API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 20th, 2020
441
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.87 KB | None | 0 0
raw download clone embed print report
  1. # mar/20/2020 17:48:08 by RouterOS 6.46.4
  2. # software id = D0RZ-Z0QJ
  3. #
  4. # model = RB962UiGS-5HacT2HnT
  5. # serial number = BEC40A57A931
  6. /interface bridge
  7. add name=bridge-main
  8. add name=bridge-wlan
  9. /interface ethernet
  10. set [ find default-name=ether1 ] name=ether1-wan
  11. set [ find default-name=ether2 ] name=ether2-wan
  12. set [ find default-name=ether3 ] name=ether3-wan
  13. set [ find default-name=ether4 ] name=ether4-lan
  14. set [ find default-name=ether5 ] name=ether5-trust
  15. set [ find default-name=sfp1 ] disabled=yes
  16. /interface wireless
  17. set [ find default-name=wlan1 ] band=2ghz-b/g/n country=ukraine disabled=no \
  18. frequency=auto mode=ap-bridge ssid=IvaHouse-2.4GHz wireless-protocol=\
  19. 802.11
  20. set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=ukraine disabled=no \
  21. frequency=auto mode=ap-bridge ssid=IvaHouse-5GHz wireless-protocol=802.11
  22. /interface vlan
  23. add interface=ether5-trust name=vlan-srv157 vlan-id=157
  24. add interface=ether5-trust name=vlan-srv158 vlan-id=158
  25. add interface=ether5-trust name=vlan-usr192 vlan-id=192
  26. add interface=bridge-wlan name=vlan-wlan vlan-id=168
  27. /interface list
  28. add name=WAN
  29. add name=LAN
  30. /interface wireless security-profiles
  31. set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
  32. dynamic-keys supplicant-identity=MikroTik
  33. /ip hotspot profile
  34. set [ find default=yes ] html-directory=flash/hotspot
  35. /ip pool
  36. add name=dhcp ranges=10.0.10.100-10.0.10.199
  37. add name=dhcp-srv157 ranges=10.0.20.100-10.0.20.199
  38. add name=dhcp-srv158 ranges=10.0.30.100-10.0.30.199
  39. add name=dhcp-usr192 ranges=192.168.10.100-192.168.10.199
  40. add name=dhcp-wlan ranges=192.168.0.100-192.168.0.199
  41. /ip dhcp-server
  42. add address-pool=dhcp disabled=no interface=bridge-main name=dhcp-main
  43. add address-pool=dhcp-srv157 disabled=no interface=vlan-srv157 name=\
  44. dhcp-srv157
  45. add address-pool=dhcp-srv158 disabled=no interface=vlan-srv158 name=\
  46. dhcp-srv158
  47. add address-pool=dhcp-usr192 disabled=no interface=vlan-usr192 name=\
  48. dhcp-usr192
  49. add address-pool=dhcp-wlan disabled=no interface=bridge-wlan name=dhcp-wlan
  50. /interface bridge port
  51. add bridge=bridge-main interface=ether4-lan
  52. add bridge=bridge-main interface=ether5-trust
  53. add bridge=bridge-wlan interface=wlan2
  54. add bridge=bridge-wlan interface=wlan1
  55. add bridge=bridge-wlan interface=vlan-wlan
  56. /ip neighbor discovery-settings
  57. set discover-interface-list=LAN
  58. /interface detect-internet
  59. set detect-interface-list=all
  60. /interface ethernet switch vlan
  61. add independent-learning=no ports=ether5-trust switch=switch1 vlan-id=1
  62. add independent-learning=no ports=ether5-trust switch=switch1 vlan-id=157
  63. add independent-learning=no ports=ether5-trust switch=switch1 vlan-id=158
  64. /interface list member
  65. add interface=ether1-wan list=WAN
  66. add interface=bridge-main list=LAN
  67. /ip address
  68. add address=10.0.10.251/24 interface=ether4-lan network=10.0.10.0
  69. add address=10.0.20.251/24 interface=vlan-srv157 network=10.0.20.0
  70. add address=10.0.30.251/24 interface=vlan-srv158 network=10.0.30.0
  71. add address=192.168.10.251/24 interface=vlan-usr192 network=192.168.10.0
  72. add address=192.168.0.251/24 interface=bridge-wlan network=192.168.0.0
  73. /ip dhcp-client
  74. add disabled=no interface=ether1-wan
  75. add disabled=no interface=ether2-wan
  76. add disabled=no interface=ether3-wan
  77. /ip dhcp-server network
  78. add address=10.0.10.0/24 dns-server=193.25.176.1,193.25.176.100 domain=\
  79. rd.main gateway=10.0.10.251 netmask=24
  80. add address=10.0.20.0/24 dns-server=193.25.176.1,193.25.176.100 domain=rd.srv \
  81. gateway=10.0.20.251 netmask=24
  82. add address=10.0.30.0/24 dns-server=193.25.176.1,193.25.176.100 domain=rd.srv \
  83. gateway=10.0.30.251 netmask=24
  84. add address=192.168.0.0/24 dns-server=193.25.176.1,193.25.176.100 domain=\
  85. rd.user gateway=192.168.0.251 netmask=24
  86. add address=192.168.10.0/24 dns-server=193.25.176.1,193.25.176.100 domain=\
  87. rd.user gateway=192.168.10.251 netmask=24
  88. /ip dns
  89. set allow-remote-requests=yes
  90. /ip firewall address-list
  91. add address=10.0.10.0/24 list=localnet
  92. add address=10.0.20.0/24 list=localnet
  93. add address=10.0.30.0/24 list=localnet
  94. /ip firewall filter
  95. add action=accept chain=input protocol=icmp
  96. add action=accept chain=input connection-state=established
  97. add action=accept chain=input connection-state=related
  98. add action=drop chain=input in-interface-list=!LAN
  99. add action=accept chain=input dst-port=80 protocol=tcp
  100. /ip firewall mangle
  101. add action=mark-connection chain=input dst-address=193.***.***.156 \
  102. in-interface=ether1-wan new-connection-mark=156 passthrough=yes
  103. add action=mark-connection chain=input dst-address=193.***.***.157 \
  104. in-interface=ether2-wan new-connection-mark=157 passthrough=yes
  105. add action=mark-connection chain=input dst-address=193.***.***.158 \
  106. in-interface=ether3-wan new-connection-mark=158 passthrough=yes
  107. add action=mark-routing chain=output connection-mark=156 new-routing-mark=\
  108. 156-ip out-interface=ether1-wan passthrough=yes src-address=10.0.10.0/24
  109. add action=mark-routing chain=output connection-mark=156 new-routing-mark=\
  110. 156-ip out-interface=ether1-wan passthrough=yes src-address=\
  111. 192.168.0.0/24
  112. add action=mark-routing chain=output connection-mark=156 new-routing-mark=\
  113. 156-ip out-interface=ether1-wan passthrough=yes src-address=\
  114. 192.168.10.0/24
  115. add action=mark-routing chain=output connection-mark=157 new-routing-mark=\
  116. 157-ip out-interface=ether2-wan passthrough=yes src-address=10.0.20.0/24
  117. add action=mark-routing chain=output connection-mark=158 new-routing-mark=\
  118. 158-ip out-interface=ether3-wan passthrough=yes src-address=10.0.30.0/24
  119. /ip firewall nat
  120. add action=masquerade chain=srcnat out-interface-list=WAN
  121. add action=masquerade chain=srcnat out-interface=ether1-wan
  122. add action=masquerade chain=srcnat out-interface=ether2-wan
  123. add action=masquerade chain=srcnat out-interface=ether3-wan
  124. add action=src-nat chain=srcnat disabled=yes out-interface=ether1-wan \
  125. src-address=10.0.10.0/24 to-addresses=193.***.***.156
  126. add action=src-nat chain=srcnat disabled=yes out-interface=ether2-wan \
  127. src-address=10.0.20.0/24 to-addresses=193.***.***.157
  128. add action=src-nat chain=srcnat disabled=yes out-interface=ether3-wan \
  129. src-address=10.0.30.0/24 to-addresses=193.***.***.158
  130. add action=src-nat chain=srcnat disabled=yes out-interface=ether1-wan \
  131. src-address=192.168.0.0/24 to-addresses=193.***.***.156
  132. add action=src-nat chain=srcnat disabled=yes out-interface=ether1-wan \
  133. src-address=192.168.10.0/24 to-addresses=193.***.***.156
  134. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=8080 \
  135. protocol=tcp to-addresses=10.0.20.25 to-ports=8080
  136. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=80 \
  137. protocol=tcp to-addresses=10.0.20.25 to-ports=80
  138. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=443 \
  139. protocol=tcp to-addresses=10.0.20.25 to-ports=443
  140. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=25 \
  141. protocol=tcp to-addresses=10.0.20.25 to-ports=25
  142. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=587 \
  143. protocol=tcp to-addresses=10.0.20.25 to-ports=587
