Facebook
From Emerald Monkey, 5 Years ago, written in Plain Text.
Embed
Download Paste or View Raw
Hits: 240
  1. # sep/10/2018 21:14:55 by RouterOS 6.41.2
  2. # software id = ID2F-BQE9
  3. #
  4. # model = 951Ui-2HnD
  5. # serial number = 8D0008AA310A
  6. /interface bridge
  7. add arp=reply-only mtu=1500 name=OpocznoLublin-LAN
  8. add arp=reply-only mtu=1500 name=OpocznoLublin-LAN_Kamery
  9. add arp=reply-only mtu=1500 name=OpocznoLublin-Wifi_GOSC
  10. add arp=reply-only mtu=1500 name=OpocznoLublin-Wifi_LAN
  11. /interface ethernet
  12. set [ find default-name=ether1 ] arp=reply-only disabled=yes
  13. set [ find default-name=ether2 ] arp=reply-only name=ether2-master
  14. set [ find default-name=ether3 ] arp=reply-only
  15. set [ find default-name=ether4 ] arp=reply-only
  16. set [ find default-name=ether5 ] arp=reply-only
  17. /interface wireless
  18. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
  19.     distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-7F6391 \
  20.     wireless-protocol=802.11 wps-mode=disabled
  21. /interface gre
  22. add !keepalive local-address=87.251.228.130 name=gre-tunnel1 remote-address=\
  23.     195.28.0.237
  24. /interface vlan
  25. add arp=reply-only interface=ether2-master name=vlan10.2 vlan-id=10
  26. add arp=reply-only interface=ether3 name=vlan10.3 vlan-id=10
  27. add arp=reply-only interface=ether2-master name=vlan20.2 vlan-id=20
  28. add arp=reply-only interface=ether3 name=vlan20.3 vlan-id=20
  29. add arp=reply-only interface=ether2-master name=vlan30.2 vlan-id=30
  30. add arp=reply-only interface=ether3 name=vlan30.3 vlan-id=30
  31. add arp=reply-only interface=ether4 name=vlan30.4 vlan-id=30
  32. add arp=reply-only interface=ether5 name=vlan30.5 vlan-id=30
  33. add arp=reply-only interface=ether2-master name=vlan40.2 vlan-id=40
  34. add arp=reply-only interface=ether3 name=vlan40.3 vlan-id=40
  35. add arp=reply-only interface=ether4 name=vlan40.4 vlan-id=40
  36. add arp=reply-only interface=ether5 name=vlan40.5 vlan-id=40
  37. /interface list
  38. add comment=defconf name=WAN
  39. add comment=defconf name=LAN
  40. add exclude=dynamic name=discover
  41. add name=mactel
  42. add name=mac-winbox
  43. add name=Dozwolone_inteface
  44. /interface wireless security-profiles
  45. set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
  46.     mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
  47.     Megastore100 wpa2-pre-shared-key=Megastore100
  48. /ip dhcp-server option
  49. add code=43 name=unifi value=0x0104c0a80b0d
  50. /ip ipsec proposal
  51. set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc \
  52.     pfs-group=modp1536
  53. /ip pool
  54. add name=OpocznoLublin-LAN ranges=172.28.25.2-172.28.25.62
  55. add name=OpocznoLublin-LAN_Kamery ranges=172.28.25.66-172.28.25.126
  56. add name=OpocznoLublin-Wifi_LAN ranges=172.28.25.130-172.28.25.190
  57. add name=OpocznoLublin-Wifi_GOSC ranges=172.28.25.194-172.28.25.254
  58. /ip dhcp-server
  59. add add-arp=yes address-pool=OpocznoLublin-LAN bootp-support=dynamic \
  60.     disabled=no interface=OpocznoLublin-LAN name=OpocznoLublin-LAN
  61. add add-arp=yes address-pool=OpocznoLublin-LAN_Kamery bootp-support=dynamic \
  62.     disabled=no interface=OpocznoLublin-LAN_Kamery name=\
  63.     OpocznoLublin-LAN_Kamery
  64. add add-arp=yes address-pool=OpocznoLublin-Wifi_LAN bootp-support=dynamic \
  65.     disabled=no interface=OpocznoLublin-Wifi_LAN name=OpocznoLublin-Wifi_LAN
  66. add add-arp=yes address-pool=OpocznoLublin-Wifi_GOSC bootp-support=dynamic \
  67.     disabled=no interface=OpocznoLublin-Wifi_GOSC name=\
  68.     OpocznoLublin-Wifi_GOSC
  69. /port
  70. set 0 name=usb1
  71. /interface ppp-client
  72. add apn=m2m.plusgsm.pl default-route-distance=0 disabled=no info-channel=1 \
  73.     name=ppp-out1 pin=1816 port=usb1
  74. /routing ospf instance
  75. set [ find default=yes ] router-id=172.31.19.18
  76. /snmp community
  77. set [ find default=yes ] addresses=0.0.0.0/0 read-access=no
  78. add addresses=0.0.0.0/0 authentication-password=Polska123 \
  79.     authentication-protocol=SHA1 encryption-password=Poland123 name=nagios \
  80.     security=private
  81. /system logging action
  82. set 3 remote=195.28.0.110
  83. /interface bridge port
  84. add bridge=OpocznoLublin-LAN hw=no interface=ether2-master
  85. add bridge=OpocznoLublin-LAN comment=defconf hw=no interface=wlan1
  86. add bridge=OpocznoLublin-LAN hw=no interface=vlan10.2
  87. add bridge=OpocznoLublin-LAN hw=no interface=vlan10.3
  88. add bridge=OpocznoLublin-LAN_Kamery hw=no interface=vlan20.2
  89. add bridge=OpocznoLublin-LAN_Kamery hw=no interface=vlan20.3
  90. add bridge=OpocznoLublin-Wifi_LAN hw=no interface=vlan30.2
  91. add bridge=OpocznoLublin-Wifi_LAN hw=no interface=vlan30.3
  92. add bridge=OpocznoLublin-Wifi_LAN hw=no interface=vlan30.4
  93. add bridge=OpocznoLublin-Wifi_LAN hw=no interface=vlan30.5
  94. add bridge=OpocznoLublin-Wifi_GOSC hw=no interface=vlan40.2
  95. add bridge=OpocznoLublin-Wifi_GOSC hw=no interface=vlan40.3
  96. add bridge=OpocznoLublin-Wifi_GOSC hw=no interface=vlan40.4
  97. add bridge=OpocznoLublin-Wifi_GOSC hw=no interface=vlan40.5
  98. add bridge=OpocznoLublin-LAN hw=no interface=ether3
  99. add bridge=OpocznoLublin-LAN hw=no interface=ether4
  100. add bridge=OpocznoLublin-LAN hw=no interface=ether5
  101. /ip neighbor discovery-settings
  102. set discover-interface-list=discover
  103. /interface list member
  104. add comment=defconf list=LAN
  105. add comment=defconf interface=ether1 list=WAN
  106. add interface=ether2-master list=discover
  107. add interface=ether3 list=discover
  108. add interface=ether4 list=discover
  109. add interface=ether5 list=discover
  110. add interface=wlan1 list=discover
  111. add interface=ppp-out1 list=discover
  112. add interface=vlan10.2 list=discover
  113. add interface=vlan20.2 list=discover
  114. add interface=vlan30.2 list=discover
  115. add interface=vlan40.2 list=discover
  116. add interface=vlan10.3 list=discover
  117. add interface=vlan20.3 list=discover
  118. add interface=vlan30.3 list=discover
  119. add interface=vlan40.3 list=discover
  120. add interface=vlan30.4 list=discover
  121. add interface=vlan40.4 list=discover
  122. add interface=vlan30.5 list=discover
  123. add interface=vlan40.5 list=discover
  124. add interface=OpocznoLublin-LAN list=discover
  125. add interface=OpocznoLublin-LAN_Kamery list=discover
  126. add interface=OpocznoLublin-Wifi_LAN list=discover
  127. add interface=OpocznoLublin-Wifi_GOSC list=discover
  128. add interface=gre-tunnel1 list=discover
  129. add list=mactel
  130. add list=mac-winbox
  131. add interface=OpocznoLublin-LAN list=Dozwolone_inteface
  132. add interface=OpocznoLublin-Wifi_LAN list=Dozwolone_inteface
  133. add interface=OpocznoLublin-LAN_Kamery list=Dozwolone_inteface
  134. /interface wireless access-list
  135. add mac-address=8C:70:5A:DE:94:9C vlan-mode=no-tag
  136. /ip address
  137. add address=172.28.25.1/26 interface=OpocznoLublin-LAN network=172.28.25.0
  138. add address=172.28.25.65/26 interface=OpocznoLublin-LAN_Kamery network=\
  139.     172.28.25.64
  140. add address=172.28.25.129/26 interface=OpocznoLublin-Wifi_LAN network=\
  141.     172.28.25.128
  142. add address=172.28.25.193/26 interface=OpocznoLublin-Wifi_GOSC network=\
  143.     172.28.25.192
  144. add address=172.31.19.18/30 interface=gre-tunnel1 network=172.31.19.16
  145. /ip dhcp-client
  146. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
  147.     ether1
  148. /ip dhcp-server lease
  149. add address=172.28.25.2 mac-address=8C:3B:AD:B1:20:BE server=\
  150.     OpocznoLublin-LAN
  151. add address=172.28.25.5 client-id=1:f0:9f:c2:9e:67:36 mac-address=\
  152.     F0:9F:C2:9E:67:36 server=OpocznoLublin-LAN
  153. add address=172.28.25.4 client-id=1:f0:9f:c2:9e:67:54 mac-address=\
