API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 11th, 2017
1,917
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.41 KB | None | 0 0
raw download clone embed print report
  1. # dec/11/2017 12:33:34 by RouterOS 6.40.5
  2. # software id = 0EW8-L2WT
  3. #
  4. # model = RouterBOARD 750G r3
  5. # serial number = 6F3807C61A34
  6. /interface bridge
  7. add name=bridge1
  8. /interface ethernet
  9. set [ find default-name=ether1 ] comment=Rostelekom
  10. set [ find default-name=ether2 ] comment=Aviel
  11. set [ find default-name=ether4 ] master-port=ether3
  12. set [ find default-name=ether5 ] master-port=ether3
  13. /interface l2tp-client
  14. add comment="Express VPN" connect-to=\
  15. new-jersey-ubuntu-l2tp.expressprovider.com disabled=no ipsec-secret=\
  16. 12345678 name=l2tp-out1 password=zn7d8hpg user=w5hlfe
  17. /interface pptp-client
  18. add comment=Aviel connect-to=vpn.aviel.ru disabled=no name=pptp-out1 \
  19. /ip neighbor discovery
  20. set ether1 discover=no
  21. set ether2 discover=no
  22. /interface list
  23. add comment=defconf name=WAN
  24. add comment=defconf name=LAN
  25. /interface wireless security-profiles
  26. set [ find default=yes ] supplicant-identity=MikroTik
  27. /ip dhcp-server option
  28. add code=6 name=Skydns value="'193.58.251.251'"
  29. /ip pool
  30. add name=dhcp ranges=192.168.0.100-192.168.0.254
  31. /ip dhcp-server
  32. add address-pool=dhcp disabled=no interface=bridge1 name=defconf
  33. /interface bridge port
  34. add bridge=bridge1 interface=ether3
  35. /ip settings
  36. set allow-fast-path=no
  37. /interface l2tp-server server
  38. set authentication=mschap1,mschap2 enabled=yes
  39. /interface list member
  40. add comment=defconf interface=bridge1 list=LAN
  41. add comment=defconf interface=ether1 list=WAN
  42. add interface=ether2 list=WAN
  43. add interface=pptp-out1 list=WAN
  44. /interface pptp-server server
  45. set enabled=yes
  46. /ip address
  47. add address=192.168.0.1/24 comment=defconf interface=bridge1 network=\
  48. 192.168.0.0
  49. add address=10.110.209.59/24 interface=ether2 network=10.110.209.0
  50. /ip dhcp-client
  51. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
  52. ether1
  53. add add-default-route=no dhcp-options=hostname,clientid interface=ether2 \
  54. use-peer-dns=no use-peer-ntp=no
  55. /ip dhcp-server lease
  56. add address=192.168.0.138 client-id=1:78:31:c1:cf:b7:24 mac-address=\
  57. 78:31:C1:CF:B7:24 server=defconf
  58. add address=192.168.0.128 client-id=1:d0:3:4b:1:f5:50 mac-address=\
  59. D0:03:4B:01:F5:50 server=defconf
  60. add address=192.168.0.127 client-id=1:a8:20:66:29:5f:2 mac-address=\
  61. A8:20:66:29:5F:02 server=defconf
  62. add address=192.168.0.101 client-id=1:60:a4:4c:65:c9:d0 mac-address=\
  63. 60:A4:4C:65:C9:D0 server=defconf
  64. add address=192.168.0.100 client-id=1:28:cf:e9:18:6c:79 mac-address=\
  65. 28:CF:E9:18:6C:79 server=defconf
  66. add address=192.168.0.103 client-id=1:e0:91:f5:8b:58:2a mac-address=\
  67. E0:91:F5:8B:58:2A server=defconf
  68. add address=192.168.0.106 client-id=1:e8:40:f2:3e:3c:69 mac-address=\
  69. E8:40:F2:3E:3C:69 server=defconf
  70. add address=192.168.0.116 client-id=1:90:b0:ed:5d:47:43 mac-address=\
  71. 90:B0:ED:5D:47:43 server=defconf
  72. add address=192.168.0.144 client-id=1:8c:89:a5:a3:df:da dhcp-option=Skydns \
  73. mac-address=8C:89:A5:A3:DF:DA server=defconf
  74. add address=192.168.0.114 always-broadcast=yes client-id=1:4:f1:3e:61:a6:a6 \
  75. mac-address=04:F1:3E:61:A6:A6 server=defconf
  76. add address=192.168.0.119 client-id=1:dc:a4:ca:b3:d1:39 mac-address=\
  77. DC:A4:CA:B3:D1:39 server=defconf
  78. add address=192.168.0.123 client-id=1:0:23:54:fa:7d:33 mac-address=\
  79. 00:23:54:FA:7D:33 server=defconf
  80. add address=192.168.0.125 always-broadcast=yes client-id=1:90:b0:ed:5d:1a:ff \
  81. mac-address=90:B0:ED:5D:1A:FF server=defconf
  82. add address=192.168.0.126 always-broadcast=yes client-id=1:3c:15:c2:c4:2b:d6 \
  83. mac-address=3C:15:C2:C4:2B:D6 server=defconf
  84. add address=192.168.0.130 client-id=1:cc:44:63:80:6e:30 mac-address=\
  85. CC:44:63:80:6E:30 server=defconf
  86. add address=192.168.0.131 client-id=1:34:e2:fd:d0:15:9 mac-address=\
  87. 34:E2:FD:D0:15:09 server=defconf
  88. /ip dhcp-server network
  89. add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
  90. /ip dns
  91. set allow-remote-requests=yes servers=10.110.0.3,10.110.0.5,8.8.8.8
  92. /ip firewall address-list
  93. add address=192.168.0.144 list=schedule
  94. add address=192.168.0.123 list=denied
  95. add address=192.168.0.125 list=schedule
  96. add address=192.168.0.126 list=schedule
  97. add address=192.168.0.130 list=schedule
  98. add address=192.168.0.101 list=denied
  99. add address=192.168.0.131 list=schedule
  100. /ip firewall filter
  101. add action=accept chain=input comment="Accept 8728" dst-port=8728 protocol=\
  102. tcp
  103. add action=accept chain=forward connection-state=established,related \
  104. in-interface-list=WAN
  105. add action=accept chain=input comment=Established/Relared connection-state=\
  106. established,related in-interface-list=WAN
  107. add action=drop chain=forward comment=Invalid connection-state=invalid \
  108. in-interface-list=WAN
  109. add action=drop chain=input connection-state=invalid in-interface-list=WAN
  110. # inactive time
  111. add action=drop chain=forward comment=shedule out-interface-list=WAN \
  112. src-address-list=schedule time=22h-6h,sun,mon,tue,wed,thu,fri,sat
  113. add action=drop chain=forward comment=denied out-interface-list=WAN \
  114. src-address-list=denied
  115. add action=accept chain=input comment=Winbox dst-port=8291 in-interface-list=\
  116. WAN protocol=tcp
  117. add action=accept chain=input comment=ICMP in-interface-list=WAN protocol=\
  118. icmp
  119. add action=drop chain=input comment=Drop in-interface-list=WAN
  120. add action=drop chain=forward connection-nat-state=!dstnat in-interface-list=\
  121. WAN
  122. /ip firewall mangle
  123. add action=mark-connection chain=prerouting comment=ISP1 in-interface=ether1 \
  124. new-connection-mark=ISP1 passthrough=yes
  125. add action=mark-routing chain=prerouting connection-mark=ISP1 \
  126. new-routing-mark=ISP1 passthrough=yes
  127. add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\
  128. ISP1 passthrough=yes
  129. add action=mark-routing chain=output new-routing-mark=ISP1 passthrough=yes \
  130. src-address=192.168.1.4
  131. add action=mark-connection chain=prerouting comment=ISP2 in-interface=\
  132. pptp-out1 new-connection-mark=ISP2 passthrough=yes
  133. add action=mark-routing chain=prerouting connection-mark=ISP2 \
  134. new-routing-mark=ISP2 passthrough=yes
  135. add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=\
  136. ISP2 passthrough=yes
  137. add action=mark-routing chain=output new-routing-mark=ISP2 passthrough=yes \
  138. src-address=93.185.194.51
  139. add action=mark-routing chain=prerouting new-routing-mark=apple-tv \
  140. passthrough=no src-address=192.168.0.128
  141. add action=mark-routing chain=prerouting new-routing-mark=apple-tv2 \
  142. passthrough=no src-address=192.168.0.138
  143. passthrough=no src-address=192.168.0.138
  144. add action=mark-connection chain=prerouting comment=PCC dst-address-type=\
  145. !local new-connection-mark=ISP1-conn passthrough=yes \
  146. per-connection-classifier=src-address-and-port:2/3
  147. add action=mark-connection chain=prerouting dst-address-type=!local \
  148. new-connection-mark=ISP2-conn passthrough=yes per-connection-classifier=\
  149. src-address-and-port:1/3
  150. add action=mark-routing chain=prerouting connection-mark=ISP1-conn \
  151. new-routing-mark=ISP1 passthrough=yes
  152. add action=mark-routing chain=prerouting connection-mark=ISP2-conn \
  153. new-routing-mark=ISP2 passthrough=yes
  154. /ip firewall nat
  155. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  156. ipsec-policy=out,none out-interface=ether1
  157. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  158. ipsec-policy=out,none out-interface=pptp-out1
  159. add action=masquerade chain=srcnat out-interface=l2tp-out1
  160. /ip route
  161. add distance=1 gateway=192.168.1.1 routing-mark=ISP1
  162. add distance=1 gateway=pptp-out1 routing-mark=ISP2
  163. add comment=APPLE-TV disabled=yes distance=1 gateway=1.0.0.1 routing-mark=\
  164. apple-tv
  165. add comment=APPLE-TV2 disabled=yes distance=1 gateway=1.0.0.1 routing-mark=\
  166. apple-tv2
  167. add comment=MainGW distance=1 gateway=192.168.1.1
  168. add comment=ReservGW distance=2 gateway=pptp-out1
  169. add distance=1 dst-address=10.110.0.0/24 gateway=10.110.209.1
  170. /ip route rule
  171. add src-address=192.168.1.4/32 table=ISP1
  172. add src-address=93.185.194.51/32 table=ISP2
  173. add dst-address=192.168.0.0/24 table=main
  174. add dst-address=172.16.0.0/12 table=main
  175. add routing-mark=ISP1 table=to-ISP1
  176. add routing-mark=ISP2 table=to-ISP2
  177. /ip service
  178. set telnet disabled=yes
  179. set api-ssl disabled=yes
  180. /ppp secret
  181.  
  182. pptp
  183. /system clock
  184. set time-zone-name=Europe/Moscow
  185. /system identity
  186. set name=n-t-li246367
  187. /system logging
  188. add action=disk topics=l2tp,debug
  189. /system routerboard mode-button
  190. set enabled=no on-event=""
  191. /system scheduler
  192. add interval=1m name=ISP_check on-event="/system script run IPS" policy=\
  193. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  194. start-date=dec/06/2017 start-time=11:56:19
  195. /system script
  196. add name=ISP owner=integra policy=\
  197. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
  198. Main interface name\r\
  199. \n:global MainIf ether1\r\
  200. \n#Failover interface name\r\
  201. \n:global RsrvIf pptp-out1\r\
  202. \n\r\
  203. \n:local PingCount 1\r\
  204. \n\r\
  205. \n:local PingTargets {217.69.139.201; 93.158.134.3; 8.8.4.4; 208.67.222.22\
  206. 2}\r\
  207. \n:local host\r\
  208. \n\r\
  209. \n:local MainIfInetOk false\r\
  210. \n:local RsrvIfInetOk false\r\
  211. \n:local MainPings 0\r\
  212. \n:local RsrvPings 0\r\
  213. \n\r\
  214. \nforeach host in=\$PingTargets do={\r\
  215. \n:local res [/ping \$host count=\$PingCount interface=\$MainIf]\r\
  216. \n:set MainPings (\$MainPings + \$res)\r\
  217. \n:local res [/ping \$host count=\$PingCount interface=\$RsrvIf]\r\
  218. \n:set RsrvPings (\$RsrvPings + \$res)\r\
  219. \n}\r\
  220. \n\r\
  221. \n:set MainIfInetOk (\$MainPings >= 1)\r\
  222. \n:set RsrvIfInetOk (\$RsrvPings >= 1)\r\
  223. \n\r\
  224. \n:put \"MainIfInetOk=\$MainIfInetOk\"\r\
  225. \n:put \"RsrvIfInetOk=\$RsrvIfInetOk\"\r\
  226. \n\r\
  227. \nif (!\$MainIfInetOk) do={\r\
  228. \n/log error \"Main gateway down\"\r\
  229. \n}\r\
  230. \n\r\
  231. \nif (!\$RsrvIfInetOk) do={\r\
  232. \n/log error \"Reserve gateway error\"\r\
  233. \n}\r\
  234. \n\r\
  235. \n:local MainGWDistance [/ip route get [find comment=\"MainGW\"] distance]\
  236. \r\
  237. \n:local RsrvGWDistance [/ip route get [find comment=\"RsrvGW\"] distance]\
  238. \r\
  239. \n:put \"MainGWDistance=\$MainGWDistance\"\r\
  240. \n:put \"RsrvGWDistance=\$RsrvGWDistance\"\r\
  241. \n\r\
  242. \nif (\$MainIfInetOk && (\$MainGWDistance >= \$RsrvGWDistance)) do={\r\
  243. \n/ip route set [find comment=\"MainGW\"] distance=1\r\
  244. \n/ip route set [find comment=\"RsrvGW\"] distance=2\r\
  245. \n# Clear VoIP connections\r\
  246. \n/ip firewall connection remove [ find dst-address ~ \".*:5060\" ]\r\
  247. \n/ip firewall connection remove [ find src-address ~ \".*:5060\" ]\r\
  248. \n/log info \"switched to main internet connection\"\r\
  249. \n}\r\
  250. \n\r\
  251. \nif (!\$MainIfInetOk && \$RsrvIfInetOk && (\$MainGWDistance <= \$RsrvGWDi\
  252. stance)) do={\r\
  253. \n/ip route set [find comment=\"MainGW\"] distance=2\r\
  254. \n/ip route set [find comment=\"RsrvGW\"] distance=1\r\
  255. \n# Clear VoIP connections\r\
  256. \n/ip firewall connection remove [ find dst-address ~ \".*:5060\" ]\r\
  257. \n/ip firewall connection remove [ find src-address ~ \".*:5060\" ]\r\
  258. \n/log info \"switched to reserve internet connection\"\r\
  259. \n# /tool e-mail send from=\"1@1.ru\" to=1@1.ru server=1.1.ru port=587 use\
  260. r=1@1.ru password=11 start-tls=yes body=\"ReservGW gw.floradelivery.ru\" s\
  261. ubject=\"gw.floradelivery.ru ReservGW OK MainGW Down\"\r\
  262. \n}"
  263. /tool mac-server
  264. set [ find default=yes ] disabled=yes
  265. add interface=bridge1
  266. /tool mac-server mac-winbox
  267. set [ find default=yes ] disabled=yes
  268. add interface=bridge1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!