Created
December 31, 2023 11:59
-
-
Save vasmarfas/0b091d7d35853513e2a94341d416355e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 2023-12-31 14:54:36 by RouterOS 7.13 | |
| # | |
| # model = RB3011UiAS | |
| /caps-man channel | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| frequency=2412 name=channel1 tx-power=25 | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| frequency=2437 name=channel2 tx-power=25 | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| frequency=2462 name=channel4 tx-power=25 | |
| add band=5ghz-onlyac control-channel-width=20mhz extension-channel=XXXX \ | |
| frequency=5300 name=channel5g-home-kitchen tx-power=27 | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| frequency=2462 name=channel24g-home-kitchen tx-power=27 | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| frequency=2437 name=channel24g-home-bedroom tx-power=27 | |
| add band=5ghz-n/ac control-channel-width=20mhz extension-channel=XXXX \ | |
| frequency=5180 name=channel5g-home-bedroom tx-power=24 | |
| add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ | |
| name=channel-home-LAGUNA | |
| add band=2ghz-onlyn extension-channel=disabled name=channel24-home | |
| add band=5ghz-onlyac name=channel5-home | |
| /interface bridge | |
| add admin-mac=74:4D:28:4D:F2:66 auto-mac=no comment=defconf name=bridge-guest \ | |
| port-cost-mode=short | |
| add name=bridge-home port-cost-mode=short | |
| add name=bridge.HotSpot port-cost-mode=short | |
| /interface ethernet | |
| set [ find default-name=ether1 ] comment=PPPoE-guest | |
| set [ find default-name=ether2 ] comment="Korp. #1 (PR) \"4_951_1a_1et\"" | |
| set [ find default-name=ether3 ] comment="laguna UBNT LAN" | |
| set [ find default-name=ether4 ] comment=Bar | |
| set [ find default-name=ether5 ] comment="Komnata otdyha" | |
| set [ find default-name=ether6 ] advertise=\ | |
| 100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full comment=\ | |
| "16 cameras" | |
| set [ find default-name=ether7 ] comment="8 cameras" | |
| set [ find default-name=ether8 ] advertise=\ | |
| 100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full comment=\ | |
| "Korp. #1 (LV) \"3_951_3a_1et\"" rx-flow-control=auto tx-flow-control=\ | |
| auto | |
| set [ find default-name=ether10 ] comment=\ | |
| "RB260GS 1000M switch in 3rd ambar (podval+dom)" | |
| set [ find default-name=sfp1 ] comment=PPPoE-Home | |
| /interface wireguard | |
| add listen-port=4600 mtu=1228 name=wireguard-Oracle | |
| add listen-port=13231 mtu=1420 name=wireguard-Server | |
| /caps-man datapath | |
| add bridge=bridge-guest name=datapath1 | |
| add bridge=bridge-home name=datapath2-home | |
| add bridge=bridge.HotSpot name=datapath3-hotspot | |
| /interface pppoe-client | |
| add add-default-route=yes default-route-distance=11 interface=ether9 name=\ | |
| pppoe-out1-guest user=lagunadom | |
| add add-default-route=yes default-route-distance=10 disabled=no interface=\ | |
| sfp1 keepalive-timeout=15 name=pppoe-out2-home user=vasiliy7 | |
| /caps-man security | |
| add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \ | |
| name=security1 | |
| add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \ | |
| name=security2-home | |
| /caps-man configuration | |
| add channel=channel1 datapath=datapath3-hotspot guard-interval=long mode=ap \ | |
| name=cfg1 rx-chains=0,1,2,3 security=security1 ssid=LAGUNA tx-chains=\ | |
| 0,1,2,3 | |
| add channel=channel2 datapath=datapath3-hotspot guard-interval=any mode=ap \ | |
| name=cfg2 rx-chains=0,1,2,3 security=security1 ssid=LAGUNA tx-chains=\ | |
| 0,1,2,3 | |
| add channel=channel4 datapath=datapath3-hotspot guard-interval=long mode=ap \ | |
| name=cfg3 rx-chains=0,1,2,3 security=security1 ssid=LAGUNA tx-chains=\ | |
| 0,1,2,3 | |
| add channel=channel-home-LAGUNA channel.tx-power=25 country=no_country_set \ | |
| datapath=datapath3-hotspot guard-interval=any name=cfg-home-LAGUNA \ | |
| rx-chains=0,1,2,3 security=security1 ssid=LAGUNA tx-chains=0,1,2,3 | |
| add channel=channel24-home channel.band=2ghz-onlyn .control-channel-width=\ | |
| 20mhz .extension-channel=disabled .frequency=2462 .skip-dfs-channels=no \ | |
| country=no_country_set datapath=datapath2-home guard-interval=any mode=ap \ | |
| name=cfg24-bedroom rx-chains=0,1,2,3 security=security2-home ssid=\ | |
| service2 tx-chains=0,1,2,3 | |
| add channel=channel5-home channel.band=5ghz-onlyac .extension-channel=XXXX \ | |
| .frequency=5320 country=etsi datapath=datapath2-home guard-interval=any \ | |
| name=cfg5-bedroom rx-chains=0,1,2,3 security=security2-home ssid=service5 \ | |
| tx-chains=0,1,2,3 | |
| add channel=channel5-home channel.extension-channel=XXXX .frequency=5180 \ | |
| .tx-power=28 country=etsi datapath=datapath2-home guard-interval=any \ | |
| name=cfg5-kitchen rx-chains=0,1,2,3 security=security2-home ssid=service5 \ | |
| tx-chains=0,1,2,3 | |
| add channel=channel24-home channel.band=2ghz-onlyn .control-channel-width=\ | |
| 20mhz .frequency=2437 .tx-power=28 country=no_country_set datapath=\ | |
| datapath2-home guard-interval=any mode=ap name=cfg24-kitchen rx-chains=\ | |
| 0,1,2,3 security=security2-home ssid=service2 tx-chains=0,1,2,3 | |
| add channel=channel-home-LAGUNA country=no_country_set datapath=\ | |
| datapath3-hotspot guard-interval=any name=cfg-Vagon-LAGUNA rx-chains=\ | |
| 0,1,2,3 security=security1 ssid=LAGUNA tx-chains=0,1,2,3 | |
| add channel=channel-home-LAGUNA datapath=datapath2-home guard-interval=any \ | |
| name=cfg-guests-service2 rates.vht-basic-mcs="" .vht-supported-mcs="" \ | |
| rx-chains=0,1,2,3 security=security2-home ssid=service2 tx-chains=0,1,2,3 | |
| add channel=channel5-home channel.band=5ghz-onlyac .control-channel-width=\ | |
| 20mhz .extension-channel=XXXX .frequency=5745 .tx-power=28 country=etsi2 \ | |
| datapath=datapath2-home guard-interval=any name=cfg5-myRoom rx-chains=\ | |
| 0,1,2,3 security=security2-home ssid=service5 tx-chains=0,1,2,3 | |
| add channel=channel24-home channel.band=2ghz-onlyn .control-channel-width=\ | |
| 20mhz .frequency=2412 .tx-power=28 country=no_country_set datapath=\ | |
| datapath2-home guard-interval=any mode=ap name=cfg24-myRoom rx-chains=\ | |
| 0,1,2,3 security=security2-home ssid=service2 tx-chains=0,1,2,3 | |
| /interface list | |
| add comment=defconf name=WAN | |
| add comment=defconf name=LAN | |
| add name="PPPoE's" | |
| /interface lte apn | |
| set [ find default=yes ] ip-type=ipv4 use-network-apn=no | |
| /interface wifi configuration | |
| add channel.band=2ghz-n .frequency=2462 .width=20/40mhz datapath.bridge=\ | |
| bridge-home disabled=no mode=ap name=cfg24-bedroom \ | |
| security.authentication-types=wpa2-psk ssid=service2-up | |
| /interface wifi security | |
| add authentication-types=wpa2-psk,wpa3-psk disabled=no name=security-LAGUNA | |
| add authentication-types=wpa2-psk,wpa3-psk disabled=no name=\ | |
| security-service-home | |
| /interface wifi configuration | |
| add datapath.bridge=bridge.HotSpot disabled=no name=cfg-home-LAGUNA security=\ | |
| security-LAGUNA ssid=LAGUNA | |
| /interface wireless security-profiles | |
| set [ find default=yes ] supplicant-identity=MikroTik | |
| /ip hotspot user profile | |
| set [ find default=yes ] shared-users=unlimited | |
| /ip kid-control | |
| add disabled=yes fri=0s-1h,6h-23h59m mon=0s-1h,6h-23h59m name=Mama sat=\ | |
| 0s-1h,6h-23h59m sun=0s-1h,6h-23h59m thu=0s-1h,6h-23h59m tue=\ | |
| 0s-1h,6h-23h59m wed=0s-1h,6h-23h59m | |
| add disabled=yes fri="" mon="" name=Friends sat="" sun="" thu="" tue="" wed=\ | |
| "" | |
| /ip pool | |
| add name=pool-guest ranges=192.168.88.10-192.168.88.254 | |
| add name=pool-home ranges=192.168.10.100-192.168.10.254 | |
| add name=pool-vpn ranges=192.168.89.2-192.168.89.254 | |
| add name="pool[10.66.66.1/24]" ranges=10.66.66.20-10.66.66.250 | |
| /ip dhcp-server | |
| add address-pool=pool-guest interface=bridge-guest lease-time=20h name=\ | |
| dhcp-guest | |
| add address-pool=pool-home interface=bridge-home lease-time=20h name=\ | |
| dhcp-home | |
| add address-pool="pool[10.66.66.1/24]" interface=bridge.HotSpot name=\ | |
| "DHCP-Serv[10.66.66.0/24]" | |
| /ip hotspot user profile | |
| add address-pool="pool[10.66.66.1/24]" keepalive-timeout=2h \ | |
| mac-cookie-timeout=1d name=UserProfile66 shared-users=unlimited | |
| /ip hotspot profile | |
| add dns-name=hotspot.------.com hotspot-address=10.66.66.1 http-proxy=\ | |
| 10.66.66.1:3128 login-by=http-chap,https,trial name=\ | |
| HotSpot66-HTTPS-Profile rate-limit=500M/500M trial-uptime-limit=0s \ | |
| trial-uptime-reset=0s trial-user-profile=UserProfile66 | |
| /ip hotspot | |
| add address-pool="pool[10.66.66.1/24]" disabled=no idle-timeout=1h interface=\ | |
| bridge.HotSpot name=HotSpot66-HTTPS-server profile=\ | |
| HotSpot66-HTTPS-Profile | |
| /port | |
| set 0 name=serial0 | |
| /ppp profile | |
| add name=profile-antizapret use-ipv6=default | |
| set *FFFFFFFE local-address=192.168.89.1 remote-address=pool-vpn | |
| /interface ovpn-client | |
| add certificate=cert-antizapret-2 cipher=aes128-cbc connect-to=\ | |
| vpn.antizapret.prostovpn.org disabled=yes mac-address=02:36:76:34:A1:8A \ | |
| name=ovpn-antizapret profile=profile-antizapret use-peer-dns=exclusively \ | |
| user=user | |
| /queue type | |
| add kind=pcq name=pcq-download-5M pcq-classifier=dst-address pcq-rate=5M | |
| add kind=pcq name=pcq-upload-5M pcq-classifier=src-address pcq-rate=5M | |
| /queue simple | |
| add disabled=yes max-limit=10M/10M name=queue-guest-limit-5M queue=\ | |
| pcq-upload-5M/pcq-download-5M target=192.168.88.0/24 | |
| /routing bgp template | |
| set default disabled=no output.network=bgp-networks | |
| /routing ospf instance | |
| add disabled=no name=default-v2 | |
| /routing ospf area | |
| add disabled=yes instance=default-v2 name=backbone-v2 | |
| /routing table | |
| add fib name=isp2 | |
| add fib name=isp1 | |
| add fib name=Allowed-devices-from-guest | |
| add disabled=no fib name=WireGuardVPN-RoutingTable | |
| add disabled=no fib name=Hotspot-RoutingTable | |
| add disabled=no fib name=WG-TEST-Routing-Table | |
| /user group | |
| set read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,s\ | |
| ensitive,api,rest-api,!ftp,!write,!policy,!romon" | |
| /caps-man access-list | |
| add action=reject allow-signal-out-of-range=10s disabled=no mac-address=\ | |
| 00:00:00:00:00:00 signal-range=-120..80 ssid-regexp="" | |
| add action=accept allow-signal-out-of-range=10s disabled=no mac-address=\ | |
| 00:00:00:00:00:00 signal-range=-80..120 ssid-regexp="" | |
| /caps-man manager | |
| set enabled=yes package-path=/cap-upgrade upgrade-policy=suggest-same-version | |
| /caps-man provisioning | |
| add disabled=yes master-configuration=cfg1 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 9_hap_kom_otd master-configuration=cfg2 radio-mac=74:4D:28:35:2F:D6 \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 3_951_3a_1et master-configuration=cfg2 radio-mac=74:4D:28:77:84:75 \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 4_951_1a_1et master-configuration=cfg3 radio-mac=74:4D:28:77:89:FA \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 5_951_1et_kor master-configuration=cfg1 radio-mac=74:4D:28:77:B9:FA \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 8_951_bar master-configuration=cfg3 radio-mac=74:4D:28:77:D0:8E \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 6_951_2et_kor master-configuration=cfg3 radio-mac=74:4D:28:77:BD:53 \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 7_951_3et_kor master-configuration=cfg2 radio-mac=74:4D:28:77:DC:66 \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| 2_hap_b master-configuration=cfg1 radio-mac=74:4D:28:4A:36:27 \ | |
| slave-configurations=cfg-guests-service2 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| home2_hAp_ac2_kitchen master-configuration=cfg24-kitchen radio-mac=\ | |
| 08:55:31:9B:F9:4C slave-configurations=cfg-home-LAGUNA | |
| add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=\ | |
| home2_hAp_ac2_kitchen master-configuration=cfg5-kitchen radio-mac=\ | |
| 08:55:31:9B:F9:4D | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| home1_hAp_ac2_bedroom master-configuration=cfg24-bedroom radio-mac=\ | |
| 74:4D:28:B4:99:41 slave-configurations=cfg-home-LAGUNA | |
| add action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=\ | |
| home1_hAp_ac2_bedroom master-configuration=cfg5-bedroom radio-mac=\ | |
| 74:4D:28:B4:99:42 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| home3_hAp_ac2_my_room master-configuration=cfg24-myRoom radio-mac=\ | |
| 2C:C8:1B:D7:34:D2 slave-configurations=cfg-home-LAGUNA | |
| add action=create-dynamic-enabled identity-regexp=home3_hAp_ac2_my_room \ | |
| master-configuration=cfg5-myRoom radio-mac=2C:C8:1B:D7:34:D3 | |
| add action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=\ | |
| RB951-Vagon master-configuration=cfg-guests-service2 radio-mac=\ | |
| 6C:3B:6B:58:6F:6A slave-configurations=cfg-Vagon-LAGUNA | |
| add action=create-dynamic-enabled identity-regexp=RB951-podval \ | |
| master-configuration=cfg-guests-service2 radio-mac=4C:5E:0C:E9:3E:57 \ | |
| slave-configurations=cfg-home-LAGUNA | |
| add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \ | |
| master-configuration=cfg24-bedroom slave-configurations=cfg-home-LAGUNA | |
| add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \ | |
| master-configuration=cfg5-bedroom | |
| /interface bridge port | |
| add bridge=bridge-guest comment=defconf ingress-filtering=no interface=ether4 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-guest comment=defconf ingress-filtering=no interface=ether5 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home comment=defconf ingress-filtering=no interface=ether10 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-guest ingress-filtering=no interface=ether2 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge.HotSpot ingress-filtering=no interface=ether3 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home ingress-filtering=no interface=ether7 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-guest ingress-filtering=no interface=ether8 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home ingress-filtering=no interface=ether9 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home ingress-filtering=no interface=ether6 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home ingress-filtering=no interface=*47 internal-path-cost=\ | |
| 10 path-cost=10 | |
| add bridge=*2E0 interface=*2EB internal-path-cost=10 path-cost=10 | |
| add bridge=*2E0 interface=*2ED internal-path-cost=10 path-cost=10 | |
| add bridge=bridge-home interface=ether1 internal-path-cost=10 path-cost=10 | |
| /ip neighbor discovery-settings | |
| set discover-interface-list=all | |
| /ip settings | |
| set max-neighbor-entries=8192 | |
| /ipv6 settings | |
| set disable-ipv6=yes max-neighbor-entries=8192 | |
| /interface detect-internet | |
| set detect-interface-list=all internet-interface-list="PPPoE's" \ | |
| lan-interface-list=LAN wan-interface-list=WAN | |
| /interface list member | |
| add comment=defconf interface=bridge-guest list=LAN | |
| add interface=pppoe-out2-home list=WAN | |
| add interface=bridge-home list=LAN | |
| add interface=sfp1 list=WAN | |
| add interface=pppoe-out2-home list="PPPoE's" | |
| /interface ovpn-server server | |
| set auth=sha1,md5 | |
| /interface pptp-server server | |
| # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead | |
| set authentication=mschap2 | |
| /interface sstp-server server | |
| set certificate=hotspot.examplr.com.pem_0 | |
| /interface wifi capsman | |
| set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=\ | |
| none | |
| /interface wifi provisioning | |
| add action=create-dynamic-enabled disabled=no master-configuration=\ | |
| cfg24-bedroom name-format=cap-new- radio-mac=74:4D:28:B4:99:41 | |
| /interface wireguard peers | |
| add allowed-address=10.0.10.10/32 comment=phone endpoint-address=10.0.10.10 \ | |
| interface=wireguard-Server public-key=\ | |
| "uCoi2Lj+----=" | |
| add allowed-address=0.0.0.0/0 endpoint-address=130.61.191.167 endpoint-port=\ | |
| 51820 interface=wireguard-Oracle preshared-key=\ | |
| "-------L+VUITcWl0=" public-key=\ | |
| "--------=" | |
| add allowed-address=10.0.10.11/32,192.168.20.0/24 comment=mikrotik-simferopol \ | |
| interface=wireguard-Server persistent-keepalive=25s public-key=\ | |
| "---------=" | |
| /ip address | |
| add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ | |
| 192.168.88.0 | |
| add address=192.168.10.1/24 interface=bridge-home network=192.168.10.0 | |
| add address=10.0.10.1/24 interface=wireguard-Server network=10.0.10.0 | |
| add address=10.8.0.7/24 interface=wireguard-Oracle network=10.8.0.0 | |
| add address=10.66.66.1/24 interface=bridge.HotSpot network=10.66.66.0 | |
| /ip cloud | |
| set ddns-enabled=yes | |
| /ip dhcp-client | |
| add comment=defconf disabled=yes interface=ether1 | |
| /ip dhcp-server lease | |
| add address=192.168.10.102 comment="Samsung TV in the bedroom" mac-address=\ | |
| B8:BC:5B:A1:54:D4 server=dhcp-home | |
| add address=192.168.10.104 always-broadcast=yes comment="WinMac (WiFi)" \ | |
| mac-address=88:63:DF:B2:47:1D server=dhcp-home | |
| add address=192.168.10.106 comment="Samsung TV in the kitchen" mac-address=\ | |
| C0:48:E6:74:F0:05 server=dhcp-home | |
| add address=192.168.10.113 always-broadcast=yes comment="MacBook Pro laguna" \ | |
| mac-address=DC:A9:04:8E:36:F0 server=dhcp-home | |
| add address=192.168.10.119 comment="Samsung Galaxy S10+" mac-address=\ | |
| CA:FF:6D:F9:A9:58 server=dhcp-home | |
| add address=192.168.10.121 comment="Vasiliy-PC (WiFi)" mac-address=\ | |
| 3C:58:C2:55:92:95 server=dhcp-home | |
| add address=192.168.10.237 always-broadcast=yes comment="HP Printer" \ | |
| mac-address=D8:0F:99:20:49:5C server=dhcp-home | |
| add address=192.168.10.110 client-id=1:b4:85:e1:80:2f:66 comment=\ | |
| "iPhone 12 Pro Max" mac-address=B4:85:E1:80:2F:66 server=dhcp-home | |
| add address=192.168.10.116 client-id=1:0:26:2d:50:91:3e comment=\ | |
| "Acer 7738G LAN" mac-address=00:26:2D:50:91:3E server=dhcp-home | |
| add address=192.168.10.5 client-id=1:74:4d:28:b4:99:3c comment=\ | |
| "hAp ac2 - bedroom" mac-address=74:4D:28:B4:99:3C server=dhcp-home | |
| add address=192.168.10.2 client-id=1:8:55:31:9b:f9:47 comment=\ | |
| "hAp ac2 - kitchen" mac-address=08:55:31:9B:F9:47 server=dhcp-home | |
| add address=192.168.88.9 client-id=1:74:4d:28:35:2f:d2 comment=9_hap_kom_otd \ | |
| mac-address=74:4D:28:35:2F:D2 server=dhcp-guest | |
| add address=192.168.10.7 client-id=1:6c:3b:6b:58:6f:65 comment=\ | |
| "RB951 - Vagon" mac-address=6C:3B:6B:58:6F:65 server=dhcp-home | |
| add address=192.168.10.9 client-id=1:68:ff:7b:e2:1f:86 comment=\ | |
| "CPE210 - Client" mac-address=68:FF:7B:E2:1F:86 server=dhcp-home | |
| add address=192.168.10.8 client-id=1:68:ff:7b:e2:12:36 comment="CPE210 - AP" \ | |
| mac-address=68:FF:7B:E2:12:36 server=dhcp-home | |
| add address=192.168.88.2 client-id=1:74:4d:28:4a:36:23 comment=2_hap_b \ | |
| mac-address=74:4D:28:4A:36:23 server=dhcp-guest | |
| add address=192.168.88.3 client-id=1:74:4d:28:77:84:71 comment=3_951_3a_1et \ | |
| mac-address=74:4D:28:77:84:71 server=dhcp-guest | |
| add address=192.168.88.4 client-id=1:74:4d:28:77:89:f6 comment=4_951_1a_1et \ | |
| mac-address=74:4D:28:77:89:F6 server=dhcp-guest | |
| add address=192.168.88.5 client-id=1:74:4d:28:77:b9:f6 comment=5_951_1et_kor \ | |
| mac-address=74:4D:28:77:B9:F6 server=dhcp-guest | |
| add address=192.168.88.6 client-id=1:74:4d:28:77:bd:4f comment=6_951_2et_kor \ | |
| mac-address=74:4D:28:77:BD:4F server=dhcp-guest | |
| add address=192.168.88.8 client-id=1:74:4d:28:77:d0:8a comment=8_951_bar \ | |
| mac-address=74:4D:28:77:D0:8A server=dhcp-guest | |
| add address=192.168.88.7 client-id=1:74:4d:28:77:dc:62 comment=7_951_3et_kor \ | |
| mac-address=74:4D:28:77:DC:62 server=dhcp-guest | |
| add address=192.168.10.22 client-id=1:40:f4:13:40:b2:b8 comment="(cameras) B" \ | |
| mac-address=40:F4:13:40:B2:B8 server=dhcp-home | |
| add address=192.168.10.24 client-id=1:40:f4:13:45:99:a2 comment=\ | |
| "(cameras) Bar" mac-address=40:F4:13:45:99:A2 server=dhcp-home | |
| add address=192.168.10.25 client-id=1:40:f4:13:45:bf:eb comment=\ | |
| "(cameras) New" mac-address=40:F4:13:45:BF:EB server=dhcp-home | |
| add address=192.168.10.23 client-id=1:40:f4:13:47:63:c3 comment=\ | |
| "(cameras) Vagon" mac-address=40:F4:13:47:63:C3 server=dhcp-home | |
| add address=192.168.10.21 comment="(cameras) home" mac-address=\ | |
| 4C:11:BF:14:92:55 server=dhcp-home | |
| add address=192.168.10.20 comment="(cameras) office" mac-address=\ | |
| 4C:11:BF:19:1C:A1 server=dhcp-home | |
| add address=192.168.10.101 client-id=1:0:c:29:a9:11:79 comment=\ | |
| "Mikrotik CHR on Vasiliy-PC" mac-address=00:0C:29:A9:11:79 server=\ | |
| dhcp-home | |
| add address=192.168.10.120 client-id=1:b0:5c:da:d8:35:52 comment=\ | |
| "Vasiliy-PC (LAN)" mac-address=B0:5C:DA:D8:35:52 server=dhcp-home | |
| add address=192.168.10.50 client-id=1:c:4d:e9:ca:e6:67 comment="WinMac (LAN)" \ | |
| mac-address=0C:4D:E9:CA:E6:67 server=dhcp-home | |
| add address=192.168.10.107 comment=ESP-Vagon-Vorota mac-address=\ | |
| C4:5B:BE:63:98:35 server=dhcp-home | |
| add address=192.168.10.105 client-id=1:0:e9:3a:a6:c3:e2 comment=MiBot \ | |
| mac-address=00:E9:3A:A6:C3:E2 server=dhcp-home | |
| add address=192.168.10.112 comment=ESP-Bunker-Water-Notification mac-address=\ | |
| 98:CD:AC:23:4D:22 server=dhcp-home | |
| add address=192.168.10.100 client-id=1:f0:cd:31:30:e3:54 comment=\ | |
| "Samsung Galaxy S22U" mac-address=F0:CD:31:30:E3:54 server=dhcp-home | |
| add address=192.168.10.122 client-id=1:2e:40:4c:5:18:c7 comment=\ | |
| "Galaxy Watch 4" mac-address=2E:40:4C:05:18:C7 server=dhcp-home | |
| add address=192.168.10.11 client-id=1:2c:c8:1b:d7:34:cd mac-address=\ | |
| 2C:C8:1B:D7:34:CD server=dhcp-home | |
| add address=192.168.10.10 client-id=1:4c:5e:c:e9:3e:52 mac-address=\ | |
| 4C:5E:0C:E9:3E:52 server=dhcp-home | |
| add address=192.168.10.109 client-id=1:e0:9:bf:1:fc:d9 comment=\ | |
| "Camera Stirka" mac-address=E0:09:BF:01:FC:D9 server=dhcp-home | |
| add address=192.168.10.111 client-id=1:e0:9:bf:1:fc:44 comment=\ | |
| "Camera Kitchen" mac-address=E0:09:BF:01:FC:44 server=dhcp-home | |
| add address=192.168.10.200 mac-address=14:CC:20:7D:92:C8 server=dhcp-home | |
| add address=192.168.10.115 client-id=1:e0:9:bf:27:b3:61 comment=\ | |
| "Camera Glazhka" mac-address=E0:09:BF:27:B3:61 server=dhcp-home | |
| add address=192.168.10.127 client-id=1:d0:df:c7:95:9:2a comment=\ | |
| "Samsung Tab 10.1" mac-address=D0:DF:C7:95:09:2A server=dhcp-home | |
| add address=192.168.10.114 client-id=1:2c:8a:72:a9:be:16 comment="HTC One M8" \ | |
| mac-address=2C:8A:72:A9:BE:16 server=dhcp-home | |
| add address=192.168.10.62 client-id=1:c:c4:7a:0:61:f5 comment=server-home \ | |
| mac-address=0C:C4:7A:00:61:F5 server=dhcp-home | |
| add address=192.168.10.60 client-id=1:c:c4:7a:0:61:f4 mac-address=\ | |
| 0C:C4:7A:00:61:F4 server=dhcp-home | |
| add address=10.66.66.2 client-id=1:18:e8:29:8a:45:a2 comment=\ | |
| "UNBT AP LR (admin:Vasiliy)" mac-address=18:E8:29:8A:45:A2 server=\ | |
| "DHCP-Serv[10.66.66.0/24]" | |
| add address=192.168.10.13 client-id=1:b8:69:f4:b7:d9:22 comment=Dolina \ | |
| mac-address=B8:69:F4:B7:D9:22 server=dhcp-home | |
| /ip dhcp-server network | |
| add address=10.66.66.0/24 dns-server=10.66.66.1 domain=HotSpot gateway=\ | |
| 10.66.66.1 netmask=24 | |
| add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 \ | |
| netmask=24 | |
| add address=192.168.88.0/24 comment=defconf dns-server=\ | |
| 1.1.1.1,8.8.8.8,8.8.4.4 gateway=192.168.88.1 | |
| /ip dns | |
| set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8 | |
| /ip dns static | |
| add address=192.168.88.1 name=router.lan | |
| add address=192.168.10.1 name=mikro.tik | |
| add address=192.168.10.60 name=info.lagunadom.com | |
| add address=192.168.10.60 name=nextcloud.seel2304.store | |
| add address=192.168.10.60 name=nextcloud.vasmarfas.ru | |
| add address=192.168.10.60 name=seel2304.store | |
| add address=192.168.10.60 name=plex.seel2304.store | |
| add address=192.168.10.60 name=plex.vasmarfas.ru | |
| add address=192.168.10.60 name=torrent.seel2304.store | |
| add address=192.168.10.60 name=torrent.vasmarfas.ru | |
| add address=192.168.10.60 name=aria.seel2304.store | |
| add address=192.168.10.60 name=aria.vasmarfas.ru | |
| add address=192.168.10.60 name=gameap.seel2304.store | |
| add address=192.168.10.60 name=gameap.vasmarfas.ru | |
| add address=192.168.10.60 name=minidlna.seel2304.store | |
| add address=192.168.10.60 name=minidlna.vasmarfas.ru | |
| add address=192.168.10.60 name=minecraft.seel2304.store | |
| add address=192.168.10.60 name=minecraft.vasmarfas.ru | |
| add address=192.168.10.60 name=zabbix.vasmarfas.ru | |
| add address=192.168.10.60 name=zabbix.seel2304.store | |
| add address=192.168.10.60 name=filerun.seel2304.store | |
| add address=192.168.10.60 name=filerun.vasmarfas.ru | |
| add address=192.168.10.60 name=onlyoffice.seel2304.store | |
| add address=192.168.10.60 name=onlyoffice.vasmarfas.ru | |
| add address=192.168.10.50 name=winmac.seel2304.store | |
| add address=192.168.10.50 name=winmac.vasmarfas.ru | |
| add address=192.168.10.60 name=jellyfin.seel2304.store | |
| add address=192.168.10.60 name=jellyfin.vasmarfas.ru | |
| add address=192.168.10.60 name=stablediffusion.vasmarfas.ru | |
| add address=192.168.10.60 name=filebrowser.vasmarfas.ru | |
| add address=192.168.10.60 name=pgadmin.vasmarfas.ru | |
| add address=192.168.10.60 name=gitlab.vasmarfas.ru | |
| add address=192.168.10.60 name=webmin.vasmarfas.ru | |
| add address=192.168.10.60 name=asterisk.vasmarfas.ru | |
| add address=192.168.10.60 name=freepbx.vasmarfas.ru | |
| /ip firewall address-list | |
| add address=98.101.120.116 list="Blocked adresses" | |
| add address=185.110.8.218 list="Blocked adresses" | |
| add address=164.52.6.131 list=ssh_stage3 | |
| add address=18.130.253.222 list=ssh_stage3 | |
| add address=141.105.66.212 list=ssh_stage3 | |
| add address=141.105.66.148 list=ssh_stage3 | |
| add address=78.11.84.52 list=ssh_stage3 | |
| add address=45.15.159.58 list="Blocked adresses" | |
| add address=23.224.186.207 list=ssh_stage3 | |
| add address=212.51.128.61 list=ssh_stage3 | |
| add address=18.134.228.3 list=ssh_stage3 | |
| add address=154.89.5.125 list=ssh_stage3 | |
| add address=18.134.240.105 list=ssh_stage3 | |
| add address=27.124.5.120 list=ssh_stage3 | |
| add address=13.40.129.187 list=ssh_stage3 | |
| add address=2.59.79.166 list=ssh_stage3 | |
| add address=45.182.141.169 list=ssh_stage3 | |
| add address=154.89.5.220 list=ssh_stage3 | |
| add address=27.124.5.16 list=ssh_stage3 | |
| add address=80.78.21.243 list=ssh_stage3 | |
| add address=154.89.5.202 list=ssh_stage3 | |
| add address=13.40.9.212 list=ssh_stage3 | |
| add address=192.81.134.105 list=ssh_stage3 | |
| add address=170.39.218.4 list=ssh_stage3 | |
| add address=80.78.21.109 list=ssh_stage3 | |
| add address=31.192.105.84 list=ssh_stage3 | |
| add address=192.168.10.129 list=ssh_stage3 | |
| add address=192.168.10.128 list=ssh_stage3 | |
| add address=192.168.10.124 list=ssh_stage3 | |
| add address=154.89.5.79 list=ssh_stage3 | |
| add address=193.233.155.220 list=ssh_stage3 | |
| add address=80.78.21.11 list=ssh_stage3 | |
| add address=103.119.230.190 list=ssh_stage3 | |
| add address=165.154.48.69 list=ssh_stage3 | |
| add address=154.89.5.71 list=ssh_stage3 | |
| add address=27.124.32.147 list=ssh_stage3 | |
| add address=91.211.246.152 list=ssh_stage3 | |
| add address=64.225.14.26 list=ssh_stage3 | |
| add address=154.89.5.210 list=ssh_stage3 | |
| add address=80.78.21.220 list=ssh_stage3 | |
| add address=137.220.228.89 list=ssh_stage3 | |
| add address=62.76.144.115 list=ssh_stage3 | |
| add address=154.89.5.120 list=ssh_stage3 | |
| add address=35.176.191.105 list=ssh_stage3 | |
| add address=154.89.5.110 list=ssh_stage3 | |
| add address=123.58.198.119 list=ssh_stage3 | |
| add address=137.220.228.86 list=ssh_stage3 | |
| add address=80.78.21.228 list=ssh_stage3 | |
| add address=154.89.5.211 list=ssh_stage3 | |
| add address=23.224.186.73 list=ssh_stage3 | |
| add address=139.177.192.5 list=ssh_stage3 | |
| add address=80.78.21.77 list=ssh_stage3 | |
| add address=154.89.5.118 list=ssh_stage3 | |
| add address=107.150.103.35 list=ssh_stage3 | |
| add address=44.211.167.205 list=ssh_stage3 | |
| add address=152.32.131.196 list=ssh_stage3 | |
| add address=80.78.21.192 list=ssh_stage3 | |
| add address=154.89.5.83 list=ssh_stage3 | |
| add address=154.198.193.134 list=ssh_stage3 | |
| add address=27.124.5.118 list=ssh_stage3 | |
| add address=18.134.229.237 list=ssh_stage3 | |
| add address=192.168.10.118 list=ssh_stage3 | |
| add address=164.52.54.35 list=ssh_stage3 | |
| add address=87.236.176.168 list=ssh_stage3 | |
| add address=154.89.5.208 list=ssh_stage3 | |
| add address=45.79.72.123 list=ssh_stage3 | |
| add address=154.89.5.200 list=ssh_stage3 | |
| add address=154.89.5.100 list=ssh_stage3 | |
| add address=94.102.61.53 list=ssh_stage3 | |
| add address=154.89.5.221 list=ssh_stage3 | |
| add address=104.250.52.153 list=ssh_stage3 | |
| add address=23.248.184.241 list=ssh_stage3 | |
| add address=154.89.5.199 list=ssh_stage3 | |
| add address=37.150.223.102 list=ssh_stage3 | |
| add address=103.153.78.141 list=ssh_stage3 | |
| add address=104.218.164.140 list=ssh_stage3 | |
| add address=154.89.5.126 list=ssh_stage3 | |
| add address=45.33.87.154 list=ssh_stage3 | |
| add address=154.89.5.122 list=ssh_stage3 | |
| add address=85.159.214.71 list=ssh_stage3 | |
| add address=152.32.200.79 list=ssh_stage3 | |
| add address=154.89.5.205 list=ssh_stage3 | |
| add address=18.170.214.79 list=ssh_stage3 | |
| add address=18.133.224.7 list=ssh_stage3 | |
| add address=154.89.5.119 list=ssh_stage3 | |
| add address=3.10.19.211 list=ssh_stage3 | |
| add address=18.132.37.18 list=ssh_stage3 | |
| add address=10.0.10.11 list=ssh_stage3 | |
| add address=152.32.175.130 list=ssh_stage3 | |
| add address=70.185.27.139 list=ssh_stage3 | |
| add address=85.89.72.18 list=ssh_stage3 | |
| add address=198.74.56.135 list=ssh_stage3 | |
| add address=94.74.178.201 list=ssh_stage3 | |
| add address=54.81.16.57 list=ssh_stage3 | |
| add address=13.40.32.161 list=ssh_stage3 | |
| add address=152.32.253.11 list=ssh_stage3 | |
| add address=3.10.212.10 list=ssh_stage3 | |
| add address=94.74.177.161 list=ssh_stage3 | |
| add address=92.244.236.189 list=ssh_stage3 | |
| add address=152.32.150.182 list=ssh_stage3 | |
| add address=143.42.49.66 list=ssh_stage3 | |
| add address=185.233.19.15 list=ssh_stage3 | |
| add address=167.99.191.251 list=ssh_stage3 | |
| add address=185.233.19.103 list=ssh_stage3 | |
| add address=5.18.248.229 list=ssh_stage3 | |
| add address=45.83.65.189 list=ssh_stage3 | |
| add address=143.255.142.112 list=ssh_stage3 | |
| add address=78.37.119.105 list=ssh_stage3 | |
| add address=152.32.245.214 list=ssh_stage3 | |
| add address=103.14.33.25 list=ssh_stage3 | |
| add address=45.79.168.172 list=ssh_stage3 | |
| add address=18.134.252.90 list=ssh_stage3 | |
| add address=152.32.150.96 list=ssh_stage3 | |
| add address=192.168.10.126 list=ssh_stage3 | |
| add address=192.168.10.103 list=ssh_stage3 | |
| add address=91.224.168.78 list=ssh_stage3 | |
| add address=192.168.10.125 list=ssh_stage3 | |
| add address=10.0.10.10 list=ssh_stage3 | |
| /ip firewall filter | |
| add action=drop chain=input disabled=yes src-address-list="Blocked adresses" | |
| add action=passthrough chain=unused-hs-chain comment=\ | |
| "place hotspot rules here" | |
| add action=jump chain=forward comment="jump to kid-control rules" \ | |
| jump-target=kid-control | |
| add action=accept chain=input comment=\ | |
| "defconf: accept established,related,untracked" connection-state=\ | |
| established,related,untracked | |
| add action=add-src-to-address-list address-list=ssh_blacklist \ | |
| address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ | |
| protocol=tcp src-address-list=ssh_stage3 | |
| add action=add-src-to-address-list address-list=ssh_stage3 \ | |
| address-list-timeout=none-static chain=input connection-state=new \ | |
| dst-port=8291 protocol=tcp src-address-list=ssh_stage2 | |
| add action=add-src-to-address-list address-list=ssh_stage2 \ | |
| address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ | |
| protocol=tcp src-address-list=ssh_stage1 | |
| add action=add-src-to-address-list address-list=ssh_stage1 \ | |
| address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ | |
| protocol=tcp | |
| add action=accept chain=input dst-port=8291 protocol=tcp | |
| add action=drop chain=input comment="defconf: drop invalid" connection-state=\ | |
| invalid disabled=yes | |
| add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp | |
| add action=drop chain=input comment="defconf: drop all not coming from LAN" \ | |
| disabled=yes in-interface-list=!LAN | |
| add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ | |
| connection-state=established,related hw-offload=yes | |
| add action=accept chain=forward comment="defconf: accept in ipsec policy" \ | |
| ipsec-policy=in,ipsec | |
| add action=accept chain=forward comment="defconf: accept out ipsec policy" \ | |
| ipsec-policy=out,ipsec | |
| add action=accept chain=forward comment=\ | |
| "defconf: accept established,related, untracked" connection-state=\ | |
| established,related,untracked | |
| add action=accept chain=forward in-interface=bridge-home out-interface=\ | |
| bridge-guest | |
| add action=accept chain=forward disabled=yes in-interface=pppoe-out1-guest \ | |
| out-interface=bridge-guest | |
| add action=drop chain=forward comment="defconf: drop invalid" \ | |
| connection-state=invalid disabled=yes | |
| /ip firewall mangle | |
| add action=mark-routing chain=prerouting new-routing-mark=isp1 passthrough=no \ | |
| src-address=192.168.88.0/24 | |
| # pppoe-out1-guest not ready | |
| add action=mark-connection chain=prerouting connection-mark=no-mark \ | |
| in-interface=pppoe-out1-guest new-connection-mark=isp1 passthrough=no | |
| add action=mark-routing chain=prerouting connection-mark=isp1 \ | |
| in-interface-list=LAN new-routing-mark=isp1 passthrough=no | |
| add action=mark-routing chain=output connection-mark=isp1 new-routing-mark=\ | |
| Allowed-devices-from-guest passthrough=no | |
| add action=mark-connection chain=prerouting connection-mark=no-mark \ | |
| in-interface=pppoe-out2-home new-connection-mark=isp2 passthrough=no | |
| add action=mark-routing chain=prerouting connection-mark=isp2 \ | |
| in-interface-list=LAN new-routing-mark=isp2 passthrough=no | |
| add action=mark-routing chain=output connection-mark=isp2 new-routing-mark=\ | |
| isp2 passthrough=no | |
| add action=mark-routing chain=prerouting comment="mark routing 10.66.66.0/24" \ | |
| dst-address-type=!local hotspot=auth new-routing-mark=\ | |
| Hotspot-RoutingTable passthrough=no src-address=10.66.66.0/24 | |
| add action=change-mss chain=forward comment=\ | |
| "change MSS to (MTU1420-40=1280) 10.66.66.0/24" connection-mark=\ | |
| Hotspot-ConnectionMark new-mss=1280 passthrough=yes protocol=tcp \ | |
| src-address=10.66.66.0/24 tcp-flags=syn tcp-mss=!0-1280 | |
| add action=mark-connection chain=prerouting comment=\ | |
| "mark connection 10.66.66.0/24" new-connection-mark=\ | |
| Hotspot-ConnectionMark passthrough=yes src-address=10.66.66.0/24 | |
| add action=change-mss chain=forward new-mss=1400 out-interface=\ | |
| wireguard-Server passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\ | |
| 1401-65535 | |
| add action=mark-routing chain=prerouting dst-address=!192.168.10.0/24 \ | |
| new-routing-mark=WireGuardVPN-RoutingTable passthrough=yes src-address=\ | |
| 192.168.10.0/24 | |
| add action=mark-routing chain=prerouting dst-address=!192.168.10.120 \ | |
| new-routing-mark=WG-TEST-Routing-Table passthrough=yes src-address=\ | |
| 192.168.10.120 | |
| /ip firewall nat | |
| add action=passthrough chain=unused-hs-chain comment=\ | |
| "place hotspot rules here" disabled=yes | |
| # pppoe-out1-guest not ready | |
| add action=masquerade chain=srcnat comment="guest nat. (pppoe-guest is defaul\ | |
| t. Change to PPPoE-home to allow guests use home network) + check ip-route\ | |
| s" ipsec-policy=out,none out-interface=pppoe-out1-guest src-address=\ | |
| 192.168.88.0/24 | |
| add action=masquerade chain=srcnat comment="Hotspot masquerade (pppoe-guest is\ | |
| \_default. Change to PPPoE-home to allow guests use home network) + check \ | |
| ip-routes" out-interface=pppoe-out2-home src-address=10.66.66.0/24 | |
| add action=masquerade chain=srcnat comment="guest nat. turn on to allow guests\ | |
| \_use home network (pppoe-guest is default. Change to PPPoE-home to allow \ | |
| guests use home network) + check ip-routes" disabled=yes ipsec-policy=\ | |
| out,none out-interface=pppoe-out2-home src-address=192.168.88.0/24 | |
| add action=masquerade chain=srcnat comment="user nat" src-address=\ | |
| 192.168.10.0/24 | |
| add action=src-nat chain=srcnat comment="Wireguard SRC-NAT" out-interface=\ | |
| pppoe-out2-home src-address=10.0.10.0/24 to-addresses=91.224.168.121 | |
| add action=masquerade chain=srcnat comment="VPN masquerade" src-address=\ | |
| 192.168.89.0/24 | |
| add action=masquerade chain=srcnat dst-address=192.168.20.0/24 out-interface=\ | |
| wireguard-Server | |
| add action=netmap chain=dstnat comment=\ | |
| "Open all ports to 192.168.10.120 (For Honor)" disabled=yes to-addresses=\ | |
| 192.168.10.120 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to office (Hairpin NAT)" \ | |
| dst-address=91.224.168.121 dst-port=37720 protocol=tcp to-addresses=\ | |
| 192.168.10.20 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to home (Hairpin NAT)" \ | |
| dst-address=91.224.168.121 dst-port=37721 protocol=tcp to-addresses=\ | |
| 192.168.10.21 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to B (Hairpin NAT)" dst-address=\ | |
| 91.224.168.121 dst-port=37722 protocol=tcp to-addresses=192.168.10.22 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to Vagon (Hairpin NAT)" \ | |
| dst-address=91.224.168.121 dst-port=37723 protocol=tcp to-addresses=\ | |
| 192.168.10.23 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to Bar (Hairpin NAT)" \ | |
| dst-address=91.224.168.121 dst-port=37724 protocol=tcp to-addresses=\ | |
| 192.168.10.24 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to New (Hairpin NAT)" \ | |
| dst-address=91.224.168.121 dst-port=37725 protocol=tcp to-addresses=\ | |
| 192.168.10.25 | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to office (Hairpin NAT)" \ | |
| dst-address=192.168.10.20 dst-port=37720 protocol=tcp | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to home (Hairpin NAT)" \ | |
| dst-address=192.168.10.21 dst-port=37721 protocol=tcp | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to B (Hairpin NAT)" dst-address=\ | |
| 192.168.10.22 dst-port=37722 protocol=tcp | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to Vagon (Hairpin NAT)" \ | |
| dst-address=192.168.10.23 dst-port=37723 protocol=tcp | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to Bar (Hairpin NAT)" \ | |
| dst-address=192.168.10.24 dst-port=37724 protocol=tcp | |
| add action=masquerade chain=srcnat comment=\ | |
| "(cameras) Acces from LAN to WAN adress to New (Hairpin NAT)" \ | |
| dst-address=192.168.10.25 dst-port=37725 protocol=tcp | |
| add action=netmap chain=dstnat comment="(cameras) office internet tcp" \ | |
| dst-port=37720 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.20 to-ports=37720 | |
| add action=dst-nat chain=dstnat comment="(cameras) office internet tcp" \ | |
| dst-port=8888 in-interface=pppoe-out2-home log=yes protocol=tcp \ | |
| to-addresses=10.0.10.11 to-ports=8888 | |
| add action=netmap chain=dstnat comment="(cameras) home internet tcp" \ | |
| dst-port=37721 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.21 to-ports=37721 | |
| add action=netmap chain=dstnat comment="(cameras) B internet tcp" dst-port=\ | |
| 37722 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.22 to-ports=37722 | |
| add action=netmap chain=dstnat comment="(cameras) Vagon internet tcp" \ | |
| dst-port=37723 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.23 to-ports=37723 | |
| add action=netmap chain=dstnat comment="(cameras) Vagon rstp tcp" dst-port=\ | |
| 554 in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.23 \ | |
| to-ports=554 | |
| add action=netmap chain=dstnat comment="(cameras) Bar internet tcp" dst-port=\ | |
| 37724 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.24 to-ports=37724 | |
| add action=netmap chain=dstnat comment="(cameras) New internet tcp " \ | |
| dst-port=37725 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.25 to-ports=37725 | |
| add action=netmap chain=dstnat comment=Darkcomet dst-port=1604 in-interface=\ | |
| pppoe-out2-home protocol=tcp to-addresses=192.168.10.120 to-ports=1604 | |
| add action=netmap chain=dstnat comment="CS GO 27015" dst-port=27015 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.120 \ | |
| to-ports=27015 | |
| add action=netmap chain=dstnat comment="Proxy to simferopol" dst-port=3128 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.20.15 \ | |
| to-ports=3128 | |
| add action=netmap chain=dstnat comment="Moonlight game stream TCP" dst-port=\ | |
| 47984-48010 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.120 to-ports=47984-48010 | |
| add action=dst-nat chain=dstnat comment="Moonlight game stream UDP" dst-port=\ | |
| 5201 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.120 to-ports=5201 | |
| add action=netmap chain=dstnat comment="8080 nginx on WinMac" dst-port=8080 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.50 \ | |
| to-ports=8080 | |
| add action=masquerade chain=srcnat comment="masquerade hotspot network" \ | |
| src-address=192.168.88.0/24 | |
| add action=masquerade chain=srcnat comment="masquerade hotspot network" \ | |
| src-address=192.168.10.0/24 | |
| add action=masquerade chain=srcnat comment="masquerade hotspot network" \ | |
| src-address=192.168.88.0/24 | |
| add action=dst-nat chain=dstnat comment="home server nginx" dst-port=80 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.60 \ | |
| to-ports=80 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "home server zabbix-agent to vdsina server" dst-port=10050 in-interface=\ | |
| pppoe-out2-home protocol=tcp src-address=130.61.191.167 to-addresses=\ | |
| 192.168.10.60 to-ports=10050 | |
| add action=dst-nat chain=dstnat comment=\ | |
| "home server zabbix-agent to vdsina server" dst-port=10051 in-interface=\ | |
| pppoe-out2-home protocol=tcp src-address=130.61.191.167 to-addresses=\ | |
| 192.168.10.50 to-ports=10051 | |
| add action=dst-nat chain=dstnat comment="home server ssl" dst-port=443 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.60 \ | |
| to-ports=443 | |
| add action=dst-nat chain=dstnat comment="home server ssh" dst-port=22 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.60 \ | |
| to-ports=22 | |
| add action=dst-nat chain=dstnat comment="home server minecraft" dst-port=\ | |
| 25565 in-interface=pppoe-out2-home protocol=tcp to-addresses=\ | |
| 192.168.10.60 to-ports=25565 | |
| add action=netmap chain=dstnat comment="home server SD webui" dst-port=7860 \ | |
| in-interface=pppoe-out2-home protocol=tcp src-address=130.61.191.167 \ | |
| to-addresses=192.168.10.60 to-ports=7860 | |
| add action=netmap chain=dstnat comment="asterisk sip" dst-port=5060-5061 \ | |
| in-interface=pppoe-out2-home protocol=udp to-addresses=192.168.10.60 \ | |
| to-ports=5060-5061 | |
| add action=netmap chain=dstnat comment="asterisk rtp" dst-port=18000-18100 \ | |
| in-interface=pppoe-out2-home protocol=udp to-addresses=192.168.10.60 \ | |
| to-ports=18000-18100 | |
| add action=dst-nat chain=dstnat comment=10 dst-port=13003 in-interface=\ | |
| pppoe-out2-home protocol=tcp to-addresses=192.168.10.60 to-ports=13003 | |
| add action=dst-nat chain=dstnat comment=10 disabled=yes dst-port=11011 \ | |
| in-interface=pppoe-out2-home protocol=tcp to-addresses=192.168.10.60 \ | |
| to-ports=11011 | |
| /ip firewall raw | |
| add action=accept chain=prerouting disabled=yes src-address-list=BlackList | |
| add action=add-dst-to-address-list address-list=BlackList \ | |
| address-list-timeout=1h10m chain=output comment="Rule #15 \"Bruteforce\": \ | |
| add a device performing unsuccessful authorization to BlackList." \ | |
| content="invalid user name or password" disabled=yes | |
| /ip hotspot user | |
| add name=admin | |
| /ip kid-control device | |
| add disabled=yes mac-address=DC:A9:04:8E:36:F0 name=MacBook user=Mama | |
| add mac-address=B8:BC:5B:A1:54:D4 name="Samsung TV in the bedroom" user=Mama | |
| add mac-address=C0:48:E6:74:F0:05 name="Samsung TV in the kitchen" user=Mama | |
| add mac-address=D0:81:7A:7A:BA:81 name="iPhone 7 valera" user=Friends | |
| add disabled=yes mac-address=B4:85:E1:80:2F:66 name="iPhone 12 Pro Max" user=\ | |
| Mama | |
| /ip proxy | |
| set cache-path=webproxy port=8888 src-address=192.168.10.1 | |
| /ip proxy access | |
| add action=deny | |
| /ip route | |
| add disabled=yes dst-address=0.0.0.0/0 gateway=pppoe-out2-home | |
| add disabled=no distance=11 dst-address=0.0.0.0/0 gateway=pppoe-out2-home \ | |
| pref-src="" routing-table=isp2 scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add comment="Pppoe-guest is default. Change to pppoe-home to allow guests use \ | |
| home network + check ip-firewall-nat masquarade" disabled=yes distance=1 \ | |
| dst-address=0.0.0.0/0 gateway=pppoe-out1-guest pref-src="" routing-table=\ | |
| Hotspot-RoutingTable scope=30 suppress-hw-offload=no target-scope=10 | |
| add comment="accept guests to local site lagunadom" disabled=no distance=2 \ | |
| dst-address=192.168.10.60/32 gateway=bridge-home pref-src=0.0.0.0 \ | |
| routing-table=isp1 suppress-hw-offload=no | |
| add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=bridge-home \ | |
| pref-src="" routing-table=Allowed-devices-from-guest scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add comment="Turn on to allow guests use home network" disabled=no distance=4 \ | |
| dst-address=0.0.0.0/0 gateway=pppoe-out2-home pref-src="" routing-table=\ | |
| Hotspot-RoutingTable scope=30 suppress-hw-offload=no target-scope=10 | |
| add comment="Global Wireguard" disabled=yes distance=2 dst-address=0.0.0.0/0 \ | |
| gateway=wireguard-Oracle pref-src="" routing-table=\ | |
| WireGuardVPN-RoutingTable scope=30 suppress-hw-offload=no target-scope=10 | |
| add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=172.22.22.1 \ | |
| pref-src=0.0.0.0 routing-table=isp2 scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add disabled=yes distance=5 dst-address=0.0.0.0/0 gateway=pppoe-out1-guest \ | |
| pref-src="" routing-table=Hotspot-RoutingTable scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add comment="accept guests to local site lagunadom" disabled=no distance=2 \ | |
| dst-address=192.168.10.60/32 gateway=bridge-home pref-src=0.0.0.0 \ | |
| routing-table=Hotspot-RoutingTable suppress-hw-offload=no | |
| add disabled=yes distance=1 dst-address=192.168.20.0/24 gateway=10.0.10.11 \ | |
| pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add disabled=no distance=1 dst-address=192.168.20.0/24 gateway=\ | |
| wireguard-Server pref-src="" routing-table=main scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add disabled=yes distance=1 dst-address=192.168.20.10/32 gateway=\ | |
| wireguard-Server pref-src="" routing-table=main scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add comment="accept to ubnt unifi" disabled=no distance=2 dst-address=\ | |
| 10.66.66.2/32 gateway=bridge.HotSpot pref-src="" routing-table=isp2 \ | |
| suppress-hw-offload=no | |
| add disabled=no distance=1 dst-address=192.168.2.0/24 gateway=192.168.10.13 \ | |
| pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=192.168.10.13 \ | |
| pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add disabled=no distance=1 dst-address=192.168.0.0/24 gateway=192.168.10.13 \ | |
| pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| add comment="TEST Wireguard" disabled=yes distance=2 dst-address=0.0.0.0/0 \ | |
| gateway=wireguard-Oracle pref-src="" routing-table=WG-TEST-Routing-Table \ | |
| scope=30 suppress-hw-offload=no target-scope=10 | |
| add comment="TEST Wireguard" disabled=no distance=1 dst-address=172.17.0.1/32 \ | |
| gateway=10.8.0.1 pref-src="" routing-table=WG-TEST-Routing-Table scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add comment="TEST Wireguard" disabled=yes distance=2 dst-address=0.0.0.0/0 \ | |
| gateway=10.8.0.1 pref-src="" routing-table=WG-TEST-Routing-Table scope=30 \ | |
| suppress-hw-offload=no target-scope=10 | |
| add disabled=yes distance=1 dst-address=192.168.10.13/32 gateway=192.168.10.0 \ | |
| pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ | |
| target-scope=10 | |
| /ip service | |
| set telnet disabled=yes | |
| set ftp disabled=yes port=2180 | |
| set www port=8088 | |
| set ssh address=------------- | |
| set www-ssl certificate=hotspot.example.com.pem_0 | |
| set api address=10.0.10.0/24,192.168.20.0/24,192.168.10.0/24 | |
| set winbox address=\ | |
| 192.168.10.0/24,192.168.20.0/24,10.0.10.0/24,188.191.20.161/32 | |
| set api-ssl certificate=*3 disabled=yes | |
| /ip smb | |
| set domain=WORKGROUP interfaces=bridge-home | |
| /ip smb shares | |
| set [ find default=yes ] disabled=yes | |
| add directory=/disk1 name=Kingstick | |
| /ip smb users | |
| add name=admin read-only=no | |
| /ip ssh | |
| set always-allow-password-login=yes | |
| /ip upnp | |
| set enabled=yes | |
| /ip upnp interfaces | |
| add interface=bridge-home type=internal | |
| add interface=pppoe-out2-home type=external | |
| /ppp secret | |
| add name=vpn profile=default-encryption | |
| /system clock | |
| set time-zone-autodetect=no time-zone-name=Europe/Simferopol | |
| /system identity | |
| set name=baza_3011 | |
| /system logging | |
| set 0 topics=info,!fetch | |
| /system note | |
| set show-at-login=no | |
| /system ntp client | |
| set enabled=yes | |
| /system ntp client servers | |
| add address=88.147.254.235 | |
| add address=88.147.254.229 | |
| /tool romon | |
| set enabled=yes | |
| /tool romon port | |
| add interface=*2B | |
| add interface=ether4 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 2023-12-31 16:54:10 by RouterOS 7.13 | |
| # | |
| # model = RBD52G-5HacD2HnD | |
| /interface bridge | |
| add admin-mac=74:4D:28:B4:99:3C auto-mac=no comment=defconf name=bridgeLocal \ | |
| port-cost-mode=short protocol-mode=none | |
| /interface wifi | |
| # managed by CAPsMAN | |
| # mode: AP, SSID: service2-up, channel: 2462/n/eC | |
| set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \ | |
| disabled=no | |
| set [ find default-name=wifi2 ] channel.band=5ghz-ac .frequency=5320 .width=\ | |
| 20/40/80mhz configuration.mode=ap .ssid=service5-up datapath.bridge=\ | |
| bridgeLocal disabled=no security.authentication-types=wpa2-psk,wpa3-psk | |
| /interface lte apn | |
| set [ find default=yes ] ip-type=ipv4 use-network-apn=no | |
| /routing bgp template | |
| set default disabled=no output.network=bgp-networks | |
| /routing ospf instance | |
| add disabled=no name=default-v2 | |
| /routing ospf area | |
| add disabled=yes instance=default-v2 name=backbone-v2 | |
| /interface bridge port | |
| add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether2 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether3 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether4 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether5 \ | |
| internal-path-cost=10 path-cost=10 | |
| add bridge=bridgeLocal interface=*2 internal-path-cost=10 path-cost=10 | |
| /ip neighbor discovery-settings | |
| set discover-interface-list=all | |
| /ip settings | |
| set max-neighbor-entries=8192 | |
| /ipv6 settings | |
| set disable-ipv6=yes max-neighbor-entries=8192 | |
| /interface ovpn-server server | |
| set auth=sha1,md5 | |
| /interface wifi cap | |
| set discovery-interfaces=bridgeLocal enabled=yes | |
| /ip dhcp-client | |
| add comment=defconf interface=bridgeLocal | |
| /system clock | |
| set time-zone-name=Asia/Yekaterinburg | |
| /system identity | |
| set name=home1_hAp_ac2_bedroom | |
| /system note | |
| set show-at-login=no | |
| /system scheduler | |
| add name=Update-Current-Firmware on-event="if ([/system routerboard get curren\ | |
| t-firmware] != [/system routerboard get upgrade-firmware]) do={\r\ | |
| \n/system routerboard upgrade\r\ | |
| \n:delay 12s\r\ | |
| \n/system reboot\r\ | |
| \n}\r\ | |
| \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \ | |
| start-time=startup | |
| /tool romon | |
| set enabled=yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment