# routerboard: yes # board-name: NetBox 5 # model: 911G-5HPacD # serial-number: 7EEA07DDCD49 # firmware-type: qca9550 # factory-firmware: 3.41 # current-firmware: 6.48.6 # upgrade-firmware: 6.48.6 # # channel: long-term # installed-version: 6.48.6 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = L5BU-941G # # model = 911G-5HPacD # serial number = 7EEA07DDCD49 /interface bridge add disabled=yes name=bridge1 add disabled=yes fast-forward=no name=bridgevlan750 protocol-mode=none /interface wireless set [ find default-name=wlan1 ] ampdu-priorities=0,1,2,3,4,5,6,7 antenna-gain=30 band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=no_country_set disabled=no frequency=5910 frequency-mode=superchannel mode=station-bridge radio-name=BOSCARDIN rx-chains=0,1 scan-list=5000-5990 ssid=LINK_Boscardin_car station-roaming=enabled tx-chains=0,1 tx-power=25 tx-power-mode=all-rates-fixed wireless-protocol=nv2 /interface ethernet set [ find default-name=ether1 ] speed=100Mbps /interface pppoe-client add add-default-route=yes disabled=no interface=wlan1 name=onnet@boscardin password=onnet@pedreira781 use-peer-dns=yes user=onnet@boscardin /interface eoip add !keepalive mac-address=02:93:E1:F8:21:8F mtu=1400 name=eoip-tunnel1 remote-address=45.225.67.208 tunnel-id=2 /interface vlan add disabled=yes interface=wlan1 name=vlan750 vlan-id=750 add disabled=yes interface=ether1 name=vlan750-2 vlan-id=750 /interface list add exclude=dynamic name=discover add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=90951418 /ip pool add name=dhcp ranges=192.168.0.10-192.168.0.100 /ip dhcp-server add address-pool=dhcp disabled=no interface=ether1 name=dhcp1 /snmp community set [ find default=yes ] addresses=45.225.65.10/32 name=onnet@2017 /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 hw=no interface=ether1 add bridge=bridgevlan750 interface=vlan750 add bridge=bridgevlan750 interface=vlan750-2 /ip neighbor discovery-settings set discover-interface-list=all /ip settings set rp-filter=strict tcp-syncookies=yes /interface list member add interface=ether1 list=discover add interface=eoip-tunnel1 list=discover add interface=onnet@boscardin list=WAN add interface=bridge1 list=LAN /interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=yes /ip address add address=192.168.0.4/24 interface=ether1 network=192.168.0.0 add address=10.10.10.2/30 interface=eoip-tunnel1 network=10.10.10.0 /ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.4 /ip dns set servers=177.10.56.3,177.10.56.30 /ip firewall address-list add address=45.225.64.0/22 list=suporte add address=45.182.132.0/22 list=suporte add address=200.192.102.190 list="liberado servidor" add address=45.225.66.255 list="liberado servidor" add address=192.168.0.0/24 list="liberado servidor" add address=172.16.20.50 list=suporte add address=177.10.56.141 list=suporte /ip firewall filter add action=accept chain=input comment="conex\E3o estabelecida ou relacionada com mk" connection-state=established,related add action=accept chain=input comment="acesso onnet" in-interface=onnet@boscardin src-address-list=suporte add action=accept chain=forward comment="estabelecida ou relacionada com rede interna" connection-state=established,related add action=drop chain=input in-interface=onnet@boscardin log-prefix=FW add action=accept chain=forward comment="drop o que vem de fora somente da lista" disabled=yes dst-address=192.168.0.1 src-address-list="liberado servidor" add action=accept chain=forward comment="drop o que vai pra fora somente da lista" disabled=yes dst-address-list="liberado servidor" src-address=192.168.0.1 add action=drop chain=forward disabled=yes src-address=192.168.0.1 add action=drop chain=forward disabled=yes dst-address=192.168.0.1 /ip firewall nat add action=masquerade chain=srcnat disabled=yes dst-address=10.0.0.0/24 src-address=!45.225.67.177 add action=src-nat chain=srcnat disabled=yes out-interface=onnet@boscardin src-address=192.168.0.0/24 to-addresses=45.225.67.177 add action=dst-nat chain=dstnat disabled=yes dst-address=45.225.67.204 dst-port=80,443 protocol=tcp to-addresses=192.168.0.101 add action=dst-nat chain=dstnat comment="SERVIDOR LINUX" dst-address=45.225.67.204 dst-port=2705 protocol=tcp to-addresses=192.168.0.1 to-ports=2705 add action=dst-nat chain=dstnat comment=REDIR dst-address=45.225.67.204 dst-port=3306 protocol=tcp to-addresses=192.168.0.199 to-ports=3306 add action=dst-nat chain=dstnat dst-address=45.225.67.204 dst-port=3309 protocol=tcp to-addresses=192.168.0.199 to-ports=3309 add action=masquerade chain=srcnat out-interface=onnet@boscardin src-address=192.168.0.0/24 add action=masquerade chain=srcnat dst-address=!10.0.0.0/24 out-interface-list=WAN add action=dst-nat chain=dstnat disabled=yes dst-address=45.225.67.204 dst-port=5060 protocol=tcp to-addresses=192.168.0.101 to-ports=5060 add action=dst-nat chain=dstnat disabled=yes dst-address=45.225.67.204 dst-port=5060 protocol=tcp to-addresses=192.168.0.102 to-ports=5060 /ip proxy set cache-on-disk=yes /ip route add distance=1 dst-address=10.0.0.0/24 gateway=10.10.10.1 pref-src=10.10.10.2 scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www address=45.225.64.0/22,192.168.0.0/16 set ssh address=45.225.65.10/32 port=2222 set api disabled=yes set winbox port=25000 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ip upnp set enabled=yes /ip upnp interfaces add interface=ether1 type=internal add interface=onnet@boscardin type=external /ipv6 nd set [ find default=yes ] advertise-dns=no /ppp secret add local-address=192.168.0.4 name=conect-boscardin password=@S141212 remote-address=10.0.0.1 routes=10.0.0.0/24 service=pptp /snmp set enabled=yes /system clock set time-zone-name=America/Sao_Paulo /system identity set name="PEDREIRA BOSCARDIN" /system ntp client set enabled=yes primary-ntp=200.20.186.76 secondary-ntp=91.189.89.199 /system package update set channel=long-term /tool romon set enabled=yes