Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- export
- # feb/14/2020 13:23:09 by RouterOS 6.46.2
- # software id = 3DHF-PEHY
- #
- # model = 951Ui-2HnD
- # serial number = 8D0008580BE6
- /interface bridge
- add admin-mac=CC:2D:E0:49:30:00 arp=proxy-arp auto-mac=no comment=defconf name=bridge
- /interface ethernet
- set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- /interface wireless
- set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no frequency=2442 \
- frequency-mode=manual-txpower mode=ap-bridge ssid=WI-FI tx-power=19 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=\
- disabled
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- add name=WAN
- add name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
- WIFI_pass wpa2-pre-shared-key=WIFI_pass
- /ip pool
- add name=dhcp ranges=192.168.137.100-192.168.137.240
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=defconf
- /interface bridge port
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge interface=ether3
- add bridge=bridge interface=ether4
- add bridge=bridge interface=ether5
- /ip neighbor discovery-settings
- set discover-interface-list=WAN
- /ip settings
- set allow-fast-path=no
- /interface detect-internet
- set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
- /interface l2tp-server server
- set authentication=mschap2 caller-id-type=number enabled=yes ipsec-secret=secret use-ipsec=required
- /interface list member
- add interface=ether2 list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=ether5 list=discover
- add interface=wlan1 list=discover
- add interface=bridge list=discover
- add interface=bridge list=mactel
- add interface=bridge list=mac-winbox
- add interface=ether1 list=WAN
- add interface=home-router list=LAN
- add interface=wlan1 list=LAN
- add interface=ether5 list=LAN
- add interface=ether4 list=LAN
- add interface=ether3 list=LAN
- /ip accounting
- set enabled=yes threshold=2560
- /ip accounting web-access
- set accessible-via-web=yes address=192.168.137.245/32
- /ip address
- add address=192.168.137.1/24 comment=defconf interface=bridge network=192.168.137.0
- add address=extIP/24 interface=ether1 network=62.78.93.0
- add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
- /ip cloud
- set ddns-enabled=yes ddns-update-interval=1h
- /ip cloud advanced
- set use-local-address=yes
- /ip dhcp-client
- add comment=defconf interface=ether1
- /ip dhcp-server network
- add address=192.168.137.0/24 comment=defconf dns-server=192.168.137.1 domain=sobes gateway=192.168.137.1 netmask=24 ntp-server=192.168.137.8 \
- wins-server=192.168.137.3
- /ip dns
- set allow-remote-requests=yes servers=62.78.95.245,8.8.8.8
- /ip dns static
- add address=192.168.137.1 name=router.mamsobes.ru
- add address=192.168.137.3 name=asp.mamsobes.ru
- add address=192.168.137.9 name=pbx.mamsobes.ru
- add address=192.168.137.9 name=xmpp.mamsobes.ru
- add address=192.168.137.3 name=portal.mamsobes.ru
- add address=192.168.137.110 name=cloud.mamsobes.ru
- /ip firewall address-list
- add address=10.10.9.2 list=proxy
- add address=172.18.27.2 list=proxy
- add address=watson.telemetry.microsoft.com list=block
- add address=212.30.134.0/24 list=updatewin
- add address=205.185.216.0/24 list=updatewin
- add address=93.184.221.240 list=updatewin
- add address=188.43.0.0/16 list=updatewin
- add address=67.24.0.0/13 list=updatewin
- add address=8.250.0.0/16 list=updatewin
- add address=wustat.windows.com list=updatewin
- add address=windowsupdate.com list=updatewin
- add address=update.microsoft.com list=updatewin
- add address=go.microsoft.com list=updatewin
- add address=windowsupdate.microsoft.com list=updatewin
- add address=2.23.109.19 list=updatewin
- add address=13.107.4.50 list=updatewin
- add address=8.241.0.0/16 list=updatewin
- add address=8.249.0.0/16 list=updatewin
- add address=177.137.119.0/24 list=block
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=forward dst-address=192.168.137.0/24 src-address=192.168.4.0/24
- add action=accept chain=forward dst-address=192.168.4.0/24 src-address=192.168.137.0/24
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
- in-interface=ether1
- add action=drop chain=input comment="drop DNS" dst-port=53 in-interface=ether1 protocol=udp
- add action=drop chain=input comment="drop DNS" dst-port=53 in-interface=ether1 protocol=tcp
- add action=accept chain=input comment=SNMP dst-port=161 protocol=udp
- add action=drop chain=input comment="drop DNS" dst-port=80,8080 in-interface=ether1 protocol=tcp
- add action=accept chain=input comment="defconf: accept established,related"
- add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
- add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
- add action=accept chain=forward comment="defconf: accept established,related" connection-state=new
- add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- /ip firewall mangle
- add action=mark-connection chain=prerouting dst-address=78.109.142.214 new-connection-mark=VoIP passthrough=yes
- add action=mark-connection chain=prerouting new-connection-mark=VoIP passthrough=yes src-address=78.109.142.214
- add action=mark-packet chain=prerouting connection-mark=VoIP new-packet-mark=VoIP passthrough=yes
- /ip firewall nat
- add action=dst-nat chain=dstnat dst-address=10.10.9.2 log=yes log-prefix=remont protocol=tcp to-addresses=192.168.137.1 to-ports=8080
- add action=masquerade chain=srcnat dst-address=192.168.4.0/24 log=yes log-prefix=vpms src-address=192.168.137.5-192.168.137.250
- add action=src-nat chain=srcnat disabled=yes dst-address=192.168.4.0/24 src-address=192.168.137.5-192.168.137.250 to-addresses=192.168.137.1
- add action=netmap chain=dstnat comment="snmp vipnet hw50-06b80116 \EC\EE\ED\E8\F2\EE\F0\E8\ED\E3" dst-port=10161 log-prefix=snmp_vipnet \
- protocol=udp src-address=94.230.114.132 to-addresses=192.168.0.2 to-ports=161
- add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
- add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=udp to-addresses=192.168.137.147
- add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=tcp to-addresses=192.168.137.147
- add action=dst-nat chain=dstnat dst-port=5001 in-interface=ether1 protocol=tcp to-addresses=192.168.137.147
- add action=dst-nat chain=dstnat dst-port=10162-20000 in-interface=ether1 protocol=udp to-addresses=192.168.137.9
- add action=dst-nat chain=dstnat dst-port=80,443 in-interface=ether1 protocol=tcp to-addresses=192.168.137.9
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes sip-direct-media=no sip-timeout=1m
- set udplite disabled=yes
- set dccp disabled=yes
- /ip proxy
- set enabled=yes parent-proxy=192.168.4.23 parent-proxy-port=3130
- /ip route
- add distance=1 gateway=62.78.93.1
- add distance=1 dst-address=192.168.1.0/24 gateway=10.1.1.2 pref-src=10.1.1.1
- add distance=1 dst-address=192.168.4.0/24 gateway=192.168.137.254 pref-src=192.168.137.1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www address=192.168.0.0/16
- set ssh address=192.168.0.0/16 disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ip smb shares
- set [ find default=yes ] disabled=yes
- /ip ssh
- set allow-none-crypto=yes forwarding-enabled=remote
- /ipv6 nd
- set [ find default=yes ] advertise-dns=no
- /metarouter interface
- add dynamic-bridge=bridge dynamic-mac-address=02:82:3C:6D:53:EB type=dynamic virtual-machine=mr1 vm-mac-address=02:FA:F2:B5:71:93
- /snmp
- set contact=support@s-dsk.ru enabled=yes engine-id=1234 location=aksp trap-community=aksp-snmp trap-generators=\
- interfaces,start-trap,temp-exception trap-interfaces=all trap-target=194.190.59.85,94.230.114.132,78.109.130.60 trap-version=2
- /system clock
- set time-zone-autodetect=no time-zone-name=Asia/Krasnoyarsk
- /system identity
- set name=gw-uszn-Mamontovsky
- /system ntp client
- set enabled=yes primary-ntp=51.140.65.84 secondary-ntp=132.163.97.2
- /system routerboard settings
- set auto-upgrade=yes
- /system scheduler
- add interval=10m name=Active_VipnetTunnel_ping on-event="ping address=192.168.4.64 count=10" policy=ftp,read,write,test start-time=startup
- add interval=4w2d name=AutoBackup on-event=Backup_Email policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=\
- oct/21/2019 start-time=09:32:00
- /system script
- add dont-require-permissions=no name=Backup_Email owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
- \r\
- \n\r\
- \n:log info \"Starting Backup Script...\";\r\
- \n\r\
- \n:local sysname [/system identity get name];\r\
- \n\r\
- \n:local sysver [/system package get system version];\r\
- \n\r\
- \n:log info \"Flushing DNS cache...\";\r\
- \n\r\
- \n/ip dns cache flush;\r\
- \n\r\
- \n:delay 2;\r\
- \n\r\
- \n:log info \"Deleting last Backups...\";\r\
- \n\r\
- \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
- \n\r\
- \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
- \n\r\
- \n:delay 2;\r\
- \n\r\
- \n:local smtpserv [:resolve \"mail.aksp.ru\"];\r\
- \n\r\
- \n:local Eaccount [/tool e-mail get user];\r\
- \n\r\
- \n:local pass [/tool e-mail get password];\r\
- \n\r\
- \n:local backupfile (\"\$sysname-backup-\" . \\\r\
- \n\r\
- \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
- \n\r\
- \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
- \n\r\
- \n:log info \"Creating new Full Backup file...\";\r\
- \n\r\
- \n/system backup save name=\$backupfile;\r\
- \n\r\
- \n:delay 2;\r\
- \n\r\
- \n:log info \"Sending Full Backup file via E-mail...\";\r\
- \n\r\
- \n/tool e-mail send from=\"<\$Eaccount>\" to=mikrotik@mtsz.alregn.ru server=\$smtpserv \\\r\
- \n\r\
- \nport=25 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
- \n\r\
- \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
- \n\r\
- \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
- \n\r\
- \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
- \n\r\
- \n[/system clock get date]);\r\
- \n\r\
- \n:delay 5;\r\
- \n\r\
- \n:local exportfile (\"\$sysname-backup-\" . \\\r\
- \n\r\
- \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
- \n\r\
- \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
- \n\r\
- \n:log info \"Creating new Setup Script file...\";\r\
- \n\r\
- \n/export verbose file=\$exportfile;\r\
- \n\r\
- \n:delay 2;\r\
- \n\r\
- \n:log info \"Sending Setup Script file via E-mail...\";\r\
- \n\r\
- \n/tool e-mail send from=\"<\$Eaccount>\" to=mikrotik@mtsz.alregn.ru server=\$smtpserv \\\r\
- \n\r\
- \nport=25 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
- \n\r\
- \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
- \n\r\
- \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
- \n\r\
- \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
- \n\r\
- \n\" . [/system clock get date]);\r\
- \n\r\
- \n:delay 5;\r\
- \n\r\
- \n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
- \n\r\
- \n}"
- /tool e-mail
- set address=78.*212 from=<*@*.ru> password=* start-tls=yes user=*@*.ru
- /tool mac-server
- set allowed-interface-list=mactel
- /tool mac-server mac-winbox
- set allowed-interface-list=mac-winbox
- /tool romon
- set enabled=yes
- [admin@gw-uszn-Mamontovsky] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement