API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2021
181
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.27 KB | None | 0 0
raw download clone embed print report
  1. # nov/23/2021 20:43:28 by RouterOS 6.49.1
  2. # software id = 7KG8-9573
  3. #
  4. # model = RB760iGS
  5. # serial number = D4500F0CA973
  6. /interface bridge
  7. add admin-mac=DC:2C:6E:0B:34:89 auto-mac=no comment=defconf name=bridge
  8. /interface list
  9. add comment=defconf name=WAN
  10. add comment=defconf name=LAN
  11. /interface wireless security-profiles
  12. set [ find default=yes ] supplicant-identity=MikroTik
  13. /ip pool
  14. add name=dhcp_pool1 ranges=10.0.0.50-10.0.0.250
  15. add name=l2tp_pool ranges=10.0.1.100-10.0.1.150
  16. /ip dhcp-server
  17. add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
  18. /ppp profile
  19. add dns-server=1.1.1.1,1.0.0.1 local-address=10.0.0.1 name=L2TP-Profile remote-address=l2tp_pool
  20. /interface bridge port
  21. add bridge=bridge comment=defconf interface=ether2
  22. add bridge=bridge comment=defconf interface=ether3
  23. add bridge=bridge comment=defconf interface=ether4
  24. add bridge=bridge comment=defconf interface=ether5
  25. add bridge=bridge comment=defconf interface=sfp1
  26. /ip neighbor discovery-settings
  27. set discover-interface-list=LAN
  28. /interface l2tp-server server
  29. set enabled=yes one-session-per-host=yes use-ipsec=required
  30. /interface list member
  31. add comment=defconf interface=bridge list=LAN
  32. add comment=defconf interface=ether1 list=WAN
  33. /ip address
  34. add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
  35. /ip dhcp-client
  36. add comment=defconf disabled=no interface=ether1
  37. /ip dhcp-server lease
  38. add address=10.0.0.20 client-id=1:10:7b:44:93:bd:8f mac-address=10:7B:44:93:BD:8F server=dhcp1
  39. add address=10.0.0.6 client-id=1:8:0:27:f5:4f:f3 mac-address=08:00:27:F5:4F:F3 server=dhcp1
  40. add address=10.0.0.10 client-id=1:0:8:9b:d6:1:c7 mac-address=00:08:9B:D6:01:C7 server=dhcp1
  41. add address=10.0.0.25 client-id=ff:27:6c:48:dd:0:1:0:1:29:2d:15:34:8:0:27:6c:48:dd mac-address=08:00:27:6C:48:DD \
  42. server=dhcp1
  43. /ip dhcp-server network
  44. add address=10.0.0.0/24 comment=defconf dns-server=1.1.1.1,1.0.0.1 gateway=10.0.0.1 netmask=24
  45. /ip dns
  46. set allow-remote-requests=yes
  47. /ip dns static
  48. add address=10.0.0.1 comment=defconf name=router.lan
  49. /ip firewall filter
  50. add action=accept chain=input comment="Tillat VPN connections" dst-port=500,1701,4500 in-interface=ether1 protocol=\
  51. udp
  52. add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
  53. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
  54. established,related,untracked
  55. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  56. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  57. add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  58. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
  59. add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  60. add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  61. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
  62. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
  63. established,related,untracked
  64. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  65. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  66. connection-state=new in-interface-list=WAN
  67. /ip firewall nat
  68. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
  69. add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=443
  70. add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=80
  71. add action=dst-nat chain=dstnat dst-port=22 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=22
  72. add action=masquerade chain=srcnat dst-address=10.0.0.25 out-interface=all-ethernet protocol=tcp src-address=\
  73. 10.0.0.0/24
  74. /ppp secret
  75. add name=asd profile=L2TP-Profile service=l2tp
  76. /system clock
  77. set time-zone-name=Europe/Oslo
  78. /system identity
  79. set name=MikroTik-hEX-S
  80. /tool mac-server
  81. set allowed-interface-list=LAN
  82. /tool mac-server mac-winbox
  83. set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!