  154.     F0:9F:C2:9E:67:54 server=OpocznoLublin-LAN
  155. add address=172.28.25.78 client-id=1:0:46:b8:2:76:48 mac-address=\
  156.     00:46:B8:02:76:48 server=OpocznoLublin-LAN_Kamery
  157. add address=172.28.25.77 client-id=1:0:46:b8:2:76:30 mac-address=\
  158.     00:46:B8:02:76:30 server=OpocznoLublin-LAN_Kamery
  159. add address=172.28.25.76 client-id=1:0:46:b8:2:75:c mac-address=\
  160.     00:46:B8:02:75:0C server=OpocznoLublin-LAN_Kamery
  161. add address=172.28.25.75 client-id=1:0:46:b8:2:76:19 mac-address=\
  162.     00:46:B8:02:76:19 server=OpocznoLublin-LAN_Kamery
  163. add address=172.28.25.74 client-id=1:0:46:b8:2:75:41 mac-address=\
  164.     00:46:B8:02:75:41 server=OpocznoLublin-LAN_Kamery
  165. add address=172.28.25.73 client-id=1:0:46:b8:2:75:2 mac-address=\
  166.     00:46:B8:02:75:02 server=OpocznoLublin-LAN_Kamery
  167. add address=172.28.25.72 client-id=1:0:46:b8:2:76:79 mac-address=\
  168.     00:46:B8:02:76:79 server=OpocznoLublin-LAN_Kamery
  169. add address=172.28.25.71 client-id=1:0:46:b8:2:75:3e mac-address=\
  170.     00:46:B8:02:75:3E server=OpocznoLublin-LAN_Kamery
  171. add address=172.28.25.70 client-id=1:0:46:b8:2:76:7b mac-address=\
  172.     00:46:B8:02:76:7B server=OpocznoLublin-LAN_Kamery
  173. add address=172.28.25.66 mac-address=70:85:C2:73:36:6A server=\
  174.     OpocznoLublin-LAN_Kamery
  175. add address=172.28.25.62 client-id=1:e0:d5:5e:2b:48:45 mac-address=\
  176.     E0:D5:5E:2B:48:45 server=OpocznoLublin-LAN
  177. add address=172.28.25.46 client-id=1:e0:d5:5e:c:a3:93 mac-address=\
  178.     E0:D5:5E:0C:A3:93 server=OpocznoLublin-LAN
  179. add address=172.28.25.47 client-id=1:e0:d5:5e:f:1d:bf mac-address=\
  180.     E0:D5:5E:0F:1D:BF server=OpocznoLublin-LAN
  181. add address=172.28.25.10 client-id=1:0:25:36:21:ff:c0 mac-address=\
  182.     00:25:36:21:FF:C0 server=OpocznoLublin-LAN
  183. add address=172.28.25.254 always-broadcast=yes mac-address=00:04:A3:00:00:3E \
  184.     server=OpocznoLublin-Wifi_GOSC
  185. /ip dhcp-server network
  186. add address=172.28.25.0/26 dhcp-option=unifi dns-server=\
  187.     192.168.11.129,192.168.11.131 domain=megastorenet.pl gateway=172.28.25.1 \
  188.     netmask=26 ntp-server=195.28.0.225
  189. add address=172.28.25.64/26 dns-server=192.168.11.129,192.168.11.131 domain=\
  190.     megastorenet.pl gateway=172.28.25.65 netmask=26 ntp-server=195.28.0.225
  191. add address=172.28.25.128/26 dhcp-option=unifi dns-server=\
  192.     192.168.11.131,192.168.11.129 domain=megastorenet.pl gateway=\
  193.     172.28.25.129 netmask=26 ntp-server=195.28.0.225
  194. add address=172.28.25.192/26 comment=defconf dhcp-option=unifi dns-server=\
  195.     8.8.8.8 domain=megastorenet.pl gateway=172.28.25.193 netmask=26 \
  196.     ntp-server=195.28.0.225
  197. /ip dns
  198. set allow-remote-requests=yes
  199. /ip dns static
  200. add address=192.168.88.1 name=router.lan
  201. /ip firewall address-list
  202. add address=192.168.2.0/24 list=IT
  203. add address=192.168.3.0/24 list=IT
  204. add address=192.168.11.0/24 list=Serwery
  205. /ip firewall filter
  206. add action=drop chain=forward comment="defconf: drop invalid" \
  207.     connection-state=invalid
  208. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  209.     invalid
  210. add action=accept chain=input comment=\
  211.     "defconf: accept established,related,untracked" connection-state=\
  212.     established,related,untracked
  213. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  214. add action=accept chain=input protocol=ospf
  215. add chain=input dst-port=23,22,80,3389,443,8291,8292,161,500 protocol=tcp \
  216.     src-address=195.28.0.0/23
  217. add chain=input protocol=gre src-address=195.28.0.0/23
  218. add chain=input protocol=ipsec-esp src-address=195.28.0.0/23
  219. add chain=input dst-port=161 protocol=udp src-address=195.28.0.0/23
  220. add action=accept chain=input in-interface=ppp-out1 src-address=185.30.145.31
  221. add action=accept chain=forward comment=\
  222.     "defconf: accept established,related, untracked" connection-state=\
  223.     established,related,untracked
  224. add action=accept chain=input in-interface=OpocznoLublin-LAN
  225. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
  226.     in-interface-list=!LAN
  227. add action=drop chain=input comment=\
  228.     "!!!!! W\A3\A5CZY\C6 i zobaczy\E6 czy wszytsko dzia\B3a" disabled=yes
  229. add chain=forward dst-port=161 protocol=tcp src-address=195.28.0.0/23
  230. add action=accept chain=forward comment=\
  231.     "Dostep dla Dozwolone_inteface do Internet" in-interface-list=\
  232.     Dozwolone_inteface out-interface=ppp-out1
  233. add action=accept chain=forward in-interface=OpocznoLublin-Wifi_GOSC \
  234.     out-interface=ppp-out1
  235. add action=accept chain=forward in-interface=!OpocznoLublin-Wifi_GOSC \
  236.     out-interface=gre-tunnel1
  237. add action=accept chain=forward comment=\
  238.     "Dostep dla !OpocznoLublin-Wifi_Gosc do Bacula" dst-address=192.168.11.13 \
  239.     in-interface=OpocznoLublin-Wifi_GOSC out-interface=gre-tunnel1
  240. add action=accept chain=forward comment=\
  241.     "Dost\EAp dla IT do dozwolone_inteface" out-interface-list=\
  242.     Dozwolone_inteface src-address-list=IT
  243. add action=accept chain=forward comment=\
  244.     "Dost\EAp dla Dozwolone_Inteface do gre i adresacji serwery" \
  245.     dst-address-list=Serwery in-interface-list=Dozwolone_inteface \
  246.     out-interface=gre-tunnel1
  247. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  248.     ipsec-policy=in,ipsec
  249. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  250.     ipsec-policy=out,ipsec
  251. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  252.     connection-state=established,related
  253. add action=drop chain=forward in-interface=OpocznoLublin-Wifi_GOSC \
  254.     out-interface-list=Dozwolone_inteface
  255. add action=drop chain=forward comment=\
  256.     "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  257.     connection-state=new in-interface-list=WAN
  258. add action=drop chain=forward comment=\
  259.     "!!!!! W\A3\A5CZY\C6 i zobaczy\E6 czy wszytsko dzia\B3a" disabled=yes
  260. /ip firewall nat
  261. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  262.     out-interface=ppp-out1
  263. /ip ipsec peer
  264. add address=195.28.0.237/32 dh-group=modp2048,modp1536,modp1024 \
  265.     enc-algorithm=aes-256 hash-algorithm=sha256 secret=\
  266.     5tbgfrfcerg5htbgvrt5gtbr
  267. /ip ipsec policy
  268. set 0 disabled=yes
  269. add dst-address=195.28.0.237/32 protocol=gre sa-dst-address=195.28.0.237 \
  270.     sa-src-address=87.251.228.130 src-address=87.251.228.130/32 tunnel=yes
  271. /ip route
  272. add distance=1 dst-address=195.28.0.237/32 gateway=ppp-out1
  273. /routing ospf interface
  274. add authentication=md5 authentication-key=Egemqm interface=gre-tunnel1 \
  275.     network-type=point-to-point
  276. /routing ospf network
  277. add area=backbone network=172.31.19.16/30
  278. add area=backbone network=172.28.25.0/26
  279. add area=backbone network=172.28.25.64/26
  280. add area=backbone network=172.28.25.128/26
  281. add area=backbone network=172.28.25.192/26
  282. /snmp
  283. set enabled=yes
  284. /system clock
  285. set time-zone-name=Europe/Warsaw
  286. /system logging
  287. add action=disk topics=account
  288. add action=remote topics=account
  289. add action=disk topics=critical
  290. add action=remote topics=critical
  291. add action=remote topics=error
  292. add action=disk topics=error
  293. add action=remote topics=info
  294. add action=disk topics=info
  295. add action=remote topics=interface
  296. add topics=interface
  297. add action=remote topics=warning
  298. /tool mac-server
  299. set allowed-interface-list=mactel
  300. /tool mac-server mac-winbox
  301. set allowed-interface-list=mac-winbox
  302.