# routerboard: yes # model: 750 # serial-number: 467804D89536 # firmware-type: ar7240 # factory-firmware: 3.10 # current-firmware: 6.44.5 # upgrade-firmware: 6.46.8 # # channel: long-term # installed-version: 6.46.8 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U device changed lucas write # U device changed lucas write # U device changed lucas write # U address changed flwvlw write # U address changed flwvlw write # U bridge port changed lucas write # U bridge port changed lucas write # U address added lucas write # # software id = 237J-DEJ5 # # model = 750 # serial number = 467804D89536 /interface bridge add name=PTK-BLT-FZD-02 add name=PTK-NN-DUDA add name=ProtekNet_Colina add name=Roteador add name=bridge1 add name=loopbridge /interface ethernet set [ find default-name=ether1 ] comment="=== >>>> Torre Seu Pedro Link" set [ find default-name=ether2 ] comment=PTK-MKT-GUILHERME set [ find default-name=ether3 ] comment=PROBLEMA disabled=yes set [ find default-name=ether4 ] comment=PTK-NN-GUI-01 set [ find default-name=ether5 ] comment=PTK-NN-GUI-03 /ip pool add name=pool-cgnat ranges=100.65.27.0/24 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.29.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.29.0/24 /ipv6 pool add name=POOL-DHCP-V6-PD prefix=2804:4de8:1900::/40 prefix-length=64 add name=POOL-SLAAC-TUNEL-V6 prefix=2804:4de8:1a00::/40 prefix-length=64 /ppp profile add change-tcp-mss=yes local-address=192.168.40.1 name=profile1 remote-address=pool-cgnat use-ipv6=no use-mpls=no use-upnp=no add local-address=192.168.40.1 name=bombeiro rate-limit=5m/5m remote-address=0.0.0.0 use-ipv6=no use-mpls=no /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=192.168.200.19 /routing ospf-v3 instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=192.168.200.19 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!dude,!tikapp" #error exporting /interface bridge calea /interface bridge port add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set rp-filter=loose tcp-syncookies=yes /interface pppoe-server server add default-profile=profile1 disabled=no interface=bridge1 one-session-per-host=yes service-name=pppoe add default-profile=profile1 disabled=no interface=ProtekNet_Colina one-session-per-host=yes service-name=ProtekNet_Colina add default-profile=profile1 disabled=no interface=PTK-NN-DUDA one-session-per-host=yes service-name=PTK-NN-DUDA /ip address add address=192.168.99.76/29 interface=ether1 network=192.168.99.72 add address=192.168.200.19 interface=loopbridge network=192.168.200.19 add address=192.168.100.77/30 interface=bridge1 network=192.168.100.76 add address=192.168.103.65/28 interface=bridge1 network=192.168.103.64 add address=192.168.1.1/24 interface=ether5 network=192.168.1.0 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip firewall calea /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.29.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.29.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.29.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.29.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.29.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.29.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip route add distance=121 gateway=192.168.99.73 /ip service set telnet disabled=yes port=10023 set ftp disabled=yes set www disabled=yes port=10080 set ssh address=45.236.84.0/22,45.236.84.34/32,45.236.86.37/32 port=10022 set api address=45.236.84.25/32,45.236.84.26/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.86.37/32,45.236.84.34/32,45.236.84.0/22 port=25000 set api-ssl disabled=yes /ip smb set allow-guests=no interfaces=loopbridge /ip smb shares set [ find default=yes ] disabled=yes /ipv6 address add address=2804:4de8:1000::c/128 advertise=no interface=loopbridge add address=2804:4de8:1002:b::2 advertise=no interface=ether1 /ipv6 nd set [ find default=yes ] advertise-dns=no /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torre.guilherme password=gnt58wifi profile=profile1 service=pppoe add name=teste password=Ac4c10 profile=profile1 service=pppoe add name=repetidora.bombeiro password=Ac4c10 profile=profile1 service=pppoe add name=teste.loja password=teste profile=profile1 service=pppoe add name=lucas.123 password=Ac4c10 profile=profile1 service=pppoe /radius add address=45.236.84.27 disabled=yes secret=proinfo25. service=ppp src-address=192.168.200.19 add address=192.168.199.1 comment="IXCProvedor configuracao radius" secret=E9LBShp4VREdXpMnsKNmmy service=ppp,hotspot,wireless src-address=192.168.200.19 timeout=3s /radius incoming set accept=yes /routing filter add chain=ospf-in prefix=0.0.0.0/0 set-pref-src=192.168.200.19 add action=accept chain=ospf-in prefix=10.0.0.0/8 prefix-length=8-32 add action=accept chain=ospf-in prefix=100.64.0.0/10 prefix-length=10-32 add action=accept chain=ospf-in prefix=172.16.0.0/12 prefix-length=12-32 add action=accept chain=ospf-in prefix=192.168.0.0/16 prefix-length=16-32 add action=accept chain=ospf-in prefix=45.236.84.0/22 prefix-length=22-32 /routing ospf interface add passive=yes add interface=ether1 network-type=point-to-point /routing ospf network add area=backbone network=192.168.99.72/29 /routing ospf-v3 interface add area=backbone interface=ether1 /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name="Protek - Guilherme" /system ntp client set enabled=yes primary-ntp=45.236.84.23 secondary-ntp=200.189.40.8 /system package update set channel=long-term /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jun/19/2023 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Guilherme.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Guilherme\" file=backup-mikrotik_Guilherme.rsc start-tls=yes" /tool e-mail set address=smtps.uhserver.com.com from=financeiro@proteknet.com.br password=Protek-net-13 port=465 user=financeiro@proteknet.com.br