MikroTik RouterOS (часть 4) - [1047] :: В помощь системному администратору

# oct/31/2016 10:43:51 by RouterOS 6.37.1
# software id = D8PB-S5NB
#
/caps-man channel
add band=2ghz-onlyn extension-channel=disabled frequency=2412 name=channel1 \
tx-power=17 width=20
add band=2ghz-onlyn extension-channel=disabled frequency=2437 name=channel6 \
tx-power=17 width=20
add band=2ghz-b/g/n extension-channel=disabled frequency=2452 name=channel11 \
tx-power=17 width=20
/caps-man datapath
add client-to-client-forwarding=yes comment=Office local-forwarding=yes name=\
Office
add client-to-client-forwarding=no comment=Guest local-forwarding=yes name=\
Guest vlan-id=47 vlan-mode=use-tag
add client-to-client-forwarding=no comment=Guest local-forwarding=yes name=\
Guest_for_router
/interface l2tp-server
add disabled=yes name=l2tp-lesya2 user=lesya2
add disabled=yes name=l2tp-polisyanka user=policyanka2
/interface bridge
add name=GuestNet
add name=OfficeNet
add mtu=1500 name=bridge-local protocol-mode=none
add name=bridge_VLAN
/interface ethernet
set [ find default-name=ether1 ] comment=ether1 name=WAN
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-servers-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface pptp-server
add disabled=yes name=<pptp-ternopil_Taras> user=ternopil
add disabled=yes name=pptp-Rovno user=rivne
/interface gre
add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \
name=gre-tunnelBoguniya remote-address=64.219.77.31
add keepalive=3s local-address=195.112.204.22 mtu=1400 name=gre-tunnelKiev \
remote-address=19.332.111.43
add keepalive=3s local-address=195.112.204.22 mtu=1400 name=\
gre-tunnelLUkrainki remote-address=195.112.137.164
add allow-fast-path=no ipsec-secret="Pa$$w0Rd" keepalive=3s local-address=\
195.112.204.22 mtu=1400 name=gre-tunnelOffice-DKS remote-address=\
195.112.157.134
add allow-fast-path=no ipsec-secret="Pa$$w0Rd" keepalive=3s local-address=\
195.112.204.22 mtu=1400 name=gre-tunnelOffice-VEGA remote-address=\
19.243.112.71
add keepalive=3s local-address=195.112.204.22 mtu=1400 name=gre-tunnelRovno \
remote-address=149.44.89.120
add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \
name=gre-tunnelShev_ISP1 remote-address=64.220.30.12
add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \
name=gre-tunnelShev_ISP2 remote-address=134.247.164.155
add allow-fast-path=no keepalive=3s mtu=1400 name=gre-tunnelStanishevka \
remote-address=46.233.75.31
add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \
name=gre-tunnelVokzalnaya-Kievstar remote-address=134.249.146.61
add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \
name=gre-tunnelVokzalnaya-O3 remote-address=109.250.109.105
/interface ipip
add allow-fast-path=no clamp-tcp-mss=no comment=DKS disabled=yes dscp=0 \
!keepalive local-address=195.112.204.22 mtu=1480 name=ipip-Polisyanka \
remote-address=195.112.157.134
add allow-fast-path=no clamp-tcp-mss=no disabled=yes dscp=0 !keepalive \
local-address=195.112.204.22 mtu=1480 name=ipip-Ternopil_work \
remote-address=212.113.44.13
add allow-fast-path=no clamp-tcp-mss=no comment=MyLan disabled=yes dscp=0 \
!keepalive local-address=195.112.204.22 mtu=1480 name=ipip1-Polisyanka \
remote-address=19.243.112.71
/interface eoip
add allow-fast-path=no disabled=yes !keepalive mac-address=02:6C:4A:23:C2:5D \
mtu=1500 name=eoip-Bogunia remote-address=172.16.1.12 tunnel-id=6112
add allow-fast-path=no disabled=yes !keepalive mac-address=02:D1:A6:39:20:81 \
name=eoip-Kiev remote-address=172.16.1.19 tunnel-id=11134
add allow-fast-path=no clamp-tcp-mss=no disabled=yes !keepalive mac-address=\
02:AF:FF:A5:FE:65 name=eoip-L.Ukrainki remote-address=172.16.1.27 \
tunnel-id=6127
add allow-fast-path=no clamp-tcp-mss=no disabled=yes !keepalive mac-address=\
02:D9:72:EE:6A:5B mtu=1500 name=eoip-Polisyanka remote-address=\
172.16.1.17 tunnel-id=117
add allow-fast-path=no disabled=yes !keepalive mac-address=02:68:89:AF:11:A7 \
name=eoip-Rovno remote-address=172.16.1.16 tunnel-id=6116
add allow-fast-path=no disabled=yes !keepalive mac-address=02:6C:4A:23:C2:5D \
mtu=1500 name=eoip-Shevchenko remote-address=172.16.1.15 tunnel-id=6115
add allow-fast-path=no disabled=yes !keepalive mac-address=02:90:B3:98:BA:35 \
name=eoip-Stanishevka remote-address=172.16.1.13 tunnel-id=6113
add allow-fast-path=no disabled=yes !keepalive mac-address=02:B3:33:E2:66:51 \
name=eoip-Vokzalnaya remote-address=172.16.1.11 tunnel-id=6111
/ip neighbor discovery
set WAN comment=ether1
set <pptp-ternopil_Taras> discover=no
set eoip-Polisyanka discover=no
set eoip-Shevchenko discover=no
set ipip-Polisyanka comment=DKS discover=no
set ipip-Ternopil_work discover=no
set ipip1-Polisyanka comment=MyLan discover=no
/caps-man security
add authentication-types="" encryption="" name=open
add authentication-types=wpa2-eap eap-methods=passthrough \
eap-radius-accounting=yes encryption=aes-ccm name=office
/caps-man configuration
add channel=channel6 country=ukraine datapath=Office mode=ap name=Office \
rates.basic="" rates.ht-basic-mcs="" rates.ht-supported-mcs="" \
rates.supported="" rates.vht-basic-mcs="none,(unknown)" \
rates.vht-supported-mcs="none,(unknown)" rx-chains=0,1,2 security=office \
security.eap-methods=passthrough security.eap-radius-accounting=yes ssid=\
AsklepiyOffice tx-chains=0,1,2
add channel=channel6 country=ukraine datapath=Guest mode=ap name=Guest \
rx-chains=0,1,2 security=open ssid=Asklepiy tx-chains=0,1,2
add channel=channel6 country=ukraine datapath=Guest_for_router mode=ap name=\
"Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)" rx-chains=0,1,2 security=\
open ssid=Asklepiy tx-chains=0,1,2
/caps-man interface
add arp=enabled configuration=Office disabled=no l2mtu=1600 mac-address=\
D4:CA:6D:C6:79:F6 master-interface=none mtu=1500 name=\
AsklepiyAP-L.Ukrainki-1 radio-mac=D4:CA:6D:C6:79:F6 security.eap-methods=\
passthrough
add configuration="Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)" disabled=no \
l2mtu=1600 mac-address=D6:CA:6D:C6:79:F6 master-interface=\
AsklepiyAP-L.Ukrainki-1 name=AsklepiyAP-L.Ukrainki-1-1 radio-mac=\
00:00:00:00:00:00
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Chernovtsi
/ip dhcp-server option
add code=67 name=Bootfile_name value="'myfiles'"
add code=66 name=tftp value="'192.168.88.208'"
add code=2 name=TimeZone value=0x1C20
/ip ipsec policy group
set
add name=default
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.99
add name=pptp-pool ranges=172.16.1.100-172.16.1.200
add name=openvpn ranges=172.21.108.2-172.21.108.99
add name=dhcp_pool1 ranges=10.10.10.10-10.10.10.99
add name=l2tp ranges=172.17.1.100-172.17.1.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=\
1w10m name=server1
add address-pool=dhcp_pool1 disabled=no interface=OfficeNet lease-time=3h \
name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=172.16.1.1 name=dynVPN-encryption \
remote-address=pptp-pool use-encryption=yes
add local-address=172.21.108.1 name=ovpn remote-address=openvpn
add change-tcp-mss=yes local-address=172.17.1.1 name=L2TP-Server \
use-compression=yes use-encryption=yes
/routing ospf area
add area-id=0.0.0.1 disabled=yes name=GRE
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/caps-man manager
set enabled=yes upgrade-policy=require-same-version
/caps-man provisioning
add action=create-enabled master-configuration=Office name-format=\
prefix-identity name-prefix=AsklepiyAP radio-mac=D4:CA:6D:C6:79:F6 \
slave-configurations="Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)"
add action=create-dynamic-enabled master-configuration=Office name-format=\
prefix-identity name-prefix=AsklepiyAP slave-configurations=Guest
/interface bridge filter
# in/out-bridge-port matcher not possible when interface (WAN) is not slave
add action=drop chain=input dst-port=67-69 in-interface=WAN ip-protocol=udp \
mac-protocol=ip
add action=drop chain=input dst-port=67-69 in-interface=eoip-Kiev \
ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Kiev \
ip-protocol=udp mac-protocol=ip
add action=drop chain=input dst-port=67-69 in-interface=eoip-Vokzalnaya \
ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Vokzalnaya \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Shevchenko) is not slave
add action=drop chain=input dst-port=67-69 in-interface=eoip-Shevchenko \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Shevchenko) is not slave
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Shevchenko \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Stanishevka) is not slave
add action=drop chain=input dst-port=67-69 in-interface=eoip-Stanishevka \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Stanishevka) is not slave
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Stanishevka \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Polisyanka) is not slave
add action=drop chain=input dst-port=67-69 in-interface=eoip-Polisyanka \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Polisyanka) is not slave
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Polisyanka \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-L.Ukrainki) is not slave
add action=drop chain=input dst-port=67-69 in-interface=eoip-L.Ukrainki \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-L.Ukrainki) is not slave
add action=drop chain=forward dst-port=67-69 in-interface=eoip-L.Ukrainki \
ip-protocol=udp mac-protocol=ip
# no interface
add action=drop chain=input dst-port=67-69 in-interface=*325 ip-protocol=udp \
mac-protocol=ip
# no interface
add action=drop chain=forward dst-port=67-69 in-interface=*325 ip-protocol=\
udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Bogunia) is not slave
add action=drop chain=input dst-port=67-69 in-interface=eoip-Bogunia \
ip-protocol=udp mac-protocol=ip
# in/out-bridge-port matcher not possible when interface (eoip-Bogunia) is not slave
add action=drop chain=forward dst-port=67-69 in-interface=eoip-Bogunia \
ip-protocol=udp mac-protocol=ip
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local disabled=yes interface=eoip-Shevchenko
add bridge=bridge-local interface=eoip-Kiev
add bridge=bridge-local interface=eoip-Vokzalnaya
/interface l2tp-server server
set default-profile=L2TP-Server enabled=yes ipsec-secret=Pa$$w0Rd
/interface ovpn-server server
set certificate=cert_2 cipher=blowfish128,aes128,aes192,aes256 enabled=yes \
mode=ethernet require-client-certificate=yes
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.88.1/24 comment="local network" interface=\
ether2-master-local network=192.168.88.0
add address=195.112.204.22/30 comment=chernivtsi interface=WAN network=\
195.211.240.64
add address=10.10.10.1/24 interface=OfficeNet network=10.10.10.0
add address=172.16.255.1/30 interface=gre-tunnelOffice-DKS network=\
172.16.255.0
add address=172.16.253.1/30 comment="\CB\E5\F1\E8 \D3\EA\F0\E0\E8\ED\EA\E8" \
interface=gre-tunnelLUkrainki network=172.16.253.0
add address=172.16.254.1/30 interface=gre-tunnelBoguniya network=172.16.254.0
add address=172.16.252.1/30 interface=gre-tunnelStanishevka network=\
172.16.252.0
add address=172.16.50.1/30 interface=gre-tunnelRovno network=172.16.50.0
add address=172.16.251.1/30 interface=gre-tunnelKiev network=172.16.251.0
add address=172.16.249.1/30 interface=gre-tunnelShev_ISP1 network=\
172.16.249.0
add address=172.16.248.1/30 interface=gre-tunnelShev_ISP2 network=\
172.16.248.0
add address=172.16.247.1/30 interface=gre-tunnelVokzalnaya-O3 network=\
172.16.247.0
add address=172.16.246.1/30 interface=gre-tunnelVokzalnaya-Kievstar network=\
172.16.246.0
add address=172.16.245.1/30 interface=gre-tunnelOffice-VEGA network=\
172.16.245.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid interface=WAN
/ip dhcp-server lease
add address=192.168.88.209 client-id=1:54:4:a6:ed:a0:1f comment=TERMINAL.OLD \
mac-address=54:04:A6:ED:A0:1F server=server1
add address=192.168.88.222 client-id=1:0:25:90:e6:e2:7f mac-address=\
00:25:90:E6:E2:7F server=server1
add address=192.168.88.223 client-id=1:0:25:90:e6:e2:7e mac-address=\
00:25:90:E6:E2:7E server=server1
add address=192.168.88.221 client-id=1:0:25:90:ed:f4:95 comment=\
"IPMI (SRVASR)" mac-address=00:25:90:ED:F4:95 server=server1
add address=192.168.88.212 comment="CentOS 6.7" mac-address=00:15:5D:58:DF:09 \
server=server1
add address=192.168.88.91 comment=Elastix-2.5.0-Stable-x86_64-bin-21oct2014 \
mac-address=00:15:5D:58:DF:0A server=server1
add address=192.168.88.90 client-id=1:0:15:5d:58:df:c comment=Zabbix \
mac-address=00:15:5D:58:DF:0C server=server1
add address=192.168.88.99 comment=CWP mac-address=00:15:5D:58:DF:16 server=\
server1
add address=192.168.88.250 mac-address=00:15:5D:58:DF:17 server=server1
add address=192.168.88.248 comment=PearlPBX mac-address=00:15:5D:58:DF:19 \
server=server1
add address=192.168.88.208 client-id=1:0:15:5d:58:de:2 mac-address=\
00:15:5D:58:DE:02 server=server1
add address=192.168.88.249 comment=CWP mac-address=00:15:5D:58:DE:01 server=\
server1
add address=192.168.88.210 client-id=1:0:15:5d:58:de:6 mac-address=\
00:15:5D:58:DE:06 server=server1
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=192.168.88.0/24 boot-file-name=pxelinux.0 comment=\
"default configuration" dhcp-option=tftp,TimeZone dns-server=\
192.168.88.208,192.168.88.230 gateway=192.168.88.1 netmask=24 \
next-server=192.168.88.208 ntp-server=192.168.88.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
8.8.8.8,172.16.0.10,172.16.0.11
/ip dns static
add address=8.8.8.8 name=google
/ip firewall address-list
add address=192.0.0.0/24 list=Kiev
add address=192.168.77.0/24 list=Polisyanka
add address=213.108.46.227 list=FTP
add address=192.168.77.244 list=FTP
add address=195.69.221.154 list=Kronberg
add address=195.222.333.6 list=Access_to_Asterisk
add address=195.222.333.6 list=Deny_access_to_Asterisk
add address=192.168.77.244 list=admin
add address=192.168.88.208 list=SITEASKLEPIY
add address=192.168.88.230 list=SITEASKLEPIY
add address=192.168.77.0/24 list=OFFICE
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=forward out-interface=WAN
add action=accept chain=forward out-interface=bridge-local
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.77.0/24 src-address=192.168.88.0/24
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related disabled=yes log=yes log-prefix=11
add action=accept chain=input protocol=icmp
add action=accept chain=input comment=WinBOX dst-port=8291 in-interface=WAN \
protocol=tcp
add action=accept chain=input comment=L2TP dst-port=1701,500,4500 protocol=\
udp
add action=accept chain=input protocol=gre
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=forward dst-port=443 log-prefix=rdp_ protocol=tcp
add action=accept chain=input comment=SIP dst-port=5060 in-interface=all-ppp \
protocol=udp
add action=accept chain=input comment=SIP disabled=yes dst-port=5060 \
in-interface=all-ethernet protocol=udp
add action=accept chain=input comment=OpenVPN dst-port=1194 in-interface=WAN \
protocol=tcp
add action=drop chain=input connection-state=invalid disabled=yes
add action=drop chain=input disabled=yes
add action=accept chain=forward disabled=yes dst-port=21 in-interface=WAN \
protocol=tcp
add action=accept chain=forward disabled=yes dst-port=110 in-interface=WAN \
protocol=tcp
add action=accept chain=forward disabled=yes dst-port=25 in-interface=WAN \
protocol=tcp
add action=log chain=forward disabled=yes dst-address=192.168.88.220 \
protocol=udp src-address=192.168.77.8
add action=accept chain=forward disabled=yes dst-address=192.168.88.220 \
protocol=udp
add action=accept chain=forward disabled=yes dst-address=192.168.88.220 \
protocol=tcp
add action=accept chain=forward disabled=yes protocol=udp src-address=\
192.168.88.220
add action=accept chain=forward disabled=yes protocol=tcp src-address=\
192.168.88.220
add action=accept chain=input connection-state=established disabled=yes
add action=accept chain=forward connection-state=established disabled=yes
add action=accept chain=forward comment=CWP dst-port=2030,2031 in-interface=\
WAN protocol=tcp
add action=accept chain=forward comment=SIP disabled=yes dst-port=5060 \
in-interface=WAN protocol=udp
add action=accept chain=forward comment=NTP dst-port=123 in-interface=\
all-ethernet protocol=udp
add action=accept chain=input comment=SIP disabled=yes dst-port=5060 \
in-interface=WAN protocol=udp
add action=accept chain=forward comment=SIP disabled=yes dst-port=5060 \
in-interface=all-ethernet protocol=udp
add action=accept chain=forward comment=SIP dst-port=5060 in-interface=\
all-ppp protocol=udp
add action=accept chain=forward comment=SIP dst-port=5060 in-interface=\
bridge-local protocol=udp
add action=accept chain=forward comment=RDP disabled=yes dst-port=3389 \
in-interface=WAN protocol=tcp
add action=accept chain=forward comment="Web Asterisk" disabled=yes dst-port=\
8888 protocol=tcp
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid disabled=yes
add action=accept chain=forward src-address=192.168.88.0/24
add action=accept chain=input comment="default configuration" \
connection-state=""
add action=accept chain=input comment="default configuration" \
connection-state=""
add action=accept chain=input comment="default configuration" in-interface=\
WAN
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=yes \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=yes \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new disabled=yes \
dst-port=22 protocol=tcp
add action=accept chain=input comment=WinBox dst-port=8291 in-interface=WAN \
protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input comment=VPN dst-port=1194 in-interface=WAN \
protocol=tcp
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new disabled=yes \
in-interface=WAN
add action=accept chain=input connection-state=related disabled=yes
add action=drop chain=input disabled=yes in-interface=WAN
add action=drop chain=forward disabled=yes
/ip firewall mangle
add action=mark-connection chain=output new-connection-mark=ISP1_conn \
out-interface=WAN passthrough=no
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.77.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.0.0.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.192.192.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.168.11.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=10.194.128.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.168.10.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.168.1.0/24 src-address=\
192.168.88.0/24
add action=accept chain=srcnat dst-address=192.168.50.0/24 src-address=\
192.168.88.0/24
add action=masquerade chain=srcnat out-interface=WAN to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes out-interface=all-ppp \
to-addresses=0.0.0.0
add action=add-src-to-address-list address-list=Deny_access_to_Asterisk \
address-list-timeout=0s chain=dstnat comment=Deny_access_to_Asterisk \
connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\
1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \
log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \
src-address-type="" time=7h30m-23h,mon,tue,wed,thu,fri to-addresses=\
192.168.88.220 to-ports=5060
add action=add-src-to-address-list address-list=Deny_access_to_Asterisk \
address-list-timeout=0s chain=dstnat comment=Deny_access_to_Asterisk \
connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\
1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \
log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \
src-address-type="" time=7h50m-12h,sun to-addresses=192.168.88.220 \
to-ports=5060
add action=dst-nat chain=dstnat comment=\
"SIP-\E2\ED\E5\F8\ED\E8\E9 \E7\E0\EF\F0\EE\F1" disabled=yes dst-port=\
54506 in-interface=WAN log=yes log-prefix=_SIP_EXTERNAL_ protocol=udp \
to-addresses=192.168.88.220 to-ports=5060
add action=dst-nat chain=dstnat comment=\
"SIP-\E2\ED\E5\F8\ED\E8\E9 \E7\E0\EF\F0\EE\F1 \EF\EE ACL" \
connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\
1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \
log=yes log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \
src-address-list=Access_to_Asterisk src-address-type="" time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat to-addresses=192.168.88.220 to-ports=\
5060
add action=dst-nat chain=dstnat dst-port=21 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.249 to-ports=21
add action=dst-nat chain=dstnat dst-port=2222 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.220 to-ports=22
add action=dst-nat chain=dstnat dst-port=2223 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.249 to-ports=22
add action=dst-nat chain=dstnat dst-port=2030 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.249 to-ports=2030
add action=dst-nat chain=dstnat dst-address=80.91.179.158 dst-port=3306 \
protocol=tcp src-port="" to-addresses=192.168.88.210 to-ports=3306
add action=dst-nat chain=dstnat dst-address=19.243.112.71 dst-port=3306 \
protocol=tcp to-addresses=192.168.88.210 to-ports=3306
add action=dst-nat chain=dstnat dst-port=3389 in-interface=WAN protocol=tcp \
src-address-list=Kronberg to-addresses=192.168.88.210 to-ports=3389
add action=dst-nat chain=dstnat dst-port=4444 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.210 to-ports=3389
add action=dst-nat chain=dstnat comment=SRVASK dst-port=4567 in-interface=WAN \
protocol=tcp to-addresses=192.168.88.223 to-ports=3389
add action=dst-nat chain=dstnat comment=RDGateway dst-port=443 in-interface=\
WAN log-prefix=RDP_ protocol=tcp to-addresses=192.168.88.222 to-ports=443
add action=dst-nat chain=dstnat comment=WWW dst-address=192.168.88.230 \
dst-port=80 protocol=tcp src-address=192.168.77.244 to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=WWW dst-address=192.168.88.208 \
dst-port=80 protocol=tcp src-address=192.168.77.244 to-addresses=\
192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=WWW dst-port=80 in-interface=WAN \
protocol=tcp to-addresses=192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat comment=WWW dst-port=110 in-interface=WAN \
protocol=tcp to-addresses=192.168.88.249 to-ports=110
add action=dst-nat chain=dstnat comment=WWW dst-port=25 in-interface=WAN \
protocol=tcp to-addresses=192.168.88.249 to-ports=25
add action=dst-nat chain=dstnat comment=WWW dst-port=80 protocol=tcp \
src-address=192.0.0.0/24 to-addresses=192.168.88.249 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=WAN \
protocol=tcp src-address=37.53.85.107 to-addresses=192.168.88.210 \
to-ports=3389
add action=dst-nat chain=dstnat dst-port=8080 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.220 to-ports=80
add action=dst-nat chain=dstnat comment="Asteriks SSH" dst-port=44 \
in-interface=WAN protocol=tcp to-addresses=192.168.88.220 to-ports=22
add action=dst-nat chain=dstnat dst-port=5555 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.230 to-ports=3389
add action=dst-nat chain=dstnat comment="UVNC 192.168.88.210" dst-port=5900 \
in-interface=WAN protocol=tcp to-addresses=192.168.88.210 to-ports=5900
add action=dst-nat chain=dstnat dst-address=80.91.179.158 dst-port=5901 \
protocol=tcp to-addresses=192.168.88.105 to-ports=5900
add action=dst-nat chain=dstnat dst-address=195.112.204.22 dst-port=5900 \
protocol=tcp to-addresses=192.168.88.220 to-ports=22
add action=dst-nat chain=dstnat dst-address=195.112.204.22 dst-port=5901 \
protocol=tcp to-addresses=192.168.88.210 to-ports=5900
add action=dst-nat chain=dstnat dst-port=8888 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.220 to-ports=80
add action=dst-nat chain=dstnat dst-port=2030 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.99 to-ports=2030
add action=dst-nat chain=dstnat dst-port=2031 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.99 to-ports=2031
add action=dst-nat chain=dstnat dst-port=2222 in-interface=WAN protocol=tcp \
to-addresses=192.168.88.220 to-ports=22
/ip firewall raw
add action=notrack chain=prerouting dst-address=192.168.77.0/24 src-address=\
192.168.88.0/24
add action=notrack chain=prerouting dst-address=192.168.88.0/24 src-address=\
192.168.77.0/24
/ip firewall service-port
set sip disabled=yes
/ip ipsec peer
add address=195.112.157.134/32 comment="\CE\F4\E8\F1-DKS" disabled=yes \
enc-algorithm=aes-128 generate-policy=port-override local-address=0.0.0.0 \
nat-traversal=no passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD\
4Gyy5#NVcaPbJtRNnhHVHcfqbc9vxzN@TX2v&6sJ25!"
add address=19.243.112.71/32 comment="\CE\F4\E8\F1-VEGA" disabled=yes \
enc-algorithm=aes-128 generate-policy=port-override nat-traversal=no \
passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNn\
hHVHcfqbc9vxzN@TX2v&6sJ25!"
add address=172.16.50.2/32 comment="\D0\EE\E2\ED\EE" disabled=yes \
enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=yes \
secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqbc9vx\
zN@TX2v&6sJ25!"
add address=172.16.248.2/32 comment="\D8\E5\E2\F7\E5\ED\EA\EE-ISP2" disabled=\
yes enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=\
yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqb\
c9vxzN@TX2v&6sJ25!"
add address=172.16.247.2/32 comment="\C2\EE\EA\E7\E0\EB\FC\ED\E0\FF-\CE3" \
disabled=yes enc-algorithm=aes-256,aes-192,aes-128 nat-traversal=no \
passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNn\
hHVHcfqbc9vxzN@TX2v&6sJ25!"
add address=172.16.249.2/32 comment="\D8\E5\E2\F7\E5\ED\EA\EE-ISP1" disabled=\
yes enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=\
yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqb\
c9vxzN@TX2v&6sJ25!"
add address=46.233.75.31/32 auth-method=rsa-signature certificate=server \
comment="\D1\F2\E0\ED\E8\F8\E5\E2\EA\E0" enc-algorithm=aes-128 \
generate-policy=port-override nat-traversal=no passive=yes \
remote-certificate=none
add address=195.112.137.164/32 auth-method=rsa-signature certificate=server \
comment=gre-tunnelLUkrainki dh-group=modp1024,modp768 enc-algorithm=\
aes-128 generate-policy=port-override local-address=195.112.204.22 \
nat-traversal=no passive=yes remote-certificate=none
add address=64.219.77.31/32 auth-method=rsa-signature certificate=server \
comment="\C1\EE\E3\F3\ED\E8\FF" enc-algorithm=aes-128 generate-policy=\
port-override nat-traversal=no passive=yes remote-certificate=none
add address=149.44.89.120/32 auth-method=rsa-signature certificate=server \
comment="\D0\EE\E2\ED\EE" enc-algorithm=aes-128 local-address=\
195.112.204.22 nat-traversal=no remote-certificate=none
add address=19.332.111.43/32 auth-method=rsa-signature certificate=server \
comment="\CA\E8\E5\E2" enc-algorithm=aes-128 local-address=195.112.204.22 \
nat-traversal=no passive=yes remote-certificate=none
/ip ipsec policy
add comment=gre-tunnelLUkrainki dst-address=195.112.137.164/32 \
ipsec-protocols=ah-esp protocol=gre sa-dst-address=195.112.137.164 \
sa-src-address=195.112.204.22 src-address=195.112.204.22/32
add comment=gre-tunnelOffice-DKS disabled=yes dst-address=195.112.157.134/32 \
ipsec-protocols=ah-esp protocol=gre sa-dst-address=195.112.157.134 \
sa-src-address=195.112.204.22 src-address=195.112.204.22/32
add comment="\D1\F2\E0\ED\E8\F8\E5\E2\EA\E0" dst-address=46.233.75.31/32 \
ipsec-protocols=ah-esp protocol=gre sa-dst-address=46.233.75.31 \
sa-src-address=195.112.204.22 src-address=195.112.204.22/32
add comment=gre-tunnelOffice-VEGA disabled=yes dst-address=19.243.112.71/32 \
ipsec-protocols=ah-esp protocol=gre sa-dst-address=19.243.112.71 \
sa-src-address=195.112.204.22 src-address=195.112.204.22/32
add comment="\C1\EE\E3\F3\ED\E8\FF" dst-address=64.219.77.31/32 \
ipsec-protocols=ah-esp protocol=gre sa-dst-address=64.219.77.31 \
sa-src-address=195.112.204.22 src-address=195.112.204.22/32
add comment="\D0\EE\E2\ED\EE" dst-address=149.44.89.120/32 ipsec-protocols=\
ah-esp protocol=gre sa-dst-address=149.44.89.120 sa-src-address=\
195.112.204.22 src-address=195.112.204.22/32
add comment="\CA\E8\E5\E2" dst-address=19.332.111.43/32 ipsec-protocols=\
ah-esp protocol=gre sa-dst-address=19.332.111.43 sa-src-address=\
195.112.204.22 src-address=195.112.204.22/32
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=195.211.240.65
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ppp secret
add local-address=172.16.1.1 name=vokzal password=Pa$$w0Rd remote-address=\
172.16.1.11 routes="192.168.1.0/24 172.16.1.11 1" service=pptp
add disabled=yes local-address=172.16.1.1 name=admin password=Pa$$w0Rd \
profile=default-encryption remote-address=172.16.1.10 service=pptp
add local-address=172.16.1.1 name=stanishovka password=Pa$$w0Rd \
remote-address=172.16.1.13 routes="192.192.192.0/24 172.16.1.13 1" \
service=pptp
add local-address=172.16.1.1 name=boguniya password=Pa$$w0Rd \
remote-address=172.16.1.12 routes="10.194.128.0/24 172.16.1.12 1" \
service=pptp
add comment=medadmin disabled=yes name=manager password=Pa$$w0Rd profile=\
dynVPN-encryption service=pptp
add comment=Doc_skoropad disabled=yes name=doc_skoropad password=Skoropad \
profile=dynVPN-encryption service=pptp
add comment=moroz disabled=yes local-address=172.16.1.1 name=moroz password=\
Pa$$w0Rd profile=default-encryption remote-address=172.16.1.22 service=\
pptp
add comment="Pavel ONE" disabled=yes local-address=172.16.1.1 name=one \
password=Pa$$w0Rd profile=default-encryption remote-address=172.16.1.23 \
service=pptp
add local-address=172.16.1.1 name=korosten password=Pa$$w0Rd \
remote-address=172.16.1.14 routes="10.20.30.0/24 172.16.1.14 1" service=\
pptp
add comment=doctor disabled=yes local-address=176.16.1.1 name=Doc_Kovalchyk \
password=Pa$$w0Rd profile=default-encryption remote-address=\
176.16.1.31 service=pptp
add comment=economist disabled=yes local-address=172.16.1.1 name=economist \
password=Pa$$w0Rd profile=default-encryption remote-address=172.16.1.24 \
service=pptp
add comment=standart disabled=yes local-address=176.16.1.1 name=standart \
password=Pa$$w0Rd profile=default-encryption remote-address=\
176.16.1.25 service=pptp
add disabled=yes local-address`=172.16.1.1 name=economist2 password=\
Pa$$w0Rd profile=default-encryption remote-address=172.16.1.26 \
service=pptp
add local-address=172.16.1.1 name=shevchenko password=Pa$$w0Rd \
remote-address=172.16.1.15 routes="192.168.10.0/24 172.16.1.15 1" \
service=pptp
add comment="Tetyana Vasilevna" disabled=yes local-address=172.16.1.1 name=\
admin_tv password=admin2014 profile=default-encryption remote-address=\
172.16.1.28 service=pptp
add local-address=172.16.1.1 name=lesya password="Pa$$w0Rd" profile=\
default-encryption remote-address=172.16.1.27 routes=\
"192.168.11.0/24 172.16.1.27 1" service=pptp
add local-address=172.16.1.1 name=rivne password=Pa$$w0Rd remote-address=\
172.16.1.16 routes="192.168.50.0/24 172.16.1.16 1" service=pptp
add local-address=172.16.1.1 name=policyanka password=policyanka \
remote-address=172.16.1.17 routes="192.168.77.0/24 172.16.1.17 1" \
service=pptp
add disabled=yes local-address=172.16.1.1 name=call-center password=\
Pa$$w0Rd remote-address=172.16.1.18 routes=\
"192.168.78.0/24 172.16.1.18 1" service=pptp
add local-address=172.16.1.1 name=kyiv password=Pa$$w0Rd remote-address=\
172.16.1.19 routes="192.0.0.0/24 172.16.1.19 1" service=pptp
add comment="Doc Shamova" disabled=yes local-address=172.16.1.1 name=shamova \
password=Sha2014 remote-address=172.16.1.32 service=pptp
add local-address=172.16.1.1 name=vlasyuk password=Pa$$w0Rd \
remote-address=172.16.1.33 service=pptp
add disabled=yes local-address=172.16.1.1 name=dks-polisyanka password=\
Pa$$w0Rd remote-address=172.16.1.33 service=pptp
add name=griban password=Pa$$w0Rd profile=ovpn
add disabled=yes local-address=172.16.1.1 name=ternopil password=ternopil \
remote-address=172.16.1.99 service=pptp
add disabled=yes name=kovalchuk password=Pa$$w0Rd profile=ovpn service=\
ovpn
add local-address=172.16.1.1 name=q-trade password=Pa$$w0Rd \
remote-address=172.16.1.34 service=pptp
add local-address=172.17.1.1 name=lesya2 password=Pa$$w0Rd profile=\
L2TP-Server remote-address=172.17.1.27 routes=\
"192.168.11.0/24 172.17.1.27 1" service=l2tp
add local-address=172.17.1.1 name=home password=Pa$$w0Rd profile=\
L2TP-Server remote-address=172.17.1.17 routes=\
"192.168.15.0/24 172.17.1.17 1" service=l2tp
/radius
add address=192.168.88.13 secret=Pa$$w0Rd service=wireless
/radius incoming
set accept=yes
/routing ospf interface
add disabled=yes interface=gre-tunnelOffice-DKS network-type=broadcast \
use-bfd=yes
add disabled=yes interface=gre-tunnelOffice-VEGA network-type=broadcast \
use-bfd=yes
add interface=WAN network-type=broadcast
add disabled=yes interface=gre-tunnelRovno network-type=broadcast use-bfd=yes
add disabled=yes interface=gre-tunnelLUkrainki network-type=point-to-point \
use-bfd=yes
/routing ospf network
add area=GRE network=192.168.88.0/24
add area=GRE network=172.16.255.0/24
add area=GRE network=172.16.254.0/24
/routing rip interface
add interface=gre-tunnelOffice-DKS receive=v2
add interface=gre-tunnelLUkrainki receive=v2
add interface=gre-tunnelBoguniya receive=v2
add interface=gre-tunnelRovno receive=v2
add interface=gre-tunnelStanishevka receive=v2
add interface=gre-tunnelShev_ISP1 receive=v2
add interface=gre-tunnelVokzalnaya-O3 receive=v2
add interface=gre-tunnelVokzalnaya-Kievstar receive=v2
add interface=gre-tunnelOffice-VEGA receive=v2
add disabled=yes receive=v2
/routing rip neighbor
add address=172.16.255.2
add address=172.16.253.2
add address=172.16.254.2
add address=172.16.50.2
add address=172.16.251.2
add address=172.16.249.2
add address=172.16.248.2
add address=172.16.247.2
add address=172.16.246.2
add address=172.16.245.2
add address=172.16.252.2
/routing rip network
add network=192.168.88.0/24
/snmp
set contact="Griban Ruslan" enabled=yes location=Chernovtsi trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Kiev
/system identity
set name=datacenter
/system logging
add topics=dhcp
/system ntp client
set enabled=yes primary-ntp=62.117.76.142 secondary-ntp=133.243.238.163 \
server-dns-names=\
0.ua.pool.ntp.org,1.ua.pool.ntp.org,2.ua.pool.ntp.org,3.ua.pool.ntp.org
/system scheduler
add comment=BackUpMikrotikChernivtsi interval=1w name=send_beckup_to_email \
on-event=backup_to_email policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-date=\
sep/16/2014 start-time=00:00:00
add interval=5m name=WOL_Asterisk on-event=WOL_Asterisk policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/10/2016 start-time=08:33:17
add interval=5m name=WOL_ONE policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/10/2016 start-time=08:33:40
add interval=5m name=WOL_SRVASK policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/10/2016 start-time=08:33:57
add interval=5m name=WOL_TERMINAL policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/10/2016 start-time=08:34:10
/system script
add name=backup_to_email owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
\_\\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.yandex.ru\"];\r\
\n:local Eaccount \"asklepiy.zt@yandex.ru\";\r\
\n:local pass \"Pa$$w0Rd\";\r\
\n:local backupfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\
\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \
\\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile\
\_\\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\")\
\_\\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version\
: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \
\\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\
\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export verbose file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \
\\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile\
\_\\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] \
. \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS\
\_\\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] .\
\_\" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping complet\
ed.\";\r\
\n}"
add name="Traffic Monitor" owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Watch\
\_interface\r\
\n:local interface \"WAN\"\r\
\n/interface monitor [/interface find name=\$interface] once do={\r\
\n :global txbps1 \$(\"tx-bits-per-second\");\r\
\n :global rxbps1 \$(\"rx-bits-per-second\");\r\
\n}\r\
\n:delay 60\r\
\n/interface monitor [/interface find name=\$interface] once do={\r\
\n :global txbps2 \$(\"tx-bits-per-second\");\r\
\n :global rxbps2 \$(\"rx-bits-per-second\");\r\
\n}\r\
\n:global rxbps1\r\
\n:global rxbps2\r\
\nif (((\$rxbps1) >= 10000000) and ((\$rxbps2) >= (10000000))) do={/system\
\_script run Traffic_Monitor_to_email_send} else={:log info \"vse ok\"}"
add name=Traffic_Monitor_to_email_send owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\
\_cpu1 [/system resource get cpu-load];\r\
\n:delay 120;\r\
\n:global cpu2 [/system resource get cpu-load];\r\
\n:local time1 [/system clock get time];\r\
\n:local body1 \"\$time1 Mikrotik over 91% CPU\";\r\
\nif (((\$cpu1) >= 91) and ((\$cpu2) >= (91))) do={/tool e-mail send serve\
r=[:resolve \"smtp.yandex.ru\"] port=587 user=x@ya.ru password=xxxxx start\
-tls=yes to=\"x@ya.ru\" from=x@ya.ru subject=\"Mikrotik Office\" body=\"\$\
body1\"; /system scheduler disable schedule_cpu} else={}"
add name="Shirina canala test" owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# \D1\
\EA\F0\E8\EF\F2 \EF\F0\EE\E2\E5\F0\FF\E5\F2 \F8\E8\F0\E8\ED\F3 \EA\E0\ED\
\E0\EB\E0 \EC\E5\E6\E4\F3 \F2\E5\EA\F3\F9\E8\EC \E8 \E7\E0\E4\E0\ED\ED\FB\
\EC\E8 \F5\EE\F1\F2\E0\EC\E8 \E8 \EE\F2\EF\F0\E0\E2\EB\FF\E5\F2 \F0\E5\E7\
\F3\EB\FC\F2\E0\F2 \ED\E0 \EF\EE\F7\F2\F3\r\
\n# \D1\EA\EE\F0\EE\F1\F2\FC \EF\F0\E8\E5\EC\E0 \E8 \EF\E5\F0\E5\E4\E0\F7\
\E8, \F1\EE\EE\F2\E2\E5\F2\F1\F2\E2\E5\ED\ED\EE\r\
\n:local RxSpeed 0\r\
\n:local TxSpeed 0\r\
\n# \D2\E5\EB\EE \EF\E8\F1\FC\EC\E0 \EE\F2\F7\E5\F2\E0\r\
\n:local Msg \"\"\r\
\n# \D2\E5\EC\E0 \EF\E8\F1\FC\EC\E0\r\
\n:local Subject \"\"\r\
\n# \D2\E5\EA\F3\F9\E5\E5 \E2\F0\E5\EC\FF \E8 \E4\E0\F2\E0\r\
\n:local CurDate ([/system clock get date].\" \".[/system clock get time])\
\r\
\n# \D2\F3\F2 \F1\EF\E8\F1\EE\EA ip \F5\EE\F1\F2\EE\E2 \EA\EE\F2\EE\F0\FB\
\E5 \F2\E5\F1\F2\E8\F0\F3\E5\EC (\FD\F2\EE \EC\EE\E6\ED\EE \F3\E1\F0\E0\F2\
\FC, \E5\F1\EB\E8 \E1\F3\E4\E5\F2 \F2\E5\F1\F2\E8\F0\EE\E2\E0\F2\FC\F1\FF \
\F2\EE\EB\FC\EA\EE \EE\E4\E8\ED ip)\r\
\n:local IpList [:toarray 19.332.111.43,149.44.89.120,82.207.126.111,46.21\
9.57.13,64.220.30.12,64.219.77.31,109.250.109.105,195.211.174.198,195.211.1\
75.143]\r\
\n# \CE\EF\E8\F1\E0\ED\E8\E5 \F5\EE\F1\F2\EE\E2 (\F7\F2\EE-\E1\FB \EE\F2\
\F7\E5\F2 \E2\FB\E3\EB\FF\E4\E5\EB \E1\EE\EB\E5\E5 \EF\EE\ED\FF\F2\ED\FB\
\EC)\r\
\n:local IpDescriptions [:toarray \"host1, host2\"]\r\
\n\r\
\n:set Subject (\"Band Width report \".\$CurDate)\r\
\n:local i 0\r\
\n# \CF\E5\F0\E5\E1\E8\F0\E0\E5\EC \E0\E4\F0\E5\F1\E0 \E2 \EC\E0\F1\F1\E8\
\E2\E5 IpList\r\
\n:foreach TestIP in=\$IpList do={\r\
\n# \D1\EE\E1\F1\F2\E2\E5\ED\ED\EE \F1\E0\EC \F2\E5\F1\F2\r\
\n# \D2\F3\F2, user \E8 password - \F3\F7\E5\F2\ED\FB\E5 \E4\E0\ED\ED\FB\
\E5 \EF\EE\EB\FC\E7\EE\E2\E0\F2\E5\EB\FF \ED\E0 \F3\E4\E0\EB\E5\ED\ED\EE\
\EC \F3\F1\F2\F0\EE\E9\F1\F2\E2\E5, \E8\EC\E5\FE\F9\E5\E3\EE \EF\F0\E0\E2\
\E0 \ED\E0 \E4\E0\ED\ED\F3\FE \EE\EF\E5\F0\E0\F6\E8\FE.\r\
\n/tool bandwidth-test address=\$TestIP duration=60s protocol=tcp user=adm\
in password=Zaq!@wsx direction=both do={:set RxSpeed [\$\"rx-total-average\
\"];:set TxSpeed [\$\"tx-total-average\"]}\r\
\n\r\
\n:set RxSpeed (\$RxSpeed/1024)\r\
\n:set TxSpeed (\$TxSpeed/1024)\r\
\n# \D4\EE\F0\EC\E8\F0\F3\E5\EC \EE\F2\F7\E5\F2\r\
\n:set Msg (\$Msg.(\"Speed test to \".[:pick \$IpDescriptions \$i].\"\\r\\\
nDestination ip:\".\$TestIP.\"\\r\\nRxSpeed= \".\$RxSpeed.\" Kb/s\\r\\n\".\
\"TxSpeed= \".\$TxSpeed.\" Kb/s\\r\\n\\r\\n\"))\r\
\n\r\
\n:set i (\$i+1)\r\
\n}\r\
\n# \CE\F2\EF\F0\E0\E2\EB\FF\E5\EC \EF\E8\F1\FC\EC\EE.\r\
\n# server - ip \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0\r\
\n# from - \EF\EE\F7\F2\EE\E2\FB\E9 \FF\F9\E8\EA \F1 \EA\EE\F2\EE\F0\EE\E3\
\EE \E1\F3\E4\E5\F2 \EE\EF\F0\E0\E2\EB\FF\F2\FC\F1\FF \EE\F2\F7\E5\F2\r\
\n# user, password - \E4\E0\ED\ED\FB\E5 \E0\E2\F2\EE\F0\E8\E7\E0\F6\E8\E8 \
\ED\E0 \EF\EE\F7\F2\EE\E2\EE\EC \F1\E5\F0\E2\E5\F0\E5.\r\
\n# to - \EA\F3\E4\E0 \EE\F2\EF\F0\E0\E2\EB\FF\E5\EC \EE\F2\F7\E5\F2\r\
\n/tool e-mail send server=smtp.gmail.com port=567 from=router@chernovtsi.\
uu body=\$Msg user=ruslan.griban@gmail.com password=Pa$$w0Rd to=ruslan.g\
riban@gmail.com subject=\$Subject"
add name=WOL_SRVASK owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/tool wol interface=bridge-local mac=00:25:90:ED:F4:95"
add name=WOL_TERMINAL owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/tool wol interface=bridge-local mac=54:04:A6:ED:A0:1F"
add name=WOL_ONE owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/tool wol interface=bridge-local mac=08-60-6E-F1-46-DA\r\
\n"
add name=WOL_Asterisk owner=griban policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/tool wol interface=bridge-local mac=C8:60:00:57:0A:09\r\
\n\r\
\n"
/tool graphing interface
add
/tool mac-server
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-servers-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-servers-local
add interface=ether5-slave-local
/tool romon port
add

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
articlebot (11-03-2019 21:34): продолжение в MikroTik RouterOS (часть 5)	Версия для печати • Подписаться • Добавить в закладки
На первую страницу • к этому сообщению • к последнему сообщению