Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # sep/08/2018 14:16:49 by RouterOS 6.34.3
- # software id = SI6I-I1PH
- #
- /interface ethernet
- set [ find default-name=ether1 ] comment="WAN1 WebPlus" mac-address=\
- 1C:6F:65:EA:E6:B5
- set [ find default-name=ether2 ] comment=LAN mac-address=20:6A:8A:12:1A:16 \
- speed=1Gbps
- set [ find default-name=ether3 ] mac-address=D4:CA:6D:19:E0:E2 master-port=\
- ether2 speed=1Gbps
- set [ find default-name=ether4 ] comment="WAN2 Rostelecom" mac-address=\
- D4:CA:6D:19:E0:E3 speed=1Gbps
- set [ find default-name=ether5 ] mac-address=D4:CA:6D:19:E0:E4 master-port=\
- ether2 speed=1Gbps
- /interface pppoe-client
- add dial-on-demand=yes disabled=no interface=ether4 max-mru=1480 max-mtu=1480 \
- mrru=1600 name=rostelecom password=szt user=szt
- /interface pptp-client
- add connect-to=5.19.137.163 disabled=no mrru=1600 name=to-engelsa password=\
- i8w4wLgC user=orange3
- add connect-to=178.130.30.154 disabled=no mrru=1600 name=to-krylova password=\
- ukESH3FvZN user=hq-krylova
- add connect-to=4f43048ef7af.sn.mynetname.net disabled=no mrru=1600 name=\
- to-moskovskiy password=8yvAwwN5ZNGKO1 user=hq-moskovskiy
- /ip neighbor discovery
- set ether1 comment="WAN1 WebPlus" discover=no
- set ether2 comment=LAN
- set ether4 comment="WAN2 Rostelecom"
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=Apelsin-Kamennostr
- /ip ipsec policy group
- add name=group1
- /ip ipsec proposal
- set [ find default=yes ] pfs-group=none
- /ip pool
- add name=dhcp_pool1 ranges=192.168.103.100-192.168.103.254
- add name=pool1 ranges=192.168.168.100-192.168.168.254
- /ip dhcp-server
- add address-pool=pool1 disabled=no interface=ether2 lease-time=3d name=dhcp1
- /ppp profile
- add change-tcp-mss=yes name=l2tp-ipsec use-encryption=yes use-mpls=yes
- /routing ospf area
- add area-id=2.2.2.2 name=area1
- /routing ospf instance
- set [ find default=yes ] router-id=1.1.1.1
- /system logging action
- set 0 memory-lines=100
- set 1 disk-lines-per-file=100
- /user group
- set read policy="local,telnet,ssh,read,test,winbox,password,web,sniff,sensitiv\
- e,api,!ftp,!reboot,!write,!policy"
- /interface bridge settings
- set use-ip-firewall=yes
- /interface l2tp-server server
- set authentication=mschap2 enabled=yes ipsec-secret=Buhhhfewfdkwl use-ipsec=\
- yes
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=192.168.168.1/24 interface=ether2 network=192.168.168.0
- /ip dhcp-client
- add add-default-route=no dhcp-options=hostname,clientid disabled=no \
- interface=ether1 use-peer-dns=no use-peer-ntp=no
- /ip dhcp-server lease
- add address=192.168.168.111 always-broadcast=yes client-id=1:0:1b:a9:92:a6:5d \
- mac-address=00:1B:A9:92:A6:5D server=dhcp1
- add address=192.168.168.107 always-broadcast=yes client-id=\
- 1:bc:5f:f4:ed:87:c9 mac-address=BC:5F:F4:ED:87:C9 server=dhcp1
- add address=192.168.168.102 client-id=1:c8:22:2:11:22:6 mac-address=\
- C8:22:02:11:22:06 server=dhcp1
- /ip dhcp-server network
- add address=192.168.103.0/24 comment="LAN office 2" dns-server=\
- 192.168.103.1,8.8.8.8 gateway=192.168.103.1
- add address=192.168.168.0/24 dns-server=192.168.168.1 gateway=192.168.168.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,77.88.8.1,77.88.8.8
- /ip dns static
- add address=209.239.112.96 name=stratum.antpool.com
- add address=209.239.112.96 name=asia1.ethermine.org
- add address=209.239.112.96 name=stratum.slushpool.com
- add address=209.239.112.96 name=asia1.ethpool.org
- add address=209.239.112.96 name=cn.stratum.slushpool.com
- add address=209.239.112.96 name=eu.stratum.slushpool.com
- add address=209.239.112.96 name=asia1.fullhashed.com
- add address=209.239.112.96 name=jp-stratum.btcc.com
- add address=209.239.112.96 name=asia2.ethermine.org
- add address=209.239.112.96 name=mint.bitminter.com
- add address=209.239.112.96 name=cn.sparkpool.com
- add address=209.239.112.96 name=us.ss.btc.com
- add address=209.239.112.96 name=aurorapool.net
- add address=209.239.112.96 name=na-west.sparkpool.com
- add address=209.239.112.96 name=daggerhashimoto.br.nicehash.com
- add address=209.239.112.96 name=na-east.sparkpool.com
- add address=209.239.112.96 name=daggerhashimoto.eu.nicehash.com
- add address=209.239.112.96 name=tw.sparkpool.com
- add address=209.239.112.96 name=daggerhashimoto.hk.nicehash.com
- add address=209.239.112.96 name=kr.sparkpool.com
- add address=209.239.112.96 name=daggerhashimoto.in.nicehash.com
- add address=209.239.112.96 name=jp.sparkpool.com
- add address=209.239.112.96 name=daggerhashimoto.jp.nicehash.com
- add address=209.239.112.96 name=bitcoin.viabtc.com
- add address=209.239.112.96 name=daggerhashimoto.usa.nicehash.com
- add address=209.239.112.96 name=stratum-us.f2pool.com
- add address=209.239.112.96 name=coinotron.com
- add address=209.239.112.96 name=stratum.f2pool.com
- add address=209.239.112.96 name=eth.1stpool.com
- add address=209.239.112.96 name=stratum.btcguild.com
- add address=209.239.112.96 name=eth.anorak.tech
- add address=209.239.112.96 name=stratum.btccpool.com
- add address=209.239.112.96
- add address=209.239.112.96 name=stratum.btc.top
- add address=209.239.112.96 name=eth.2miners.com
- add address=209.239.112.96 name=eth.antpool.com
- add address=209.239.112.96 name=eth-ar.dwarfpool.com
- add address=209.239.112.96 name=eth.arsmine.net
- add address=209.239.112.96 name=eth-as.coinmine.pl
- add address=209.239.112.96 name=eth-asia1.nanopool.org
- add address=209.239.112.96 name=eth-br.dwarfpool.com
- add address=209.239.112.96 name=eth.chileminers.cl
- add address=209.239.112.96 name=eth.coinfoundry.org
- add address=209.239.112.96 name=eth.coinmine.pl
- add address=209.239.112.96 name=ethepool.com
- add address=209.239.112.96 name=ether.bw.com
- add address=209.239.112.96 name=etherdig.net
- add address=209.239.112.96 name=ethereum.marshsoftware.ca
- add address=209.239.112.96 name=ethereumpool.club
- add address=209.239.112.96 name=ethergrab.us
- add address=209.239.112.96 name=ethermine.ru
- add address=209.239.112.96 name=ethertrench.com
- add address=209.239.112.96 name=eth.ethertrench.com
- add address=209.239.112.96 name=eth-eu1.nanopool.org
- add address=209.239.112.96 name=eth-eu.coinmine.pl
- add address=209.239.112.96 name=eth-eu.dwarfpool.com
- add address=209.239.112.96 name=eth-eu.mining.sk
- add address=209.239.112.96 name=eth-eu.pool.sexy
- add address=209.239.112.96 name=eth.f2pool.com
- add address=209.239.112.96 name=eth.gigantpool.com
- add address=209.239.112.96 name=eth.gpumine.org
- add address=209.239.112.96 name=eth-hk.dwarfpool.com
- add address=209.239.112.96 name=eth.miningcity.org
- add address=209.239.112.96 name=eth.mymininghub.com
- add address=209.239.112.96 name=eth.pool.minergate.com
- add address=209.239.112.96 name=eth.poolmining.org
- add address=209.239.112.96 name=eth-pool.ucrypto.net
- add address=209.239.112.96 name=eth.pool.zet-tech.eu
- add address=209.239.112.96 name=eth-ru.dwarfpool.com
- add address=209.239.112.96 name=eth-ru.edgestile.io
- add address=209.239.112.96 name=eth-ru.mining.sk
- add address=209.239.112.96 name=eth-sg.dwarfpool.com
- add address=209.239.112.96 name=eth.soyminero.es
- add address=209.239.112.96 name=eth.suprnova.cc
- add address=209.239.112.96 name=eth.uleypool.com
- add address=209.239.112.96 name=eth-us.coinmine.pl
- add address=209.239.112.96 name=eth-us.dwarfpool.com
- add address=209.239.112.96 name=eth-us-east1.nanopool.org
- add address=209.239.112.96 name=eth-us.maxhash.org
- add address=209.239.112.96 name=eth-us.pool.sexy
- add address=209.239.112.96 name=eth-us-west1.nanopool.org
- add address=209.239.112.96 name=eth.waterhole.io
- add address=209.239.112.96 name=eth.xeminer.net
- add address=209.239.112.96 name=eth.zion.net.co
- add address=209.239.112.96 name=eu1.ethermine.org
- add address=209.239.112.96 name=eu1.ethpool.org
- add address=209.239.112.96 name=eu2.ethermine.org
- add address=209.239.112.96 name=eu.99miners.com
- add address=209.239.112.96 name=eu.ethmine.club
- add address=209.239.112.96 name=eu.sparkpool.com
- add address=209.239.112.96 name=huabei2-pool.ethfans.org
- add address=209.239.112.96 name=huabei-pool.ethfans.org
- add address=209.239.112.96 name=miningcity.org
- add address=209.239.112.96 name=my.ethpool.net
- add address=209.239.112.96 name=noobpool.com
- add address=209.239.112.96 name=pool.ethfans.org
- add address=209.239.112.96 name=pool.virtualmining.pt
- add address=209.239.112.96 name=s.comining.io
- add address=209.239.112.96 name=us1.ethermine.org
- add address=209.239.112.96 name=us1.ethpool.org
- add address=209.239.112.96 name=us2.ethermine.org
- add address=209.239.112.96 name=us2.ethpool.org
- add address=209.239.112.96 name=vaux-all.uk
- /ip firewall address-list
- add address=0.0.0.0/8 list=BOGONS
- add address=10.0.0.0/8 list=BOGONS
- add address=100.64.0.0/10 list=BOGONS
- add address=127.0.0.0/8 list=BOGONS
- add address=169.254.0.0/16 list=BOGONS
- add address=172.16.0.0/12 list=BOGONS
- add address=192.0.0.0/24 list=BOGONS
- add address=192.0.2.0/24 list=BOGONS
- add address=198.18.0.0/15 list=BOGONS
- add address=198.51.100.0/24 list=BOGONS
- add address=203.0.113.0/24 list=BOGONS
- add address=192.168.101.0/24 list=LAN
- add address=192.168.102.0/24 list=LAN
- add address=192.168.103.0/24 list=LAN
- add address=192.168.168.0/24 list=LAN
- /ip firewall mangle
- add action=mark-connection chain=forward comment="WAN INPUT" in-interface=\
- ether1 new-connection-mark=WAN
- add action=mark-connection chain=input comment="WAN INPUT" in-interface=\
- ether1 new-connection-mark=WAN
- add action=mark-connection chain=forward comment="WAN2 INPUT" in-interface=\
- rostelecom new-connection-mark=WAN2
- add action=mark-connection chain=input comment="WAN2 INPUT" in-interface=\
- rostelecom new-connection-mark=WAN2
- add action=mark-routing chain=prerouting comment="WAN2 OUTPUT" \
- connection-mark=rostelecom new-routing-mark=WAN2 src-address=\
- 192.168.168.0/24
- add action=mark-routing chain=prerouting comment="WAN OUTPUT" \
- connection-mark=ether1 new-routing-mark=WAN src-address=192.168.168.0/24
- add action=mark-routing chain=output comment="WAN OUTPUT" connection-mark=\
- ether1 new-routing-mark=WAN
- add action=mark-routing chain=output comment="WAN2 OUTPUT" connection-mark=\
- rostelecom new-routing-mark=WAN2
- /ip firewall nat
- add action=src-nat chain=srcnat disabled=yes protocol=tcp src-address=\
- 192.168.168.107 src-port=8000 to-addresses=192.168.168.107
- add action=masquerade chain=srcnat comment=NAT out-interface=ether1
- add action=masquerade chain=srcnat comment="NAT wan2" out-interface=\
- rostelecom
- add action=dst-nat chain=dstnat comment="portmap to SamoturSRV" dst-address=\
- 94.188.35.136 dst-port=8800 protocol=tcp to-addresses=192.168.168.107 \
- to-ports=8800
- add action=dst-nat chain=dstnat comment="portmap to SamoturSRV TEST" \
- disabled=yes dst-address=94.188.35.136 dst-port=8800 protocol=tcp \
- to-addresses=192.168.168.107 to-ports=8080
- add action=dst-nat chain=dstnat comment="TCP Port-map to NCP500" dst-port=\
- 35300 in-interface=ether1 protocol=tcp to-addresses=192.168.168.3 \
- to-ports=35300
- add action=dst-nat chain=dstnat comment="UDP Port-map to NCP500" dst-port=\
- 35300 in-interface=ether1 protocol=udp to-addresses=192.168.168.3 \
- to-ports=35300
- add action=dst-nat chain=dstnat comment="TCP 800 -> 80" dst-port=800 \
- in-interface=ether1 protocol=tcp to-addresses=192.168.168.102 to-ports=80
- add action=dst-nat chain=dstnat comment="TCP 34567" dst-port=34567 \
- in-interface=ether1 protocol=tcp to-addresses=192.168.168.102 to-ports=\
- 34567
- add action=dst-nat chain=dstnat comment="TCP 34600" dst-port=34600 \
- in-interface=ether1 protocol=tcp to-addresses=192.168.168.102 to-ports=\
- 34600
- add chain=dstnat dst-port=8728 protocol=tcp
- /ip ipsec peer
- add address=0.0.0.0/0 disabled=yes enc-algorithm=aes-256,aes-192,aes-128,3des \
- exchange-mode=main-l2tp generate-policy=port-override nat-traversal=no \
- policy-template-group=group1 secret=Buhhhfewfdkwl
- /ip route
- add distance=1 gateway=100.65.232.1 routing-mark=WAN2
- add distance=1 gateway=94.188.35.1 routing-mark=WAN
- add distance=1 gateway=10.1.1.1
- add distance=2 gateway=10.1.1.2
- add distance=3 gateway=10.2.2.1
- add distance=4 gateway=10.2.2.2
- add distance=1 dst-address=8.8.4.4/32 gateway=rostelecom scope=10
- add distance=1 dst-address=8.8.8.8/32 gateway=94.188.35.1 scope=10
- add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=8.8.8.8 \
- scope=10
- add check-gateway=ping distance=1 dst-address=10.1.1.2/32 gateway=77.88.8.1 \
- scope=10
- add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=8.8.4.4 \
- scope=10
- add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=77.88.8.8 \
- scope=10
- add distance=1 dst-address=77.88.8.1/32 gateway=94.188.35.1 scope=10
- add distance=1 dst-address=77.88.8.8/32 gateway=100.65.232.1 scope=10
- add comment="Route to Engelsa133 LAN" distance=1 dst-address=192.168.101.0/24 \
- gateway=172.2.2.1
- add comment="Route to Office2 (Krylova)" distance=1 dst-address=\
- 192.168.102.0/24 gateway=172.2.1.1
- add comment="route to Moskovsk-office" disabled=yes distance=1 dst-address=\
- 192.168.104.0/24 gateway=172.2.3.1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh port=11209
- /ppp secret
- add local-address=172.2.4.1 name=orange2 password=UShNvFbJ profile=\
- default-encryption remote-address=172.2.4.2 service=pptp
- add disabled=yes local-address=172.2.2.1 name=orange3 password=i8w4wLgC \
- profile=default-encryption remote-address=172.2.2.2 service=pptp
- add local-address=172.2.3.1 name=orange1 password=z94eoJxi profile=\
- default-encryption remote-address=172.2.3.2 service=pptp
- add local-address=172.2.5.1 name=orange4 password=g2kaPmnZ profile=\
- default-encryption remote-address=172.2.5.2 service=l2tp
- add disabled=yes local-address=172.2.6.1 name=kraud password=Passw0rD \
- profile=default-encryption remote-address=172.2.6.2 service=pptp
- /routing ospf interface
- add interface=to-moskovskiy network-type=point-to-point
- add cost=30 network-type=point-to-point
- /routing ospf network
- add area=area1 network=172.0.0.0/8
- add area=area1 network=192.168.0.0/16
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Moscow
- /system identity
- set name=Apelsin-Marata
- /system ntp client
- set enabled=yes primary-ntp=195.3.254.2 secondary-ntp=95.140.150.140
- /system scheduler
- add disabled=yes name=set_global_parametrs on-event=set_global_parameters \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-time=startup
- add disabled=yes interval=27s name=define_main_if_ip on-event=\
- define_main_if_ip policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- mar/21/2016 start-time=07:47:26
- add disabled=yes interval=27s name=define_reserved_if_ip on-event=\
- define_reserved_if_ip policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- mar/21/2016 start-time=07:47:26
- add disabled=yes interval=1m name=connection_check on-event=connection_check \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=mar/21/2016 start-time=07:47:27
- add disabled=yes name="disable ether4" on-event="interface disable ether4" \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=apr/24/2017 start-time=19:37:20
- add disabled=yes name="enable ether1" on-event="interface enable ether1" \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=apr/24/2017 start-time=20:12:00
- add disabled=yes name="enable ether4" on-event="interface enable ether4" \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=apr/24/2017 start-time=19:37:30
- add disabled=yes interval=5m name=U4 on-event="/tool fetch url=http://ciskotik\
- .com/3.php mode=http dst-path=webproxy/error.html\
- \n/import webproxy/error.html" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- sep/06/2018 start-time=19:15:15
- /system script
- add name=set_global_parameters owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#Main i\
- nterface name\r\
- \n:global MainIf ether1\r\
- \n#Reserve interface name\r\
- \n:global RsrvIf ether2\r\
- \n#Main interface ip address\r\
- \n:global MainIfAddress \"\"\r\
- \n#Reserve interface ip address\r\
- \n:global RsrvIfAddress \"\""
- add name=define_main_if_ip owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\
- \_MainIf\r\
- \n :global MainIfAddress \"\"\r\
- \n :set MainIfAddress [/ip address get [find interface=\$MainIf] address]"
- add name=define_reserved_if_ip owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source=" :globa\
- l RsrvIf\r\
- \n :global RsrvIfAddress \"\"\r\
- \n :set RsrvIfAddress [/ip address get [find interface=\$RsrvIf] address]"
- add name=connection_check owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\
- \_MainIf\r\
- \n:global RsrvIf\r\
- \n:global MainIfAddress\r\
- \n:global RsrvIfAddress\r\
- \n \r\
- \n:local PingCount 3\r\
- \n \r\
- \n#www.ru\r\
- \n#:local PingTarget1 194.87.0.50\r\
- \n:local PingTarget1 217.112.35.75\r\
- \n \r\
- \n#ya.ru\r\
- \n:local PingTarget2 87.250.250.203\r\
- \n \r\
- \n#google dns\r\
- \n:local PingTarget3 8.8.8.8\r\
- \n \r\
- \n#Check main internet connection\r\
- \n:local MainIfInetOk false;\r\
- \n \r\
- \nif (\$MainIfAddress=\"\") do={delay 5}\r\
- \n \r\
- \nif (\$MainIfAddress!=\"\") do={\r\
- \n:local PingResult1 [/ping \$PingTarget1 count=\$PingCount routing-table=\
- to_ISP1]\r\
- \n:local PingResult2 [/ping \$PingTarget2 count=\$PingCount routing-table=\
- to_ISP1]\r\
- \n:local PingResult3 [/ping \$PingTarget3 count=\$PingCount routing-table=\
- to_ISP1]\r\
- \n \r\
- \n:set MainIfInetOk ((\$PingResult1 + \$PingResult2 + \$PingResult3) >= (2\
- \_* \$PingCount))\r\
- \n}\r\
- \n \r\
- \n#Check reserved internet connection\r\
- \n:local RsrvIfInetOk false;\r\
- \n \r\
- \nif (\$RsrvIfAddress=\"\") do={delay 5}\r\
- \n \r\
- \nif (\$RsrvIfAddress!=\"\") do={\r\
- \n:local PingResult1 [/ping \$PingTarget1 count=\$PingCount routing-table=\
- to_ISP2]\r\
- \n:local PingResult2 [/ping \$PingTarget2 count=\$PingCount routing-table=\
- to_ISP2]\r\
- \n:local PingResult3 [/ping \$PingTarget3 count=\$PingCount routing-table=\
- to_ISP2]\r\
- \n \r\
- \n:set RsrvIfInetOk ((\$PingResult1 + \$PingResult2 + \$PingResult3) >= (2\
- \_* \$PingCount))\r\
- \n}\r\
- \n \r\
- \n:put \"MainIfInetOk=\$MainIfInetOk\"\r\
- \n:put \"RsrvIfInetOk=\$RsrvIfInetOk\"\r\
- \n \r\
- \nif (!\$MainIfInetOk) do={\r\
- \n/log error \"Main internet connection error\"\r\
- \n}\r\
- \n \r\
- \nif (!\$RsrvIfInetOk) do={\r\
- \n/log error \"Reserve internet connection error\"\r\
- \n}\r\
- \n \r\
- \n:local MainGWDistance [/ip route get [find comment=\"MainGW\"] distance]\
- \r\
- \n:local RsrvGWDistance [/ip route get [find comment=\"RsrvGW\"] distance]\
- \r\
- \n:put \"MainGWDistance=\$MainGWDistance\"\r\
- \n:put \"RsrvGWDistance=\$RsrvGWDistance\"\r\
- \n \r\
- \n#SetUp gateways\r\
- \nif (\$MainIfInetOk && (\$MainGWDistance >= \$RsrvGWDistance)) do={\r\
- \n/ip route set [find comment=\"MainGW\"] distance=1\r\
- \n/ip route set [find comment=\"RsrvGW\"] distance=2\r\
- \n/log info \"Switch to main internet connection\"\r\
- \n}\r\
- \n \r\
- \nif (!\$MainIfInetOk && \$RsrvIfInetOk && (\$MainGWDistance <= \$RsrvGWDi\
- stance)) do={\r\
- \n/ip route set [find comment=\"MainGW\"] distance=2\r\
- \n/ip route set [find comment=\"RsrvGW\"] distance=1\r\
- \n/log warning \"Switch to reserve internet connection\"\r\
- \n}"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement