API tools faq
paste
Advertisement
Tonny_Cassidy

config

Tonny_Cassidy
Jan 14th, 2022
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.21 KB | None | 0 0
raw download clone embed print report
  1. note:yes i forgot to reenable the failover config before exporting same thing for the port forward config thats on the mangle rule
  2.  
  3.  
  4. # jan/15/2022 00:40:48 by RouterOS 6.47.9
  5. # software id = 15PR-UVFG
  6. #
  7. # model = RB3011UiAS
  8. # serial number = E7E90E987607
  9. /interface bridge
  10. add name="bridgeLAN BACKUP"
  11. add name="bridgeLAN MAIN"
  12. /interface ethernet
  13. set [ find default-name=ether1 ] name="WAN 1 INPUT"
  14. /interface pppoe-client
  15. add add-default-route=yes disabled=no interface=ether2 keepalive-timeout=100 \
  16. name="WAN 2 INPUT" user=BTS625064
  17. /interface bonding
  18. add mode=802.3ad name=" TO SWITCH" slaves=ether10,ether9,ether8 \
  19. transmit-hash-policy=layer-3-and-4
  20. /interface list
  21. add name=list1
  22. /interface wireless security-profiles
  23. set [ find default=yes ] supplicant-identity=MikroTik
  24. /ip pool
  25. add name=dhcp_pool0 ranges=[static wan ip address]
  26. add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
  27. add name=dhcp_pool2 ranges=100.64.6.2-100.64.6.254
  28. add name=dhcp_pool3 ranges=192.168.88.2-192.168.88.254
  29. add name=dhcp_pool4 ranges=100.70.8.2-100.70.11.254
  30. add name=dhcp_pool5 ranges=100.100.5.2
  31. add name=dhcp_pool6 ranges=172.16.16.2-172.16.16.254
  32. add name=dhcp_pool7 ranges=172.16.16.2-172.16.16.254
  33. add name=dhcp_pool8 ranges=\
  34. 192.168.88.1-192.168.88.9,192.168.88.11-192.168.88.254
  35. /ip dhcp-server
  36. add address-pool=dhcp_pool4 disabled=no interface="bridgeLAN MAIN" name=dhcp3
  37. /port
  38. set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
  39. stop-bits=1
  40. /queue simple
  41. add disabled=yes max-limit=40M/40M name=queue1 target="WAN 2 INPUT"
  42. /queue type
  43. set 9 kind=sfq
  44. /interface bridge port
  45. add bridge="bridgeLAN BACKUP" interface=ether5
  46. add bridge="bridgeLAN MAIN" interface=ether6
  47. add bridge="bridgeLAN MAIN" interface=ether7
  48. add bridge="bridgeLAN MAIN" interface=" TO SWITCH"
  49. /interface list member
  50. add interface="bridgeLAN MAIN" list=list1
  51. /ip address
  52. add address=[static wan ip address]/30 comment="WAN 1 " interface="WAN 1 INPUT" \
  53. network=[static wan ip address]
  54. add address=192.168.88.10/24 interface="bridgeLAN BACKUP" network=\
  55. 192.168.88.0
  56. add address=100.70.8.1/22 interface="bridgeLAN MAIN" network=100.70.8.0
  57. add address=100.100.0.1/16 interface=" TO SWITCH" network=100.100.0.0
  58. add address=10.255.255.1/29 interface=" TO SWITCH" network=10.255.255.0
  59. add address=100.64.0.0/10 interface="bridgeLAN MAIN" network=100.64.0.0
  60. /ip dhcp-server network
  61. add address=10.0.0.59/32 gateway=10.0.0.1
  62. add address=100.64.6.0/24 gateway=100.64.6.1
  63. add address=100.70.8.0/22 dns-server=1.0.0.1,1.1.1.1,8.8.8.8,10.0.0.11 \
  64. gateway=100.70.8.1
  65. add address=[static wan ip address]/30 gateway=[static wan ip address]
  66. add address=172.16.16.0/24 gateway=172.16.16.1
  67. add address=192.168.88.0/24 dns-server=1.0.0.1,1.1.1.1,8.8.8.8,10.0.0.1 \
  68. gateway=192.168.88.10
  69. /ip dns
  70. set allow-remote-requests=yes servers=1.0.0.1,1.1.1.1,8.8.8.8
  71. /ip firewall address-list
  72. add address=100.70.8.0/22 list="MAIN "
  73. add address=100.100.0.0/16 list="MAIN "
  74. add address=[static wan ip address] list=WAN
  75. add address=192.168.0.0 list=WAN
  76. /ip firewall mangle
  77. add action=accept chain=prerouting dst-address=[static wan ip address]/30
  78. add action=accept chain=prerouting dst-address=10.9.0.0
  79. add action=accept chain=prerouting dst-address=100.70.8.0/22
  80. add action=mark-connection chain=prerouting in-interface="WAN 1 INPUT" \
  81. new-connection-mark="WAN 1" passthrough=yes
  82. add action=mark-connection chain=prerouting in-interface="WAN 2 INPUT" \
  83. new-connection-mark="WAN 2" passthrough=yes
  84. add action=mark-connection chain=prerouting comment="WAN 1" in-interface=\
  85. "bridgeLAN MAIN" new-connection-mark="WAN 1" passthrough=yes \
  86. per-connection-classifier=both-addresses-and-ports:8/0
  87. add action=mark-connection chain=prerouting comment="WAN 2" in-interface=\
  88. "bridgeLAN MAIN" new-connection-mark="WAN 2" passthrough=yes \
  89. per-connection-classifier=both-addresses-and-ports:8/1
  90. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  91. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  92. both-addresses-and-ports:8/2
  93. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  94. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  95. both-addresses-and-ports:8/3
  96. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  97. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  98. both-addresses-and-ports:8/4
  99. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  100. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  101. both-addresses-and-ports:8/5
  102. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  103. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  104. both-addresses-and-ports:8/6
  105. add action=mark-connection chain=prerouting in-interface="bridgeLAN MAIN" \
  106. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  107. both-addresses-and-ports:8/7
  108. add action=mark-routing chain=prerouting comment=A connection-mark="WAN 1" \
  109. in-interface="bridgeLAN MAIN" new-routing-mark="TO WAN 1" passthrough=yes
  110. add action=mark-routing chain=output connection-mark="WAN 1" \
  111. new-routing-mark="TO WAN 1" passthrough=no
  112. add action=mark-routing chain=prerouting connection-mark="WAN 2" \
  113. in-interface="bridgeLAN MAIN" new-routing-mark="TO WAN 2" passthrough=yes
  114. add action=mark-routing chain=output connection-mark="WAN 2" \
  115. new-routing-mark="TO WAN 2" passthrough=no
  116. add action=mark-connection chain=prerouting comment="PORT FORWARD" \
  117. connection-mark=no-mark disabled=yes in-interface="WAN 1 INPUT" \
  118. new-connection-mark="wan 1 conn" passthrough=yes
  119. add action=mark-routing chain=output connection-mark="wan 1 conn" disabled=\
  120. yes new-routing-mark="TO WAN 1" passthrough=yes
  121. /ip firewall nat
  122. add action=masquerade chain=srcnat out-interface="WAN 1 INPUT"
  123. add action=masquerade chain=srcnat out-interface="WAN 2 INPUT"
  124. add action=masquerade chain=srcnat out-interface="WAN 1 INPUT" src-address=\
  125. 100.70.8.0/22
  126. add action=masquerade chain=srcnat disabled=yes out-interface="WAN 1 INPUT" \
  127. src-address=192.168.88.0/24
  128. add action=masquerade chain=srcnat comment="HAIRPIN NAT" dst-address=\
  129. 100.70.8.10 src-address=100.70.8.0/22
  130. add action=src-nat chain=srcnat comment="PORT FORWARD" out-interface=\
  131. "WAN 1 INPUT" src-address=100.70.8.10 to-addresses=[static wan ip address]
  132. add action=dst-nat chain=dstnat dst-address=[static wan ip address] to-addresses=\
  133. 100.70.8.10
  134. /ip route
  135. add check-gateway=ping distance=1 gateway=[static wan ip address] routing-mark=\
  136. "TO WAN 1"
  137. add check-gateway=ping disabled=yes distance=2 gateway=10.9.0.1 routing-mark=\
  138. "TO WAN 1"
  139. add distance=1 gateway=10.9.0.1 routing-mark="TO WAN 2"
  140. add check-gateway=ping disabled=yes distance=2 gateway=[static wan ip address] \
  141. routing-mark="TO WAN 2"
  142. /ip service
  143. set telnet disabled=yes
  144. set ftp disabled=yes
  145. set www disabled=yes
  146. set ssh disabled=yes
  147. set api disabled=yes
  148. set winbox port=5900
  149. set api-ssl disabled=yes
  150. /lcd
  151. set backlight-timeout=never default-screen=stats
  152. /lcd interface
  153. add interface="bridgeLAN MAIN"
  154. /system clock
  155. set time-zone-name=Asia
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!