# routerboard: yes # model: RB2011iL # revision: r3 # serial-number: D5240DDF10FC # firmware-type: ar9344 # factory-firmware: 6.47.8 # current-firmware: 7.7 # upgrade-firmware: 7.8 # # channel: stable # installed-version: 7.8 # # # software id = E087-Y8C2 # # model = RB2011iL # serial number = D5240DDF10FC /interface bridge add name=bridge1-Paineis add name=camera add name=loopback /interface ethernet set [ find default-name=ether1 ] name=ether1-Link set [ find default-name=ether3 ] comment=PP-CAxPZTO l2mtu=1580 set [ find default-name=ether4 ] advertise=10M-half,10M-full speed=100Mbps set [ find default-name=ether5 ] comment=PP-PTK-PZTxVILA set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full auto-negotiation=no set [ find default-name=ether7 ] comment=PTK-NN-HOTEL set [ find default-name=ether8 ] comment=PTK-ARG-PZT-01 set [ find default-name=ether9 ] comment=PTK-OMINI-PIZZATTO speed=10Mbps set [ find default-name=ether10 ] comment=PTK-GRD-OSMAR /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254 add name=pool-CGNAT ranges=100.65.4.192/26 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.26.1.0/24 /ip dhcp-server add address-pool=dhcp_pool2 interface=camera name=dhcp1 /ipv6 pool add name=pool_aviso_bloqueio_ipv6 prefix=2001:db8:3003::/56 prefix-length=64 /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=10.10.10.13 name=profile1 only-one=yes remote-address=pool-CGNAT use-compression=no use-encryption=no use-mpls=no use-upnp=no add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1_50mb only-one=yes rate-limit=10m/10m remote-address=pool-CGNAT use-compression=no use-encryption=no use-mpls=no use-upnp=no add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile2_20mb only-one=yes rate-limit=20m/20m remote-address=pool-CGNAT use-compression=no use-encryption=no use-mpls=no use-upnp=no /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.20 add disabled=no name=default-v3 originate-default=never redistribute=connected,static,modem router-id=192.168.200.20 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api" #error exporting /interface/bridge/calea /interface bridge filter # in/out-bridge-port matcher not possible when interface (ether3) is not slave add action=drop chain=forward in-interface=!ether3 /interface bridge port add bridge=bridge1-Paineis ingress-filtering=no interface=ether4 add bridge=bridge1-Paineis ingress-filtering=no interface=ether5 add bridge=bridge1-Paineis ingress-filtering=no interface=ether6 add bridge=bridge1-Paineis ingress-filtering=no interface=ether7 add bridge=bridge1-Paineis ingress-filtering=no interface=ether8 add bridge=bridge1-Paineis ingress-filtering=no interface=ether9 add bridge=bridge1-Paineis ingress-filtering=no interface=ether10 /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add default-profile=profile1_50mb disabled=no interface=bridge1-Paineis one-session-per-host=yes service-name="PPPoE Pizzatto" /ip address add address=10.0.0.113/28 comment=#Pizzatto interface=bridge1-Paineis network=10.0.0.112 add address=192.168.200.20 interface=loopback network=192.168.200.20 add address=192.168.254.44/29 interface=ether1-Link network=192.168.254.40 add address=10.0.0.193/29 interface=bridge1-Paineis network=10.0.0.192 add address=10.0.0.209/28 interface=bridge1-Paineis network=10.0.0.208 add address=192.168.99.20/29 interface=ether3 network=192.168.99.16 /ip cloud set ddns-enabled=yes /ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 add address=192.168.88.0/24 dns-server=45.236.84.18,45.236.84.19 gateway=192.168.88.1 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=45.236.84.18 list=dnsprotek add address=45.236.84.19 list=dnsprotek add address=45.236.84.20 list=dnsprotek add address=45.236.84.21 list=dnsprotek add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip/firewall/calea /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.26.1.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.26.1.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes /ip firewall nat add action=src-nat chain=srcnat disabled=yes out-interface=ether1-Link src-address=10.10.4.0/24 to-addresses=45.236.84.193 add action=src-nat chain=srcnat out-interface=ether1-Link src-address=192.168.88.0/24 to-addresses=192.168.200.20 add action=src-nat chain=srcnat out-interface=camera src-address=192.168.1.0/24 to-addresses=192.168.200.20 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.26.1.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 /ip service set telnet disabled=yes port=10023 set ftp disabled=yes port=2100 set www disabled=yes port=8080 set ssh address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22,181.214.230.16/32,192.168.199.1/32" port=10022 set api address="45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,181.214.230.16/32,192.168.199.1/32" set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22,181.214.230.16/32" port=25000 set api-ssl address="45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,181.214.230.16/32,192.168.199.1/32" /ip smb set allow-guests=no interfaces=loopback /ip smb shares set [ find default=yes ] disabled=yes /ip socks set max-connections=50 /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=fazendinha profile=profile2_20mb service=pppoe add name=curucaca profile=profile2_20mb service=pppoe add name=evento.pizzatto profile=profile1_50mb service=pppoe add name=fazendapizzatto profile=profile1_50mb service=pppoe add name=rafael.pizzatto profile=profile1_50mb service=pppoe add name=evento.pizzatto2 profile=profile1_50mb service=pppoe add comment=Roteador-Torre name=lucas.123 profile=profile2_20mb service=pppoe add name=evento1 profile=profile2_20mb service=pppoe add comment=Roteador-Torre name=torre.pizzatto profile=profile2_20mb service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.20 timeout=3s add address=45.236.84.27 service=ppp src-address=192.168.200.20 /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.20; }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether1-Link networks=192.168.254.40/29 priority=1 type=ptp add area=backbone-v2 auth-id=1 disabled=no interfaces=ether3 networks=192.168.99.16/29 priority=1 /snmp set contact="Acacio Correa " enabled=yes location="[-26.42369371, -51.32975503]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-Torre_Pizzatto /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 add address=200.189.40.8 /system watchdog set watchdog-timer=no /tool romon set enabled=yes