API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 11th, 2017
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.03 KB | None | 0 0
raw download clone embed print report
  1. # dec/11/2017 11:05:55 by RouterOS 6.41rc61
  2. # software id = 0PEF-DU4H
  3. #
  4. # model = CCR1009-7G-1C-1S+
  5. # serial number = 849707CBB2CC
  6. /interface bridge
  7. add fast-forward=no name=br-lan10/24
  8. /interface ethernet
  9. set [ find default-name=combo1 ] combo-mode=copper comment=tenet-main-work \
  10. mac-address=00:1A:64:B3:AA:3A name=combo1-wtenetw
  11. set [ find default-name=ether5 ] name=eth5-g1724
  12. set [ find default-name=ether6 ] name=eth6v2024
  13. set [ find default-name=ether7 ] comment=tenet2-video-guest mac-address=\
  14. 64:D1:54:E5:94:BD name=eth7-tenet2vg
  15. set [ find default-name=ether1 ] comment=br-lan1024 mac-address=\
  16. 6C:3B:6B:00:87:DA
  17. /interface pppoe-client
  18. add add-default-route=yes comment=pppoe-tenet-main-work disabled=no \
  19. interface=combo1-wtenetw name=pppoe-tenetmainw password=hidden user=\
  20. user
  21. add comment=pppoe-tenet2-vg disabled=no interface=eth7-tenet2vg name=\
  22. pppoe-wtenet2vg password=hidden user=user1
  23. /interface wireless security-profiles
  24. set [ find default=yes ] supplicant-identity=MikroTik
  25. /ip ipsec proposal
  26. set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des \
  27. pfs-group=none
  28. /ip pool
  29. add name=dhcp_poolw1024 ranges=192.168.10.100-192.168.10.155
  30. add name=poolv2024 ranges=192.168.20.100-192.168.20.200
  31. add name=poolguest1724 ranges=172.138.17.100-172.138.17.200
  32. add name=poolvpnl2tp ranges=17.77.7.3-17.77.7.60
  33. /ip dhcp-server
  34. add address-pool=dhcp_poolw1024 disabled=no interface=br-lan10/24 lease-time=\
  35. 8h name=server1mw1024
  36. add address-pool=poolv2024 disabled=no interface=eth6v2024 lease-time=8h \
  37. name=server2v2024
  38. add address-pool=poolguest1724 disabled=no interface=eth5-g1724 lease-time=8h \
  39. name=server3guest1724
  40. /ppp profile
  41. add change-tcp-mss=yes local-address=17.77.7.1 name=vpnl2tp only-one=yes \
  42. remote-address=poolvpnl2tp use-encryption=yes
  43. /interface bridge port
  44. add bridge=br-lan10/24 interface=ether2
  45. add bridge=br-lan10/24 interface=ether3
  46. add bridge=br-lan10/24 interface=ether4
  47. add bridge=br-lan10/24 interface=ether1
  48. /interface l2tp-server server
  49. set authentication=mschap2 default-profile=vpnl2tp enabled=yes
  50. /ip address
  51. add address=192.168.20.1/24 comment=videoreg-lan interface=eth6v2024 network=\
  52. 192.168.20.0
  53. add address=172.138.17.1/24 comment=guest-lan interface=eth5-g1724 network=\
  54. 172.138.17.0
  55. add address=192.168.10.1/24 comment=main-work-lan interface=br-lan10/24 \
  56. network=192.168.10.0
  57. /ip arp
  58. add address=192.168.20.30 interface=eth6v2024 mac-address=2E:2E:45:BE:A9:89
  59. add address=192.168.20.4 interface=eth6v2024 mac-address=00:12:14:00:26:F1
  60. /ip dhcp-client
  61. add comment=wan-tenet2vg dhcp-options=hostname,clientid disabled=no \
  62. interface=eth7-tenet2vg
  63. add comment=wan-tenet-main default-route-distance=2 dhcp-options=\
  64. hostname,clientid disabled=no interface=combo1-wtenetw
  65. /ip dhcp-server lease
  66. add address=192.168.10.9 client-id=1:10:1f:74:77:f6:dd comment=admin-book \
  67. mac-address=10:1F:74:77:F6:DD server=server1mw1024
  68. add address=192.168.20.9 client-id=1:10:1f:74:77:f6:dd comment=admin-book \
  69. mac-address=10:1F:74:77:F6:DD server=server2v2024
  70. add address=192.168.20.32 client-id=0E:F7:9C:89:4D:DC mac-address=\
  71. 0E:F7:9C:89:4D:DC server=server2v2024
  72. add address=192.168.20.31 client-id=4E:16:A3:95:2D:93 mac-address=\
  73. 4E:16:A3:95:2D:93 server=server2v2024
  74. add address=192.168.20.30 client-id=2e:2e:45:be:a9:89 comment=ipcam1 \
  75. mac-address=2E:2E:45:BE:A9:89 server=server2v2024
  76. add address=192.168.20.33 client-id=DE:69:84:7A:1E:E7 mac-address=\
  77. DE:69:84:7A:1E:E7 server=server2v2024
  78. add address=192.168.20.34 client-id=B2:0D:8E:36:97:92 mac-address=\
  79. B2:0D:8E:36:97:92 server=server2v2024
  80. add address=192.168.20.4 client-id=00:12:14:00:26:F1 comment=Videoreg3 \
  81. mac-address=00:12:14:00:26:F1 server=server2v2024
  82. add address=192.168.20.35 client-id=CE:30:EA:92:C9:5A mac-address=\
  83. CE:30:EA:92:C9:5A server=server2v2024
  84. add address=192.168.20.37 client-id=A2:58:09:8D:ED:B2 mac-address=\
  85. A2:58:09:8D:ED:B2 server=server2v2024
  86. add address=192.168.20.36 client-id=76:50:72:D9:EE:17 mac-address=\
  87. 76:50:72:D9:EE:17 server=server2v2024
  88. add address=192.168.20.38 client-id=36:A2:3F:7D:AC:8A mac-address=\
  89. 36:A2:3F:7D:AC:8A server=server2v2024
  90. add address=192.168.20.39 client-id=8E:B4:16:BD:59:EA mac-address=\
  91. 8E:B4:16:BD:59:EA server=server2v2024
  92. add address=192.168.10.14 client-id=00:23:24:26:E0:E3 comment=hp-term1-mag2 \
  93. mac-address=00:23:24:26:E0:E3 server=server1mw1024
  94. add address=192.168.10.18 comment=samsung-print_m2 mac-address=\
  95. 30:CD:A7:BE:DF:EE server=server1mw1024
  96. add address=192.168.10.15 client-id=98:DE:D0:BA:FC:7F comment=\
  97. lenovo-term2-mag2 mac-address=98:DE:D0:BA:FC:7F server=server1mw1024
  98. add address=192.168.10.32 client-id=F8:A9:63:DC:51:4D comment=cashbox2-m2 \
  99. mac-address=F8:A9:63:DC:51:4D server=server1mw1024
  100. add address=192.168.10.33 client-id=F8:A9:63:DC:51:F3 comment=cashbox3-m2 \
  101. mac-address=F8:A9:63:DC:51:F3 server=server1mw1024
  102. add address=192.168.10.34 client-id=F8:A9:63:DC:53:57 comment=cashbox4-m2 \
  103. mac-address=F8:A9:63:DC:53:57 server=server1mw1024
  104. /ip dhcp-server network
  105. add address=17.77.7.0/24 comment=vpnl2tp dns-server=17.77.7.1 gateway=\
  106. 17.77.7.1
  107. add address=172.138.17.0/24 comment=guest dns-server=\
  108. 172.138.17.1,8.8.8.8,8.8.4.4 gateway=172.138.17.1
  109. add address=192.168.10.0/24 comment=work-main dns-server=\
  110. 192.168.10.1,8.8.8.8,8.8.4.4 gateway=192.168.10.1
  111. add address=192.168.20.0/24 comment=videoreg dns-server=\
  112. 192.168.20.1,8.8.8.8,8.8.4.4 gateway=192.168.20.1
  113. /ip dns
  114. set servers=8.8.8.8,8.8.4.4
  115. /ip firewall filter
  116. add action=accept chain=input comment=l2tp-ipsec-accept dst-port=4500 \
  117. protocol=udp
  118. add action=accept chain=input dst-port=1701 protocol=udp
  119. add action=accept chain=input dst-port=500 protocol=udp
  120. add action=accept chain=forward comment=allow-vpn-to-work-lan out-interface=\
  121. all-ppp src-address=17.77.7.0/24
  122. add action=accept chain=forward comment=allow-work-lan-to-vpn dst-address=\
  123. 192.168.10.0/24 in-interface=all-ppp
  124. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  125. add action=accept chain=forward comment="defconf: accept ICMP" protocol=icmp
  126. add action=accept chain=input comment="defconf: accept established" \
  127. connection-state=established
  128. add action=accept chain=forward comment="defconf: accept established" \
  129. connection-state=established
  130. add action=accept chain=input comment="defconf: accept related" \
  131. connection-state=related
  132. add action=accept chain=forward comment="defconf: accept related" \
  133. connection-state=related
  134. add action=accept chain=input in-interface=br-lan10/24 src-address=\
  135. 192.168.10.0/24
  136. add action=accept chain=input comment=wan-isp1-winbox dst-address=\
  137. 195.138.85.137 dst-port=9987 log=yes protocol=tcp
  138. add action=accept chain=input comment=wan-isp1-web dst-address=195.138.85.137 \
  139. dst-port=9990 log=yes protocol=tcp
  140. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  141. invalid
  142. add action=drop chain=forward comment="defconf: drop invalid" \
  143. connection-state=invalid
  144. add action=drop chain=input comment=\
  145. "defconf: drop all not coming from LAN ISP1" in-interface=\
  146. pppoe-tenetmainw
  147. add action=drop chain=input comment=\
  148. "defconf: drop all not coming from LAN ISP2" in-interface=pppoe-wtenet2vg
  149. add action=accept chain=forward in-interface=br-lan10/24 out-interface=\
  150. pppoe-tenetmainw
  151. add action=accept chain=forward in-interface=eth6v2024 out-interface=\
  152. pppoe-wtenet2vg
  153. add action=accept chain=forward in-interface=eth5-g1724 out-interface=\
  154. pppoe-wtenet2vg
  155. add action=accept chain=forward comment=\
  156. "defconf: accept established,related, untracked" connection-state=\
  157. established,related,untracked
  158. add action=accept chain=forward comment=\
  159. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  160. connection-state=new in-interface-list=all
  161. add action=drop chain=input dst-address=195.138.85.137 dst-port=53 protocol=\
  162. tcp
  163. add action=drop chain=input dst-address=195.138.85.137 dst-port=53 protocol=\
  164. udp
  165. /ip firewall mangle
  166. add action=mark-routing chain=prerouting new-routing-mark=241 passthrough=yes \
  167. src-address=172.138.17.0/24
  168. add action=mark-routing chain=prerouting new-routing-mark=242 passthrough=yes \
  169. src-address=192.168.20.0/24
  170. add action=mark-routing chain=prerouting new-routing-mark=243 passthrough=yes \
  171. src-address=17.77.7.0/24
  172. /ip firewall nat
  173. add action=masquerade chain=srcnat out-interface=pppoe-tenetmainw \
  174. src-address=192.168.10.0/24
  175. add action=masquerade chain=srcnat out-interface=pppoe-wtenet2vg src-address=\
  176. 172.138.17.0/24
  177. add action=masquerade chain=srcnat out-interface=pppoe-wtenet2vg src-address=\
  178. 192.168.20.0/24
  179. add action=dst-nat chain=dstnat dst-address=185.177.242.190 dst-port=34567 \
  180. protocol=tcp to-addresses=192.168.20.4 to-ports=34567
  181. /ip ipsec peer
  182. add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-128,3des \
  183. exchange-mode=main-l2tp generate-policy=port-strict lifetime=8h \
  184. nat-traversal=no passive=yes secret=testsecret
  185. /ip route
  186. add distance=1 gateway=pppoe-wtenet2vg routing-mark=241
  187. add distance=1 gateway=pppoe-wtenet2vg routing-mark=242
  188. add distance=1 gateway=combo1-wtenetw routing-mark=243
  189. /ip route rule
  190. add action=unreachable dst-address=192.168.20.0/24 src-address=\
  191. 172.138.17.0/24
  192. add action=unreachable dst-address=172.138.17.0/24 src-address=\
  193. 192.168.20.0/24
  194. /ip service
  195. set telnet disabled=yes
  196. set ftp disabled=yes
  197. set www port=9990
  198. set ssh disabled=yes
  199. set api disabled=yes
  200. set winbox port=9987
  201. set api-ssl disabled=yes
  202. /lcd
  203. set color-scheme=dark default-screen=stats
  204. /lcd pin
  205. set pin-number=8520
  206. /ppp secret
  207. add local-address=17.77.7.1 name=Usver-m password=testpasswd profile=\
  208. vpnl2tp remote-address=17.77.7.30 service=l2tp
  209. add local-address=17.77.7.1 name=Usver password=testpasswd profile=\
  210. vpnl2tp remote-address=17.77.7.5 service=l2tp
  211. /system clock
  212. set time-zone-name=Europe/Kiev
  213. /system identity
  214. set name=MikroT-Main
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!