Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # mar/29/2019 10:59:43 by RouterOS 6.43.13
- # software id =
- #
- # model = RouterBOARD 3011UiAS
- # serial number =
- /interface l2tp-server
- add name=ArtFamily user=artfamily
- add name=Beaton user=bioton
- add name=Contour user=Contour
- add name=Dalcom user=dalcom
- add name=Dask user=dask
- add name=MedEco user=medeco
- add name=Pstroy user=pstroy
- add name=Shilkinskaya38 user=shilkinskaya38
- add name=Skatnaya46 user=skatnaya46
- add name=Solovey-klych user=solovey-klych
- add name=Zhadnost user=zhadnost
- /interface bridge
- add fast-forward=no name=bridge-lan
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-wan speed=100Mbps
- set [ find default-name=ether2 ] speed=100Mbps
- set [ find default-name=ether3 ] speed=100Mbps
- set [ find default-name=ether4 ] speed=100Mbps
- set [ find default-name=ether5 ] speed=100Mbps
- set [ find default-name=ether6 ] speed=100Mbps
- set [ find default-name=ether7 ] speed=100Mbps
- set [ find default-name=ether8 ] speed=100Mbps
- set [ find default-name=ether9 ] speed=100Mbps
- set [ find default-name=ether10 ] speed=100Mbps
- set [ find default-name=sfp1 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- /interface l2tp-client
- add add-default-route=yes connect-to=l2tp.zelenaya.net disabled=no name=\
- ISP-GreenPoint password= user=
- add connect-to disabled=no name=UborServers password=\
- 6 user=office-narod20
- /interface ovpn-server
- add name=Dvenadcataya user=dvenadcataya
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=dhcp_lan ranges=10.10.1.50-10.10.1.100
- add name=mikrotik-l2tp ranges=10.10.5.2-10.10.5.199
- add name=vpn-pool-ovpn ranges=10.10.5.200-10.10.5.254
- /ip dhcp-server
- add address-pool=dhcp_lan disabled=no interface=bridge-lan name=dhcp1
- /ppp profile
- add change-tcp-mss=yes name=l2tp use-compression=yes use-encryption=yes
- add change-tcp-mss=yes local-address=10.10.5.1 name=l2tp-ipsec \
- remote-address=mikrotik-l2tp
- add local-address=10.10.5.1 name=ovpn remote-address=vpn-pool-ovpn
- /interface bridge port
- add bridge=bridge-lan interface=ether2
- add bridge=bridge-lan interface=ether3
- add bridge=bridge-lan interface=ether4
- add bridge=bridge-lan interface=ether5
- add bridge=bridge-lan interface=ether7
- add bridge=bridge-lan interface=ether8
- add bridge=bridge-lan interface=ether10
- add bridge=bridge-lan interface=ether9
- add bridge=bridge-lan interface=ether6
- /interface l2tp-server server
- set authentication=chap,mschap2 default-profile=l2tp-ipsec enabled=yes \
- ipsec-secret= one-session-per-host=yes use-ipsec=yes
- /interface ovpn-server server
- set certificate=server.crt_0 default-profile=ovpn enabled=yes \
- require-client-certificate=yes
- /ip address
- add address=10.10.1.1/24 interface=bridge-lan network=10.10.1.0
- /ip dhcp-client
- add dhcp-options=hostname,clientid disabled=no interface=ether1-wan
- /ip dhcp-server lease
- add address=10.10.1.4 client-id=1:d8:cb:8a:3a:81:14 comment=M \
- mac-address=D8:CB:8A:3A:81:14 server=dhcp1
- add address=10.10.1.2 client-id=1:f8:1a:67:da:3e:5a comment="WIFI 211" \
- mac-address=F8:1A:67:DA:3E:5A server=dhcp1
- add address=10.10.1.8 client-id=1:0:e0:4c:52:22:b7 comment=Bva.O \
- mac-address=00:E0:4C:52:22:B7 server=dhcp1
- add address=10.10.1.6 client-id=1:e0:d5:5e:11:d3:63 comment="Yo And.A" \
- mac-address=E0:D5:5E:11:D3:63 server=dhcp1
- add address=10.10.1.7 client-id=1:f4:6d:4:6:6d:4f comment="ko Alex" \
- mac-address=C4:6E:1F:00:30:B0 server=dhcp1
- add address=10.10.1.9 client-id=1:0:25:22:b3:e7:2e comment=Vo.O \
- mac-address=00:25:22:B3:E7:2E server=dhcp1
- add address=10.10.1.241 comment=Zabbix mac-address=44:8A:5B:42:AC:33 server=\
- dhcp1
- add address=10.10.1.10 client-id=1:44:87:fc:ea:fa:b comment=ev.S \
- mac-address=44:87:FC:EA:FA:0B server=dhcp1
- add address=10.10.1.11 client-id=1:74:d4:35:7d:9b:59 comment=KaV \
- mac-address=74:D4:35:7D:9B:59 server=dhcp1
- add address=10.10.1.242 client-id=1:0:1a:4d:5e:7e:80 comment=TRASSIR \
- mac-address=00:1A:4D:5E:7E:80 server=dhcp1
- add address=10.10.1.239 client-id=1:52:54:0:7e:86:2b comment=DC2 mac-address=\
- 52:54:00:7E:86:2B server=dhcp1
- add address=10.10.1.240 client-id=1:68:5:ca:17:4e:f6 comment=DC mac-address=\
- 68:05:CA:17:4E:F6 server=dhcp1
- add address=10.10.1.243 client-id=1:0:1c:c0:7d:45:34 comment=FS mac-address=\
- 00:1C:C0:7D:45:34 server=dhcp1
- add address=10.10.1.200 client-id=1:c4:2f:90:4:72:f9 comment=\
- "CAMERA \D1\EA\EB\E0\E4" mac-address=C4:2F:90:04:72:F9 server=dhcp1
- add address=10.10.1.238 comment=PRITUNL mac-address=00:15:5D:01:F3:00 server=\
- dhcp1
- add address=10.10.1.3 comment=KYACERA mac-address=00:17:C8:05:98:27 server=\
- dhcp1
- add address=10.10.1.12 client-id=1:30:9c:23:d5:be:c2 comment=\
- "Graphic Station" mac-address=30:9C:23:D5:BE:C2 server=dhcp1
- add address=10.10.1.157 client-id=1:54:bf:64:68:52:7f mac-address=\
- 54:BF:64:68:52:7F server=dhcp1
- add address=10.10.1.161 mac-address=00:15:5D:01:F3:04 server=dhcp1
- add address=10.10.1.13 client-id=1:e8:2a:44:f5:4b:ff comment=Laptop-Worker \
- mac-address=E8:2A:44:F5:4B:FF server=dhcp1
- /ip dhcp-server network
- add address=10.10.1.0/24 dns-server=10.10.1.240,10.10.1.239,8.8.8.8 gateway=\
- 10.10.1.1 netmask=24
- /ip dns static
- add address=10.10.1.242 name=sc.mnsk.me
- /ip firewall address-list
- add address=0.0.0.0/8 list=BOGONS
- add address=10.0.0.0/8 list=BOGONS
- add address=100.64.0.0/10 list=BOGONS
- add address=127.0.0.0/8 list=BOGONS
- add address=169.254.0.0/16 list=BOGONS
- add address=172.16.0.0/12 list=BOGONS
- add address=192.0.0.0/24 list=BOGONS
- add address=192.0.2.0/24 list=BOGONS
- add address=192.168.0.0/16 list=BOGONS
- add address=198.18.0.0/15 list=BOGONS
- add address=198.51.100.0/24 list=BOGONS
- add address=203.0.113.0/24 list=BOGONS
- add address=224.0.0.0/3 list=BOGONS
- add address=216.218.206.0/24 list=scan/brute
- /ip firewall filter
- add action=drop chain=input comment="drop invalid connections" \
- connection-state=invalid
- add action=accept chain=forward in-interface=!ISP-GreenPoint out-interface=\
- ISP-GreenPoint
- add action=accept chain=forward in-interface=all-ppp
- add action=accept chain=input dst-port=1194 in-interface=ether1-wan protocol=\
- tcp
- add action=accept chain=output comment="allow related connections" \
- connection-state=established,related
- add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" \
- in-interface=ISP-GreenPoint protocol=ipsec-esp
- add action=accept chain=input comment="allow L2TP VPN (1701/udp)" dst-port=\
- 1701 in-interface=ISP-GreenPoint protocol=udp
- add action=accept chain=input comment="allow L2TP VPN (4500/udp)" dst-port=\
- 4500 in-interface=ISP-GreenPoint protocol=udp
- add action=accept chain=input comment="allow L2TP VPN (500/udp)" dst-port=500 \
- in-interface=ISP-GreenPoint protocol=udp
- add action=accept chain=input comment="allow established connections" \
- connection-state=established
- add action=accept chain=input in-interface=!ISP-GreenPoint src-address=\
- 10.10.1.0/24
- add action=accept chain=output comment="accept everything to non internet" \
- out-interface=!ISP-GreenPoint
- add action=accept chain=output comment="accept everything"
- add action=drop chain=forward comment="drop invalid connections" \
- connection-state=invalid
- add action=accept chain=forward comment=\
- "allow already established connections" connection-state=established
- add action=accept chain=forward comment="allow related connections" \
- connection-state=related
- add action=drop chain=forward src-address=0.0.0.0/8
- add action=drop chain=forward dst-address=0.0.0.0/8
- add action=drop chain=forward src-address=224.0.0.0/3
- add action=drop chain=forward src-address=127.0.0.0/8
- add action=drop chain=forward dst-address=127.0.0.0/8
- add action=drop chain=forward dst-address=224.0.0.0/3
- add action=accept chain=output comment="accept everything to internet" \
- out-interface=ISP-GreenPoint
- add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
- icmp
- add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
- protocol=icmp
- add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
- protocol=icmp
- add action=accept chain=icmp comment=\
- "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
- add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
- protocol=icmp
- add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
- protocol=icmp
- add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
- protocol=icmp
- add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
- protocol=icmp
- add action=drop chain=icmp comment="deny all other types"
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface=ISP-GreenPoint
- add action=masquerade chain=srcnat out-interface=all-ppp
- add action=dst-nat chain=dstnat dst-port=2996 in-interface=ISP-GreenPoint \
- protocol=tcp to-addresses=10.10.1.11 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=2997 in-interface=ISP-GreenPoint \
- protocol=tcp to-addresses=10.10.1.254 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=3080,3081,555,8080 in-interface=\
- ISP-GreenPoint protocol=tcp src-port="" to-addresses=10.10.1.242
- add action=dst-nat chain=dstnat dst-address=213.59.141.185 dst-port=\
- 3080,3081,555,8080 protocol=tcp src-address=10.10.1.0/24 to-addresses=\
- 10.10.1.242
- add action=masquerade chain=srcnat dst-address=213.59.141.185 dst-port=\
- 3080,3081,555,8080 protocol=tcp src-address=10.10.1.0/24
- add action=dst-nat chain=dstnat dst-port=11775 in-interface=ISP-GreenPoint \
- protocol=udp to-addresses=10.10.1.238 to-ports=11775
- add action=dst-nat chain=dstnat dst-address=10.10.5.1 dst-port=10050-10051 \
- protocol=tcp to-addresses=10.10.1.241 to-ports=10050-10051
- add action=netmap chain=dstnat comment=SOLOVEY-KLUCH dst-port=8001 \
- in-interface=ISP-GreenPoint protocol=tcp to-addresses=192.168.198.200 \
- to-ports=8000
- /ip route
- add comment=DASK distance=1 dst-address=192.168.0.0/24 gateway=Dask
- add comment=UBOREVICHA-SERVERS distance=1 dst-address=192.168.10.0/24 \
- gateway=192.168.97.1
- add comment=MEDECO distance=1 dst-address=192.168.15.0/24 gateway=MedEco
- add comment=SHILKINSKAYA-38 distance=1 dst-address=192.168.77.0/24 gateway=\
- Shilkinskaya38
- add comment=BIOTON distance=1 dst-address=192.168.88.0/24 gateway=Beaton
- add comment=CONTOUR distance=1 dst-address=192.168.196.0/24 gateway=Contour
- add comment=PSTROY distance=1 dst-address=192.168.197.0/24 gateway=Pstroy
- add comment=SOLOVEY-KLYCH distance=1 dst-address=192.168.198.0/24 gateway=\
- Solovey-klych
- add comment=DALCOM distance=1 dst-address=192.168.199.0/24 gateway=Dalcom
- add comment=ARTFAMILY distance=1 dst-address=192.168.200.0/24 gateway=\
- ArtFamily
- /ip service
- set telnet disabled=yes
- set ftp address=10.10.1.11/32 disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set winbox address="10.10.1.0/24,192.168.97.0/24,192.168.10.0/24,162.168.80.0/\
- 24,192.168.6.0/24,10.10.5.0/24"
- set api-ssl disabled=yes
- /ip smb
- set allow-guests=no interfaces=bridge-lan
- /ip smb shares
- add directory=/tftp name=PXE
- /ip smb users
- /ppp secret
- /snmp
- set enabled=yes
- /system clock
- set time-zone-autodetect=no time-zone-name=Asia/Vladivostok
- /system logging
- add action=disk topics=system
- /system package update
- set channel=long-term
- /tool netwatch
- add disabled=yes down-script=\
- "/ip dns cache flush\r\
- \n/interface lte enable 0\r\
- \n\r\
- \n" host=8.8.4.4 interval=30s up-script="/interface lte disable 0\r\
- \n"
- /tool traffic-generator packet-template
- add data=random header-stack="" interface=Contour name=packet-template1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement