API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 14th, 2020
377
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.64 KB | None | 0 0
raw download clone embed print report
  1. export
  2. # feb/14/2020 13:23:09 by RouterOS 6.46.2
  3. # software id = 3DHF-PEHY
  4. #
  5. # model = 951Ui-2HnD
  6. # serial number = 8D0008580BE6
  7. /interface bridge
  8. add admin-mac=CC:2D:E0:49:30:00 arp=proxy-arp auto-mac=no comment=defconf name=bridge
  9. /interface ethernet
  10. set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  11. set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  12. set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  13. set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  14. set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  15. /interface wireless
  16. set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no frequency=2442 \
  17. frequency-mode=manual-txpower mode=ap-bridge ssid=WI-FI tx-power=19 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=\
  18. disabled
  19. /interface list
  20. add exclude=dynamic name=discover
  21. add name=mactel
  22. add name=mac-winbox
  23. add name=WAN
  24. add name=LAN
  25. /interface wireless security-profiles
  26. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
  27. WIFI_pass wpa2-pre-shared-key=WIFI_pass
  28. /ip pool
  29. add name=dhcp ranges=192.168.137.100-192.168.137.240
  30. /ip dhcp-server
  31. add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=defconf
  32. /interface bridge port
  33. add bridge=bridge comment=defconf interface=wlan1
  34. add bridge=bridge interface=ether3
  35. add bridge=bridge interface=ether4
  36. add bridge=bridge interface=ether5
  37. /ip neighbor discovery-settings
  38. set discover-interface-list=WAN
  39. /ip settings
  40. set allow-fast-path=no
  41. /interface detect-internet
  42. set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
  43. /interface l2tp-server server
  44. set authentication=mschap2 caller-id-type=number enabled=yes ipsec-secret=secret use-ipsec=required
  45. /interface list member
  46. add interface=ether2 list=discover
  47. add interface=ether3 list=discover
  48. add interface=ether4 list=discover
  49. add interface=ether5 list=discover
  50. add interface=wlan1 list=discover
  51. add interface=bridge list=discover
  52. add interface=bridge list=mactel
  53. add interface=bridge list=mac-winbox
  54. add interface=ether1 list=WAN
  55. add interface=home-router list=LAN
  56. add interface=wlan1 list=LAN
  57. add interface=ether5 list=LAN
  58. add interface=ether4 list=LAN
  59. add interface=ether3 list=LAN
  60. /ip accounting
  61. set enabled=yes threshold=2560
  62. /ip accounting web-access
  63. set accessible-via-web=yes address=192.168.137.245/32
  64. /ip address
  65. add address=192.168.137.1/24 comment=defconf interface=bridge network=192.168.137.0
  66. add address=extIP/24 interface=ether1 network=62.78.93.0
  67. add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
  68. /ip cloud
  69. set ddns-enabled=yes ddns-update-interval=1h
  70. /ip cloud advanced
  71. set use-local-address=yes
  72. /ip dhcp-client
  73. add comment=defconf interface=ether1
  74. /ip dhcp-server network
  75. add address=192.168.137.0/24 comment=defconf dns-server=192.168.137.1 domain=sobes gateway=192.168.137.1 netmask=24 ntp-server=192.168.137.8 \
  76. wins-server=192.168.137.3
  77. /ip dns
  78. set allow-remote-requests=yes servers=62.78.95.245,8.8.8.8
  79. /ip dns static
  80. add address=192.168.137.1 name=router.mamsobes.ru
  81. add address=192.168.137.3 name=asp.mamsobes.ru
  82. add address=192.168.137.9 name=pbx.mamsobes.ru
  83. add address=192.168.137.9 name=xmpp.mamsobes.ru
  84. add address=192.168.137.3 name=portal.mamsobes.ru
  85. add address=192.168.137.110 name=cloud.mamsobes.ru
  86. /ip firewall address-list
  87. add address=10.10.9.2 list=proxy
  88. add address=172.18.27.2 list=proxy
  89. add address=watson.telemetry.microsoft.com list=block
  90. add address=212.30.134.0/24 list=updatewin
  91. add address=205.185.216.0/24 list=updatewin
  92. add address=93.184.221.240 list=updatewin
  93. add address=188.43.0.0/16 list=updatewin
  94. add address=67.24.0.0/13 list=updatewin
  95. add address=8.250.0.0/16 list=updatewin
  96. add address=wustat.windows.com list=updatewin
  97. add address=windowsupdate.com list=updatewin
  98. add address=update.microsoft.com list=updatewin
  99. add address=go.microsoft.com list=updatewin
  100. add address=windowsupdate.microsoft.com list=updatewin
  101. add address=2.23.109.19 list=updatewin
  102. add address=13.107.4.50 list=updatewin
  103. add address=8.241.0.0/16 list=updatewin
  104. add address=8.249.0.0/16 list=updatewin
  105. add address=177.137.119.0/24 list=block
  106. /ip firewall filter
  107. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  108. add action=accept chain=forward dst-address=192.168.137.0/24 src-address=192.168.4.0/24
  109. add action=accept chain=forward dst-address=192.168.4.0/24 src-address=192.168.137.0/24
  110. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
  111. in-interface=ether1
  112. add action=drop chain=input comment="drop DNS" dst-port=53 in-interface=ether1 protocol=udp
  113. add action=drop chain=input comment="drop DNS" dst-port=53 in-interface=ether1 protocol=tcp
  114. add action=accept chain=input comment=SNMP dst-port=161 protocol=udp
  115. add action=drop chain=input comment="drop DNS" dst-port=80,8080 in-interface=ether1 protocol=tcp
  116. add action=accept chain=input comment="defconf: accept established,related"
  117. add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
  118. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
  119. add action=accept chain=forward comment="defconf: accept established,related" connection-state=new
  120. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
  121. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  122. /ip firewall mangle
  123. add action=mark-connection chain=prerouting dst-address=78.109.142.214 new-connection-mark=VoIP passthrough=yes
  124. add action=mark-connection chain=prerouting new-connection-mark=VoIP passthrough=yes src-address=78.109.142.214
  125. add action=mark-packet chain=prerouting connection-mark=VoIP new-packet-mark=VoIP passthrough=yes
  126. /ip firewall nat
  127. add action=dst-nat chain=dstnat dst-address=10.10.9.2 log=yes log-prefix=remont protocol=tcp to-addresses=192.168.137.1 to-ports=8080
  128. add action=masquerade chain=srcnat dst-address=192.168.4.0/24 log=yes log-prefix=vpms src-address=192.168.137.5-192.168.137.250
  129. add action=src-nat chain=srcnat disabled=yes dst-address=192.168.4.0/24 src-address=192.168.137.5-192.168.137.250 to-addresses=192.168.137.1
  130. add action=netmap chain=dstnat comment="snmp vipnet hw50-06b80116 \EC\EE\ED\E8\F2\EE\F0\E8\ED\E3" dst-port=10161 log-prefix=snmp_vipnet \
  131. protocol=udp src-address=94.230.114.132 to-addresses=192.168.0.2 to-ports=161
  132. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
  133. add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=udp to-addresses=192.168.137.147
  134. add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=tcp to-addresses=192.168.137.147
  135. add action=dst-nat chain=dstnat dst-port=5001 in-interface=ether1 protocol=tcp to-addresses=192.168.137.147
  136. add action=dst-nat chain=dstnat dst-port=10162-20000 in-interface=ether1 protocol=udp to-addresses=192.168.137.9
  137. add action=dst-nat chain=dstnat dst-port=80,443 in-interface=ether1 protocol=tcp to-addresses=192.168.137.9
  138. /ip firewall service-port
  139. set ftp disabled=yes
  140. set tftp disabled=yes
  141. set irc disabled=yes
  142. set h323 disabled=yes
  143. set sip disabled=yes sip-direct-media=no sip-timeout=1m
  144. set udplite disabled=yes
  145. set dccp disabled=yes
  146. /ip proxy
  147. set enabled=yes parent-proxy=192.168.4.23 parent-proxy-port=3130
  148. /ip route
  149. add distance=1 gateway=62.78.93.1
  150. add distance=1 dst-address=192.168.1.0/24 gateway=10.1.1.2 pref-src=10.1.1.1
  151. add distance=1 dst-address=192.168.4.0/24 gateway=192.168.137.254 pref-src=192.168.137.1
  152. /ip service
  153. set telnet disabled=yes
  154. set ftp disabled=yes
  155. set www address=192.168.0.0/16
  156. set ssh address=192.168.0.0/16 disabled=yes
  157. set api disabled=yes
  158. set api-ssl disabled=yes
  159. /ip smb shares
  160. set [ find default=yes ] disabled=yes
  161. /ip ssh
  162. set allow-none-crypto=yes forwarding-enabled=remote
  163. /ipv6 nd
  164. set [ find default=yes ] advertise-dns=no
  165. /metarouter interface
  166. add dynamic-bridge=bridge dynamic-mac-address=02:82:3C:6D:53:EB type=dynamic virtual-machine=mr1 vm-mac-address=02:FA:F2:B5:71:93
  167. /snmp
  168. set contact=support@s-dsk.ru enabled=yes engine-id=1234 location=aksp trap-community=aksp-snmp trap-generators=\
  169. interfaces,start-trap,temp-exception trap-interfaces=all trap-target=194.190.59.85,94.230.114.132,78.109.130.60 trap-version=2
  170. /system clock
  171. set time-zone-autodetect=no time-zone-name=Asia/Krasnoyarsk
  172. /system identity
  173. set name=gw-uszn-Mamontovsky
  174. /system ntp client
  175. set enabled=yes primary-ntp=51.140.65.84 secondary-ntp=132.163.97.2
  176. /system routerboard settings
  177. set auto-upgrade=yes
  178. /system scheduler
  179. add interval=10m name=Active_VipnetTunnel_ping on-event="ping address=192.168.4.64 count=10" policy=ftp,read,write,test start-time=startup
  180. add interval=4w2d name=AutoBackup on-event=Backup_Email policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=\
  181. oct/21/2019 start-time=09:32:00
  182. /system script
  183. add dont-require-permissions=no name=Backup_Email owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
  184. \r\
  185. \n\r\
  186. \n:log info \"Starting Backup Script...\";\r\
  187. \n\r\
  188. \n:local sysname [/system identity get name];\r\
  189. \n\r\
  190. \n:local sysver [/system package get system version];\r\
  191. \n\r\
  192. \n:log info \"Flushing DNS cache...\";\r\
  193. \n\r\
  194. \n/ip dns cache flush;\r\
  195. \n\r\
  196. \n:delay 2;\r\
  197. \n\r\
  198. \n:log info \"Deleting last Backups...\";\r\
  199. \n\r\
  200. \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \\\r\
  201. \n\r\
  202. \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
  203. \n\r\
  204. \n:delay 2;\r\
  205. \n\r\
  206. \n:local smtpserv [:resolve \"mail.aksp.ru\"];\r\
  207. \n\r\
  208. \n:local Eaccount [/tool e-mail get user];\r\
  209. \n\r\
  210. \n:local pass [/tool e-mail get password];\r\
  211. \n\r\
  212. \n:local backupfile (\"\$sysname-backup-\" . \\\r\
  213. \n\r\
  214. \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
  215. \n\r\
  216. \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\");\r\
  217. \n\r\
  218. \n:log info \"Creating new Full Backup file...\";\r\
  219. \n\r\
  220. \n/system backup save name=\$backupfile;\r\
  221. \n\r\
  222. \n:delay 2;\r\
  223. \n\r\
  224. \n:log info \"Sending Full Backup file via E-mail...\";\r\
  225. \n\r\
  226. \n/tool e-mail send from=\"<\$Eaccount>\" to=mikrotik@mtsz.alregn.ru server=\$smtpserv \\\r\
  227. \n\r\
  228. \nport=25 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \\\r\
  229. \n\r\
  230. \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \\\r\
  231. \n\r\
  232. \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \\\r\
  233. \n\r\
  234. \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\r\
  235. \n\r\
  236. \n[/system clock get date]);\r\
  237. \n\r\
  238. \n:delay 5;\r\
  239. \n\r\
  240. \n:local exportfile (\"\$sysname-backup-\" . \\\r\
  241. \n\r\
  242. \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
  243. \n\r\
  244. \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
  245. \n\r\
  246. \n:log info \"Creating new Setup Script file...\";\r\
  247. \n\r\
  248. \n/export verbose file=\$exportfile;\r\
  249. \n\r\
  250. \n:delay 2;\r\
  251. \n\r\
  252. \n:log info \"Sending Setup Script file via E-mail...\";\r\
  253. \n\r\
  254. \n/tool e-mail send from=\"<\$Eaccount>\" to=mikrotik@mtsz.alregn.ru server=\$smtpserv \\\r\
  255. \n\r\
  256. \nport=25 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \\\r\
  257. \n\r\
  258. \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \\\r\
  259. \n\r\
  260. \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \\\r\
  261. \n\r\
  262. \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \\\r\
  263. \n\r\
  264. \n\" . [/system clock get date]);\r\
  265. \n\r\
  266. \n:delay 5;\r\
  267. \n\r\
  268. \n:log info \"All System Backups emailed successfully.\\nBackuping completed.\";\r\
  269. \n\r\
  270. \n}"
  271. /tool e-mail
  272. set address=78.*212 from=<*@*.ru> password=* start-tls=yes user=*@*.ru
  273. /tool mac-server
  274. set allowed-interface-list=mactel
  275. /tool mac-server mac-winbox
  276. set allowed-interface-list=mac-winbox
  277. /tool romon
  278. set enabled=yes
  279. [admin@gw-uszn-Mamontovsky] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!