SHARE
TWEET

Untitled

a guest Aug 7th, 2015 519 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # aug/08/2015 04:12:45 by RouterOS 6.29.1
  2. # software id = G3F6-173I
  3. #
  4. /interface bridge
  5. add name="Bridge Intern"
  6. /interface ethernet
  7. set [ find default-name=ether1 ] mac-address=D4:CA:6D:4A:BF:9A name=\    "ether01 - Telenet" speed=1Gbps
  8. set [ find default-name=ether2 ] mac-address=D4:CA:6D:4A:BF:9B name=\    "ether02 - Belgacom" speed=1Gbps
  9. set [ find default-name=ether3 ] mac-address=D4:CA:6D:4A:BF:9C name=\    "ether03 - WB" speed=1Gbps
  10. set [ find default-name=ether4 ] mac-address=D4:CA:6D:4A:BF:9D name=\    "ether04 - WiFi" speed=1Gbps
  11. set [ find default-name=ether5 ] mac-address=D4:CA:6D:4A:BF:9E name=ether05 \    speed=1Gbps
  12. set [ find default-name=ether6 ] mac-address=D4:CA:6D:4A:BF:9F name=\    "ether06 - EOIP" speed=1Gbps
  13. set [ find default-name=ether7 ] mac-address=D4:CA:6D:4A:BF:A0 name=ether07 \    speed=1Gbps
  14. set [ find default-name=ether8 ] mac-address=D4:CA:6D:4A:BF:A1 name=ether08 \    speed=1Gbps
  15. set [ find default-name=ether9 ] mac-address=D4:CA:6D:4A:BF:A2 name=ether09 \    speed=1Gbps
  16. set [ find default-name=ether10 ] mac-address=D4:CA:6D:4A:BF:A3 speed=1Gbps
  17. set [ find default-name=sfp1 ] name="sfp01 - LAN"
  18. /interface pppoe-client
  19. add add-default-route=yes default-route-distance=5 disabled=no interface=\
  20.     "ether02 - Belgacom" max-mru=1480 max-mtu=1480 mrru=1600 name=\
  21.     "PPPoE Belgacom" password=justapassword user=justausername
  22. /interface vlan
  23. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 101 - Wifi Private" \
  24.     vlan-id=101
  25. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 102 - Wifi Public" \
  26.     vlan-id=102
  27. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 103 - Wifi Trusted" \
  28.     vlan-id=103
  29. /ip neighbor discovery
  30. set "VLAN 101 - Wifi Private" discover=no
  31. set "VLAN 102 - Wifi Public" discover=no
  32. set "VLAN 103 - Wifi Trusted" discover=no
  33. /interface wireless security-profiles
  34. set [ find default=yes ] supplicant-identity=identity
  35. /ip ipsec proposal
  36. set [ find default=yes ] enc-algorithms=3des
  37. /ip pool
  38. add name="DHCP Lan" ranges=10.0.0.101-10.0.0.254
  39. add name="DHCP Wifi Private" ranges=10.101.0.101-10.101.0.254
  40. add name="DHCP Wifi Public" ranges=10.102.0.101-10.102.0.254
  41. add name="DHCP Wifi Trusted" ranges=10.103.0.101-10.103.0.254
  42. add name="DHCP EOIP" ranges=172.16.0.11-172.16.3.254
  43. /ip dhcp-server
  44. add add-arp=yes address-pool="DHCP Lan" disabled=no interface="Bridge Intern" \
  45.     lease-time=1d name=Lan
  46. add add-arp=yes address-pool="DHCP Wifi Private" disabled=no interface=\
  47.     "VLAN 101 - Wifi Private" lease-time=1d name="Wifi Private"
  48. add add-arp=yes address-pool="DHCP Wifi Public" disabled=no interface=\
  49.     "VLAN 102 - Wifi Public" lease-time=1d name="Wifi Public"
  50. add add-arp=yes address-pool="DHCP Wifi Trusted" disabled=no interface=\
  51.     "VLAN 103 - Wifi Trusted" lease-time=1d name="Wifi Trusted"
  52. add add-arp=yes address-pool="DHCP EOIP" disabled=no interface=\
  53.     "ether06 - EOIP" lease-time=1d name=EOIP
  54. /port
  55. set 0 name=serial0
  56. /ppp profile
  57. set [ find name=default ] name=default
  58. set [ find name=default-encryption ] name=default-encryption
  59. /system logging action
  60. set 0 memory-lines=100
  61. set 1 disk-lines-per-file=100
  62. /tool user-manager customer
  63. set admin access=\
  64.     own-routers,own-users,own-profiles,own-limits,config-payment-gw
  65. /interface bridge port
  66. add bridge="Bridge Intern" interface="ether04 - WiFi"
  67. add bridge="Bridge Intern" interface="sfp01 - LAN"
  68. /interface bridge settings
  69. set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
  70. /ip firewall connection tracking
  71. set enabled=yes
  72. /ip address
  73. add address=10.0.0.1/24 comment=LAN interface="Bridge Intern" network=\
  74.     10.0.0.0
  75. add address=10.101.0.1/24 comment="WiFi Private" interface=\
  76.     "VLAN 101 - Wifi Private" network=10.101.0.0
  77. add address=10.102.0.1/24 comment="WiFi Trusted" interface=\
  78.     "VLAN 102 - Wifi Public" network=10.102.0.0
  79. add address=10.103.0.1/24 comment="WiFi Public" interface=\
  80.     "VLAN 103 - Wifi Trusted" network=10.103.0.0
  81. add address=172.16.0.1/22 comment="EOIP Tunnels" interface="ether06 - EOIP" \
  82.     network=172.16.0.0
  83. /ip cloud
  84. set ddns-enabled=yes
  85. /ip dhcp-client
  86. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  87.     interface="ether01 - Telenet" use-peer-dns=no use-peer-ntp=no
  88. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  89.     interface="ether02 - Belgacom" use-peer-dns=no use-peer-ntp=no
  90. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  91.     interface="ether03 - WB" use-peer-dns=no
  92. /ip dhcp-server lease
  93. add address=10.0.0.11 client-id=1:0:1d:7e:d0:55:7f mac-address=\
  94.     00:1D:7E:D0:55:7F server=Lan
  95. add address=10.0.0.101 client-id=1:0:24:21:10:fd:1 mac-address=\
  96.     00:24:21:10:FD:01 server=Lan
  97. add address=10.0.0.102 always-broadcast=yes client-id=1:0:24:21:10:fd:2 \
  98.     mac-address=00:24:21:10:FD:02 server=Lan
  99. add address=10.101.0.112 always-broadcast=yes client-id=1:68:94:23:49:17:97 \
  100.     mac-address=68:94:23:49:17:97 server="Wifi Private"
  101. add address=10.0.0.21 always-broadcast=yes client-id=1:0:c:42:fc:8:20 \
  102.     mac-address=00:0C:42:FC:08:20 server=Lan
  103. add address=10.101.0.120 always-broadcast=yes client-id=1:70:11:24:14:a4:e8 \
  104.     mac-address=70:11:24:14:A4:E8 server="Wifi Private"
  105. add address=10.0.0.18 always-broadcast=yes mac-address=7C:2F:80:59:E7:43 \
  106.     server=Lan
  107. add address=10.0.0.103 client-id=1:a4:5d:36:35:b4:2e mac-address=\
  108.     A4:5D:36:35:B4:2E server=Lan
  109. add address=10.0.0.31 client-id=1:24:a4:3c:2:1c:21 mac-address=\
  110.     24:A4:3C:02:1C:21 server=Lan
  111. add address=10.0.0.3 client-id=1:4c:5e:c:9f:2f:f1 mac-address=\
  112.     4C:5E:0C:9F:2F:F1 server=Lan
  113. add address=10.0.0.41 mac-address=00:30:48:DB:06:4A server=Lan
  114. add address=10.0.0.51 client-id=1:4:18:d6:26:5c:f0 mac-address=\
  115.     04:18:D6:26:5C:F0 server=Lan
  116. add address=10.0.0.4 always-broadcast=yes client-id=1:d4:ca:6d:f9:14:5d \
  117.     mac-address=D4:CA:6D:F9:14:5D server=Lan
  118. add address=10.0.0.42 mac-address=00:30:48:DB:07:5E server=Lan
  119. add address=10.0.0.110 client-id=1:0:11:32:41:9e:b1 mac-address=\
  120.     00:11:32:41:9E:B1 server=Lan
  121. add address=10.0.0.5 client-id=1:e4:8d:8c:81:80:2e mac-address=\
  122.     E4:8D:8C:81:80:2E server=Lan
  123. add address=10.0.0.2 client-id=1:d4:ca:6d:f9:14:77 mac-address=\
  124.     D4:CA:6D:F9:14:77 server=Lan
  125. add address=10.0.0.92 client-id=1:0:62:6e:56:a1:68 mac-address=\
  126.     00:62:6E:56:A1:68 server=Lan
  127. add address=10.0.0.91 client-id=1:c4:d6:55:39:ca:13 mac-address=\
  128.     C4:D6:55:39:CA:13 server=Lan
  129. /ip dhcp-server network
  130. add address=10.0.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  131.     10.0.0.1 netmask=24
  132. add address=10.101.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  133.     10.101.0.1 netmask=24 ntp-server=193.190.198.43
  134. add address=10.102.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  135.     10.102.0.1 netmask=24 ntp-server=193.190.198.43
  136. add address=10.103.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  137.     10.103.0.1 netmask=24 ntp-server=193.190.198.43
  138. add address=10.200.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  139.     10.200.0.254
  140. add address=172.16.0.0/22 gateway=172.16.0.1
  141. /ip dns
  142. set cache-max-ttl=15m servers=8.8.8.8,8.8.4.4
  143. /ip firewall filter
  144. add action=drop chain=input dst-port=53 in-interface="ether01 - Telenet" \
  145.     protocol=udp
  146. add action=drop chain=input dst-port=53 in-interface="ether02 - Belgacom" \
  147.     protocol=udp
  148. add action=drop chain=input dst-port=53 in-interface="ether03 - WB" protocol=\
  149.     udp
  150. /ip firewall nat
  151. add action=masquerade chain=srcnat comment="Telenet NAT" out-interface=\
  152.     "ether01 - Telenet"
  153. add action=masquerade chain=srcnat comment="Belgacom NAT" out-interface=\
  154.     "PPPoE Belgacom"
  155. add action=masquerade chain=srcnat comment="NAT Modem" out-interface=ether09
  156. add action=dst-nat chain=dstnat comment="SiHotspot admin access" dst-port=\
  157.     8221 protocol=tcp to-addresses=10.0.0.21 to-ports=8221
  158. add action=dst-nat chain=dstnat comment="SiHotspot admin access" dst-port=\
  159.     8161 protocol=tcp to-addresses=10.0.0.21 to-ports=8161
  160. add action=dst-nat chain=dstnat comment="RPI Temp 01" dst-port=2301 protocol=\
  161.     tcp to-addresses=10.0.0.107 to-ports=22
  162. add action=dst-nat chain=dstnat comment="S02 http" dst-port=1081 protocol=tcp \
  163.     to-addresses=10.0.0.42 to-ports=80
  164. add action=dst-nat chain=dstnat comment="S01 ssh" dst-port=1022 protocol=tcp \
  165.     to-addresses=10.0.0.41 to-ports=22
  166. add action=dst-nat chain=dstnat comment="S02 ssh" dst-port=1023 protocol=tcp \
  167.     to-addresses=10.0.0.42 to-ports=22
  168. add action=dst-nat chain=dstnat comment=Routerboard dst-port=10280 protocol=\
  169.     tcp to-addresses=10.0.0.124 to-ports=80
  170. add action=dst-nat chain=dstnat comment=UBNT dst-port=10443 protocol=tcp \
  171.     to-addresses=10.0.0.119 to-ports=443
  172. add action=dst-nat chain=dstnat comment=UBNT dst-port=10380 protocol=tcp \
  173.     to-addresses=10.0.0.119 to-ports=80
  174. add action=dst-nat chain=dstnat comment="SiHotspot SNMP" dst-port=8161 \
  175.     protocol=udp to-addresses=10.0.0.21 to-ports=161
  176. add action=dst-nat chain=dstnat comment="NAT Voip ATA" disabled=yes dst-port=\
  177.     10080 protocol=tcp to-addresses=10.0.0.11 to-ports=80
  178. add action=dst-nat chain=dstnat comment="RTP forward ATA" disabled=yes \
  179.     dst-port=10050-10099 protocol=udp to-addresses=10.0.0.11 to-ports=\
  180.     10050-10099
  181. add action=dst-nat chain=dstnat comment=NAS01 dst-port=5000 protocol=tcp \
  182.     src-address=!10.0.0.0/24 to-addresses=10.0.0.110 to-ports=5000
  183. add action=dst-nat chain=dstnat comment="NAS01 FTP" dst-port=2121 protocol=\
  184.     tcp to-addresses=10.0.0.110 to-ports=21
  185. add action=dst-nat chain=dstnat comment="Cam PTZ 01" dst-port=8081 protocol=\
  186.     tcp to-addresses=10.101.0.11 to-ports=88
  187. add action=dst-nat chain=dstnat comment="Cam PTZ 02" dst-port=8082 protocol=\
  188.     tcp to-addresses=10.101.0.12 to-ports=88
  189. add action=dst-nat chain=dstnat comment="Raspberry01 HTTP" dst-port=8001 \
  190.     protocol=tcp to-addresses=10.200.0.1 to-ports=80
  191. add action=dst-nat chain=dstnat comment="Raspberry02 HTTP" dst-port=8002 \
  192.     protocol=tcp to-addresses=10.200.0.2 to-ports=80
  193. add action=dst-nat chain=dstnat comment="Raspberry03 HTTP" dst-port=8003 \
  194.     protocol=tcp to-addresses=10.200.0.3 to-ports=80
  195. add action=dst-nat chain=dstnat comment="Raspberry04 HTTP" dst-port=8004 \
  196.     protocol=tcp to-addresses=10.200.0.4 to-ports=80
  197. add action=dst-nat chain=dstnat comment="Raspberry05 HTTP" dst-port=8005 \
  198.     protocol=tcp to-addresses=10.200.0.5 to-ports=80
  199. add action=dst-nat chain=dstnat comment="Raspberry06 HTTP" dst-port=8006 \
  200.     protocol=tcp to-addresses=10.200.0.6 to-ports=80
  201. add action=dst-nat chain=dstnat comment="Raspberry07 HTTP" dst-port=8007 \
  202.     protocol=tcp to-addresses=10.200.0.7 to-ports=80
  203. add action=dst-nat chain=dstnat comment="Raspberry08 HTTP" dst-port=8008 \
  204.     protocol=tcp to-addresses=10.200.0.8 to-ports=80
  205. add action=dst-nat chain=dstnat comment="Raspberry09 HTTP" dst-port=8009 \
  206.     protocol=tcp to-addresses=10.200.0.9 to-ports=80
  207. add action=dst-nat chain=dstnat comment="Raspberry10 HTTP" dst-port=8010 \
  208.     protocol=tcp to-addresses=10.200.0.10 to-ports=80
  209. add action=dst-nat chain=dstnat comment="Raspberry01 SSH" dst-port=2201 \
  210.     protocol=tcp to-addresses=10.200.0.1 to-ports=22
  211. add action=dst-nat chain=dstnat comment="Raspberry01 SSH" dst-port=1022 \
  212.     protocol=tcp to-addresses=10.0.0.107 to-ports=22
  213. add action=dst-nat chain=dstnat comment="Raspberry02 SSH" dst-port=2202 \
  214.     protocol=tcp to-addresses=10.200.0.2 to-ports=22
  215. add action=dst-nat chain=dstnat comment="Raspberry03 SSH" dst-port=2203 \
  216.     protocol=tcp to-addresses=10.200.0.3 to-ports=22
  217. add action=dst-nat chain=dstnat comment="Raspberry04 SSH" dst-port=2204 \
  218.     protocol=tcp to-addresses=10.200.0.4 to-ports=22
  219. add action=dst-nat chain=dstnat comment="Raspberry05 SSH" dst-port=2205 \
  220.     protocol=tcp to-addresses=10.200.0.5 to-ports=22
  221. add action=dst-nat chain=dstnat comment="Raspberry06 SSH" dst-port=2206 \
  222.     protocol=tcp to-addresses=10.200.0.6 to-ports=22
  223. add action=dst-nat chain=dstnat comment="Raspberry07 SSH" dst-port=2207 \
  224.     protocol=tcp to-addresses=10.200.0.7 to-ports=22
  225. add action=dst-nat chain=dstnat comment="Raspberry08 SSH" dst-port=2208 \
  226.     protocol=tcp to-addresses=10.200.0.8 to-ports=22
  227. add action=dst-nat chain=dstnat comment="Raspberry09 SSH" dst-port=2209 \
  228.     protocol=tcp to-addresses=10.200.0.9 to-ports=22
  229. add action=dst-nat chain=dstnat comment="Raspberry10 SSH" dst-port=2210 \
  230.     protocol=tcp to-addresses=10.200.0.10 to-ports=22
  231. add action=dst-nat chain=dstnat comment="UBNT mfi http" dst-port=2080 \
  232.     protocol=tcp to-addresses=10.0.0.51 to-ports=80
  233. add action=dst-nat chain=dstnat comment=VOIP dst-port=3080 protocol=tcp \
  234.     to-addresses=10.0.0.18 to-ports=80
  235. /ip firewall service-port
  236. set sip ports=5060,5070
  237. /ip ipsec policy
  238. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  239. /ip proxy
  240. set cache-path=web-proxy1 parent-proxy=0.0.0.0
  241. /ip service
  242. set telnet disabled=yes port=1223
  243. set ftp disabled=yes
  244. set www port=8080
  245. set ssh disabled=yes port=8022
  246. set api-ssl disabled=yes
  247. /ip upnp
  248. set allow-disable-external-interface=yes enabled=yes
  249. /ip upnp interfaces
  250. add interface=ether10 type=internal
  251. add type=external
  252. add interface="ether01 - Telenet" type=external
  253. /ipv6 address
  254. add address=2001:470:1f15:8e1:101::1 disabled=yes interface=\
  255.     "VLAN 101 - Wifi Private"
  256. add address=2001:470:1f15:8e1:102::1 disabled=yes interface=\
  257.     "VLAN 102 - Wifi Public"
  258. add address=2001:470:1f15:8e1:103::1 disabled=yes interface=\
  259.     "VLAN 103 - Wifi Trusted"
  260. /ipv6 route
  261. add disabled=yes distance=1 dst-address=2000::/3 gateway=2001:470:1f14:8e1::1
  262. add disabled=yes distance=1 dst-address=2000::/3 gateway=2001:470:1f14:8e1::1
  263. /lcd
  264. set backlight-timeout=15m default-screen=informative-slideshow \
  265.     read-only-mode=yes
  266. /lcd screen
  267. set 0 timeout=3s
  268. set 1 timeout=3s
  269. set 2 timeout=3s
  270. set 3 timeout=3s
  271. set 4 timeout=3s
  272. set 5 timeout=3s
  273. /snmp
  274. set contact=info@mymail.eu enabled=yes location=Somewhere
  275. /system clock
  276. set time-zone-autodetect=no time-zone-name=Europe/Brussels
  277. /system identity
  278. set name="IT2GO - Router"
  279. /system lcd
  280. set contrast=0 enabled=no port=parallel type=24x4
  281. /system lcd page
  282. set time disabled=no display-time=3s
  283. set resources disabled=no display-time=3s
  284. set uptime disabled=no display-time=3s
  285. set packets disabled=no display-time=3s
  286. set bits disabled=no display-time=3s
  287. set version disabled=no display-time=3s
  288. set identity disabled=no display-time=3s
  289. set "Bridge Intern" disabled=yes display-time=5s
  290. set "sfp01 - LAN" disabled=yes display-time=5s
  291. set "ether01 - Telenet" disabled=yes display-time=5s
  292. set "ether02 - Belgacom" disabled=yes display-time=5s
  293. set "ether03 - WB" disabled=yes display-time=5s
  294. set "ether04 - WiFi" disabled=yes display-time=5s
  295. set ether05 disabled=yes display-time=5s
  296. set "ether06 - EOIP" disabled=yes display-time=5s
  297. set ether07 disabled=yes display-time=5s
  298. set ether08 disabled=yes display-time=5s
  299. set ether09 disabled=yes display-time=5s
  300. set "PPPoE Belgacom" disabled=yes display-time=5s
  301. set ether10 disabled=no display-time=3s
  302. set "VLAN 101 - Wifi Private" disabled=yes display-time=5s
  303. set "VLAN 102 - Wifi Public" disabled=yes display-time=5s
  304. set "VLAN 103 - Wifi Trusted" disabled=yes display-time=5s
  305. /system leds
  306. add interface="sfp01 - LAN" leds="" type=interface-status
  307. /system ntp client
  308. set enabled=yes primary-ntp=195.130.132.18 secondary-ntp=195.13.23.5
  309. /system scheduler
  310. add interval=1d name=Backup on-event=Backup policy=\
  311.     ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  312.     feb/24/2013 start-time=00:00:00
  313. add interval=1d name="DHCP Leases" on-event=DHCP-Leases policy=\
  314.     ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  315.     feb/24/2013 start-time=00:00:00
  316. /system script
  317. add name=Backup policy=\
  318.     ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export \
  319.     file=export;\r\
  320.     \n/system backup save name=email;\
  321.     \n\r\
  322.     \n/tool e-mail send to=\"info@mymail.eu\" subject=([/system identity get na\
  323.     me].\" \r\
  324.     \nbackup MikroTikBackup\") \r\
  325.     \n:log info \"Export e-mail sent.\";\r\
  326.     \n\r\
  327.     \nfile=email.backup;\r\
  328.     \n/tool e-mail send to=\"info@mymail.eu\" subject=([/system identity get na\
  329.     me].\" export MikroTikBackup\") \r\
  330.     \nfile=export.rsc;\r\
  331.     \n\
  332.     \n:log info \"Backup e-mail sent.\";"
  333. add name=DHCP-Leases policy=\
  334.     ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
  335.     i;\r\
  336.     \n:local hostip;\r\
  337.     \n:local hostname;\r\
  338.     \n:local dhcplist \"\";\r\
  339.     \n\r\
  340.     \n/ip dhcp-server lease;\r\
  341.     \n:foreach i in=[find where server=EOIP] do={\r\
  342.     \n  :set hostname [get \$i host-name];\r\
  343.     \n  :set hostip [get \$i address];\r\
  344.     \n  :set dhcplist ( \$dhcplist . \$hostname . \" \" . \"\$hostip . \"\\n\"\
  345.     \_)\r\
  346.     \n}\r\
  347.     \n/tool e-mail send to=info@it2go.eu subject=\"DHCP Leases EOIP\" body=\$d\
  348.     hcplist;\r\
  349.     \n"
  350. /tool e-mail
  351. set address=74.125.136.108 from=kris.de.rocker@mymail.com password=justapassword \
  352.     port=587 start-tls=yes user=kris.de.rocker
  353. /tool graphing interface
  354. add
  355. /tool graphing resource
  356. add
  357. /tool romon port
  358. add disabled=no
  359. /tool sniffer
  360. set filter-stream=yes
  361. /tool user-manager database
  362. set db-path=/user-manager1
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top