API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2018
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
raw download clone embed print report
  1. by RouterOS 6.42.6
  2. # software id = L8H0-7ANR
  3. #
  4. # model = RouterBOARD 750G r3
  5. # serial number = 6F380701352E
  6. /interface bridge
  7. add fast-forward=no name=LAN
  8. /interface ethernet
  9. set [ find default-name=ether1 ] comment=WAN
  10. set [ find default-name=ether2 ] comment=LAN name=ether2-master
  11. /interface pppoe-client
  12. add add-default-route=yes allow=mschap1,mschap2 default-route-distance=0 \
  13. disabled=no interface=ether1 keepalive-timeout=60 name=TTK password=\
  14. use-peer-dns=yes user=
  15. /interface list
  16. add exclude=dynamic name=discover
  17. add name=mactel
  18. add name=mac-winbox
  19. /interface wireless security-profiles
  20. set [ find default=yes ] supplicant-identity=UHTO-PROM
  21. /ip hotspot profile
  22. set [ find default=yes ] html-directory=flash/hotspot
  23. /ip ipsec proposal
  24. set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
  25. aes-256-cbc,aes-256-ctr,aes-192-cbc,aes-128-cbc,3des pfs-group=none
  26. /ip pool
  27. add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.200
  28. add name=L2TP ranges=10.0.0.1-10.0.0.10
  29. /ip dhcp-server
  30. add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
  31. interface=LAN name=dhcp1
  32. /ppp profile
  33. add local-address=L2TP name=L2TP remote-address=L2TP
  34. /snmp community
  35. set [ find default=yes ] addresses=0.0.0.0/0
  36. /interface bridge port
  37. add bridge=LAN hw=no interface=ether2-master
  38. add bridge=LAN hw=no interface=ether3
  39. add bridge=LAN hw=no interface=ether4
  40. add bridge=LAN hw=no interface=ether5
  41. /ip neighbor discovery-settings
  42. set discover-interface-list=discover
  43. /interface l2tp-server server
  44. set authentication=mschap1,mschap2 default-profile=L2TP enabled=yes \
  45. ipsec-secret=123456789 use-ipsec=yes
  46. /interface list member
  47. add interface=ether2-master list=discover
  48. add interface=ether3 list=discover
  49. add interface=ether4 list=discover
  50. add interface=ether5 list=discover
  51. add interface=LAN list=discover
  52. add interface=ether2-master list=mactel
  53. add interface=ether2-master list=mac-winbox
  54. /ip address
  55. add address=192.168.2.1/24 comment=defconf interface=ether2-master network=\
  56. 192.168.2.0
  57. /ip dhcp-client
  58. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
  59. /ip dhcp-server lease
  60. add address=192.168.2.211 mac-address=40:F4:13:42:1D:B2 server=dhcp1
  61. /ip dhcp-server network
  62. add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
  63. /ip dns
  64. set allow-remote-requests=yes servers=8.8.8.8
  65. /ip dns static
  66. add address=192.168.88.1 name=router
  67. /ip firewall address-list
  68. add address=0.0.0.0/8 list=BOGON
  69. add address=10.0.0.0/8 list=BOGON
  70. add address=100.64.0.0/10 list=BOGON
  71. add address=127.0.0.0/8 list=BOGON
  72. add address=169.254.0.0/16 list=BOGON
  73. add address=172.16.0.0/12 list=BOGON
  74. add address=192.0.0.0/24 list=BOGON
  75. add address=192.0.2.0/24 list=BOGON
  76. add address=192.168.0.0/16 list=BOGON
  77. add address=198.18.0.0/15 list=BOGON
  78. add address=198.51.100.0/24 list=BOGON
  79. add address=203.0.113.0/24 list=BOGON
  80. add address=224.0.0.0/4 list=BOGON
  81. add address=240.0.0.0/4 list=BOGON
  82. /ip firewall filter
  83. add action=accept chain=input dst-port=1701,500,4500 protocol=udp
  84. add action=accept chain=input comment="permit SSH 65523 and winbox 8291" \
  85. dst-port=65523,8391,80 protocol=tcp
  86. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  87. add action=accept chain=input in-interface=TTK protocol=ipsec-esp
  88. add action=accept chain=input dst-port=1723 protocol=tcp
  89. add action=accept chain=forward comment="allow vpn to lan" disabled=yes \
  90. in-interface=TTK out-interface=ether2-master src-address=10.0.0.0/24
  91. add action=accept chain=input comment="defconf: accept established,related" \
  92. connection-state=established,related
  93. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  94. connection-state=established,related
  95. add action=accept chain=forward comment="defconf: accept established,related" \
  96. connection-state=established,related
  97. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  98. invalid
  99. add action=drop chain=input in-interface=TTK
  100. /ip firewall nat
  101. add action=masquerade chain=srcnat comment="defconf: masquerade"
  102. /ip route
  103. add distance=1 dst-address=10.0.0.0/24 gateway=*F00009
  104. /ip service
  105. set telnet disabled=yes
  106. set ftp disabled=yes
  107. set www address=192.168.2.0/24
  108. set api-ssl disabled=yes
  109. /ip smb shares
  110. set [ find default=yes ] directory=/pub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!