.225.1.0/24 gateway=*F
  143. /ip service
  144. set telnet disabled=yes
  145. set ftp disabled=yes
  146. set www address=*****************
  147. set ssh address=******************
  148. set api address=***************
  149. set winbox address=*********************
  150. set api-ssl address=************
  151. /ppp secret
  152.  
  153. /system clock
  154. set time-zone-name=Asia/Yekaterinburg
  155. /tool mac-server
  156. set allowed-interface-list=mactel
  157. /tool mac-server mac-winbox
  158. set allowed-interface-list=mac-winbox
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!