Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # dec/11/2017 12:33:34 by RouterOS 6.40.5
- # software id = 0EW8-L2WT
- #
- # model = RouterBOARD 750G r3
- # serial number = 6F3807C61A34
- /interface bridge
- add name=bridge1
- /interface ethernet
- set [ find default-name=ether1 ] comment=Rostelekom
- set [ find default-name=ether2 ] comment=Aviel
- set [ find default-name=ether4 ] master-port=ether3
- set [ find default-name=ether5 ] master-port=ether3
- /interface l2tp-client
- add comment="Express VPN" connect-to=\
- new-jersey-ubuntu-l2tp.expressprovider.com disabled=no ipsec-secret=\
- 12345678 name=l2tp-out1 password=zn7d8hpg user=w5hlfe
- /interface pptp-client
- add comment=Aviel connect-to=vpn.aviel.ru disabled=no name=pptp-out1 \
- /ip neighbor discovery
- set ether1 discover=no
- set ether2 discover=no
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip dhcp-server option
- add code=6 name=Skydns value="'193.58.251.251'"
- /ip pool
- add name=dhcp ranges=192.168.0.100-192.168.0.254
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=bridge1 name=defconf
- /interface bridge port
- add bridge=bridge1 interface=ether3
- /ip settings
- set allow-fast-path=no
- /interface l2tp-server server
- set authentication=mschap1,mschap2 enabled=yes
- /interface list member
- add comment=defconf interface=bridge1 list=LAN
- add comment=defconf interface=ether1 list=WAN
- add interface=ether2 list=WAN
- add interface=pptp-out1 list=WAN
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=192.168.0.1/24 comment=defconf interface=bridge1 network=\
- 192.168.0.0
- add address=10.110.209.59/24 interface=ether2 network=10.110.209.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
- ether1
- add add-default-route=no dhcp-options=hostname,clientid interface=ether2 \
- use-peer-dns=no use-peer-ntp=no
- /ip dhcp-server lease
- add address=192.168.0.138 client-id=1:78:31:c1:cf:b7:24 mac-address=\
- 78:31:C1:CF:B7:24 server=defconf
- add address=192.168.0.128 client-id=1:d0:3:4b:1:f5:50 mac-address=\
- D0:03:4B:01:F5:50 server=defconf
- add address=192.168.0.127 client-id=1:a8:20:66:29:5f:2 mac-address=\
- A8:20:66:29:5F:02 server=defconf
- add address=192.168.0.101 client-id=1:60:a4:4c:65:c9:d0 mac-address=\
- 60:A4:4C:65:C9:D0 server=defconf
- add address=192.168.0.100 client-id=1:28:cf:e9:18:6c:79 mac-address=\
- 28:CF:E9:18:6C:79 server=defconf
- add address=192.168.0.103 client-id=1:e0:91:f5:8b:58:2a mac-address=\
- E0:91:F5:8B:58:2A server=defconf
- add address=192.168.0.106 client-id=1:e8:40:f2:3e:3c:69 mac-address=\
- E8:40:F2:3E:3C:69 server=defconf
- add address=192.168.0.116 client-id=1:90:b0:ed:5d:47:43 mac-address=\
- 90:B0:ED:5D:47:43 server=defconf
- add address=192.168.0.144 client-id=1:8c:89:a5:a3:df:da dhcp-option=Skydns \
- mac-address=8C:89:A5:A3:DF:DA server=defconf
- add address=192.168.0.114 always-broadcast=yes client-id=1:4:f1:3e:61:a6:a6 \
- mac-address=04:F1:3E:61:A6:A6 server=defconf
- add address=192.168.0.119 client-id=1:dc:a4:ca:b3:d1:39 mac-address=\
- DC:A4:CA:B3:D1:39 server=defconf
- add address=192.168.0.123 client-id=1:0:23:54:fa:7d:33 mac-address=\
- 00:23:54:FA:7D:33 server=defconf
- add address=192.168.0.125 always-broadcast=yes client-id=1:90:b0:ed:5d:1a:ff \
- mac-address=90:B0:ED:5D:1A:FF server=defconf
- add address=192.168.0.126 always-broadcast=yes client-id=1:3c:15:c2:c4:2b:d6 \
- mac-address=3C:15:C2:C4:2B:D6 server=defconf
- add address=192.168.0.130 client-id=1:cc:44:63:80:6e:30 mac-address=\
- CC:44:63:80:6E:30 server=defconf
- add address=192.168.0.131 client-id=1:34:e2:fd:d0:15:9 mac-address=\
- 34:E2:FD:D0:15:09 server=defconf
- /ip dhcp-server network
- add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=10.110.0.3,10.110.0.5,8.8.8.8
- /ip firewall address-list
- add address=192.168.0.144 list=schedule
- add address=192.168.0.123 list=denied
- add address=192.168.0.125 list=schedule
- add address=192.168.0.126 list=schedule
- add address=192.168.0.130 list=schedule
- add address=192.168.0.101 list=denied
- add address=192.168.0.131 list=schedule
- /ip firewall filter
- add action=accept chain=input comment="Accept 8728" dst-port=8728 protocol=\
- tcp
- add action=accept chain=forward connection-state=established,related \
- in-interface-list=WAN
- add action=accept chain=input comment=Established/Relared connection-state=\
- established,related in-interface-list=WAN
- add action=drop chain=forward comment=Invalid connection-state=invalid \
- in-interface-list=WAN
- add action=drop chain=input connection-state=invalid in-interface-list=WAN
- # inactive time
- add action=drop chain=forward comment=shedule out-interface-list=WAN \
- src-address-list=schedule time=22h-6h,sun,mon,tue,wed,thu,fri,sat
- add action=drop chain=forward comment=denied out-interface-list=WAN \
- src-address-list=denied
- add action=accept chain=input comment=Winbox dst-port=8291 in-interface-list=\
- WAN protocol=tcp
- add action=accept chain=input comment=ICMP in-interface-list=WAN protocol=\
- icmp
- add action=drop chain=input comment=Drop in-interface-list=WAN
- add action=drop chain=forward connection-nat-state=!dstnat in-interface-list=\
- WAN
- /ip firewall mangle
- add action=mark-connection chain=prerouting comment=ISP1 in-interface=ether1 \
- new-connection-mark=ISP1 passthrough=yes
- add action=mark-routing chain=prerouting connection-mark=ISP1 \
- new-routing-mark=ISP1 passthrough=yes
- add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\
- ISP1 passthrough=yes
- add action=mark-routing chain=output new-routing-mark=ISP1 passthrough=yes \
- src-address=192.168.1.4
- add action=mark-connection chain=prerouting comment=ISP2 in-interface=\
- pptp-out1 new-connection-mark=ISP2 passthrough=yes
- add action=mark-routing chain=prerouting connection-mark=ISP2 \
- new-routing-mark=ISP2 passthrough=yes
- add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=\
- ISP2 passthrough=yes
- add action=mark-routing chain=output new-routing-mark=ISP2 passthrough=yes \
- src-address=93.185.194.51
- add action=mark-routing chain=prerouting new-routing-mark=apple-tv \
- passthrough=no src-address=192.168.0.128
- add action=mark-routing chain=prerouting new-routing-mark=apple-tv2 \
- passthrough=no src-address=192.168.0.138
- passthrough=no src-address=192.168.0.138
- add action=mark-connection chain=prerouting comment=PCC dst-address-type=\
- !local new-connection-mark=ISP1-conn passthrough=yes \
- per-connection-classifier=src-address-and-port:2/3
- add action=mark-connection chain=prerouting dst-address-type=!local \
- new-connection-mark=ISP2-conn passthrough=yes per-connection-classifier=\
- src-address-and-port:1/3
- add action=mark-routing chain=prerouting connection-mark=ISP1-conn \
- new-routing-mark=ISP1 passthrough=yes
- add action=mark-routing chain=prerouting connection-mark=ISP2-conn \
- new-routing-mark=ISP2 passthrough=yes
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface=ether1
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface=pptp-out1
- add action=masquerade chain=srcnat out-interface=l2tp-out1
- /ip route
- add distance=1 gateway=192.168.1.1 routing-mark=ISP1
- add distance=1 gateway=pptp-out1 routing-mark=ISP2
- add comment=APPLE-TV disabled=yes distance=1 gateway=1.0.0.1 routing-mark=\
- apple-tv
- add comment=APPLE-TV2 disabled=yes distance=1 gateway=1.0.0.1 routing-mark=\
- apple-tv2
- add comment=MainGW distance=1 gateway=192.168.1.1
- add comment=ReservGW distance=2 gateway=pptp-out1
- add distance=1 dst-address=10.110.0.0/24 gateway=10.110.209.1
- /ip route rule
- add src-address=192.168.1.4/32 table=ISP1
- add src-address=93.185.194.51/32 table=ISP2
- add dst-address=192.168.0.0/24 table=main
- add dst-address=172.16.0.0/12 table=main
- add routing-mark=ISP1 table=to-ISP1
- add routing-mark=ISP2 table=to-ISP2
- /ip service
- set telnet disabled=yes
- set api-ssl disabled=yes
- /ppp secret
- pptp
- /system clock
- set time-zone-name=Europe/Moscow
- /system identity
- set name=n-t-li246367
- /system logging
- add action=disk topics=l2tp,debug
- /system routerboard mode-button
- set enabled=no on-event=""
- /system scheduler
- add interval=1m name=ISP_check on-event="/system script run IPS" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
- start-date=dec/06/2017 start-time=11:56:19
- /system script
- add name=ISP owner=integra policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
- Main interface name\r\
- \n:global MainIf ether1\r\
- \n#Failover interface name\r\
- \n:global RsrvIf pptp-out1\r\
- \n\r\
- \n:local PingCount 1\r\
- \n\r\
- \n:local PingTargets {217.69.139.201; 93.158.134.3; 8.8.4.4; 208.67.222.22\
- 2}\r\
- \n:local host\r\
- \n\r\
- \n:local MainIfInetOk false\r\
- \n:local RsrvIfInetOk false\r\
- \n:local MainPings 0\r\
- \n:local RsrvPings 0\r\
- \n\r\
- \nforeach host in=\$PingTargets do={\r\
- \n:local res [/ping \$host count=\$PingCount interface=\$MainIf]\r\
- \n:set MainPings (\$MainPings + \$res)\r\
- \n:local res [/ping \$host count=\$PingCount interface=\$RsrvIf]\r\
- \n:set RsrvPings (\$RsrvPings + \$res)\r\
- \n}\r\
- \n\r\
- \n:set MainIfInetOk (\$MainPings >= 1)\r\
- \n:set RsrvIfInetOk (\$RsrvPings >= 1)\r\
- \n\r\
- \n:put \"MainIfInetOk=\$MainIfInetOk\"\r\
- \n:put \"RsrvIfInetOk=\$RsrvIfInetOk\"\r\
- \n\r\
- \nif (!\$MainIfInetOk) do={\r\
- \n/log error \"Main gateway down\"\r\
- \n}\r\
- \n\r\
- \nif (!\$RsrvIfInetOk) do={\r\
- \n/log error \"Reserve gateway error\"\r\
- \n}\r\
- \n\r\
- \n:local MainGWDistance [/ip route get [find comment=\"MainGW\"] distance]\
- \r\
- \n:local RsrvGWDistance [/ip route get [find comment=\"RsrvGW\"] distance]\
- \r\
- \n:put \"MainGWDistance=\$MainGWDistance\"\r\
- \n:put \"RsrvGWDistance=\$RsrvGWDistance\"\r\
- \n\r\
- \nif (\$MainIfInetOk && (\$MainGWDistance >= \$RsrvGWDistance)) do={\r\
- \n/ip route set [find comment=\"MainGW\"] distance=1\r\
- \n/ip route set [find comment=\"RsrvGW\"] distance=2\r\
- \n# Clear VoIP connections\r\
- \n/ip firewall connection remove [ find dst-address ~ \".*:5060\" ]\r\
- \n/ip firewall connection remove [ find src-address ~ \".*:5060\" ]\r\
- \n/log info \"switched to main internet connection\"\r\
- \n}\r\
- \n\r\
- \nif (!\$MainIfInetOk && \$RsrvIfInetOk && (\$MainGWDistance <= \$RsrvGWDi\
- stance)) do={\r\
- \n/ip route set [find comment=\"MainGW\"] distance=2\r\
- \n/ip route set [find comment=\"RsrvGW\"] distance=1\r\
- \n# Clear VoIP connections\r\
- \n/ip firewall connection remove [ find dst-address ~ \".*:5060\" ]\r\
- \n/ip firewall connection remove [ find src-address ~ \".*:5060\" ]\r\
- \n/log info \"switched to reserve internet connection\"\r\
- \n# /tool e-mail send from=\"1@1.ru\" to=1@1.ru server=1.1.ru port=587 use\
- r=1@1.ru password=11 start-tls=yes body=\"ReservGW gw.floradelivery.ru\" s\
- ubject=\"gw.floradelivery.ru ReservGW OK MainGW Down\"\r\
- \n}"
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge1
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=bridge1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement