# routerboard: yes # model: RB3011UiAS # serial-number: 783D07E9EDAC # firmware-type: ipq8060 # factory-firmware: 3.35 # current-firmware: 7.14.2 # upgrade-firmware: 7.14.2 # # channel: long-term # installed-version: 7.14.2 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U filter rule added lucas write 2024-09-24 01:49:08 # U address removed lucas write 2024-09-24 01:47:52 # U address changed lucas write 2024-09-23 21:50:42 # U address changed lucas write 2024-09-23 21:50:28 # U address added lucas write 2024-09-23 21:50:21 # U address removed lucas write 2024-09-23 21:49:16 # U address changed lucas write 2024-09-23 21:49:07 # U address changed lucas write 2024-09-23 21:48:57 # U address changed lucas write 2024-09-23 21:48:47 # U address changed lucas write 2024-09-23 21:48:29 # U address added lucas write 2024-09-23 21:48:18 # # 2024-09-28 03:59:36 by RouterOS 7.14.2 # software id = NYCD-ZXWI # # model = RB3011UiAS # serial number = 783D07E9EDAC /interface bridge add name="PP-JNGD x JNGD2" add name=PTK-RKT-JNGD-02 add name=PTK-RKT-JNGD-03 add name=PTK-RKT-JNGD-04 add name=loopbridge add name=paineis /interface ethernet set [ find default-name=ether1 ] comment=POE set [ find default-name=ether2 ] comment="Link Marco5" set [ find default-name=ether4 ] comment=PTK-RKT-JNDG-02 set [ find default-name=ether5 ] comment=PTK-RKT-JNGD-03 set [ find default-name=ether6 ] comment=ENVIA-JANGADINHA set [ find default-name=ether7 ] comment=REDUNDANCIA-JNGDxPDR /ip pool add name=pool1 ranges=100.65.34.1-100.65.34.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.20.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.20.0/24 /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 remote-address=pool1 use-ipv6=no use-mpls=no use-upnp=no /routing ospf instance add disabled=no name=ospf-instance-1 redistribute=connected,static router-id=192.168.200.10 routing-table=main /routing ospf area add disabled=no instance=ospf-instance-1 name=ospf-area-0 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /interface bridge port add bridge=PTK-RKT-JNGD-04 disabled=yes interface=ether3 add bridge=PTK-RKT-JNGD-02 interface=ether4 add bridge=PTK-RKT-JNGD-04 interface=ether5 add bridge="PP-JNGD x JNGD2" interface=ether6 add bridge=PTK-RKT-JNGD-04 interface=ether9 add bridge=*16 interface=*14 add bridge=*16 interface=*15 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set rp-filter=loose tcp-syncookies=yes /interface pppoe-server server add default-profile=profile1 disabled=no interface=paineis one-session-per-host=yes service-name=PTK-JNGD-02 add default-profile=profile1 disabled=no interface="PP-JNGD x JNGD2" one-session-per-host=yes service-name="PP-JNGD x JNGD2" add default-profile=profile1 disabled=no interface=PTK-RKT-JNGD-02 one-session-per-host=yes service-name=PTK-RKT-JNGD-02 add default-profile=profile1 disabled=no interface=PTK-RKT-JNGD-03 one-session-per-host=yes service-name=PTK-RKT-JNGD-03 add default-profile=profile1 disabled=no interface=PTK-RKT-JNGD-04 one-session-per-host=yes service-name=PTK-RKT-JNGD-04 /ip address add address=192.168.200.10 interface=loopbridge network=192.168.200.10 add address=192.168.100.17/30 interface=PTK-RKT-JNGD-02 network=192.168.100.16 add address=192.168.100.209/30 interface=PTK-RKT-JNGD-04 network=192.168.100.208 add address=192.168.99.57/29 interface=ether7 network=192.168.99.56 add address=192.168.103.13/30 interface=PTK-RKT-JNGD-03 network=192.168.103.12 add address=192.168.99.68/29 interface=ether2 network=192.168.99.64 add address=192.168.99.81/29 interface="PP-JNGD x JNGD2" network=192.168.99.80 add address=192.168.100.57/30 interface="PP-JNGD x JNGD2" network=192.168.100.56 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.20.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.20.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.20.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.20.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.20.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.20.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip service set telnet disabled=yes set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22" port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=associacao profile=profile1 service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.10 timeout=3s /radius incoming set accept=yes /routing ospf interface-template add area=ospf-area-0 cost=10 disabled=no interfaces=ether2 networks=192.168.99.65/29 priority=1 type=ptp add area=ospf-area-0 cost=20 disabled=no interfaces=ether7 networks=192.168.99.57/29 type=ptp /snmp set contact="Acacio Correa " enabled=yes location="[-26.39266287, -51.28312563]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system clock manual set time-zone=-03:00 /system identity set name=Jangada /system note set show-at-login=no /system package update set channel=long-term /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2024-04-01 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Jangada.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Jangada\" file=backup-mikrotik_Jangada.rsc start-tls=yes" /system watchdog set watchdog-timer=no /tool romon set enabled=yes