Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- by RouterOS 6.42.6
- # software id = L8H0-7ANR
- #
- # model = RouterBOARD 750G r3
- # serial number = 6F380701352E
- /interface bridge
- add fast-forward=no name=LAN
- /interface ethernet
- set [ find default-name=ether1 ] comment=WAN
- set [ find default-name=ether2 ] comment=LAN name=ether2-master
- /interface pppoe-client
- add add-default-route=yes allow=mschap1,mschap2 default-route-distance=0 \
- disabled=no interface=ether1 keepalive-timeout=60 name=TTK password=\
- use-peer-dns=yes user=
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=UHTO-PROM
- /ip hotspot profile
- set [ find default=yes ] html-directory=flash/hotspot
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
- aes-256-cbc,aes-256-ctr,aes-192-cbc,aes-128-cbc,3des pfs-group=none
- /ip pool
- add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.200
- add name=L2TP ranges=10.0.0.1-10.0.0.10
- /ip dhcp-server
- add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
- interface=LAN name=dhcp1
- /ppp profile
- add local-address=L2TP name=L2TP remote-address=L2TP
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0
- /interface bridge port
- add bridge=LAN hw=no interface=ether2-master
- add bridge=LAN hw=no interface=ether3
- add bridge=LAN hw=no interface=ether4
- add bridge=LAN hw=no interface=ether5
- /ip neighbor discovery-settings
- set discover-interface-list=discover
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=L2TP enabled=yes \
- ipsec-secret=123456789 use-ipsec=yes
- /interface list member
- add interface=ether2-master list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=ether5 list=discover
- add interface=LAN list=discover
- add interface=ether2-master list=mactel
- add interface=ether2-master list=mac-winbox
- /ip address
- add address=192.168.2.1/24 comment=defconf interface=ether2-master network=\
- 192.168.2.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
- /ip dhcp-server lease
- add address=192.168.2.211 mac-address=40:F4:13:42:1D:B2 server=dhcp1
- /ip dhcp-server network
- add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=0.0.0.0/8 list=BOGON
- add address=10.0.0.0/8 list=BOGON
- add address=100.64.0.0/10 list=BOGON
- add address=127.0.0.0/8 list=BOGON
- add address=169.254.0.0/16 list=BOGON
- add address=172.16.0.0/12 list=BOGON
- add address=192.0.0.0/24 list=BOGON
- add address=192.0.2.0/24 list=BOGON
- add address=192.168.0.0/16 list=BOGON
- add address=198.18.0.0/15 list=BOGON
- add address=198.51.100.0/24 list=BOGON
- add address=203.0.113.0/24 list=BOGON
- add address=224.0.0.0/4 list=BOGON
- add address=240.0.0.0/4 list=BOGON
- /ip firewall filter
- add action=accept chain=input dst-port=1701,500,4500 protocol=udp
- add action=accept chain=input comment="permit SSH 65523 and winbox 8291" \
- dst-port=65523,8391,80 protocol=tcp
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input in-interface=TTK protocol=ipsec-esp
- add action=accept chain=input dst-port=1723 protocol=tcp
- add action=accept chain=forward comment="allow vpn to lan" disabled=yes \
- in-interface=TTK out-interface=ether2-master src-address=10.0.0.0/24
- add action=accept chain=input comment="defconf: accept established,related" \
- connection-state=established,related
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related" \
- connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=input in-interface=TTK
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade"
- /ip route
- add distance=1 dst-address=10.0.0.0/24 gateway=*F00009
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www address=192.168.2.0/24
- set api-ssl disabled=yes
- /ip smb shares
- set [ find default=yes ] directory=/pub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement