# feb/05/2018 08:45:50 by RouterOS 6.41# # model = RouterBOARD 3011UiAS#

1. # feb/05/2018 08:45:50 by RouterOS 6.41
2. #  
3. # model = RouterBOARD 3011UiAS
4. # serial number =  
5. /interface bridge
6. add admin-mac=xxxxxxxxxxxx auto-mac=no comment=defconf fast-forward=no \
7.     name=bridge
8. /interface ethernet
9. set [ find default-name=ether1 ] comment=VIdeo
10. set [ find default-name=ether2 ] comment=R-Line
11. set [ find default-name=ether3 ] comment=ELCO
12. set [ find default-name=ether5 ] arp=proxy-arp comment=LAN
13. set [ find default-name=ether6 ] comment=Other name=ether6-master
14. set [ find default-name=sfp1 ] disabled=yes
15.  
16. /interface eoip
17. add !keepalive mac-address=02:C4:B7:5D:F9:DF name=eoip-over-ellco \
18.     remote-address=172.16.16.15 tunnel-id=14
19. add !keepalive mac-address=02:DC:54:37:AE:6B name=eoip-over-local \
20.     remote-address=172.16.16.11 tunnel-id=10
21. add !keepalive mac-address=02:C4:B7:5D:F9:DF mtu=1480 name=eoip-over-rline \
22.     remote-address=172.16.16.13 tunnel-id=12
23. /interface list
24. add name=wan
25. add exclude=dynamic name=discover
26. add name=mactel
27. add name=mac-winbox
28. /interface wireless security-profiles
29. set [ find default=yes ] supplicant-identity=MikroTik
30. /ip dhcp-server
31. add authoritative=after-2sec-delay interface=bridge name=defconf
32. /ip pool
33. add name=default-dhcp ranges=192.168.0.10-192.168.0.30
34. add name=vpn_clients ranges=192.168.192.20-192.168.192.253
35. /ppp profile
36. add local-address=192.168.192.1 name=vpn_client_profile remote-address=\
37.     vpn_clients
38. add change-tcp-mss=yes name=rline use-compression=yes use-encryption=yes \
39.     use-mpls=yes use-upnp=yes
40.  
41.  
42. /interface bridge port
43. add bridge=bridge hw=no interface=ether5
44. add bridge=bridge interface=eoip-over-ellco
45. add bridge=bridge interface=eoip-over-local
46. add bridge=bridge interface=eoip-over-rline
47. /ip neighbor discovery-settings
48. set discover-interface-list=discover
49.  
50. /interface list member
51. add interface=Internet-Ellco list=wan
52. add interface=Internet-Rline list=wan
53. add interface=ether2 list=discover
54. add interface=ether3 list=discover
55. add interface=ether4 list=discover
56. add interface=ether5 list=discover
57. add interface=sfp1 list=discover
58. add list=discover
59. add interface=ether7 list=discover
60. add interface=ether8 list=discover
61. add interface=ether9 list=discover
62. add interface=ether10 list=discover
63. add interface=bridge list=discover
64. add interface=Internet-Rline list=discover
65. add interface=Internet-Ellco list=discover
66. add interface=pptp-in-axbax list=discover
67. add list=discover
68. add list=discover
69. add list=discover
70. add list=discover
71. add list=discover
72. add list=discover
73. add interface=pptp-in-7k list=discover
74. add list=discover
75. add interface=pptp-in-roche list=discover
76. add list=discover
77. add interface=bridge list=mactel
78. add interface=bridge list=mac-winbox
79. /interface pptp-server server
80. set enabled=yes
81. /ip address
82. add address=192.168.0.121/24 comment=LAN interface=ether5 network=192.168.0.0
83. /ip dhcp-client
84. add comment=defconf dhcp-options=hostname,clientid interface=ether1
85. add add-default-route=no comment="rline dhcp ip" dhcp-options=\
86.     hostname,clientid disabled=no interface=ether2 use-peer-dns=no
87. /ip dns
88. set allow-remote-requests=yes servers=77.88.8.8
89. /ip dns static
90. add address=10.1.238.117 name=router
91. /ip firewall address-list
92. add address=192.168.0.47 comment="free wifi" list=toEllco
93. add address=192.168.0.61 list=toEllco
94. add address=192.168.0.60 list=toEllco
95. add address=192.168.0.205 comment=manager26 disabled=yes list=toEllco
96. /ip firewall filter
97. add action=accept chain=input comment=" Allow Ping" protocol=icmp
98. add action=accept chain=forward protocol=icmp
99. add action=accept chain=input comment="Accept established connections" \
100.     connection-state=established
101. add action=accept chain=forward connection-state=established
102. add action=accept chain=input comment="Accept related connections" \
103.     connection-state=related
104. add action=accept chain=forward connection-state=related
105. add action=drop chain=input comment="drop dns flood" dst-port=53 \
106.     in-interface=Internet-Rline log-prefix=dns-dlood-rline protocol=udp
107. add action=drop chain=input dst-port=53 in-interface=Internet-Ellco \
108.     log-prefix=dns-dlood-ellco protocol=udp
109. add action=drop chain=input comment="Drop invalid connections" \
110.     connection-state=invalid
111. add action=drop chain=forward connection-state=invalid
112. add action=accept chain=input comment="Allow UDP" protocol=udp
113. add action=accept chain=forward protocol=udp
114. /ip firewall mangle
115. add action=change-mss chain=forward comment="emran mangle version" disabled=\
116.     yes new-mss=clamp-to-pmtu out-interface=Internet-Rline passthrough=no \
117.     protocol=tcp tcp-flags=syn tcp-mss=1430-65535
118. add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=\
119.     Internet-Rline passthrough=no protocol=tcp tcp-flags=syn tcp-mss=\
120.     1408-65535
121. add action=change-mss chain=forward comment="emran mangle version" new-mss=\
122.     clamp-to-pmtu out-interface=Internet-Ellco passthrough=no protocol=tcp \
123.     tcp-flags=syn tcp-mss=1451-65535
124. add action=mark-routing chain=prerouting comment="VH toEllco" \
125.     new-routing-mark=VH passthrough=no src-address-list=toEllco
126. /ip firewall nat
127. add action=masquerade chain=srcnat comment="defconf: masquerade" \
128.     out-interface-list=wan src-address=192.168.0.0/24
129. add action=masquerade chain=srcnat out-interface=ether1
130. add action=masquerade chain=srcnat comment="vpn_clients NAT rule" \
131.     src-address=192.168.192.0/24
132. add action=masquerade chain=srcnat out-interface=all-ppp
133.  
134. /ip firewall service-port
135. set ftp disabled=yes
136. set tftp disabled=yes
137. set irc disabled=yes
138. set h323 disabled=yes
139. set sip disabled=yes sip-direct-media=no
140. set udplite disabled=yes
141. set sctp disabled=yes
142. /ip route
143. add distance=1 gateway=Internet-Ellco routing-mark=VH
144. add distance=2 gateway=Internet-Rline routing-mark=VH
145. add disabled=yes distance=20 gateway=Internet-Ellco routing-mark=wan2_route
146. add disabled=yes distance=20 gateway=Internet-Rline routing-mark=wan1_route
147. add distance=1 gateway=Internet-Rline
148. add distance=2 gateway=Internet-Ellco
149.  
150. /ip route rule
151. add action=lookup-only-in-table routing-mark=wan2_route table=wan2_route
152. add action=lookup-only-in-table routing-mark=wan1_route table=wan1_route
153.  
154. /lcd
155. set time-interval=hour
156. /lcd interface
157. add
158. /lcd interface pages
159. set 0 interfaces=\
160.     ether1,ether2,ether3,ether4,ether5,sfp1,*7,ether7,ether8,ether9,ether10
161.  
162.      
163. /system clock
164. set time-zone-name=Europe/Moscow
165. /system logging
166. add topics=pptp,pppoe
167. /system ntp client
168. set enabled=yes primary-ntp=85.21.78.91 secondary-ntp=77.73.232.17
169.  
170.  
171. /tool mac-server
172. set allowed-interface-list=mactel
173. /tool mac-server mac-winbox
174. set allowed-interface-list=mac-winbox