# routerboard: yes # board-name: hEX # model: RB750Gr3 # serial-number: 8AFF0A49A155 # firmware-type: mt7621L # factory-firmware: 3.41 # current-firmware: 3.41 # upgrade-firmware: 7.15.1 # # channel: stable # installed-version: 7.15.1 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U ip service changed flwvlw write 2024-06-27 21:31:17 # U ip service changed flwvlw write 2024-06-27 21:31:11 # U ip service changed flwvlw write 2024-06-27 21:31:04 # U user protek-backup changed flwvlw write 2024-06-27 21:30:33 # policy # U user nzmmaster added flwvlw write 2024-06-27 21:30:27 # policy # U user protek-backup added flwvlw write 2024-06-27 21:29:39 # policy # # 2024-07-15 11:14:55 by RouterOS 7.15.1 # software id = 0WK8-033F # # model = RB750Gr3 # serial number = 8AFF0A49A155 /interface bridge add name=bridge1 port-cost-mode=short add name=loopbridge port-cost-mode=short /interface ethernet set [ find default-name=ether1 ] comment=LINK set [ find default-name=ether2 ] comment=PTK-RKT-RECANTO-03 set [ find default-name=ether3 ] comment=PTK-RKT-RECANTO-01 set [ find default-name=ether4 ] comment=WIFI set [ find default-name=ether5 ] comment=VLAN /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip pool add name=pool1 ranges=100.65.38.100-100.65.38.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.25.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.25.0/24 /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /ppp profile add dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 remote-address=pool1 add dns-server=45.236.84.18 local-address=192.168.40.1 name=bombeiro rate-limit=5m/5m remote-address=pool1 session-timeout=0s use-compression=no use-encryption=no use-mpls=no wins-server=45.236.84.19 add comment="{{IXCSoft Aviso de Bloqueio}}" name=pool_bloqueio rate-limit="" remote-address=pool_bloqueio add comment="{{IXCSoft}}" name=Servicos_de_Comunicacao rate-limit="" add comment="{{IXCSoft}}" name=Energia_Eletrica rate-limit="" add comment="{{IXCSoft}}" name=Compra_de_Servicos rate-limit="" add comment="{{IXCSoft}}" name=CTe_Conhecimento_de_Frete rate-limit="" add comment="{{IXCSoft}}" name=SVA_Servico_Valor_Agregado rate-limit="" add comment="{{IXCSoft}}" name=Plano_15_MB_Fibra_ rate-limit="17M/17M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_20_MB_Fibra rate-limit="21M/21M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_25_MB_Fibra rate-limit="25M/25M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_35_MB_Fibra rate-limit="35M/35M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_8_MB_Radio_ rate-limit="9M/9M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_60_MB_Fibra rate-limit="61M/61M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_70_MB_Fibra rate-limit="70M/70M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_1_5_MB_Radio rate-limit="1M/1M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_1_5_MB_Radio_Comodato_ rate-limit="2M/2M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_1MB_Radio rate-limit="1M/1M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_2_MB_Radio rate-limit="2M/4M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_4_MB_Radio_ rate-limit="2M/4M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_5_MB_Radio___ rate-limit="2M/5M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Servico_de_Comodato rate-limit="" add comment="{{IXCSoft}}" name=Servico_de_ativacao rate-limit="" add comment="{{IXCSoft}}" name=Servico_de_Ativacao___Gratuito__ rate-limit="" add comment="{{IXCSoft}}" name=Plano_8_MB_Radio rate-limit="4M/9M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_6_MB_Radio rate-limit="2M/6M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Internet_230mbps_Dedicado_Prefeitura rate-limit="100M/100M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Servico_de_Manutencao_de_rede_de_internet_ rate-limit="" add comment="{{IXCSoft}}" name=Servico_de_Abastecimento_de_Agua_ rate-limit="" add comment="{{IXCSoft}}" name=Plano_15_MB_Fibra rate-limit="17M/17M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_5_MB_Radio rate-limit="6M/6M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_10_MB_ rate-limit="11M/11M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=15_MB_Fibra___Prefeitura__ rate-limit="16M/16M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_30_MB_Fibra rate-limit="32M/32M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_10_MB_Radio rate-limit="5M/10M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_5_MB_Radio_ rate-limit="3M/5M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_40_MB_Fibra_ rate-limit="40M/40M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_200_MB_Fibra rate-limit="102M/200M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_300_MB_Fibra rate-limit="300M/300M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_130_MB_Fibra rate-limit="65M/130M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Troca_de_Senha rate-limit="" add comment="{{IXCSoft}}" name=Troca_de_Endereco rate-limit="" add comment="{{IXCSoft}}" name=Plano_Ultra_200_MB_Fibra rate-limit="201M/201M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_Ultra_300_MB_Fibra rate-limit="301M/301M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_Ultra_150_MB rate-limit="151M/151M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_Ultra_250_MB rate-limit="251M/251M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_Migracao_400_MB_Fibra rate-limit="400M/400M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_50_MB_Fibra_ rate-limit="50M/50M 0/0 0/0 0/0 1 0/0" add comment="{{IXCSoft}}" name=Plano_Ultra_500_MB rate-limit="" add comment="{{IXCSoft}}" name=Plano_100_MB_Fibra rate-limit="100M/100M 0/0 0/0 0/0 1 0/0" /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 redistribute=connected router-id=192.168.200.15 add disabled=no name=default-v3 redistribute=connected version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=yes instance=default-v2 name=area1-v2 type=stub add disabled=yes instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway /ip smb set interfaces=loopbridge /interface bridge port add bridge=bridge1 ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=bridge1 service-name=service1 /ip address add address=192.168.99.4/29 interface=ether1 network=192.168.99.0 add address=192.168.200.15 interface=loopbridge network=192.168.200.15 add address=192.168.104.81/28 interface=bridge1 network=192.168.104.80 add address=192.168.104.113/29 interface=bridge1 network=192.168.104.112 add address=192.168.104.129/29 interface=bridge1 network=192.168.104.128 add address=192.168.104.177/29 interface=bridge1 network=192.168.104.176 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.25.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.25.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.25.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.25.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura add action=fasttrack-connection chain=forward disabled=yes hw-offload=yes add action=accept chain=forward connection-state=established,related disabled=yes /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.25.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.25.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.25.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.25.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip route add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=192.168.99.1 add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=192.168.99.1 /ip service set telnet port=10023 set ftp disabled=yes set www disabled=yes set ssh address=45.236.84.1/32,45.236.84.23/32,45.236.86.37/32 port=10022 set api address=192.168.199.1/32 set winbox port=25000 set api-ssl address=192.168.199.1/32 /ip smb shares set [ find default=yes ] directory=/flash/pub /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torre.recanto profile=profile1 service=pppoe add name=teste profile=profile1 service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" require-message-auth=no service=ppp,hotspot src-address=192.168.200.15 timeout=3s /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.15; }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8 && dst-len in 8-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10 && dst-len in 10-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12 && dst-len in 12-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16 && dst-len in 16-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22 && dst-len in 22-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.15; }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8 && dst-len in 8-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10 && dst-len in 10-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12 && dst-len in 12-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16 && dst-len in 16-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22 && dst-len in 22-32) { accept; }" /routing ospf interface-template add area=backbone-v2 cost=10 disabled=no interfaces=ether1 networks=192.168.99.0/29 type=ptp /snmp set contact="Acacio Correa " enabled=yes location="General Carneiro - PR" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name="Protek-Torre Recanto" /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Recanto.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Recanto\" file=backup-mikrotik_Recanto.rsc start-tls=yes" /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api"