API tools faq
paste
Guest User

Untitled

a guest
Apr 29th, 2020
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.71 KB | None | 0 0
raw download clone embed print report
  1. # apr/xx/2020 xx:06:17 by RouterOS 6.xx.x
  2. # software id = 5Z4J-xxxx
  3. #
  4. # model = RBD52G-5HacD2HnD
  5. # serial number = xxxxx
  6. /interface bridge
  7. add admin-mac=C4:AD:34:xx:xx:xx auto-mac=no comment=defconf name=bridge
  8. /interface list
  9. add comment=defconf name=WAN
  10. add comment=defconf name=LAN
  11. /interface wireless security-profiles
  12. set [ find default=yes ] supplicant-identity=MikroTik
  13. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  14. allowed mode=dynamic-keys name="wan wifi" supplicant-identity="" \
  15. wpa2-pre-shared-key=xxxxxxx
  16. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  17. allowed mode=dynamic-keys name="wifi interna" supplicant-identity="" \
  18. wpa2-pre-shared-key=xxxxxxx
  19. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  20. allowed mode=dynamic-keys name="WAN WiFi VOD" supplicant-identity="" \
  21. wpa2-pre-shared-key=xxxxxxx
  22. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  23. allowed mode=dynamic-keys name="wifi 5Ghz" supplicant-identity="" \
  24. wpa2-pre-shared-key=xxxxxx
  25. /interface wireless
  26. set [ find default-name=wlan1 ] band=2ghz-b/g/n country=italy disabled=no \
  27. installation=indoor keepalive-frames=disabled security-profile=\
  28. "WAN WiFi VOD" ssid=xxxxxxx station-roaming=disabled \
  29. wds-default-bridge=bridge wds-mode=dynamic wireless-protocol=802.11 \
  30. wmm-support=enabled
  31. set [ find default-name=wlan2 ] country=italy installation=indoor mode=\
  32. ap-bridge security-profile="wifi 5Ghz" ssid=Tik5 wmm-support=enabled \
  33. wps-mode=disabled
  34. add keepalive-frames=disabled mac-address=C6:AD:34:xx:xx:xx master-interface=\
  35. wlan1 multicast-buffering=disabled name=wlan3 security-profile=\
  36. "wifi interna" ssid=homemik wds-cost-range=0 wds-default-bridge=bridge \
  37. wds-default-cost=0 wds-mode=dynamic wmm-support=enabled wps-mode=disabled
  38. /ip hotspot profile
  39. set [ find default=yes ] html-directory=flash/hotspot
  40. /ip pool
  41. add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.254
  42. add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
  43. add name=ovpn-pool ranges=192.168.131.10-192.168.131.200
  44. /ip dhcp-server
  45. add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
  46. add address-pool=dhcp_pool2 disabled=no interface=ether3 name=dhcp2
  47. /ppp profile
  48. add dns-server=192.168.131.1 local-address=192.168.131.1 name=ovpn \
  49. remote-address=ovpn-pool use-encryption=yes
  50. /queue simple
  51. add name=PC target=192.168.3.100/32
  52. /interface bridge port
  53. add bridge=bridge comment=defconf interface=ether2
  54. add bridge=bridge comment=defconf interface=ether4
  55. add bridge=bridge comment=defconf interface=ether5
  56. add bridge=bridge comment=defconf interface=wlan2
  57. add bridge=bridge interface=wlan3
  58. add bridge=bridge interface=ether1
  59. /ip neighbor discovery-settings
  60. set discover-interface-list=LAN
  61. /interface list member
  62. add comment=defconf interface=bridge list=LAN
  63. add comment=defconf interface=wlan1 list=WAN
  64. /interface ovpn-server server
  65. set auth=sha1 certificate=mikrotik cipher=aes256 default-profile=ovpn \
  66. enabled=yes port=1195
  67. /ip address
  68. add address=192.168.3.1/24 comment=defconf interface=bridge network=\
  69. 192.168.3.0
  70. add address=192.168.1.11/24 interface=wlan1 network=192.168.1.0
  71. add address=192.168.10.1/24 interface=ether3 network=192.168.10.0
  72. /ip cloud
  73. set ddns-enabled=yes
  74. /ip dhcp-client
  75. add interface=wlan1
  76. /ip dhcp-server lease
  77. add address=192.168.3.100 client-id=1:0:17:31:89:xx:xx comment=\
  78. "My Desktop PC" mac-address=00:17:31:89:xx:xx server=dhcp1
  79. add address=192.168.3.124 client-id=1:0:a:cd:xx:xx:f disabled=yes \
  80. mac-address=00:0A:CD:38:xx:xx server=dhcp1
  81. add address=192.168.10.124 client-id=1:0:a:xx:xx:a6:f mac-address=\
  82. 00:0A:CD:38:A6:0F server=dhcp2
  83. add address=192.168.10.123 client-id=1:1c:75:8:xx:xx:4f mac-address=\
  84. 1C:75:08:DD:xx:xx server=dhcp2
  85. /ip dhcp-server network
  86. add address=192.168.3.0/24 comment=defconf dns-server=192.168.3.1 gateway=\
  87. 192.168.3.1
  88. add address=192.168.10.0/24 gateway=192.168.10.1
  89. /ip dns
  90. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
  91. /ip dns static
  92. add address=192.168.88.1 comment=defconf name=router.lan
  93. add address=192.168.10.123 comment=pfsense name=sensexxxx.localdomain
  94. /ip firewall filter
  95. add action=accept chain=input comment="defconf: accept established,related" \
  96. connection-state=established,related
  97. add action=drop chain=forward comment="syncth service" disabled=yes \
  98. dst-address=85.10.xxx.xx log=yes protocol=tcp
  99. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  100. invalid
  101. add action=drop chain=forward comment="defconf: drop invalid" \
  102. connection-state=invalid
  103. add action=accept chain=forward dst-address-list=WAN src-address-list=LAN
  104. add action=drop chain=input dst-port=80 in-interface-list=WAN protocol=tcp
  105. add action=drop chain=input icmp-options=8:0-255 in-interface-list=WAN \
  106. protocol=icmp
  107. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  108. add action=accept chain=input comment="From pfsense LAN" log=yes src-address=\
  109. 192.168.10.0/24
  110. add action=accept chain=input comment=\
  111. "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  112. add action=accept chain=input comment="permetti OpenVPN" dst-port=1194 \
  113. protocol=tcp
  114. add action=accept chain=input comment="permetti OpenVPN" dst-port=1195 \
  115. protocol=tcp
  116. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  117. ipsec-policy=in,ipsec
  118. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  119. ipsec-policy=out,ipsec
  120. add action=accept chain=forward comment="defconf: accept established,related" \
  121. connection-state=established,related
  122. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  123. connection-state=established,related
  124. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
  125. in-interface-list=!LAN
  126. add action=drop chain=forward comment=\
  127. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  128. connection-state=new in-interface-list=WAN
  129. add action=drop chain=forward disabled=yes dst-address=192.168.3.0/24 \
  130. src-address=192.168.10.0/24
  131. add action=drop chain=forward disabled=yes dst-address=192.168.10.0/24 log=\
  132. yes src-address=192.168.3.0/24
  133. add action=drop chain=forward comment="Drop all else" disabled=yes
  134. /ip firewall nat
  135. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  136. ipsec-policy=out,none out-interface-list=WAN
  137. # lte1 not ready
  138. add action=masquerade chain=srcnat out-interface=*A
  139. add action=dst-nat chain=dstnat comment="OpenVPN su pfsense" dst-port=1194 \
  140. protocol=udp to-addresses=192.168.10.123 to-ports=1194
  141. add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=WAN \
  142. protocol=tcp to-addresses=192.168.3.100 to-ports=22448
  143. add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=WAN \
  144. protocol=udp to-addresses=192.168.3.100 to-ports=14922
  145. add action=dst-nat chain=dstnat comment="redirect DNS to pihole" disabled=yes \
  146. dst-address=!192.168.3.66 dst-port=53 log=yes protocol=udp src-address=\
  147. !192.168.3.66 to-addresses=192.168.3.66
  148. add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.3.66 \
  149. dst-port=53 log=yes protocol=tcp src-address=!192.168.3.66 to-addresses=\
  150. 192.168.3.66
  151. add action=masquerade chain=srcnat disabled=yes dst-address=192.168.3.66 \
  152. dst-port=53 log=yes protocol=udp src-address=192.168.3.0/24
  153. add action=masquerade chain=srcnat disabled=yes dst-address=192.168.3.66 \
  154. dst-port=53 log=yes protocol=tcp src-address=192.168.3.0/24
  155. add action=dst-nat chain=dstnat comment="DNS redirect to MIkrotik" dst-port=\
  156. 53 log=yes protocol=tcp src-address=192.168.3.0/24 to-addresses=\
  157. 192.168.3.1 to-ports=53
  158. add action=dst-nat chain=dstnat dst-port=53 log=yes protocol=udp src-address=\
  159. 192.168.3.0/24 to-addresses=192.168.3.1 to-ports=53
  160. /ip route
  161. add check-gateway=ping distance=1 gateway=192.168.1.1
  162. /ip service
  163. set telnet disabled=yes
  164. set ftp disabled=yes
  165. set www address=192.168.3.100/32,192.168.10.0/24
  166. /ppp secret
  167. add name=vpn_user password=xxxxxxxx+abs profile=ovpn service=ovpn
  168. /system clock
  169. set time-zone-name=Europe/Rome
  170. /system identity
  171. set name=homexxx
  172. /system ntp client
  173. set enabled=yes primary-ntp=193.204.114.105 secondary-ntp=193.204.114.233
  174. /system routerboard mode-button
  175. set enabled=yes on-event=\
  176. "/interface wireless set wlan2 disabled=(![get wlan2 disabled])"
  177. /tool bandwidth-server
  178. set authenticate=no
  179. /tool graphing interface
  180. add interface=ether1
  181. /tool graphing queue
  182. add allow-address=192.168.3.100/32
  183. /tool graphing resource
  184. add
  185. /tool mac-server
  186. set allowed-interface-list=LAN
  187. /tool mac-server mac-winbox
  188. set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!