# feb/27/2019 21:22:30 by RouterOS 6.44# software id = xxxxxxx## model = 7

1. # feb/27/2019 21:22:30 by RouterOS 6.44
2. # software id = xxxxxxx
3. #
4. # model = 750UP
5. # serial number = xxxxxxx
6. /interface bridge
7. add admin-mac=xx:xx:xx:xx:xx:xx arp=proxy-arp auto-mac=no comment=\
8. "created from master port" name=bridge1 protocol-mode=none
9. /interface ethernet
10. set [ find default-name=ether1 ] advertise=\
11. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
12. ether1-ISP-Beeline
13. set [ find default-name=ether2 ] advertise=\
14. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp \
15. name=ether2-master-local
16. set [ find default-name=ether3 ] advertise=\
17. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
18. ether3-slave-local
19. set [ find default-name=ether4 ] advertise=\
20. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
21. ether4-ISP-kvant
22. set [ find default-name=ether5 ] advertise=\
23. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
24. ether5-slave-local
25. /interface pptp-server
26. add name=pptp-tunnel user=h1
27. /interface wireless security-profiles
28. set [ find default=yes ] supplicant-identity=MikroTik
29. /ip pool
30. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
31. add name=pool2vpn ranges=192.168.2.1-192.168.2.20
32. add name=office ranges=192.168.1.110-192.168.1.253
33. /ip dhcp-server
34. add address-pool=default-dhcp authoritative=after-2sec-delay interface=\
35. bridge1 name=default
36. add add-arp=yes address-pool=office authoritative=after-2sec-delay disabled=\
37. no interface=bridge1 lease-time=1d name=dhcp_server_2local
38. /routing ospf area
39. set [ find default=yes ] disabled=yes
40. /routing ospf instance
41. set [ find default=yes ] disabled=yes router-id=192.168.1.0
42. /interface bridge port
43. add bridge=bridge1 interface=ether3-slave-local
44. add bridge=bridge1 interface=ether5-slave-local
45. add bridge=bridge1 interface=ether2-master-local
46. /interface l2tp-server server
47. set authentication=mschap2 default-profile=default
48. /interface pptp-server server
49. set default-profile=default enabled=yes
50. /ip address
51. add address=192.168.1.1/24 comment="default configuration" interface=bridge1 \
52. network=192.168.1.0
53. add address=x.x.x.x/24 interface=ether1-ISP-Beeline network=\
54. x.x.x.0
55. add address=x.x.x.x/24 interface=ether4-ISP-kvant network=x.x.x.x
56. /ip cloud
57. set ddns-enabled=yes
58. /ip dhcp-client
59. add comment="default configuration" dhcp-options=hostname,clientid interface=\
60. ether1-ISP-Beeline
61. /ip dhcp-server network
62. add address=192.168.1.0/24 comment="default configuration" dns-server=\
63. 192.168.1.1,8.8.8.8 gateway=192.168.1.1 netmask=24
64. /ip dns
65. set servers=91.195.126.65,91.195.127.65,8.8.8.8,4.4.8.8
66. /ip dns static
67. add address=192.168.88.1 name=router
68. /ip firewall filter
69. add action=accept chain=input comment=Ping+ protocol=icmp
70. add action=accept chain=forward comment=" " dst-address=192.168.1.101 \
71. dst-port=5060,5160 protocol=udp
72. add action=accept chain=forward dst-address=192.168.1.101 dst-port=5060,5160 \
73. protocol=tcp
74. add action=accept chain=input comment=pptp dst-port=1723 in-interface=\
75. ether4-ISP-kvant protocol=tcp
76. add action=accept chain=input in-interface=ether4-ISP-kvant protocol=gre
77. add action=accept chain=input port=1701,500,4500 protocol=udp
78. add action=accept chain=forward dst-port=445 protocol=tcp
79. add action=drop chain=forward comment="drop rdp brute forcers" disabled=yes \
80. dst-port=3389 protocol=tcp src-address-list=rdp_blacklist
81. add action=add-src-to-address-list address-list=rdp_blacklist \
82. address-list-timeout=1w3d chain=forward connection-state=new disabled=yes \
83. dst-port=3389 protocol=tcp src-address-list=rdp_stage2
84. add action=add-src-to-address-list address-list=rdp_stage2 \
85. address-list-timeout=10m chain=forward connection-state=new disabled=yes \
86. dst-port=3389 protocol=tcp src-address-list=rdp_stage1
87. add action=add-src-to-address-list address-list=rdp_stage1 \
88. address-list-timeout=10m chain=forward connection-state=new disabled=yes \
89. dst-port=3389 protocol=tcp
90. /ip firewall nat
91. add action=masquerade chain=srcnat comment="default configuration" \
92. out-interface=ether4-ISP-kvant
93. add action=dst-nat chain=dstnat comment=ats dst-port=5060-5061 protocol=udp \
94. to-addresses=192.168.1.101 to-ports=5060
95. add action=dst-nat chain=dstnat dst-port=12000 protocol=udp to-addresses=\
96. 192.168.1.101 to-ports=12000
97. add action=dst-nat chain=dstnat dst-port=5000 in-interface=ether4-ISP-kvant \
98. protocol=tcp to-addresses=192.168.1.100 to-ports=5000
99. add action=dst-nat chain=dstnat dst-port=39779-39786 in-interface=\
100. ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.202 to-ports=\
101. 39779-39786
102. add action=dst-nat chain=dstnat comment=cam1 dst-port=8090 in-interface=\
103. ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.55 to-ports=80
104. add action=dst-nat chain=dstnat dst-port=8090 in-interface=ether1-ISP-Beeline \
105. protocol=tcp to-addresses=192.168.1.55 to-ports=80
106. add action=dst-nat chain=dstnat comment=cam2 dst-port=8091 in-interface=\
107. ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.52
108. add action=dst-nat chain=dstnat dst-port=8091 in-interface=ether1-ISP-Beeline \
109. protocol=tcp to-addresses=192.168.1.52
110. add action=netmap chain=dstnat comment=ftp dst-port=21 in-interface=\
111. ether4-ISP-kvant protocol=tcp to-addresses=x.x.x.x to-ports=21
112. add action=accept chain=dstnat dst-port=443,445 in-interface=ether4-ISP-kvant \
113. protocol=tcp
114. /ip firewall service-port
115. set tftp disabled=yes
116. set irc disabled=yes
117. set h323 disabled=yes
118. set sip disabled=yes ports=5060,5061,5160
119. /ip proxy
120. set cache-path=web-proxy1 max-client-connections=1 max-server-connections=1
121. /ip route
122. add check-gateway=ping distance=1 gateway=x.x.x.x
123. add check-gateway=ping distance=2 gateway=x.x.x.x
124. add comment="4 remoteserver" distance=1 dst-address=192.168.88.0/24 gateway=\
125. x.x.x.x
126. /ip route rule
127. add dst-address=192.168.0.0/24 table=vpn_192_168_0_0
128. /ip service
129. set telnet disabled=yes
130. set ftp disabled=yes
131. set www disabled=yes
132. set ssh port=22
133. set api disabled=yes
134. set winbox address=192.168.0.0/24,192.168.1.0/24,109.0.0.0/18 port=xxx
135. set api-ssl disabled=yes
136. /ppp secret
137. add local-address=192.168.1.1 name=h1 password=xxxxxx profile=\
138. default-encryption remote-address=192.168.1.222 service=pptp
139. add local-address=192.168.5.1 name=h2 password=xxxxx profile=\
140. default-encryption remote-address=192.168.5.99 service=pptp
141. /routing rip interface
142. add disabled=yes send=v1-2
143. /routing rip neighbor
144. add address=192.168.6.222 disabled=yes
145. /routing rip network
146. add disabled=yes network=192.168.1.0/24
147. /system clock
148. set time-zone-autodetect=no time-zone-name=Europe/Moscow
149. /system leds
150. add interface=ether1-ISP-Beeline leds="" type=interface-transmit
151. /tool sniffer
152. set filter-interface=all filter-ip-address=192.168.1.101/32
153. /tool traffic-monitor
154. add disabled=yes interface=bridge1 name=tmon1 threshold=0 trigger=always
155. add disabled=yes interface=ether4-ISP-kvant name=tmon2 threshold=0