  144. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=465 \
  145. protocol=tcp to-addresses=10.0.20.25 to-ports=465
  146. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=110 \
  147. protocol=tcp to-addresses=10.0.20.25 to-ports=110
  148. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=995 \
  149. protocol=tcp to-addresses=10.0.20.25 to-ports=995
  150. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=993 \
  151. protocol=tcp to-addresses=10.0.20.25 to-ports=993
  152. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=53 \
  153. protocol=tcp to-addresses=10.0.20.25 to-ports=53
  154. add action=netmap chain=dstnat dst-address=193.***.***.157 dst-port=3306 \
  155. protocol=tcp to-addresses=10.0.20.25 to-ports=3306
  156. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=8080 \
  157. protocol=tcp to-addresses=10.0.30.35 to-ports=8080
  158. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=80 \
  159. protocol=tcp to-addresses=10.0.30.35 to-ports=80
  160. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=443 \
  161. protocol=tcp to-addresses=10.0.30.35 to-ports=443
  162. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=25 \
  163. protocol=tcp to-addresses=10.0.30.35 to-ports=25
  164. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=587 \
  165. protocol=tcp to-addresses=10.0.30.35 to-ports=587
  166. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=465 \
  167. protocol=tcp to-addresses=10.0.30.35 to-ports=465
  168. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=110 \
  169. protocol=tcp to-addresses=10.0.30.35 to-ports=110
  170. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=995 \
  171. protocol=tcp to-addresses=10.0.30.35 to-ports=995
  172. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=993 \
  173. protocol=tcp to-addresses=10.0.30.35 to-ports=993
  174. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=53 \
  175. protocol=tcp to-addresses=10.0.30.35 to-ports=53
  176. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=3306 \
  177. protocol=tcp to-addresses=10.0.30.35 to-ports=3306
  178. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=1500 \
  179. protocol=tcp to-addresses=10.0.30.35 to-ports=1500
  180. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=8006 \
  181. protocol=tcp to-addresses=10.0.30.30 to-ports=8006
  182. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=86 \
  183. protocol=tcp to-addresses=10.0.30.30 to-ports=22
  184. add action=netmap chain=dstnat dst-address=193.***.***.158 dst-port=22 \
  185. protocol=tcp to-addresses=10.0.30.35 to-ports=22
  186. add action=netmap chain=dstnat dst-address=193.***.***.156 dst-port=27016 \
  187. protocol=tcp to-addresses=10.0.10.10 to-ports=27016
  188. /ip route
  189. add distance=1 gateway=193.25.176.1%ether1-wan routing-mark=156-ip
  190. add distance=1 gateway=193.25.176.1%ether2-wan routing-mark=157-ip
  191. add distance=1 gateway=193.25.176.1%ether3-wan routing-mark=158-ip
  192. /ip route rule
  193. add action=lookup-only-in-table dst-address=10.0.0.0/8 table=main
  194. add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main
  195. add src-address=193.***.***.156/32 table=156-ip
  196. add src-address=193.***.***.157/32 table=157-ip
  197. add src-address=193.***.***.158/32 table=158-ip
  198. add src-address=10.0.10.0/24 table=156-ip
  199. add src-address=10.0.20.0/24 table=157-ip
  200. add src-address=10.0.30.0/24 table=158-ip
  201. add src-address=192.168.0.0/24 table=156-ip
  202. add src-address=192.168.10.0/24 table=156-ip
  203. /ip upnp
  204. set enabled=yes
  205. /ip upnp interfaces
  206. add interface=bridge-main type=internal
  207. add interface=ether1-wan type=external
  208. /system clock
  209. set time-zone-name=Europe/Kiev
  210. /system identity
  211. set name=rd-router
  212. /tool mac-server
  213. set allowed-interface-list=LAN
  214. /tool mac-server mac-winbox
  215. set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!