Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # feb/27/2019 21:22:30 by RouterOS 6.44
- # software id = xxxxx
- #
- # model = 750UP
- # serial number = xxxxxxx
- /interface bridge
- add admin-mac=xx:xx:xx:xx:xx:xx arp=proxy-arp auto-mac=no comment=\
- "created from master port" name=bridge1 protocol-mode=none
- /interface ethernet
- set [ find default-name=ether1 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
- ether1-ISP-Beeline
- set [ find default-name=ether2 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp \
- name=ether2-master-local
- set [ find default-name=ether3 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
- ether3-slave-local
- set [ find default-name=ether4 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
- ether4-ISP-kvant
- set [ find default-name=ether5 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
- ether5-slave-local
- /interface pptp-server
- add name=pptp-tunnel user=h1
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=default-dhcp ranges=192.168.88.10-192.168.88.254
- add name=pool2vpn ranges=192.168.2.1-192.168.2.20
- add name=office ranges=192.168.1.110-192.168.1.253
- /ip dhcp-server
- add address-pool=default-dhcp authoritative=after-2sec-delay interface=\
- bridge1 name=default
- add add-arp=yes address-pool=office authoritative=after-2sec-delay disabled=\
- no interface=bridge1 lease-time=1d name=dhcp_server_2local
- /routing ospf area
- set [ find default=yes ] disabled=yes
- /routing ospf instance
- set [ find default=yes ] disabled=yes router-id=192.168.1.0
- /interface bridge port
- add bridge=bridge1 interface=ether3-slave-local
- add bridge=bridge1 interface=ether5-slave-local
- add bridge=bridge1 interface=ether2-master-local
- /interface l2tp-server server
- set authentication=mschap2 default-profile=default
- /interface pptp-server server
- set default-profile=default enabled=yes
- /ip address
- add address=192.168.1.1/24 comment="default configuration" interface=bridge1 \
- network=192.168.1.0
- add address=x.x.x.x/24 interface=ether1-ISP-Beeline network=\
- x.x.x.0
- add address=x.x.x.x/24 interface=ether4-ISP-kvant network=x.x.x.x
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add comment="default configuration" dhcp-options=hostname,clientid interface=\
- ether1-ISP-Beeline
- /ip dhcp-server network
- add address=192.168.1.0/24 comment="default configuration" dns-server=\
- 192.168.1.1,8.8.8.8 gateway=192.168.1.1 netmask=24
- /ip dns
- set servers=91.195.126.65,91.195.127.65,8.8.8.8,4.4.8.8
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall filter
- add action=accept chain=input comment=Ping+ protocol=icmp
- add action=accept chain=forward comment=" " dst-address=192.168.1.101 \
- dst-port=5060,5160 protocol=udp
- add action=accept chain=forward dst-address=192.168.1.101 dst-port=5060,5160 \
- protocol=tcp
- add action=accept chain=input comment=pptp dst-port=1723 in-interface=\
- ether4-ISP-kvant protocol=tcp
- add action=accept chain=input in-interface=ether4-ISP-kvant protocol=gre
- add action=accept chain=input port=1701,500,4500 protocol=udp
- add action=accept chain=forward dst-port=445 protocol=tcp
- add action=drop chain=forward comment="drop rdp brute forcers" disabled=yes \
- dst-port=3389 protocol=tcp src-address-list=rdp_blacklist
- add action=add-src-to-address-list address-list=rdp_blacklist \
- address-list-timeout=1w3d chain=forward connection-state=new disabled=yes \
- dst-port=3389 protocol=tcp src-address-list=rdp_stage2
- add action=add-src-to-address-list address-list=rdp_stage2 \
- address-list-timeout=10m chain=forward connection-state=new disabled=yes \
- dst-port=3389 protocol=tcp src-address-list=rdp_stage1
- add action=add-src-to-address-list address-list=rdp_stage1 \
- address-list-timeout=10m chain=forward connection-state=new disabled=yes \
- dst-port=3389 protocol=tcp
- /ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether4-ISP-kvant
- add action=dst-nat chain=dstnat comment=ats dst-port=5060-5061 protocol=udp \
- to-addresses=192.168.1.101 to-ports=5060
- add action=dst-nat chain=dstnat dst-port=12000 protocol=udp to-addresses=\
- 192.168.1.101 to-ports=12000
- add action=dst-nat chain=dstnat dst-port=5000 in-interface=ether4-ISP-kvant \
- protocol=tcp to-addresses=192.168.1.100 to-ports=5000
- add action=dst-nat chain=dstnat dst-port=39779-39786 in-interface=\
- ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.202 to-ports=\
- 39779-39786
- add action=dst-nat chain=dstnat comment=cam1 dst-port=8090 in-interface=\
- ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.55 to-ports=80
- add action=dst-nat chain=dstnat dst-port=8090 in-interface=ether1-ISP-Beeline \
- protocol=tcp to-addresses=192.168.1.55 to-ports=80
- add action=dst-nat chain=dstnat comment=cam2 dst-port=8091 in-interface=\
- ether4-ISP-kvant protocol=tcp to-addresses=192.168.1.52
- add action=dst-nat chain=dstnat dst-port=8091 in-interface=ether1-ISP-Beeline \
- protocol=tcp to-addresses=192.168.1.52
- add action=netmap chain=dstnat comment=ftp dst-port=21 in-interface=\
- ether4-ISP-kvant protocol=tcp to-addresses=x.x.x.x to-ports=21
- add action=accept chain=dstnat dst-port=443,445 in-interface=ether4-ISP-kvant \
- protocol=tcp
- /ip firewall service-port
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes ports=5060,5061,5160
- /ip proxy
- set cache-path=web-proxy1 max-client-connections=1 max-server-connections=1
- /ip route
- add check-gateway=ping distance=1 gateway=x.x.x.x
- add check-gateway=ping distance=2 gateway=x.x.x.x
- add comment="4 remoteserver" distance=1 dst-address=192.168.88.0/24 gateway=\
- x.x.x.x
- /ip route rule
- add dst-address=192.168.0.0/24 table=vpn_192_168_0_0
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh port=22
- set api disabled=yes
- set winbox address=192.168.0.0/24,192.168.1.0/24,109.0.0.0/18 port=xxx
- set api-ssl disabled=yes
- /ppp secret
- add local-address=192.168.1.1 name=h1 password=xxxxxx profile=\
- default-encryption remote-address=192.168.1.222 service=pptp
- add local-address=192.168.5.1 name=h2 password=xxxxx profile=\
- default-encryption remote-address=192.168.5.99 service=pptp
- /routing rip interface
- add disabled=yes send=v1-2
- /routing rip neighbor
- add address=192.168.6.222 disabled=yes
- /routing rip network
- add disabled=yes network=192.168.1.0/24
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Moscow
- /system leds
- add interface=ether1-ISP-Beeline leds="" type=interface-transmit
- /tool sniffer
- set filter-interface=all filter-ip-address=192.168.1.101/32
- /tool traffic-monitor
- add disabled=yes interface=bridge1 name=tmon1 threshold=0 trigger=always
- add disabled=yes interface=ether4-ISP-kvant name=tmon2 threshold=0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement