Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # aug/22/2019 15:21:26 by RouterOS 6.45.3
- # model = RB750Gr3
- /interface bridge add comment="Local Rubtsovsk" name=bridge1
- /interface ethernet set [ find default-name=ether1 ] comment="Inet UGMK" speed=100Mbps
- /interface ethernet set [ find default-name=ether2 ] comment=LAN speed=100Mbps
- /interface ethernet set [ find default-name=ether3 ] speed=100Mbps
- /interface ethernet set [ find default-name=ether4 ] speed=100Mbps
- /interface ethernet set [ find default-name=ether5 ] speed=100Mbps
- /interface gre add comment=Rub-Mam name=gre-rub remote-address=**********
- /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
- /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
- /ip ipsec policy group add name=groupfil
- /ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-128 name=profile-rub-mam nat-traversal=no
- /ip ipsec peer add address=192.168.84.1/32 comment="Rub - Mam" name=peer1 profile=profile-rub-mam
- /ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-192-cbc name="proposal rub-mam"
- /ip pool add name=dhcp_pool0 ranges=192.168.15.200-192.168.15.254
- /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=1d name=dhcp1
- /interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether2
- /interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether3
- /interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether4
- /interface bridge port add bridge=bridge1 comment="Local Rubtsovsk Phone" interface=ether5
- /ip address add address=*******/27 comment="UGMK INET" interface=ether1 network=********
- /ip address add address=192.168.15.1/24 comment="Local Rubtsovsk" interface=bridge1 network=192.168.15.0
- /ip address add address=192.168.84.2/30 comment="GRE Tunnel VPN" interface=gre-rub network=192.168.84.0
- /ip dhcp-server network add address=192.168.15.0/24 dns-server=192.168.15.1 gateway=192.168.15.1
- /ip dns set allow-remote-requests=yes servers=77.88.8.88,77.88.8.2
- /ip firewall filter add action=accept chain=input comment="Established / Related" connection-state=established,related
- /ip firewall filter add action=accept chain=forward connection-state=established,related
- /ip firewall filter add action=drop chain=input comment=Invalid connection-state=invalid in-interface=ether1
- /ip firewall filter add action=drop chain=forward connection-state=invalid in-interface=ether1
- /ip firewall filter add action=accept chain=input comment=WinBox dst-port=8436 in-interface=ether1 protocol=tcp src-address=*********
- /ip firewall filter add action=drop chain=input comment=Drop in-interface=ether1
- /ip firewall filter add action=drop chain=forward connection-nat-state=!dstnat in-interface=ether1
- /ip firewall nat add action=masquerade chain=srcnat comment="Inet UGMK" out-interface=ether1
- /ip ipsec identity add comment="Rub - Mam" peer=peer1 policy-template-group=groupfil secret=*********
- /ip ipsec policy add comment="Rub - Mam" dst-address=192.168.84.1/32 peer=peer1 proposal="proposal rub-mam" sa-dst-address=192.168.84.1 sa-src-address=0.0.0.0 src-address=192.168.84.2/32 tunnel=yes
- /ip route add comment="UGMK INET" distance=1 gateway=**********
- /ip route add comment="GRE Tunnel VPN - Mam" distance=1 dst-address=192.168.10.0/24 gateway=192.168.84.1 pref-src=192.168.15.1
- /ip service set telnet disabled=yes
- /ip service set ftp disabled=yes
- /ip service set www disabled=yes
- /ip service set ssh disabled=yes
- /ip service set api disabled=yes
- /ip service set api-ssl disabled=yes
- /ip ssh set forwarding-enabled=remote
- /system clock set time-zone-autodetect=no time-zone-name=Asia/Barnaul
- /system identity set name=Rub
- /system resource irq rps set ether1 disabled=no
- /system resource irq rps set ether2 disabled=no
- /system resource irq rps set ether3 disabled=no
- /system resource irq rps set ether4 disabled=no
- /system resource irq rps set ether5 disabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement