Guest User

Untitled

a guest
Aug 7th, 2015
580
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # aug/08/2015 04:12:45 by RouterOS 6.29.1
  2. # software id = G3F6-173I
  3. #
  4. /interface bridge
  5. add name="Bridge Intern"
  6. /interface ethernet
  7. set [ find default-name=ether1 ] mac-address=D4:CA:6D:4A:BF:9A name=\ "ether01 - Telenet" speed=1Gbps
  8. set [ find default-name=ether2 ] mac-address=D4:CA:6D:4A:BF:9B name=\ "ether02 - Belgacom" speed=1Gbps
  9. set [ find default-name=ether3 ] mac-address=D4:CA:6D:4A:BF:9C name=\ "ether03 - WB" speed=1Gbps
  10. set [ find default-name=ether4 ] mac-address=D4:CA:6D:4A:BF:9D name=\ "ether04 - WiFi" speed=1Gbps
  11. set [ find default-name=ether5 ] mac-address=D4:CA:6D:4A:BF:9E name=ether05 \ speed=1Gbps
  12. set [ find default-name=ether6 ] mac-address=D4:CA:6D:4A:BF:9F name=\ "ether06 - EOIP" speed=1Gbps
  13. set [ find default-name=ether7 ] mac-address=D4:CA:6D:4A:BF:A0 name=ether07 \ speed=1Gbps
  14. set [ find default-name=ether8 ] mac-address=D4:CA:6D:4A:BF:A1 name=ether08 \ speed=1Gbps
  15. set [ find default-name=ether9 ] mac-address=D4:CA:6D:4A:BF:A2 name=ether09 \ speed=1Gbps
  16. set [ find default-name=ether10 ] mac-address=D4:CA:6D:4A:BF:A3 speed=1Gbps
  17. set [ find default-name=sfp1 ] name="sfp01 - LAN"
  18. /interface pppoe-client
  19. add add-default-route=yes default-route-distance=5 disabled=no interface=\
  20. "ether02 - Belgacom" max-mru=1480 max-mtu=1480 mrru=1600 name=\
  21. "PPPoE Belgacom" password=justapassword user=justausername
  22. /interface vlan
  23. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 101 - Wifi Private" \
  24. vlan-id=101
  25. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 102 - Wifi Public" \
  26. vlan-id=102
  27. add interface="ether04 - WiFi" l2mtu=1594 name="VLAN 103 - Wifi Trusted" \
  28. vlan-id=103
  29. /ip neighbor discovery
  30. set "VLAN 101 - Wifi Private" discover=no
  31. set "VLAN 102 - Wifi Public" discover=no
  32. set "VLAN 103 - Wifi Trusted" discover=no
  33. /interface wireless security-profiles
  34. set [ find default=yes ] supplicant-identity=identity
  35. /ip ipsec proposal
  36. set [ find default=yes ] enc-algorithms=3des
  37. /ip pool
  38. add name="DHCP Lan" ranges=10.0.0.101-10.0.0.254
  39. add name="DHCP Wifi Private" ranges=10.101.0.101-10.101.0.254
  40. add name="DHCP Wifi Public" ranges=10.102.0.101-10.102.0.254
  41. add name="DHCP Wifi Trusted" ranges=10.103.0.101-10.103.0.254
  42. add name="DHCP EOIP" ranges=172.16.0.11-172.16.3.254
  43. /ip dhcp-server
  44. add add-arp=yes address-pool="DHCP Lan" disabled=no interface="Bridge Intern" \
  45. lease-time=1d name=Lan
  46. add add-arp=yes address-pool="DHCP Wifi Private" disabled=no interface=\
  47. "VLAN 101 - Wifi Private" lease-time=1d name="Wifi Private"
  48. add add-arp=yes address-pool="DHCP Wifi Public" disabled=no interface=\
  49. "VLAN 102 - Wifi Public" lease-time=1d name="Wifi Public"
  50. add add-arp=yes address-pool="DHCP Wifi Trusted" disabled=no interface=\
  51. "VLAN 103 - Wifi Trusted" lease-time=1d name="Wifi Trusted"
  52. add add-arp=yes address-pool="DHCP EOIP" disabled=no interface=\
  53. "ether06 - EOIP" lease-time=1d name=EOIP
  54. /port
  55. set 0 name=serial0
  56. /ppp profile
  57. set [ find name=default ] name=default
  58. set [ find name=default-encryption ] name=default-encryption
  59. /system logging action
  60. set 0 memory-lines=100
  61. set 1 disk-lines-per-file=100
  62. /tool user-manager customer
  63. set admin access=\
  64. own-routers,own-users,own-profiles,own-limits,config-payment-gw
  65. /interface bridge port
  66. add bridge="Bridge Intern" interface="ether04 - WiFi"
  67. add bridge="Bridge Intern" interface="sfp01 - LAN"
  68. /interface bridge settings
  69. set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
  70. /ip firewall connection tracking
  71. set enabled=yes
  72. /ip address
  73. add address=10.0.0.1/24 comment=LAN interface="Bridge Intern" network=\
  74. 10.0.0.0
  75. add address=10.101.0.1/24 comment="WiFi Private" interface=\
  76. "VLAN 101 - Wifi Private" network=10.101.0.0
  77. add address=10.102.0.1/24 comment="WiFi Trusted" interface=\
  78. "VLAN 102 - Wifi Public" network=10.102.0.0
  79. add address=10.103.0.1/24 comment="WiFi Public" interface=\
  80. "VLAN 103 - Wifi Trusted" network=10.103.0.0
  81. add address=172.16.0.1/22 comment="EOIP Tunnels" interface="ether06 - EOIP" \
  82. network=172.16.0.0
  83. /ip cloud
  84. set ddns-enabled=yes
  85. /ip dhcp-client
  86. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  87. interface="ether01 - Telenet" use-peer-dns=no use-peer-ntp=no
  88. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  89. interface="ether02 - Belgacom" use-peer-dns=no use-peer-ntp=no
  90. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  91. interface="ether03 - WB" use-peer-dns=no
  92. /ip dhcp-server lease
  93. add address=10.0.0.11 client-id=1:0:1d:7e:d0:55:7f mac-address=\
  94. 00:1D:7E:D0:55:7F server=Lan
  95. add address=10.0.0.101 client-id=1:0:24:21:10:fd:1 mac-address=\
  96. 00:24:21:10:FD:01 server=Lan
  97. add address=10.0.0.102 always-broadcast=yes client-id=1:0:24:21:10:fd:2 \
  98. mac-address=00:24:21:10:FD:02 server=Lan
  99. add address=10.101.0.112 always-broadcast=yes client-id=1:68:94:23:49:17:97 \
  100. mac-address=68:94:23:49:17:97 server="Wifi Private"
  101. add address=10.0.0.21 always-broadcast=yes client-id=1:0:c:42:fc:8:20 \
  102. mac-address=00:0C:42:FC:08:20 server=Lan
  103. add address=10.101.0.120 always-broadcast=yes client-id=1:70:11:24:14:a4:e8 \
  104. mac-address=70:11:24:14:A4:E8 server="Wifi Private"
  105. add address=10.0.0.18 always-broadcast=yes mac-address=7C:2F:80:59:E7:43 \
  106. server=Lan
  107. add address=10.0.0.103 client-id=1:a4:5d:36:35:b4:2e mac-address=\
  108. A4:5D:36:35:B4:2E server=Lan
  109. add address=10.0.0.31 client-id=1:24:a4:3c:2:1c:21 mac-address=\
  110. 24:A4:3C:02:1C:21 server=Lan
  111. add address=10.0.0.3 client-id=1:4c:5e:c:9f:2f:f1 mac-address=\
  112. 4C:5E:0C:9F:2F:F1 server=Lan
  113. add address=10.0.0.41 mac-address=00:30:48:DB:06:4A server=Lan
  114. add address=10.0.0.51 client-id=1:4:18:d6:26:5c:f0 mac-address=\
  115. 04:18:D6:26:5C:F0 server=Lan
  116. add address=10.0.0.4 always-broadcast=yes client-id=1:d4:ca:6d:f9:14:5d \
  117. mac-address=D4:CA:6D:F9:14:5D server=Lan
  118. add address=10.0.0.42 mac-address=00:30:48:DB:07:5E server=Lan
  119. add address=10.0.0.110 client-id=1:0:11:32:41:9e:b1 mac-address=\
  120. 00:11:32:41:9E:B1 server=Lan
  121. add address=10.0.0.5 client-id=1:e4:8d:8c:81:80:2e mac-address=\
  122. E4:8D:8C:81:80:2E server=Lan
  123. add address=10.0.0.2 client-id=1:d4:ca:6d:f9:14:77 mac-address=\
  124. D4:CA:6D:F9:14:77 server=Lan
  125. add address=10.0.0.92 client-id=1:0:62:6e:56:a1:68 mac-address=\
  126. 00:62:6E:56:A1:68 server=Lan
  127. add address=10.0.0.91 client-id=1:c4:d6:55:39:ca:13 mac-address=\
  128. C4:D6:55:39:CA:13 server=Lan
  129. /ip dhcp-server network
  130. add address=10.0.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  131. 10.0.0.1 netmask=24
  132. add address=10.101.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  133. 10.101.0.1 netmask=24 ntp-server=193.190.198.43
  134. add address=10.102.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  135. 10.102.0.1 netmask=24 ntp-server=193.190.198.43
  136. add address=10.103.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  137. 10.103.0.1 netmask=24 ntp-server=193.190.198.43
  138. add address=10.200.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=it2go.eu gateway=\
  139. 10.200.0.254
  140. add address=172.16.0.0/22 gateway=172.16.0.1
  141. /ip dns
  142. set cache-max-ttl=15m servers=8.8.8.8,8.8.4.4
  143. /ip firewall filter
  144. add action=drop chain=input dst-port=53 in-interface="ether01 - Telenet" \
  145. protocol=udp
  146. add action=drop chain=input dst-port=53 in-interface="ether02 - Belgacom" \
  147. protocol=udp
  148. add action=drop chain=input dst-port=53 in-interface="ether03 - WB" protocol=\
  149. udp
  150. /ip firewall nat
  151. add action=masquerade chain=srcnat comment="Telenet NAT" out-interface=\
  152. "ether01 - Telenet"
  153. add action=masquerade chain=srcnat comment="Belgacom NAT" out-interface=\
  154. "PPPoE Belgacom"
  155. add action=masquerade chain=srcnat comment="NAT Modem" out-interface=ether09
  156. add action=dst-nat chain=dstnat comment="SiHotspot admin access" dst-port=\
  157. 8221 protocol=tcp to-addresses=10.0.0.21 to-ports=8221
  158. add action=dst-nat chain=dstnat comment="SiHotspot admin access" dst-port=\
  159. 8161 protocol=tcp to-addresses=10.0.0.21 to-ports=8161
  160. add action=dst-nat chain=dstnat comment="RPI Temp 01" dst-port=2301 protocol=\
  161. tcp to-addresses=10.0.0.107 to-ports=22
  162. add action=dst-nat chain=dstnat comment="S02 http" dst-port=1081 protocol=tcp \
  163. to-addresses=10.0.0.42 to-ports=80
  164. add action=dst-nat chain=dstnat comment="S01 ssh" dst-port=1022 protocol=tcp \
  165. to-addresses=10.0.0.41 to-ports=22
  166. add action=dst-nat chain=dstnat comment="S02 ssh" dst-port=1023 protocol=tcp \
  167. to-addresses=10.0.0.42 to-ports=22
  168. add action=dst-nat chain=dstnat comment=Routerboard dst-port=10280 protocol=\
  169. tcp to-addresses=10.0.0.124 to-ports=80
  170. add action=dst-nat chain=dstnat comment=UBNT dst-port=10443 protocol=tcp \
  171. to-addresses=10.0.0.119 to-ports=443
  172. add action=dst-nat chain=dstnat comment=UBNT dst-port=10380 protocol=tcp \
  173. to-addresses=10.0.0.119 to-ports=80
  174. add action=dst-nat chain=dstnat comment="SiHotspot SNMP" dst-port=8161 \
  175. protocol=udp to-addresses=10.0.0.21 to-ports=161
  176. add action=dst-nat chain=dstnat comment="NAT Voip ATA" disabled=yes dst-port=\
  177. 10080 protocol=tcp to-addresses=10.0.0.11 to-ports=80
  178. add action=dst-nat chain=dstnat comment="RTP forward ATA" disabled=yes \
  179. dst-port=10050-10099 protocol=udp to-addresses=10.0.0.11 to-ports=\
  180. 10050-10099
  181. add action=dst-nat chain=dstnat comment=NAS01 dst-port=5000 protocol=tcp \
  182. src-address=!10.0.0.0/24 to-addresses=10.0.0.110 to-ports=5000
  183. add action=dst-nat chain=dstnat comment="NAS01 FTP" dst-port=2121 protocol=\
  184. tcp to-addresses=10.0.0.110 to-ports=21
  185. add action=dst-nat chain=dstnat comment="Cam PTZ 01" dst-port=8081 protocol=\
  186. tcp to-addresses=10.101.0.11 to-ports=88
  187. add action=dst-nat chain=dstnat comment="Cam PTZ 02" dst-port=8082 protocol=\
  188. tcp to-addresses=10.101.0.12 to-ports=88
  189. add action=dst-nat chain=dstnat comment="Raspberry01 HTTP" dst-port=8001 \
  190. protocol=tcp to-addresses=10.200.0.1 to-ports=80
  191. add action=dst-nat chain=dstnat comment="Raspberry02 HTTP" dst-port=8002 \
  192. protocol=tcp to-addresses=10.200.0.2 to-ports=80
  193. add action=dst-nat chain=dstnat comment="Raspberry03 HTTP" dst-port=8003 \
  194. protocol=tcp to-addresses=10.200.0.3 to-ports=80
  195. add action=dst-nat chain=dstnat comment="Raspberry04 HTTP" dst-port=8004 \
  196. protocol=tcp to-addresses=10.200.0.4 to-ports=80
  197. add action=dst-nat chain=dstnat comment="Raspberry05 HTTP" dst-port=8005 \
  198. protocol=tcp to-addresses=10.200.0.5 to-ports=80
  199. add action=dst-nat chain=dstnat comment="Raspberry06 HTTP" dst-port=8006 \
  200. protocol=tcp to-addresses=10.200.0.6 to-ports=80
  201. add action=dst-nat chain=dstnat comment="Raspberry07 HTTP" dst-port=8007 \
  202. protocol=tcp to-addresses=10.200.0.7 to-ports=80
  203. add action=dst-nat chain=dstnat comment="Raspberry08 HTTP" dst-port=8008 \
  204. protocol=tcp to-addresses=10.200.0.8 to-ports=80
  205. add action=dst-nat chain=dstnat comment="Raspberry09 HTTP" dst-port=8009 \
  206. protocol=tcp to-addresses=10.200.0.9 to-ports=80
  207. add action=dst-nat chain=dstnat comment="Raspberry10 HTTP" dst-port=8010 \
  208. protocol=tcp to-addresses=10.200.0.10 to-ports=80
  209. add action=dst-nat chain=dstnat comment="Raspberry01 SSH" dst-port=2201 \
  210. protocol=tcp to-addresses=10.200.0.1 to-ports=22
  211. add action=dst-nat chain=dstnat comment="Raspberry01 SSH" dst-port=1022 \
  212. protocol=tcp to-addresses=10.0.0.107 to-ports=22
  213. add action=dst-nat chain=dstnat comment="Raspberry02 SSH" dst-port=2202 \
  214. protocol=tcp to-addresses=10.200.0.2 to-ports=22
  215. add action=dst-nat chain=dstnat comment="Raspberry03 SSH" dst-port=2203 \
  216. protocol=tcp to-addresses=10.200.0.3 to-ports=22
  217. add action=dst-nat chain=dstnat comment="Raspberry04 SSH" dst-port=2204 \
  218. protocol=tcp to-addresses=10.200.0.4 to-ports=22
  219. add action=dst-nat chain=dstnat comment="Raspberry05 SSH" dst-port=2205 \
  220. protocol=tcp to-addresses=10.200.0.5 to-ports=22
  221. add action=dst-nat chain=dstnat comment="Raspberry06 SSH" dst-port=2206 \
  222. protocol=tcp to-addresses=10.200.0.6 to-ports=22
  223. add action=dst-nat chain=dstnat comment="Raspberry07 SSH" dst-port=2207 \
  224. protocol=tcp to-addresses=10.200.0.7 to-ports=22
  225. add action=dst-nat chain=dstnat comment="Raspberry08 SSH" dst-port=2208 \
  226. protocol=tcp to-addresses=10.200.0.8 to-ports=22
  227. add action=dst-nat chain=dstnat comment="Raspberry09 SSH" dst-port=2209 \
  228. protocol=tcp to-addresses=10.200.0.9 to-ports=22
  229. add action=dst-nat chain=dstnat comment="Raspberry10 SSH" dst-port=2210 \
  230. protocol=tcp to-addresses=10.200.0.10 to-ports=22
  231. add action=dst-nat chain=dstnat comment="UBNT mfi http" dst-port=2080 \
  232. protocol=tcp to-addresses=10.0.0.51 to-ports=80
  233. add action=dst-nat chain=dstnat comment=VOIP dst-port=3080 protocol=tcp \
  234. to-addresses=10.0.0.18 to-ports=80
  235. /ip firewall service-port
  236. set sip ports=5060,5070
  237. /ip ipsec policy
  238. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  239. /ip proxy
  240. set cache-path=web-proxy1 parent-proxy=0.0.0.0
  241. /ip service
  242. set telnet disabled=yes port=1223
  243. set ftp disabled=yes
  244. set www port=8080
  245. set ssh disabled=yes port=8022
  246. set api-ssl disabled=yes
  247. /ip upnp
  248. set allow-disable-external-interface=yes enabled=yes
  249. /ip upnp interfaces
  250. add interface=ether10 type=internal
  251. add type=external
  252. add interface="ether01 - Telenet" type=external
  253. /ipv6 address
  254. add address=2001:470:1f15:8e1:101::1 disabled=yes interface=\
  255. "VLAN 101 - Wifi Private"
  256. add address=2001:470:1f15:8e1:102::1 disabled=yes interface=\
  257. "VLAN 102 - Wifi Public"
  258. add address=2001:470:1f15:8e1:103::1 disabled=yes interface=\
  259. "VLAN 103 - Wifi Trusted"
  260. /ipv6 route
  261. add disabled=yes distance=1 dst-address=2000::/3 gateway=2001:470:1f14:8e1::1
  262. add disabled=yes distance=1 dst-address=2000::/3 gateway=2001:470:1f14:8e1::1
  263. /lcd
  264. set backlight-timeout=15m default-screen=informative-slideshow \
  265. read-only-mode=yes
  266. /lcd screen
  267. set 0 timeout=3s
  268. set 1 timeout=3s
  269. set 2 timeout=3s
  270. set 3 timeout=3s
  271. set 4 timeout=3s
  272. set 5 timeout=3s
  273. /snmp
  274. set contact=info@mymail.eu enabled=yes location=Somewhere
  275. /system clock
  276. set time-zone-autodetect=no time-zone-name=Europe/Brussels
  277. /system identity
  278. set name="IT2GO - Router"
  279. /system lcd
  280. set contrast=0 enabled=no port=parallel type=24x4
  281. /system lcd page
  282. set time disabled=no display-time=3s
  283. set resources disabled=no display-time=3s
  284. set uptime disabled=no display-time=3s
  285. set packets disabled=no display-time=3s
  286. set bits disabled=no display-time=3s
  287. set version disabled=no display-time=3s
  288. set identity disabled=no display-time=3s
  289. set "Bridge Intern" disabled=yes display-time=5s
  290. set "sfp01 - LAN" disabled=yes display-time=5s
  291. set "ether01 - Telenet" disabled=yes display-time=5s
  292. set "ether02 - Belgacom" disabled=yes display-time=5s
  293. set "ether03 - WB" disabled=yes display-time=5s
  294. set "ether04 - WiFi" disabled=yes display-time=5s
  295. set ether05 disabled=yes display-time=5s
  296. set "ether06 - EOIP" disabled=yes display-time=5s
  297. set ether07 disabled=yes display-time=5s
  298. set ether08 disabled=yes display-time=5s
  299. set ether09 disabled=yes display-time=5s
  300. set "PPPoE Belgacom" disabled=yes display-time=5s
  301. set ether10 disabled=no display-time=3s
  302. set "VLAN 101 - Wifi Private" disabled=yes display-time=5s
  303. set "VLAN 102 - Wifi Public" disabled=yes display-time=5s
  304. set "VLAN 103 - Wifi Trusted" disabled=yes display-time=5s
  305. /system leds
  306. add interface="sfp01 - LAN" leds="" type=interface-status
  307. /system ntp client
  308. set enabled=yes primary-ntp=195.130.132.18 secondary-ntp=195.13.23.5
  309. /system scheduler
  310. add interval=1d name=Backup on-event=Backup policy=\
  311. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  312. feb/24/2013 start-time=00:00:00
  313. add interval=1d name="DHCP Leases" on-event=DHCP-Leases policy=\
  314. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  315. feb/24/2013 start-time=00:00:00
  316. /system script
  317. add name=Backup policy=\
  318. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export \
  319. file=export;\r\
  320. \n/system backup save name=email;\
  321. \n\r\
  322. \n/tool e-mail send to=\"info@mymail.eu\" subject=([/system identity get na\
  323. me].\" \r\
  324. \nbackup MikroTikBackup\") \r\
  325. \n:log info \"Export e-mail sent.\";\r\
  326. \n\r\
  327. \nfile=email.backup;\r\
  328. \n/tool e-mail send to=\"info@mymail.eu\" subject=([/system identity get na\
  329. me].\" export MikroTikBackup\") \r\
  330. \nfile=export.rsc;\r\
  331. \n\
  332. \n:log info \"Backup e-mail sent.\";"
  333. add name=DHCP-Leases policy=\
  334. ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
  335. i;\r\
  336. \n:local hostip;\r\
  337. \n:local hostname;\r\
  338. \n:local dhcplist \"\";\r\
  339. \n\r\
  340. \n/ip dhcp-server lease;\r\
  341. \n:foreach i in=[find where server=EOIP] do={\r\
  342. \n :set hostname [get \$i host-name];\r\
  343. \n :set hostip [get \$i address];\r\
  344. \n :set dhcplist ( \$dhcplist . \$hostname . \" \" . \"\$hostip . \"\\n\"\
  345. \_)\r\
  346. \n}\r\
  347. \n/tool e-mail send to=info@it2go.eu subject=\"DHCP Leases EOIP\" body=\$d\
  348. hcplist;\r\
  349. \n"
  350. /tool e-mail
  351. set address=74.125.136.108 from=kris.de.rocker@mymail.com password=justapassword \
  352. port=587 start-tls=yes user=kris.de.rocker
  353. /tool graphing interface
  354. add
  355. /tool graphing resource
  356. add
  357. /tool romon port
  358. add disabled=no
  359. /tool sniffer
  360. set filter-stream=yes
  361. /tool user-manager database
  362. set db-path=/user-manager1
RAW Paste Data