Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # may/23/2019 22:37:39 by RouterOS 6.43.8
- # software id = EGV5-839D
- #
- # model = RouterBOARD 750G r3
- # serial number = 6F3808AB54A2
- /interface bridge
- add admin-mac=CC:2D:E0:08:D2:5D auto-mac=no comment=\
- "created from master port" name=bridge1 protocol-mode=none
- /interface ethernet
- set [ find default-name=ether1 ] mac-address=64:70:02:DF:42:20 speed=100Mbps
- set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
- set [ find default-name=ether3 ] speed=100Mbps
- set [ find default-name=ether4 ] speed=100Mbps
- set [ find default-name=ether5 ] speed=100Mbps
- /interface l2tp-client
- add allow=mschap2 connect-to=91.2.2.2 disabled=no keepalive-timeout=\
- disabled name=l2tp-tun use-ipsec=yes user=tunuser
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip hotspot profile
- set [ find default=yes ] html-directory=flash/hotspot
- /ip pool
- add name=dhcp ranges=192.168.88.10-192.168.88.254
- /ip dhcp-server
- add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
- bridge1 lease-time=12h name=defconf
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0
- /interface bridge port
- add bridge=bridge1 interface=ether3
- add bridge=bridge1 interface=ether4
- add bridge=bridge1 interface=ether5
- add bridge=bridge1 interface=ether2-master
- /ip neighbor discovery-settings
- set discover-interface-list=discover
- /interface list member
- add interface=bridge1 list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=ether5 list=discover
- add interface=bridge1 list=mactel
- add interface=bridge1 list=mac-winbox
- /ip address
- add address=192.168.88.1/24 comment=defconf interface=bridge1 network=\
- 192.168.88.0
- add address=178.1.1.1/24 interface=ether1 network=178.1.1.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid interface=ether1
- /ip dhcp-server lease
- add address=192.168.88.250 mac-address=3C:A9:F4:92:55:30 server=defconf
- add address=192.168.88.243 mac-address=02:81:92:8A:55:61 server=defconf
- add address=192.168.88.236 client-id=1:24:a4:3c:55:8:6 comment=uap-ac \
- mac-address=24:A4:3C:50:55:06 server=defconf
- add address=192.168.88.219 mac-address=00:10:83:55:C3:12 server=defconf
- /ip dhcp-server network
- add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8,80.55.22.2,80.55.2.4
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=91.1.1.3 list=mgmt
- add address=62.152.4.14 list=mgmt
- add address=91.1.1.1 list=mgmt
- add address=91.2.1.9 list=mgmt
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input in-interface=ether1 src-address-list=mgm
- add action=accept chain=forward connection-nat-state=dstnat in-interface=\
- ether1
- add action=accept chain=input comment="defconf: accept established,related" \
- connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related" \
- connection-state=established,related
- add action=accept chain=input dst-port=80 in-interface=ether1 protocol=tcp \
- src-address-list=mgm
- add action=accept chain=input dst-port=22 in-interface=ether1 protocol=tcp \
- src-address-list=mgm
- add action=drop chain=input comment="defconf: drop all from WAN" \
- connection-state=invalid,new in-interface=ether1
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=ether1
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- out-interface=ether1
- add action=accept chain=dstnat disabled=yes dst-port=80 protocol=tcp \
- src-address=0.0.0.0
- add action=dst-nat chain=dstnat dst-port=8021 in-interface=ether1 protocol=\
- tcp to-addresses=192.168.88.243 to-ports=8021
- add action=dst-nat chain=dstnat dst-port=8021 in-interface=ether1 protocol=\
- udp to-addresses=192.168.88.243 to-ports=8021
- add action=dst-nat chain=dstnat dst-port=50000-50300 in-interface=ether1 \
- protocol=tcp to-addresses=192.168.88.243 to-ports=50000-50300
- add action=dst-nat chain=dstnat dst-port=50000-50300 in-interface=ether1 \
- protocol=udp to-addresses=192.168.88.243 to-ports=50000-50300
- add action=masquerade chain=srcnat dst-address=91.1.1.1 out-interface=\
- l2tp-tun
- add action=masquerade chain=srcnat dst-address=91.1.1.10 out-interface=\
- l2tp-tun
- add action=dst-nat chain=dstnat dst-address=178.1.1.1 dst-port=8022 \
- protocol=tcp to-addresses=192.168.10.46 to-ports=22
- /ip route
- add distance=1 gateway=178.1.1.2
- add distance=1 dst-address=91.1.1.10/32 gateway=192.168.10.1 pref-src=\
- 192.168.10.46
- add distance=1 dst-address=91.1.1.1/32 gateway=192.168.10.1 pref-src=\
- 192.168.10.46
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=Europe/Moscow
- /system identity
- set name=unseen
- /system ntp client
- set enabled=yes primary-ntp=193.70.94.182 server-dns-names=\
- 0.pool.ntp.org,1.pool.ntp.org
- /system resource irq rps
- set ether1 disabled=no
- set ether3 disabled=no
- set ether4 disabled=no
- set ether5 disabled=no
- /tool mac-server
- set allowed-interface-list=mactel
- /tool mac-server mac-winbox
- set allowed-interface-list=mac-winbox
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement