Untitled

# feb/07/2016 09:51:08 by RouterOS 6.34.1
# software id = AAAA-AA11
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-isp1
set [ find default-name=ether2 ] name=ether2-isp2
set [ find default-name=ether3 ] name=ether3-LAN
set [ find default-name=ether4 ] master-port=ether3-LAN name=ether4-LAN
set [ find default-name=ether5 ] master-port=ether3-LAN name=ether5-LAN
/ip neighbor discovery
set ether1-isp1 discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.7.10-192.168.7.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether3-LAN lease-time=15m name=\
    default
/ppp profile
add change-tcp-mss=no name=PPPoE use-compression=no use-encryption=no \
    use-mpls=no use-upnp=no
/interface pppoe-client
add add-default-route=yes default-route-distance=8 disabled=no interface=\
    ether1-isp1 max-mru=1500 max-mtu=1500 mrru=1600 name=isp1-PPPoE \
    password=N/A profile=PPPoE service-name=isp1 user=Username
/system logging action
set 1 disk-file-name=log
/ip settings
set send-redirects=no
/ip address
add address=192.168.7.1/24 comment="LAN IP" interface=ether3-LAN network=\
    192.168.7.0
/ip dhcp-client
add comment="isp2 DHCP" default-route-distance=7 dhcp-options=\
    hostname,clientid disabled=no interface=ether2-isp2 use-peer-dns=\
    no
/ip dhcp-server network
add address=192.168.7.0/24 comment="default configuration" dns-server=\
    192.168.7.1 gateway=192.168.7.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=4.2.2.2,208.67.222.222
/ip dns static
add address=192.168.7.1 name=router
/ip firewall address-list
add address=192.168.7.250 list="isp1 IPs"
/ip firewall filter
add chain=input comment="Allow LAN" in-interface=ether3-LAN
add chain=input comment="Allow router management" dst-port=\
    8291,65109,8728,8729 protocol=tcp
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input comment="Stateful Firewall" connection-state=\
    established,related
add action=drop chain=input comment="Default Drop isp1" in-interface=\
    isp1-PPPoE
add action=drop chain=input comment="Default Drop isp2" in-interface=\
    ether2-isp2
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "Mark route for new connection on isp1 link" connection-state=new \
    in-interface=isp1-PPPoE new-connection-mark=isp1
add action=mark-routing chain=output comment=\
    "Mark route for local isp1 source out isp1 link" \
    connection-mark=isp1 new-routing-mark=isp1
add action=mark-routing chain=prerouting comment="Mark isp1 NATted IP's" \
    new-routing-mark=isp1 passthrough=no src-address-list=\
    "isp1 IPs"
/ip firewall nat
add action=masquerade chain=srcnat comment="SNAT for isp1" \
    out-interface=isp1-PPPoE src-address=192.168.7.0/24
add action=masquerade chain=srcnat comment="SNAT for isp2" \
    out-interface=ether2-isp2 src-address=192.168.7.0/24
/ip route
add check-gateway=ping comment=\
    "isp1 Table - isp1 Gateway (default)" distance=4 gateway=\
    8.8.4.4 routing-mark=isp1
add check-gateway=ping comment=\
    "isp1 Table - isp2 Gateway (backup)" distance=6 gateway=\
    8.8.8.8 routing-mark=isp1
add comment="Table for isp1 Static Gateway" distance=1 gateway=\
    104.237.99.35 routing-mark=isp1-gw
add comment="Table for isp2 Static Gateway" distance=1 gateway=\
    71.1.96.1 routing-mark=isp2-gw
add check-gateway=ping comment="Main Table - isp2 Gateway (default)" \
    distance=4 gateway=8.8.8.8
add check-gateway=ping comment="Main Table - isp1 Gateway (backup)" \
    distance=6 gateway=8.8.4.4
add comment="isp1 Gateway Check" distance=1 dst-address=8.8.4.4/32 \
    gateway=104.237.99.35 scope=10
add comment="isp2 Gateway Check" distance=1 dst-address=8.8.8.8/32 \
    gateway=71.1.96.1 scope=10
/ip route rule
add dst-address=8.8.8.8/32 table=isp2-gw
add dst-address=8.8.4.4/32 table=isp1-gw
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.7.0/24 port=8080
set ssh port=65109
/system clock
set time-zone-name=America/Chicago
/system ntp client
set enabled=yes primary-ntp=107.170.242.27 secondary-ntp=129.250.35.250
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/system scheduler
add interval=10s name=GWCheck-isp2 on-event=\
    "/system script run GWCheck-isp2" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=00:00:03
add interval=10s name=GWCheck-isp1 on-event=\
    "/system script run GWCheck-isp1" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=00:00:03
/system script
add name=GWCheck-isp2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
    t to modify recursive route checks for failover with DHCP clients\r\
    \n\r\
    \n# Define Variables\r\
    \n:global \"DHCP_ISP_Name\" \"isp2\"\r\
    \n:global \"DHCP_ISP_IF_Name\" \"ether2-isp2\"\r\
    \n:global \"DHCP_ISP_Route_Check_Comment\" \"isp2 Gateway Check\"\r\
    \n:global \"DHCP_ISP_Route_Check_Comment2\" \"Table for isp2 Static\
    \_Gateway\"\r\
    \n\r\
    \n# Grab gateway IP of DHCP interface\r\
    \n:global \"DHCP_GW_IF\" [ /ip dhcp-client get [/ip dhcp-client find inter\
    face=\$\"DHCP_ISP_IF_Name\" status=\"bound\" ] gateway ]\r\
    \n\r\
    \n# Grab existing route check gateway\r\
    \n:global \"DHCP_Route_GW\" [ /ip route get [/ip route find comment=\$\"DH\
    CP_ISP_Route_Check_Comment\"] gateway ]\r\
    \n\r\
    \n# Update gateway check route if different\r\
    \n:if ( \$\"DHCP_GW_IF\"  != \$\"DHCP_Route_GW\" ) do={\r\
    \n\t:log warning (\"Setting default gateway for interface:\" . \$\"DHCP_IS\
    P_IF_Name\" .\" to gateway:\" . \$\"DHCP_GW_IF\")\r\
    \n\t:local a [ /ip route find comment=\$\"DHCP_ISP_Route_Check_Comment\" ]\
    \r\
    \n\t:local b [ /ip route find comment=\$\"DHCP_ISP_Route_Check_Comment2\" \
    ]\r\
    \n\t/ip route set \$a gateway=\$\"DHCP_GW_IF\"\r\
    \n\t/ip route set \$b gateway=\$\"DHCP_GW_IF\"\r\
    \n}"
add name=GWCheck-isp1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Scrip\
    t to modify recursive route checks for failover with PPPoE clients\r\
    \n\r\
    \n# Define Variables\r\
    \n:global \"PPPoE_ISP_Name\" \"isp1 PPPOE\"\r\
    \n:global \"PPPoE_ISP_IF_Name\" \"isp1-PPPoE\"\r\
    \n:global \"PPPoE_ISP_Route_Check_Comment\" \"isp1 Gateway Check\"\r\
    \n:global \"PPPoE_ISP_Route_Check_Comment2\" \"Table for isp1 Static \
    Gateway\"\r\
    \n\r\
    \n# Grab gateway IP of PPPoE interface\r\
    \n:global \"PPPoE_GW_IF\" \r\
    \n/interface pppoe-client monitor [/interface pppoe-client find name=\$\"P\
    PPoE_ISP_IF_Name\" running=yes] once do={ :global \"PPPoE_GW_IF\" \$\"remo\
    te-address\" }\r\
    \n\r\
    \n# Grab existing route check gateway\r\
    \n:global \"PPPoE_Route_GW\" [ /ip route get [/ip route find comment=\$\"P\
    PPoE_ISP_Route_Check_Comment\"] gateway ]\r\
    \n\r\
    \n# Update gateway check route if different\r\
    \n:if ( \$\"PPPoE_GW_IF\"  != \$\"PPPoE_Route_GW\" ) do={\r\
    \n\t:log warning (\"Setting default gateway for interface:\" . \$\"PPPoE_I\
    SP_IF_Name\" .\" to gateway:\" . \$\"PPPoE_GW_IF\")\r\
    \n\t:local a [ /ip route find comment=\$\"PPPoE_ISP_Route_Check_Comment\" \
    ]\r\
    \n\t:local b [ /ip route find comment=\$\"PPPoE_ISP_Route_Check_Comment2\"\
    \_]\r\
    \n\t/ip route set \$a gateway=\$\"PPPoE_GW_IF\"\r\
    \n\t/ip route set \$b gateway=\$\"PPPoE_GW_IF\"\r\
    \n}"
/tool graphing interface
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-isp2
add interface=ether3-LAN
add interface=ether4-LAN
add interface=ether5-LAN
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-isp2
add interface=ether3-LAN
add interface=ether4-LAN
add interface=ether5-LAN