API tools faq
paste
Guest User

Untitled

a guest
May 28th, 2020
40
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.38 KB | None | 0 0
raw download clone embed print report
  1. # may/28/2020 23:19:53 by RouterOS 6.46.6
  2. # software id = NJ6V-HSL8
  3. #
  4. # model = RBD52G-5HacD2HnD
  5. # serial number = B4A00A8DBE0B
  6. /interface bridge
  7. add admin-mac=74:4D:28:83:8D:A1 auto-mac=no igmp-snooping=yes name=Bridge-LAN
  8. add admin-mac=42:21:87:13:C5:FD auto-mac=no disabled=yes igmp-snooping=yes \
  9. name=Bridge-Wifi
  10. /interface ethernet
  11. set [ find default-name=ether1 ] comment=ISP name=WAN
  12. set [ find default-name=ether2 ] comment="main comp" name=eth1
  13. set [ find default-name=ether3 ] comment=zal name=eth2
  14. set [ find default-name=ether4 ] comment=Badroom name=eth3
  15. set [ find default-name=ether5 ] comment="rpi server" name=eth4
  16. /interface list
  17. add name=list-WAN
  18. add name=list-LAN
  19. add exclude=dynamic name=discover
  20. /interface wireless channels
  21. add band=2ghz-onlyn disabled=yes extension-channel=Ce frequency=2412 list=\
  22. 9-13 name=ch1 width=40
  23. /interface wireless security-profiles
  24. set [ find default=yes ] supplicant-identity=MikroTik
  25. add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=\
  26. dynamic-keys name=home supplicant-identity=""
  27. /interface wireless
  28. set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
  29. antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia \
  30. disabled=no disconnect-timeout=10s distance=indoors frequency=auto \
  31. frequency-mode=superchannel hw-protection-mode=rts-cts installation=\
  32. indoor max-station-count=50 mode=ap-bridge multicast-helper=full name=\
  33. wlan1-2.4GHz security-profile=home ssid=nowhere2 wireless-protocol=802.11 \
  34. wmm-support=enabled wps-mode=disabled
  35. set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
  36. antenna-gain=0 band=5ghz-onlyac channel-width=20/40/80mhz-XXXX country=\
  37. russia disabled=no disconnect-timeout=10s distance=indoors \
  38. frequency-mode=superchannel hw-protection-mode=rts-cts installation=\
  39. indoor mode=ap-bridge multicast-helper=full name=wlan2-5GHz \
  40. security-profile=home ssid=nowhere5 wireless-protocol=802.11 wmm-support=\
  41. enabled wps-mode=disabled
  42. /interface wireless nstreme
  43. set wlan1-2.4GHz enable-polling=no
  44. set wlan2-5GHz enable-polling=no
  45. /ip firewall layer7-protocol
  46. add name=youtube regexp="^.+(youtube).*\$"
  47. /ip hotspot profile
  48. set [ find default=yes ] html-directory=flash/hotspot
  49. /ip kid-control
  50. add disabled=yes name=weekly
  51. /ip pool
  52. add name=lan ranges=192.168.10.10-192.168.10.90
  53. /ip dhcp-server
  54. add address-pool=lan disabled=no interface=Bridge-LAN lease-time=1w3d name=\
  55. DHCP-LAN
  56. /ppp profile
  57. add local-address=10.1.1.1 name=ovpn only-one=yes remote-address=openvpn \
  58. use-encryption=required
  59. /queue tree
  60. add disabled=yes max-limit=97M name=in parent=global
  61. add disabled=yes max-limit=97M name=out parent=global
  62. /queue type
  63. add kind=pcq name=pcq-download pcq-classifier=dst-address \
  64. pcq-dst-address6-mask=64 pcq-limit=350KiB pcq-rate=100M \
  65. pcq-src-address6-mask=64 pcq-total-limit=20000KiB
  66. add kind=pcq name=pcq-upload pcq-classifier=src-address \
  67. pcq-dst-address6-mask=64 pcq-limit=350KiB pcq-rate=100M \
  68. pcq-src-address6-mask=64 pcq-total-limit=15000KiB
  69. /queue tree
  70. add disabled=yes limit-at=30M max-limit=95M name=web-in packet-mark=web-in \
  71. parent=in priority=4 queue=pcq-download
  72. add disabled=yes limit-at=30M max-limit=95M name=web-out packet-mark=web-out \
  73. parent=out priority=4 queue=pcq-upload
  74. add disabled=yes max-limit=95M name=no-mark-in packet-mark=no-mark-in parent=\
  75. in queue=pcq-download
  76. add disabled=yes max-limit=95M name=no-mark-out packet-mark=no-mark-out \
  77. parent=out queue=pcq-upload
  78. add disabled=yes limit-at=60M max-limit=95M name=IPTV-in packet-mark=IPTV-in \
  79. parent=in priority=2 queue=pcq-download-default
  80. add disabled=yes max-limit=95M name=main-devices-in packet-mark=main-in \
  81. parent=in priority=1 queue=pcq-download
  82. add disabled=yes max-limit=95M name=main-devices-out packet-mark=main-out \
  83. parent=out priority=1 queue=pcq-upload
  84. /system logging action
  85. add email-start-tls=yes [email protected] name=email target=\
  86. email
  87. /user group
  88. set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
  89. sword,web,sniff,sensitive,api,romon,dude,tikapp"
  90. /interface bridge port
  91. add bridge=Bridge-LAN interface=eth1
  92. add bridge=Bridge-LAN interface=eth2
  93. add bridge=Bridge-LAN interface=eth3
  94. add bridge=Bridge-LAN interface=eth4
  95. add bridge=Bridge-LAN interface=wlan1-2.4GHz
  96. add bridge=Bridge-LAN interface=wlan2-5GHz
  97. /ip neighbor discovery-settings
  98. set discover-interface-list=discover
  99. /interface detect-internet
  100. set detect-interface-list=all
  101. /interface list member
  102. add interface=WAN list=list-WAN
  103. add interface=Bridge-LAN list=list-LAN
  104. add interface=Bridge-LAN list=discover
  105. /ip address
  106. add address=192.168.10.1/24 comment=Local interface=Bridge-LAN network=\
  107. 192.168.10.0
  108. add address=192.168.20.1/24 comment=Wifi disabled=yes interface=Bridge-Wifi \
  109. network=192.168.20.0
  110. /ip dhcp-client
  111. add add-default-route=special-classless dhcp-options=clientid,clientid \
  112. disabled=no interface=WAN
  113. /ip dhcp-server network
  114. add address=192.168.10.0/24 dns-server=8.8.8.8,91.207.136.62 gateway=\
  115. 192.168.10.1 netmask=24 ntp-server=192.168.10.1
  116. /ip dns static
  117. add address=192.168.10.1 name=mikrotik
  118. /ip firewall address-list
  119. add address=192.168.10.6 list=rpi
  120. add address=192.168.10.10 list=main-devices
  121. add address=192.168.10.87 list=Vlad
  122. add address=192.168.10.89 list=Vlad
  123. add address=192.168.10.0/24 list=LAN
  124. /ip firewall filter
  125. add action=fasttrack-connection chain=forward connection-state=\
  126. established,related
  127. add action=accept chain=input comment="Established, related, untracted" \
  128. connection-state=established,related,untracked
  129. add action=accept chain=forward connection-state=\
  130. established,related,untracked
  131. add action=drop chain=input comment=Invalid connection-state=invalid \
  132. in-interface-list=list-WAN log-prefix="inv drop INPUT"
  133. add action=drop chain=forward connection-state=invalid log-prefix=\
  134. "inv drop FORWARD"
  135. add action=drop chain=input comment="Drop OUTSIDE" in-interface-list=list-WAN \
  136. log-prefix=dropOUTSIDE
  137. /ip firewall mangle
  138. add action=change-mss chain=forward disabled=yes log=yes log-prefix=MSS \
  139. new-mss=1400 out-interface=WAN passthrough=no protocol=tcp tcp-flags=syn \
  140. tcp-mss=1401-65535
  141. add action=mark-connection chain=prerouting comment=WEB dst-port=80,443,8080 \
  142. new-connection-mark=web passthrough=yes protocol=tcp
  143. add action=mark-packet chain=forward connection-mark=web in-interface=WAN \
  144. new-packet-mark=web-in passthrough=yes
  145. add action=mark-packet chain=forward connection-mark=web new-packet-mark=\
  146. web-out out-interface=WAN passthrough=yes
  147. add action=mark-connection chain=prerouting comment=No-mark connection-mark=\
  148. no-mark new-connection-mark=no-mark-con passthrough=yes
  149. add action=mark-packet chain=forward connection-mark=no-mark-con \
  150. in-interface=WAN new-packet-mark=no-mark-in passthrough=yes
  151. add action=mark-packet chain=forward connection-mark=no-mark-con \
  152. new-packet-mark=no-mark-out out-interface=WAN passthrough=yes
  153. add action=mark-connection chain=prerouting comment=IPTV dst-port=1234 \
  154. new-connection-mark=IPTV passthrough=yes protocol=udp
  155. add action=mark-packet chain=forward connection-mark=IPTV in-interface=WAN \
  156. new-packet-mark=IPTV-in passthrough=yes
  157. add action=mark-packet chain=forward connection-mark=IPTV new-packet-mark=\
  158. IPTV-out out-interface=WAN passthrough=yes
  159. /ip firewall nat
  160. add action=masquerade chain=srcnat dst-address=!192.168.0.0/16 \
  161. out-interface-list=list-WAN src-address=192.168.0.0/16
  162. /ip firewall service-port
  163. set sip disabled=yes
  164. /ip service
  165. set telnet disabled=yes
  166. set ftp disabled=yes
  167. set www disabled=yes
  168. set api disabled=yes
  169. set api-ssl disabled=yes
  170. /ip upnp interfaces
  171. add interface=Bridge-LAN type=internal
  172. add interface=WAN type=external
  173. /ppp secret
  174. add name=ever profile=ovpn
  175. /system clock
  176. set time-zone-name=Europe/Moscow
  177. /system identity
  178. set name=mikrotik
  179. /system leds
  180. add interface=WAN leds=user-led type=interface-transmit
  181. /system logging
  182. add topics=wireless
  183. /system ntp client
  184. set enabled=yes primary-ntp=88.147.254.227 secondary-ntp=89.109.251.21
  185. /system ntp server
  186. set enabled=yes
  187. /system routerboard mode-button
  188. set enabled=yes on-event=reboot_router
  189. /tool mac-server
  190. set allowed-interface-list=discover
  191. /tool mac-server mac-winbox
  192. set allowed-interface-list=discover
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!