#        routerboard: yes
#         board-name: hEX
#              model: RouterBOARD 750G r3
#           revision: r3
#      serial-number: 8AFF081C044F
#      firmware-type: mt7621L
#   factory-firmware: 3.41
#   current-firmware: 6.48
#   upgrade-firmware: 6.48
# 
#             channel: stable
#   installed-version: 6.48
# 
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# 
# software id = 4NE3-PCY2
#
# model = RouterBOARD 750G r3
# serial number = 8AFF081C044F
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface vlan
add interface=ether1 name=vlan30 vlan-id=30
add interface=ether1 name=vlan31 vlan-id=31
add interface=ether1 name=vlan32 vlan-id=32
add interface=ether1 name=vlan33 vlan-id=33
add interface=ether1 name=vlan123 vlan-id=123
add interface=ether1 name=vlan127-gerencia-crs vlan-id=127
add interface=ether1 name=vlan3803 vlan-id=3803
/interface list
add name=CLIENTE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.2.10-192.168.2.254
add name=posto ranges=192.168.10.100-192.168.10.254
add name=vpn-pool2 ranges=192.168.89.2-192.168.89.100
/ip dhcp-server
add address-pool=posto disabled=no interface=ether2 name=posto
add address-pool=dhcp disabled=no interface=bridge1 name=restaurante
/ppp profile
set *0 dns-server=8.8.8.8,127.0.0.1 local-address=192.168.89.1 remote-address=vpn-pool2
add dns-server=177.10.56.3,177.10.56.30 local-address=192.168.40.1 name=profile1
/snmp community
set [ find default=yes ] addresses=172.16.21.50/32,45.225.64.0/22 name=onnet@2017
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!CLIENTE
/interface list member
add interface=ether2 list=CLIENTE
add interface=ether3 list=CLIENTE
add interface=ether4 list=CLIENTE
add interface=ether5 list=CLIENTE
/interface pppoe-server server
add disabled=no interface=vlan123 service-name=service1
add disabled=no interface=vlan30 service-name=service2
add disabled=no interface=vlan31 service-name=service3
add disabled=no interface=vlan32 service-name=service4
add disabled=no interface=vlan33 service-name=service5
add disabled=no interface=vlan3803 service-name=service6
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.2.1/24 interface=bridge1 network=192.168.2.0
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=45.225.64.58/30 interface=vlan30 network=45.225.64.56
add address=192.168.5.1/24 interface=vlan127-gerencia-crs network=192.168.5.0
add address=45.225.65.233/30 interface=vlan31 network=45.225.65.232
/ip dhcp-server lease
add address=192.168.2.43 client-id=1:1c:1b:d:f4:e3:b9 mac-address=1C:1B:0D:F4:E3:B9 server=restaurante
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=45.225.64.10,8.8.8.8 gateway=192.168.2.1 netmask=24
add address=192.168.10.0/24 dns-server=45.225.64.10,8.8.8.8 gateway=192.168.10.1
/ip dns
set servers=45.225.66.10,8.8.8.8
/ip firewall filter
add action=accept chain=input disabled=yes port=1701,500,4500 protocol=udp
add action=accept chain=input disabled=yes protocol=ipsec-esp
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-address=45.225.64.58 dst-port=8091 protocol=tcp to-addresses=192.168.2.43
add action=src-nat chain=srcnat out-interface=vlan30 src-address=!45.225.65.232/30 to-addresses=45.225.64.58
add action=masquerade chain=srcnat src-address=192.168.0.0/16
add action=dst-nat chain=dstnat dst-address=45.225.64.58 port=8090 protocol=tcp to-addresses=192.168.2.39 to-ports=8090
/ip route
add distance=1 gateway=45.225.64.57
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=45.225.65.10/32 port=2222
set api disabled=yes
set winbox port=25000
set api-ssl disabled=yes
/ppp secret
add name=vpn password=vpn
add local-address=192.168.40.1 name=marciane.jaco@dbug password=201023 remote-address=192.168.1.149 service=pppoe
add local-address=192.168.40.1 name=serp@luiz password=serp@luiz remote-address=192.168.1.150 service=pppoe
add local-address=192.168.40.1 name=serp@lenon password=serp@lenon remote-address=192.168.1.151 service=pppoe
/snmp
set contact="Rodrigo <rodrigo@onnetdigital.com.br>" enabled=yes location="Posto Ipirangao, PR" src-address=45.225.64.58 trap-version=2
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name="POSTO IPIRANGAO"
/system ntp client
set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8
/system resource irq rps
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/tool bandwidth-server
set authenticate=no
/tool romon
set enabled=yes