EXPORT DA RB 1100 AHX2
[admin@ROTEADOR] > export
# jan/05/2017 00:53:19 by RouterOS 6.37.3
# software id = 64B0-P9FN
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] mac-address=4C:5E:0C:F3:C8:C5 name=ether1-LINK
set [ find default-name=ether2 ] mac-address=4C:5E:0C:F3:C8:C6 name=ether2-MKAUTH
set [ find default-name=ether3 ] mac-address=4C:5E:0C:F3:C8:C7 name=ether3-LAN-1
set [ find default-name=ether4 ] mac-address=4C:5E:0C:F3:C8:C8 name=ether4-LAN-2
set [ find default-name=ether5 ] mac-address=4C:5E:0C:F3:C8:C9 name=ether5-LAN
set [ find default-name=ether6 ] mac-address=4C:5E:0C:F3:C8:CA
set [ find default-name=ether7 ] mac-address=4C:5E:0C:F3:C8:CB
set [ find default-name=ether8 ] mac-address=4C:5E:0C:F3:C8:CC
set [ find default-name=ether9 ] mac-address=4C:5E:0C:F3:C8:CD
set [ find default-name=ether10 ] mac-address=4C:5E:0C:F3:C8:CE
set [ find default-name=ether11 ] mac-address=4C:5E:0C:F3:C8:CF
set [ find default-name=ether12 ] mac-address=4C:5E:0C:F3:C80
set [ find default-name=ether13 ] mac-address=4C:5E:0C:F3:C81
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=Local-1 ranges=20.1.0.2-20.1.0.254
add name=Remoto-1 ranges=20.0.0.1-20.0.0.254
add name=pgcorte ranges=10.3.0.1-10.3.0.254
add name=Local-2 ranges=30.1.0.2-30.1.0.254
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,200.175.182.139 local-address=20.0.0.1 name=PPOE remote-address=Remoto-1 use-compression=no use-encryption=no use-mpls=no \
use-upnp=yes
add change-tcp-mss=yes dns-server=200.175.182.139,8.8.8.8 local-address=30.0.0.1 name=PPOE2 remote-address=Local-2 use-compression=no use-encryption=no use-mpls=no \
use-upnp=yes
/snmp community
set [ find default=yes ] addresses=172.31.255.2/32
/interface bridge port
add bridge=bridge1 interface=ether1-LINK
add bridge=bridge1 interface=ether3-LAN-1
/interface pppoe-server server
add authentication=chap default-profile=PPOE disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=servidor-ppoe-1
add authentication=chap default-profile=PPOE disabled=no interface=ether4-LAN-2 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=servidor-ppoe-2
/ip address
add address=172.31.255.1/16 interface=ether2-MKAUTH network=172.31.0.0
add address=192.168.25.200/24 interface=ether1-LINK network=192.168.25.0
add address=192.168.4.1/24 interface=ether3-LAN-1 network=192.168.4.0
/ip cloud
set update-time=no
/ip dns
set max-udp-packet-size=512 servers=200.175.182.139,200.175.5.139,8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.2.5.254 comment=ssh_corte_roteadorcentral list=pgcorte
add address=201.77.202.128/27 list=FERRAGISTA
add address=186.251.26.128/26 list=FERRAGISTA
add address=200.219.234.34 list=FERRAGISTA
add address=200.250.108.102 list=FERRAGISTA
/ip firewall filter
add action=accept chain=forward
add action=drop chain=forward comment=CORTE dst-port=!53 protocol=udp src-address-list=pgcorte
add action=drop chain=forward comment=CORTE dst-port=!80,85,443,445 protocol=tcp src-address-list=pgcorte
add action=drop chain=input comment="CONTRA INVASAO FTP" dst-port=21 protocol=tcp
/ip firewall mangle
add action=change-mss chain=postrouting comment="Altera MSS =======Speedy=======" new-mss=1440 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1441-1500
add action=change-dscp chain=prerouting comment="Zera DSCP 10 =======Speedy=======" disabled=yes dscp=10 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 12 =======Speedy=======" disabled=yes dscp=12 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 16 =======Speedy=======" disabled=yes dscp=16 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 18 =======Speedy=======" disabled=yes dscp=18 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 46 =======Speedy=======" disabled=yes dscp=46 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 56 =======Speedy=======" disabled=yes dscp=56 in-interface=ether1-LINK new-dscp=0 passthrough=yes
add action=change-dscp chain=prerouting comment="Zera DSCP 48 =======Speedy=======" disabled=yes dscp=48 in-interface=ether1-LINK new-dscp=0 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=MASCARAMENTO
add action=dst-nat chain=dstnat comment=CORTE_HTTPS dst-address=!172.31.255.2 dst-port=443 protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=445
add action=dst-nat chain=dstnat comment=CORTE_HTTP dst-address=!172.31.255.2 dst-port=80 protocol=tcp src-address-list=pgcorte to-addresses=172.31.255.2 to-ports=85
add action=dst-nat chain=dstnat comment="ACESSO REMOTO MKAUTH" dst-port=10000 protocol=tcp to-addresses=172.31.255.2 to-ports=10000
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RADIO GOIANIA" dst-port=9001 protocol=tcp to-addresses=192.168.25.2 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RB CENTRAL" dst-port=9005 protocol=tcp to-addresses=192.168.25.200 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO REMOTO RB CENTRAL" dst-port=9004 protocol=tcp to-addresses=192.168.25.200 to-ports=80
add action=dst-nat chain=dstnat comment="ACESSO RADIO RECEBE GOIANIA" dst-port=9004 protocol=tcp to-addresses=192.168.25.3 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO RADIO MANDA PARA CIDADE" dst-port=9002 protocol=tcp to-addresses=192.168.25.4 to-ports=8291
add action=dst-nat chain=dstnat comment="ACESSO RADIO RECEBE CIDADE" dst-port=9003 protocol=tcp to-addresses=192.168.25.5 to-ports=8291
/ip route
add distance=2 gateway=192.168.25.1
/ip service
set telnet address=172.31.255.2/32
set ftp address=172.31.255.2/32
set ssh address=172.31.255.2/32
set www-ssl disabled=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-LINK type=external
add interface=ether3-LAN-1 type=internal
add interface=ether4-LAN-2 type=internal
/ppp aaa
set interim-update=4w2d use-radius=yes
/ppp secret
add name=teste password=teste profile=PPOE remote-address=20.0.0.110 service=pppoe
add name=semlimite password=semlimite profile=PPOE remote-address=20.0.0.180 service=pppoe
/radius
add address=172.31.255.2 secret=123456 service=ppp
/radius incoming
set accept=yes
/snmp
set [email protected] enabled=yes location=Brazil
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=ROTEADOR
/system resource irq rps
set ether1-LINK disabled=no
set ether2-MKAUTH disabled=no
set ether3-LAN-1 disabled=no
set ether4-LAN-2 disabled=no
set ether5-LAN disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
set ether10 disabled=no
set ether11 disabled=no
/system routerboard settings
set protected-routerboot=disabled
/system script
add name=script1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/system scheduler add interval=45m name=ler_dhcp on-event=\":execute\
\_script=ler_dhcp;\"\r\
\n/system script add name=ler_dhcp source=\"#===============================\\r\\\r\
\n \\n:global IPMKAUTH \\\"172.31.255.2\\\"; \\r\\\r\
\n \\n:global KEY \\\"key_api\\\"; \\r\\\r\
\n \\n:global RAMAL \\\"todos\\\";\\r\\\r\
\n \\n:global done \\\"\\\";\\r\\\r\
\n \\n/tool fetch mode=http url=\\\"http://\\\$IPMKAUTH/api/mkt_dhcp.php\\\\\\\?key=\\\$KEY&ramal=\\\$RAMAL\\\" src-path=mkt_dhcp.php dst-path=mkt_dhcp.rsc;\\r\\\r\
\n \\n:set done \\\"true\\\";\\r\\\r\
\n \\n\\r\\\r\
\n \\n:if ( [/file find name=mkt_dhcp.rsc] != \\\"\\\" ) do={\\r\\\r\
\n \\n :log warning \\\"Importando DHCP\\\";\\r\\\r\
\n \\n /import mkt_dhcp.rsc;\\r\\\r\
\n \\n /file remove mkt_dhcp.rsc;\\r\\\r\
\n \\n}\\r\\\r\
\n \\n\""
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool romon port
add
[admin@ROTEADOR] >