API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 12th, 2019
185
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.57 KB | None | 0 0
raw download clone embed print report
  1. # dec/12/2019 22:16:36 by RouterOS 6.46
  2. # software id =
  3. #
  4. #
  5. #
  6. /interface ethernet
  7. set [ find default-name=ether1 ] comment="to ISP1"
  8. set [ find default-name=ether2 ] comment="to ISP2"
  9. set [ find default-name=ether3 ] comment="to LAN1"
  10. set [ find default-name=ether4 ] comment="to LAN2"
  11. set [ find default-name=ether5 ] comment=MGMT
  12. /interface list
  13. add comment="For Internet" name=WAN
  14. add comment="For Local Area" name=LAN
  15. /interface wireless security-profiles
  16. set [ find default=yes ] supplicant-identity=MikroTik
  17. /ip pool
  18. add name=dhcp_pool0 ranges=192.168.88.1-192.168.88.253
  19. add name=dhcp_pool1 ranges=172.16.100.2-172.16.100.254
  20. /ip dhcp-server
  21. add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1
  22. add address-pool=dhcp_pool1 disabled=no interface=ether4 name=dhcp2
  23. /interface list member
  24. add comment=ISP1 interface=ether1 list=WAN
  25. add comment=ISP2 interface=ether2 list=WAN
  26. add comment=LAN1 interface=ether3 list=LAN
  27. add comment=LAN2 interface=ether4 list=LAN
  28. /ip address
  29. add address=192.168.88.254/24 comment="LAN1 IP" interface=ether3 network=\
  30. 192.168.88.0
  31. add address=172.16.100.1/24 comment="LAN2 IP" interface=ether4 network=\
  32. 172.16.100.0
  33. add address=88.88.88.2/29 comment=ISP1 interface=ether1 network=88.88.88.0
  34. add address=44.44.44.2/29 comment=ISP2 interface=ether2 network=44.44.44.0
  35. /ip dhcp-client
  36. add disabled=no interface=ether1
  37. /ip dhcp-server network
  38. add address=172.16.100.0/24 gateway=172.16.100.1
  39. add address=192.168.88.0/24 gateway=192.168.88.254
  40. /ip dns
  41. set servers=77.88.8.88,77.88.8.2
  42. /ip firewall address-list
  43. add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
  44. add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
  45. add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=\
  46. BOGONS
  47. add address=127.0.0.0/8 comment=Loopback list=BOGONS
  48. add address=169.254.0.0/16 comment="Link Local" list=BOGONS
  49. add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
  50. add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
  51. add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
  52. add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
  53. add address=198.18.0.0/15 comment=\
  54. "Network Interconnect Device Benchmark Testing" list=BOGONS
  55. add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
  56. add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
  57. add address=224.0.0.0/4 comment=Multicast list=BOGONS
  58. add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
  59. add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
  60. add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
  61. /ip firewall filter
  62. add action=jump chain=input comment="ICMP from ALL" jump-target=icmp \
  63. protocol=icmp
  64. add action=accept chain=input comment="Related Established Untracked Allow" \
  65. connection-state=established,related,untracked
  66. add action=accept chain=forward comment=\
  67. "Established, Related, Untracked allow" connection-state=\
  68. established,related,untracked
  69. add action=drop chain=input comment="Invalid Drop WAN" connection-state=\
  70. invalid in-interface-list=WAN
  71. add action=drop chain=input comment="All other WAN Drop" in-interface-list=\
  72. WAN
  73. add action=drop chain=forward comment="Invalid drop" connection-state=invalid
  74. add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
  75. connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  76. add action=accept chain=icmp comment="ICMP echo reply" icmp-options=0:0 \
  77. protocol=icmp
  78. add action=accept chain=icmp comment="ICMP echo request" icmp-options=8:0 \
  79. protocol=icmp
  80. add action=accept chain=icmp comment="ICMP time exceeded" icmp-options=11:0 \
  81. protocol=icmp
  82. add action=drop chain=icmp comment="DROP other icmp type" protocol=icmp
  83. /ip firewall mangle
  84. add action=mark-connection chain=prerouting comment="Connmark in from ISP1" \
  85. connection-mark=no-mark in-interface=ether1 new-connection-mark=conn_isp1 \
  86. passthrough=no
  87. add action=mark-connection chain=prerouting comment="Connmark in from ISP2" \
  88. connection-mark=no-mark in-interface=ether2 new-connection-mark=conn_isp2 \
  89. passthrough=no
  90. add action=mark-routing chain=prerouting comment=\
  91. "Routemark transit out via ISP1" connection-mark=conn_isp1 \
  92. dst-address-type=!local in-interface-list=!WAN new-routing-mark=to_isp1 \
  93. passthrough=no
  94. add action=mark-routing chain=prerouting comment=\
  95. "Routemark transit out via ISP2" connection-mark=conn_isp2 \
  96. dst-address-type=!local in-interface-list=!WAN new-routing-mark=to_isp2 \
  97. passthrough=no
  98. add action=mark-routing chain=output comment="Routemark local out via ISP1" \
  99. connection-mark=conn_isp1 dst-address-type=!local new-routing-mark=\
  100. to_isp1 passthrough=no
  101. add action=mark-routing chain=output comment="Routemark local out via ISP2" \
  102. connection-mark=conn_isp2 dst-address-type=!local new-routing-mark=\
  103. to_isp2 passthrough=no
  104. add action=mark-routing chain=prerouting comment="LAN load balancing Lan1" \
  105. dst-address-type=!local in-interface=!ether1 new-routing-mark=to_isp1 \
  106. passthrough=no per-connection-classifier=both-addresses-and-ports:2/0
  107. add action=mark-routing chain=prerouting dst-address-type=!local \
  108. in-interface=!ether1 new-routing-mark=to_isp2 passthrough=no \
  109. per-connection-classifier=both-addresses-and-ports:2/1
  110. add action=mark-routing chain=prerouting comment="LAN load balancing Lan2" \
  111. dst-address-type=!local in-interface=!ether2 new-routing-mark=to_isp1 \
  112. passthrough=no per-connection-classifier=both-addresses-and-ports:2/0
  113. add action=mark-routing chain=prerouting dst-address-type=!local \
  114. in-interface=!ether2 new-routing-mark=to_isp2 passthrough=no \
  115. per-connection-classifier=both-addresses-and-ports:2/1
  116. /ip firewall nat
  117. add action=src-nat chain=srcnat comment="Hairpin to LAN1" disabled=yes \
  118. out-interface=ether3 src-address=192.168.88.0/24 to-addresses=\
  119. 192.168.88.254
  120. add action=src-nat chain=srcnat comment="NAT via ISP1" ipsec-policy=out,none \
  121. out-interface=ether1 to-addresses=88.88.88.2
  122. add action=src-nat chain=srcnat comment="NAT via ISP2" ipsec-policy=out,none \
  123. out-interface=ether2 to-addresses=44.44.44.2
  124. /ip firewall service-port
  125. set ftp disabled=yes
  126. set tftp disabled=yes
  127. set irc disabled=yes
  128. set h323 disabled=yes
  129. set sip disabled=yes
  130. set pptp disabled=yes
  131. set udplite disabled=yes
  132. set dccp disabled=yes
  133. set sctp disabled=yes
  134. /ip route
  135. add comment="Marked via ISP1 Main" distance=1 gateway=4.2.2.1 routing-mark=\
  136. to_isp1
  137. add comment="Marked via ISP1 Backup1" distance=2 gateway=4.2.2.2 \
  138. routing-mark=to_isp1
  139. add comment="Marked via ISP2 Main" distance=1 gateway=4.2.2.2 routing-mark=\
  140. to_isp2
  141. add comment="Marked via ISP2 Backup1" distance=2 gateway=4.2.2.1 \
  142. routing-mark=to_isp2
  143. add check-gateway=ping comment="Unmarked via ISP1" distance=2 gateway=4.2.2.1
  144. add check-gateway=ping comment="Unmarked via ISP2" distance=2 gateway=4.2.2.2
  145. add comment="Emergency route" distance=254 type=blackhole
  146. add check-gateway=ping comment="For recursion via ISP1" distance=1 \
  147. dst-address=4.2.2.1/32 gateway=88.88.88.1 scope=10
  148. add check-gateway=ping comment="For recursion via ISP2" distance=1 \
  149. dst-address=4.2.2.2/32 gateway=44.44.44.2 scope=10
  150. /ip route rule
  151. add comment="From ISP1 IP to Inet" routing-mark=to_isp1 table=to_isp1
  152. add comment="From ISP2 IP to Inet" routing-mark=to_isp2 table=to_isp2
  153. add comment="to LAN1" dst-address=192.168.88.0/24 table=main
  154. add comment="to LAN2" dst-address=172.16.100.0/24 table=main
  155. /system clock
  156. set time-zone-name=Europe/Moscow
  157. /system identity
  158. set name=Core-CHR
  159. /system ntp client
  160. set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.227
  161. /tool romon
  162. set enabled=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!