basic8333
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору [more] Конфиг # jun/30/2016 12:26:41 by RouterOS 6.35rc3 # /interface ovpn-client add auth=md5 certificate=odessa.crt_0 connect-to= disabled=yes \ mac-address= name=VPN-REIKARTZ port= user=username /interface bridge add arp=proxy-arp name=bridge_local /interface ethernet set [ find default-name=ether7 ] comment=TRUNK name=TRUNK-ether3 set [ find default-name=ether5 ] comment=DATAGROUP name=WAN-Datagroup_eth1 set [ find default-name=ether6 ] comment=TENET mac-address= \ name="WAN-TENET(eth2)" set [ find default-name=ether8 ] name=ether4 set [ find default-name=ether1 ] name=ether5 set [ find default-name=ether2 ] name=ether6 set [ find default-name=ether3 ] name=ether7 set [ find default-name=ether4 ] arp=proxy-arp name=ether8 /interface pppoe-client add disabled=no interface="WAN-TENET(eth2)" max-mru=1480 max-mtu=1480 mrru=\ 1600 name=PPPOE-TENET password=smudecul user=foodmarket /interface l2tp-client add connect-to= dial-on-demand=yes disabled=no ipsec-secret="" mrru=1600 name=l2tp_TO_REIKARTZ password=\ use-ipsec=yes user=odessa /ip neighbor discovery set TRUNK-ether3 comment=TRUNK set WAN-Datagroup_eth1 comment=DATAGROUP set "WAN-TENET(eth2)" comment=TENET /interface vlan add interface=TRUNK-ether3 name=Vlan100 vlan-id=100 add interface=TRUNK-ether3 name=Vlan_Local vlan-id=25 add interface=TRUNK-ether3 name=Vlan_WiFi vlan-id=26 /ip neighbor discovery set Vlan_Local discover=no set Vlan_WiFi discover=no /ip pool add name=Pool_Local ranges=192.168.0.2-192.168.0.254 add name=Pool_WiFi ranges=10.10.10.2-10.10.11.254 add name=Router_pool ranges=192.168.88.150-192.168.88.160 add name=VPN_POOL ranges=10.48.0.2-10.48.0.10 /ip dhcp-server add add-arp=yes address-pool=Pool_Local authoritative=yes disabled=no \ interface=Vlan_Local lease-time=2h name=Server_Local add add-arp=yes address-pool=Pool_WiFi authoritative=yes disabled=no \ interface=Vlan_WiFi lease-time=2h name=Server_WiFi add add-arp=yes address-pool=Router_pool authoritative=yes disabled=no \ interface=ether8 lease-time=2h name=Router_DHCP_IP /ppp profile add dns-server=192.168.3.1 name=OpenVPN use-encryption=required /interface pptp-server server set authentication=pap,chap,mschap1,mschap2 enabled=yes /ip address add address=192.168.88.1/24 interface=ether8 network=192.168.88.0 add address=10.10.10.1/23 interface=Vlan_WiFi network=10.10.10.0 add address=192.168.0.1/24 interface=Vlan_Local network=192.168.0.0 add address=192.168.90.1/24 interface=ether7 network=192.168.90.0 add address=IP/30 interface=WAN-Datagroup_eth1 network=\ IP add address=10.90.90.1/26 interface=Vlan100 network=10.90.90.0 /ip dhcp-server lease add address=10.10.10.119 client-id=1:24:a4:3c:98:26:8d mac-address=\ 24:A4:3C:98:26:8D server=Server_WiFi add address=10.10.10.126 client-id=1:24:a4:3c:32:ea:68 mac-address=\ 24:A4:3C:32:EA:68 server=Server_WiFi add address=10.10.10.116 client-id=1:24:a4:3c:98:27:64 mac-address=\ 24:A4:3C:98:27:64 server=Server_WiFi add address=10.10.10.130 client-id=1:24:a4:3c:32:ea:3d mac-address=\ 24:A4:3C:32:EA:3D server=Server_WiFi add address=10.10.10.133 client-id=1:24:a4:3c:34:2:a5 mac-address=\ 24:A4:3C:34:02:A5 server=Server_WiFi add address=10.10.10.127 client-id=1:24:a4:3c:98:28:f1 mac-address=\ 24:A4:3C:98:28:F1 server=Server_WiFi add address=10.10.10.117 client-id=1:24:a4:3c:98:29:59 mac-address=\ 24:A4:3C:98:29:59 server=Server_WiFi add address=10.10.10.131 client-id=1:24:a4:3c:98:26:92 mac-address=\ 24:A4:3C:98:26:92 server=Server_WiFi add address=10.10.10.132 client-id=1:24:a4:3c:98:25:9e mac-address=\ 24:A4:3C:98:25:9E server=Server_WiFi add address=10.10.10.115 client-id=1:24:a4:3c:32:ec:12 mac-address=\ 24:A4:3C:32:EC:12 server=Server_WiFi add address=10.10.10.120 client-id=1:24:a4:3c:98:29:55 mac-address=\ 24:A4:3C:98:29:55 server=Server_WiFi add address=10.10.10.114 client-id=1:24:a4:3c:98:26:d8 mac-address=\ 24:A4:3C:98:26:D8 server=Server_WiFi add address=10.10.10.99 client-id=1:24:a4:3c:98:24:5e mac-address=\ 24:A4:3C:98:24:5E server=Server_WiFi add address=10.10.10.128 client-id=1:24:a4:3c:32:ea:aa mac-address=\ 24:A4:3C:32:EA:AA server=Server_WiFi add address=10.10.10.118 client-id=1:24:a4:3c:98:2a:c7 mac-address=\ 24:A4:3C:98:2A:C7 server=Server_WiFi add address=192.168.88.155 client-id=1:14:da:e9:91:3f:f5 comment="BASIC PC" \ mac-address=14:DA:E9:91:3F:F5 server=Router_DHCP_IP add address=10.10.10.155 always-broadcast=yes comment="BASIC Phone" \ mac-address=A8:A6:68:18:90:96 server=Server_WiFi add address=10.10.10.160 client-id=1:14:da:e9:91:3f:f5 comment=\ "BASIC PC(wifi)" mac-address=14:DA:E9:91:3F:F5 server=Server_WiFi add address=192.168.0.115 client-id=1:f8:32:e4:3e:e3:a4 mac-address=\ F8:32:E4:3E:E3:A4 server=Server_Local add address=192.168.0.169 client-id=1:64:70:2:80:3:f1 mac-address=\ 64:70:02:80:03:F1 server=Server_Local add address=192.168.0.150 client-id=1:14:da:e9:91:3f:f5 mac-address=\ 14:DA:E9:91:3F:F5 server=Server_Local /ip dhcp-server network add address=10.10.10.0/23 dns-server=10.10.10.1 gateway=10.10.10.1 netmask=23 add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 \ netmask=24 add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \ netmask=24 /ip dns set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8 /ip dns static add address=127.0.0.1 disabled=yes name="*\\.vk\\.com" /ip firewall filter add action=drop chain=forward content=vk.com disabled=yes protocol=tcp \ src-address=10.10.10.0/23 add action=drop chain=forward disabled=yes dst-address=IP \ protocol=tcp src-address=10.10.10.0/23 add action=drop chain=forward disabled=yes src-address=10.10.10.86 add action=drop chain=input comment="53 PORT SPAM" dst-port=53 in-interface=\ PPPOE-TENET protocol=tcp src-address-list=DNS_Flood add action=drop chain=input dst-port=53 in-interface="WAN-TENET(eth2)" \ protocol=udp src-address-list=DNS_Flood add action=drop chain=input dst-port=53 in-interface=WAN-Datagroup_eth1 \ protocol=udp src-address-list=DNS_Flood add action=add-src-to-address-list address-list=DNS_Flood \ address-list-timeout=1h chain=input dst-port=53 in-interface=PPPOE-TENET \ protocol=udp add action=drop chain=input dst-port=53 in-interface=PPPOE-TENET protocol=udp \ src-address-list=DNS_Flood /ip firewall mangle add action=mark-routing chain=prerouting comment="MY NET" disabled=yes \ new-routing-mark=WAN_DATAGROUP passthrough=no src-address=192.168.88.0/24 add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\ WAN_DATAGROUP passthrough=no src-address=192.168.90.0/24 add action=mark-routing chain=prerouting comment=Local disabled=yes \ new-routing-mark=WAN_DATAGROUP passthrough=no src-address=192.168.0.0/24 add action=mark-routing chain=prerouting comment=WIFI new-routing-mark=\ WAN_TENET passthrough=no src-address=10.10.10.0/23 /ip firewall nat add action=masquerade chain=srcnat comment=LOCAL_TO_INTERNET out-interface=\ PPPOE-TENET src-address=192.168.88.0/24 add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \ src-address=192.168.88.0/24 add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \ src-address=192.168.90.0/24 add action=masquerade chain=srcnat comment=WIFI_TO_INTERNET out-interface=\ PPPOE-TENET src-address=10.10.10.0/23 add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \ src-address=10.10.10.0/23 add action=masquerade chain=srcnat comment=REIKARTZ_SITE dst-address=\ 192.168.1.6 out-interface=l2tp_TO_REIKARTZ src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.1.6 out-interface=\ l2tp_TO_REIKARTZ src-address=192.168.0.0/24 add action=masquerade chain=srcnat comment="TO CISCO" disabled=yes \ dst-address=10.90.90.21 out-interface=Vlan100 src-address=192.168.88.0/24 add action=masquerade chain=srcnat disabled=yes dst-address=10.90.90.22 \ out-interface=Vlan100 src-address=192.168.88.0/24 add action=masquerade chain=srcnat comment=SERVIO dst-address=192.168.26.100 \ out-interface=l2tp_TO_REIKARTZ src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.26.100 out-interface=\ l2tp_TO_REIKARTZ src-address=192.168.0.0/24 add action=masquerade chain=srcnat comment="LOCAL_TO DATAGROUP" \ out-interface=PPPOE-TENET src-address=192.168.0.0/24 add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \ src-address=192.168.0.0/24 /ip proxy set parent-proxy=0.0.0.0 port=3128 src-address=10.10.10.160 /ip route add comment="TO CISCO" disabled=yes distance=1 dst-address=10.90.90.21/32 \ gateway=Vlan100 pref-src=10.90.90.1 routing-mark=WAN_DATAGROUP scope=10 add disabled=yes distance=1 dst-address=10.90.90.22/32 gateway=Vlan100 \ pref-src=10.90.90.1 routing-mark=WAN_DATAGROUP scope=10 add check-gateway=ping comment=TENET distance=3 gateway=PPPOE-TENET \ routing-mark=WAN_TENET add check-gateway=ping comment=DATAGROUP distance=2 gateway=77.222.147.89 add distance=1 dst-address=192.168.1.0/24 gateway=l2tp_TO_REIKARTZ add distance=1 dst-address=192.168.1.6/32 gateway=l2tp_TO_REIKARTZ add distance=1 dst-address=192.168.3.0/24 gateway=l2tp_TO_REIKARTZ add distance=1 dst-address=192.168.26.100/32 gateway=l2tp_TO_REIKARTZ add distance=1 dst-address=192.168.166.0/24 gateway=l2tp_TO_REIKARTZ /ip route rule add action=unreachable disabled=yes dst-address=192.168.0.0/24 src-address=\ 192.168.88.0/24 add action=unreachable disabled=yes dst-address=192.168.88.0/24 src-address=\ 192.168.0.0/24 add action=unreachable dst-address=10.10.10.0/24 src-address=192.168.88.0/24 add action=unreachable dst-address=192.168.88.0/24 src-address=10.10.10.0/24 add action=unreachable dst-address=10.10.10.0/24 src-address=192.168.0.0/24 add action=unreachable dst-address=192.168.0.0/24 src-address=10.10.10.0/24 add action=unreachable dst-address=10.10.10.0/23 src-address=10.90.90.0/26 add action=unreachable dst-address=10.90.90.0/26 src-address=10.10.10.0/23 add action=unreachable dst-address=10.90.90.0/26 src-address=192.168.0.0/24 add action=unreachable dst-address=192.168.0.0/24 src-address=10.90.90.0/26 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=192.168.88.0/24,192.168.90.0/24 set api disabled=yes set winbox address=192.168.88.0/24,192.168.90.0/24 set api-ssl disabled=yes /lcd set backlight-timeout=5m color-scheme=dark /lcd pin set hide-pin-number=yes pin-number=3062 /system clock set time-zone-name=Europe/Kiev /system ntp client set enabled=yes primary-ntp=91.198.10.4 secondary-ntp=193.34.155.4 /system routerboard settings set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=\ disabled | Всего записей: 5 | Зарегистр. 30-06-2016 | Отправлено: 12:55 30-06-2016 | Исправлено: basic8333, 13:07 30-06-2016 |
|