API tools faq
paste
Advertisement
Guest User

rb3011

a guest
Mar 29th, 2019
299
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.68 KB | None | 0 0
raw download clone embed print report
  1. # mar/29/2019 10:59:43 by RouterOS 6.43.13
  2. # software id =
  3. #
  4. # model = RouterBOARD 3011UiAS
  5. # serial number =
  6. /interface l2tp-server
  7. add name=ArtFamily user=artfamily
  8. add name=Beaton user=bioton
  9. add name=Contour user=Contour
  10. add name=Dalcom user=dalcom
  11. add name=Dask user=dask
  12. add name=MedEco user=medeco
  13. add name=Pstroy user=pstroy
  14. add name=Shilkinskaya38 user=shilkinskaya38
  15. add name=Skatnaya46 user=skatnaya46
  16. add name=Solovey-klych user=solovey-klych
  17. add name=Zhadnost user=zhadnost
  18.  
  19. /interface bridge
  20. add fast-forward=no name=bridge-lan
  21. /interface ethernet
  22. set [ find default-name=ether1 ] name=ether1-wan speed=100Mbps
  23. set [ find default-name=ether2 ] speed=100Mbps
  24. set [ find default-name=ether3 ] speed=100Mbps
  25. set [ find default-name=ether4 ] speed=100Mbps
  26. set [ find default-name=ether5 ] speed=100Mbps
  27. set [ find default-name=ether6 ] speed=100Mbps
  28. set [ find default-name=ether7 ] speed=100Mbps
  29. set [ find default-name=ether8 ] speed=100Mbps
  30. set [ find default-name=ether9 ] speed=100Mbps
  31. set [ find default-name=ether10 ] speed=100Mbps
  32. set [ find default-name=sfp1 ] advertise=\
  33. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  34. /interface l2tp-client
  35. add add-default-route=yes connect-to=l2tp.zelenaya.net disabled=no name=\
  36. ISP-GreenPoint password= user=
  37. add connect-to disabled=no name=UborServers password=\
  38. 6 user=office-narod20
  39. /interface ovpn-server
  40. add name=Dvenadcataya user=dvenadcataya
  41. /interface wireless security-profiles
  42. set [ find default=yes ] supplicant-identity=MikroTik
  43. /ip pool
  44. add name=dhcp_lan ranges=10.10.1.50-10.10.1.100
  45. add name=mikrotik-l2tp ranges=10.10.5.2-10.10.5.199
  46. add name=vpn-pool-ovpn ranges=10.10.5.200-10.10.5.254
  47. /ip dhcp-server
  48. add address-pool=dhcp_lan disabled=no interface=bridge-lan name=dhcp1
  49. /ppp profile
  50. add change-tcp-mss=yes name=l2tp use-compression=yes use-encryption=yes
  51. add change-tcp-mss=yes local-address=10.10.5.1 name=l2tp-ipsec \
  52. remote-address=mikrotik-l2tp
  53. add local-address=10.10.5.1 name=ovpn remote-address=vpn-pool-ovpn
  54. /interface bridge port
  55. add bridge=bridge-lan interface=ether2
  56. add bridge=bridge-lan interface=ether3
  57. add bridge=bridge-lan interface=ether4
  58. add bridge=bridge-lan interface=ether5
  59. add bridge=bridge-lan interface=ether7
  60. add bridge=bridge-lan interface=ether8
  61. add bridge=bridge-lan interface=ether10
  62. add bridge=bridge-lan interface=ether9
  63. add bridge=bridge-lan interface=ether6
  64. /interface l2tp-server server
  65. set authentication=chap,mschap2 default-profile=l2tp-ipsec enabled=yes \
  66. ipsec-secret= one-session-per-host=yes use-ipsec=yes
  67. /interface ovpn-server server
  68. set certificate=server.crt_0 default-profile=ovpn enabled=yes \
  69. require-client-certificate=yes
  70. /ip address
  71. add address=10.10.1.1/24 interface=bridge-lan network=10.10.1.0
  72. /ip dhcp-client
  73. add dhcp-options=hostname,clientid disabled=no interface=ether1-wan
  74. /ip dhcp-server lease
  75. add address=10.10.1.4 client-id=1:d8:cb:8a:3a:81:14 comment=M \
  76. mac-address=D8:CB:8A:3A:81:14 server=dhcp1
  77. add address=10.10.1.2 client-id=1:f8:1a:67:da:3e:5a comment="WIFI 211" \
  78. mac-address=F8:1A:67:DA:3E:5A server=dhcp1
  79. add address=10.10.1.8 client-id=1:0:e0:4c:52:22:b7 comment=Bva.O \
  80. mac-address=00:E0:4C:52:22:B7 server=dhcp1
  81. add address=10.10.1.6 client-id=1:e0:d5:5e:11:d3:63 comment="Yo And.A" \
  82. mac-address=E0:D5:5E:11:D3:63 server=dhcp1
  83. add address=10.10.1.7 client-id=1:f4:6d:4:6:6d:4f comment="ko Alex" \
  84. mac-address=C4:6E:1F:00:30:B0 server=dhcp1
  85. add address=10.10.1.9 client-id=1:0:25:22:b3:e7:2e comment=Vo.O \
  86. mac-address=00:25:22:B3:E7:2E server=dhcp1
  87. add address=10.10.1.241 comment=Zabbix mac-address=44:8A:5B:42:AC:33 server=\
  88. dhcp1
  89. add address=10.10.1.10 client-id=1:44:87:fc:ea:fa:b comment=ev.S \
  90. mac-address=44:87:FC:EA:FA:0B server=dhcp1
  91. add address=10.10.1.11 client-id=1:74:d4:35:7d:9b:59 comment=KaV \
  92. mac-address=74:D4:35:7D:9B:59 server=dhcp1
  93. add address=10.10.1.242 client-id=1:0:1a:4d:5e:7e:80 comment=TRASSIR \
  94. mac-address=00:1A:4D:5E:7E:80 server=dhcp1
  95. add address=10.10.1.239 client-id=1:52:54:0:7e:86:2b comment=DC2 mac-address=\
  96. 52:54:00:7E:86:2B server=dhcp1
  97. add address=10.10.1.240 client-id=1:68:5:ca:17:4e:f6 comment=DC mac-address=\
  98. 68:05:CA:17:4E:F6 server=dhcp1
  99. add address=10.10.1.243 client-id=1:0:1c:c0:7d:45:34 comment=FS mac-address=\
  100. 00:1C:C0:7D:45:34 server=dhcp1
  101. add address=10.10.1.200 client-id=1:c4:2f:90:4:72:f9 comment=\
  102. "CAMERA \D1\EA\EB\E0\E4" mac-address=C4:2F:90:04:72:F9 server=dhcp1
  103. add address=10.10.1.238 comment=PRITUNL mac-address=00:15:5D:01:F3:00 server=\
  104. dhcp1
  105. add address=10.10.1.3 comment=KYACERA mac-address=00:17:C8:05:98:27 server=\
  106. dhcp1
  107. add address=10.10.1.12 client-id=1:30:9c:23:d5:be:c2 comment=\
  108. "Graphic Station" mac-address=30:9C:23:D5:BE:C2 server=dhcp1
  109. add address=10.10.1.157 client-id=1:54:bf:64:68:52:7f mac-address=\
  110. 54:BF:64:68:52:7F server=dhcp1
  111. add address=10.10.1.161 mac-address=00:15:5D:01:F3:04 server=dhcp1
  112. add address=10.10.1.13 client-id=1:e8:2a:44:f5:4b:ff comment=Laptop-Worker \
  113. mac-address=E8:2A:44:F5:4B:FF server=dhcp1
  114. /ip dhcp-server network
  115. add address=10.10.1.0/24 dns-server=10.10.1.240,10.10.1.239,8.8.8.8 gateway=\
  116. 10.10.1.1 netmask=24
  117. /ip dns static
  118. add address=10.10.1.242 name=sc.mnsk.me
  119. /ip firewall address-list
  120. add address=0.0.0.0/8 list=BOGONS
  121. add address=10.0.0.0/8 list=BOGONS
  122. add address=100.64.0.0/10 list=BOGONS
  123. add address=127.0.0.0/8 list=BOGONS
  124. add address=169.254.0.0/16 list=BOGONS
  125. add address=172.16.0.0/12 list=BOGONS
  126. add address=192.0.0.0/24 list=BOGONS
  127. add address=192.0.2.0/24 list=BOGONS
  128. add address=192.168.0.0/16 list=BOGONS
  129. add address=198.18.0.0/15 list=BOGONS
  130. add address=198.51.100.0/24 list=BOGONS
  131. add address=203.0.113.0/24 list=BOGONS
  132. add address=224.0.0.0/3 list=BOGONS
  133. add address=216.218.206.0/24 list=scan/brute
  134. /ip firewall filter
  135. add action=drop chain=input comment="drop invalid connections" \
  136. connection-state=invalid
  137. add action=accept chain=forward in-interface=!ISP-GreenPoint out-interface=\
  138. ISP-GreenPoint
  139. add action=accept chain=forward in-interface=all-ppp
  140. add action=accept chain=input dst-port=1194 in-interface=ether1-wan protocol=\
  141. tcp
  142. add action=accept chain=output comment="allow related connections" \
  143. connection-state=established,related
  144. add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" \
  145. in-interface=ISP-GreenPoint protocol=ipsec-esp
  146. add action=accept chain=input comment="allow L2TP VPN (1701/udp)" dst-port=\
  147. 1701 in-interface=ISP-GreenPoint protocol=udp
  148. add action=accept chain=input comment="allow L2TP VPN (4500/udp)" dst-port=\
  149. 4500 in-interface=ISP-GreenPoint protocol=udp
  150. add action=accept chain=input comment="allow L2TP VPN (500/udp)" dst-port=500 \
  151. in-interface=ISP-GreenPoint protocol=udp
  152. add action=accept chain=input comment="allow established connections" \
  153. connection-state=established
  154. add action=accept chain=input in-interface=!ISP-GreenPoint src-address=\
  155. 10.10.1.0/24
  156. add action=accept chain=output comment="accept everything to non internet" \
  157. out-interface=!ISP-GreenPoint
  158. add action=accept chain=output comment="accept everything"
  159. add action=drop chain=forward comment="drop invalid connections" \
  160. connection-state=invalid
  161. add action=accept chain=forward comment=\
  162. "allow already established connections" connection-state=established
  163. add action=accept chain=forward comment="allow related connections" \
  164. connection-state=related
  165. add action=drop chain=forward src-address=0.0.0.0/8
  166. add action=drop chain=forward dst-address=0.0.0.0/8
  167. add action=drop chain=forward src-address=224.0.0.0/3
  168. add action=drop chain=forward src-address=127.0.0.0/8
  169. add action=drop chain=forward dst-address=127.0.0.0/8
  170. add action=drop chain=forward dst-address=224.0.0.0/3
  171. add action=accept chain=output comment="accept everything to internet" \
  172. out-interface=ISP-GreenPoint
  173. add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
  174. icmp
  175. add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
  176. protocol=icmp
  177. add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
  178. protocol=icmp
  179. add action=accept chain=icmp comment=\
  180. "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
  181. add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
  182. protocol=icmp
  183. add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
  184. protocol=icmp
  185. add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
  186. protocol=icmp
  187. add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
  188. protocol=icmp
  189. add action=drop chain=icmp comment="deny all other types"
  190. /ip firewall nat
  191. add action=masquerade chain=srcnat out-interface=ISP-GreenPoint
  192. add action=masquerade chain=srcnat out-interface=all-ppp
  193. add action=dst-nat chain=dstnat dst-port=2996 in-interface=ISP-GreenPoint \
  194. protocol=tcp to-addresses=10.10.1.11 to-ports=3389
  195. add action=dst-nat chain=dstnat dst-port=2997 in-interface=ISP-GreenPoint \
  196. protocol=tcp to-addresses=10.10.1.254 to-ports=3389
  197. add action=dst-nat chain=dstnat dst-port=3080,3081,555,8080 in-interface=\
  198. ISP-GreenPoint protocol=tcp src-port="" to-addresses=10.10.1.242
  199. add action=dst-nat chain=dstnat dst-address=213.59.141.185 dst-port=\
  200. 3080,3081,555,8080 protocol=tcp src-address=10.10.1.0/24 to-addresses=\
  201. 10.10.1.242
  202. add action=masquerade chain=srcnat dst-address=213.59.141.185 dst-port=\
  203. 3080,3081,555,8080 protocol=tcp src-address=10.10.1.0/24
  204. add action=dst-nat chain=dstnat dst-port=11775 in-interface=ISP-GreenPoint \
  205. protocol=udp to-addresses=10.10.1.238 to-ports=11775
  206. add action=dst-nat chain=dstnat dst-address=10.10.5.1 dst-port=10050-10051 \
  207. protocol=tcp to-addresses=10.10.1.241 to-ports=10050-10051
  208. add action=netmap chain=dstnat comment=SOLOVEY-KLUCH dst-port=8001 \
  209. in-interface=ISP-GreenPoint protocol=tcp to-addresses=192.168.198.200 \
  210. to-ports=8000
  211. /ip route
  212. add comment=DASK distance=1 dst-address=192.168.0.0/24 gateway=Dask
  213. add comment=UBOREVICHA-SERVERS distance=1 dst-address=192.168.10.0/24 \
  214. gateway=192.168.97.1
  215. add comment=MEDECO distance=1 dst-address=192.168.15.0/24 gateway=MedEco
  216. add comment=SHILKINSKAYA-38 distance=1 dst-address=192.168.77.0/24 gateway=\
  217. Shilkinskaya38
  218. add comment=BIOTON distance=1 dst-address=192.168.88.0/24 gateway=Beaton
  219. add comment=CONTOUR distance=1 dst-address=192.168.196.0/24 gateway=Contour
  220. add comment=PSTROY distance=1 dst-address=192.168.197.0/24 gateway=Pstroy
  221. add comment=SOLOVEY-KLYCH distance=1 dst-address=192.168.198.0/24 gateway=\
  222. Solovey-klych
  223. add comment=DALCOM distance=1 dst-address=192.168.199.0/24 gateway=Dalcom
  224. add comment=ARTFAMILY distance=1 dst-address=192.168.200.0/24 gateway=\
  225. ArtFamily
  226. /ip service
  227. set telnet disabled=yes
  228. set ftp address=10.10.1.11/32 disabled=yes
  229. set www disabled=yes
  230. set ssh disabled=yes
  231. set api disabled=yes
  232. set winbox address="10.10.1.0/24,192.168.97.0/24,192.168.10.0/24,162.168.80.0/\
  233. 24,192.168.6.0/24,10.10.5.0/24"
  234. set api-ssl disabled=yes
  235. /ip smb
  236. set allow-guests=no interfaces=bridge-lan
  237. /ip smb shares
  238. add directory=/tftp name=PXE
  239. /ip smb users
  240. /ppp secret
  241.  
  242.  
  243. /snmp
  244. set enabled=yes
  245. /system clock
  246. set time-zone-autodetect=no time-zone-name=Asia/Vladivostok
  247. /system logging
  248. add action=disk topics=system
  249. /system package update
  250. set channel=long-term
  251. /tool netwatch
  252. add disabled=yes down-script=\
  253. "/ip dns cache flush\r\
  254. \n/interface lte enable 0\r\
  255. \n\r\
  256. \n" host=8.8.4.4 interval=30s up-script="/interface lte disable 0\r\
  257. \n"
  258. /tool traffic-generator packet-template
  259. add data=random header-stack="" interface=Contour name=packet-template1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!