# routerboard: yes # model: RB2011UiAS # serial-number: 697C06C91769 # firmware-type: ar9344 # factory-firmware: 3.24 # current-firmware: 7.7 # upgrade-firmware: 7.7 # # channel: stable # installed-version: 7.7 # # Flags: U, F - FLOATING-UNDO # Columns: ACTION, BY, POLICY # ACTION BY POLICY # U RoMON configuration changed nzmmaster write # U config changed nzmmaster write # U ip service changed flwvlw write # U user nzmmaster changed flwvlw write # policy # U device changed flwvlw write # U device changed flwvlw write # U device changed flwvlw write # U dhcp lease removed flwvlw write # # software id = GC10-QA3Z # # model = RB2011UiAS # serial number = 697C06C91769 /interface bridge add disabled=yes name=bdg-switch add name=loopbridge add name=pppoe /interface ethernet set [ find default-name=ether1 ] comment="Clientes Predio" speed=100Mbps set [ find default-name=ether3 ] comment="CGNAT LINK" set [ find default-name=ether4 ] comment="CGNAT LINK" set [ find default-name=ether8 ] comment="CCR PINHAO" set [ find default-name=ether9 ] comment=BUGADA disabled=yes /interface vlan add interface=ether2 name=vlan1499-uplink vlan-id=1499 add interface=ether2 name=vlan1500-ranpom vlan-id=1500 add interface=ether2 name=vlan1501-posto-giacomini vlan-id=1501 /interface bonding add mode=802.3ad name=bonding-predio slaves=ether3,ether4 transmit-hash-policy=layer-2-and-3 /interface list add name=ifWAN /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=10.1.1.2-10.1.1.240 add name=dhcp_pool1 ranges=192.168.0.150-192.168.0.254 add name=poolCGNat ranges=100.64.0.1-100.64.0.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.31.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.31.0/24 /ip dhcp-server add address-pool=dhcp_pool0 interface=vlan1500-ranpom name=dhcp1 add address-pool=dhcp_pool1 interface=vlan1501-posto-giacomini name=dhcp2 /ipv6 pool add name=DHCP-PD prefix=2804:4de8:d000::/40 prefix-length=56 add name=SLAAC-Prefix prefix=2804:4de8:d100::/40 prefix-length=64 /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes dhcpv6-pd-pool=DHCP-PD dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 rate-limit=500m/500m remote-address=poolCGNat remote-ipv6-prefix-pool=SLAAC-Prefix use-compression=no use-mpls=no use-upnp=no add dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile2 rate-limit=200m/200m remote-address=poolCGNat use-compression=no use-ipv6=no use-mpls=no use-upnp=no add dns-server=45.236.84.18 local-address=192.168.40.1 name=profile3 rate-limit=120m/120m remote-address=poolCGNat use-compression=no use-ipv6=no use-mpls=no wins-server=45.236.84.19 add change-tcp-mss=yes dns-server=45.236.84.18 local-address=192.168.40.1 name=profile4 rate-limit=500m/500m remote-address=poolCGNat use-compression=no use-ipv6=no use-mpls=no use-upnp=no wins-server=45.236.84.19 add change-tcp-mss=yes dns-server=45.236.84.18 local-address=192.168.40.1 name=profile5 rate-limit=15m/15m remote-address=poolCGNat use-compression=no use-ipv6=no use-mpls=no use-upnp=no wins-server=45.236.84.19 add change-tcp-mss=yes dhcpv6-pd-pool=POOL-DHCP-V6-PD local-address=192.168.40.1 name=teste-ipv6 rate-limit=21m/21m remote-address=poolCGNat remote-ipv6-prefix-pool=POOL-SLAAC-TUNEL-V6 use-compression=no use-encryption=no use-mpls=no use-upnp=no /queue simple add max-limit=500M/500M name=queue-Ranpom target=vlan1500-ranpom add max-limit=500M/500M name=queue-Posto-Mercado target=vlan1501-posto-giacomini /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.21 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.21 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=45.236.84.0/24,192.168.0.0/16 name=public-noway /system logging action set 3 remote=192.168.248.68 src-address=45.236.87.22 /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api" #error exporting /interface/bridge/calea /interface bridge port add bridge=pppoe interface=ether1 /ip neighbor discovery-settings set discover-interface-list=all /ip settings set max-neighbor-entries=8192 tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface list member add interface=vlan1499-uplink list=ifWAN add interface=bonding-predio list=ifWAN /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=pppoe max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=predio add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=ether8 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=service1 /ip address add address=45.236.87.9/29 interface=vlan1500-ranpom network=45.236.87.8 add address=10.1.1.1/24 interface=vlan1500-ranpom network=10.1.1.0 add address=45.236.87.22/30 interface=vlan1499-uplink network=45.236.87.20 add address=192.168.0.1/24 interface=vlan1501-posto-giacomini network=192.168.0.0 add address=45.236.87.28 interface=vlan1501-posto-giacomini network=45.236.87.28 add address=192.168.200.21 interface=loopbridge network=192.168.200.21 add address=192.168.254.190/30 interface=bonding-predio network=192.168.254.188 add address=45.236.87.26/30 interface=bonding-predio network=45.236.87.24 add address=192.168.104.145/29 interface=ether8 network=192.168.104.144 /ip dhcp-server network add address=10.1.1.0/24 gateway=10.1.1.1 add address=192.168.0.0/24 gateway=192.168.0.1 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip/firewall/calea /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.31.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.31.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.31.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.31.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes add action=accept chain=forward connection-state=established,related /ip firewall mangle add action=change-mss chain=forward disabled=yes new-mss=clamp-to-pmtu passthrough=yes protocol=tcp src-address=10.1.1.0/24 tcp-flags=syn /ip firewall nat add action=src-nat chain=srcnat out-interface=vlan1499-uplink src-address=10.1.1.0/24 to-addresses=45.236.87.28 add action=src-nat chain=srcnat out-interface=vlan1499-uplink src-address=192.168.0.0/24 to-addresses=45.236.87.28 add action=src-nat chain=srcnat out-interface=bonding-predio src-address=10.1.1.0/24 to-addresses=45.236.87.28 add action=src-nat chain=srcnat out-interface=bonding-predio src-address=192.168.0.0/24 to-addresses=45.236.87.28 add action=dst-nat chain=dstnat comment="DVR RAMPON MADEIRAS" dst-address=45.236.87.10 dst-port=3389 in-interface=vlan1499-uplink protocol=tcp to-addresses=10.1.1.26 add action=dst-nat chain=dstnat comment="DVR RAMPON MADEIRAS" dst-address=45.236.87.11 dst-port=9000 in-interface=vlan1499-uplink protocol=tcp to-addresses=45.236.87.11 add action=dst-nat chain=dstnat comment="acesso remoto pc fernando" dst-address=45.236.87.9 dst-port=3389 in-interface=vlan1499-uplink protocol=tcp to-addresses=10.1.1.16 add action=dst-nat chain=dstnat comment="PORTA TS LIBERADA PARA MERCADO" dst-address=45.236.87.28 dst-port=4141 in-interface=vlan1499-uplink protocol=tcp to-addresses=192.168.0.147 to-ports=3389 add action=dst-nat chain=dstnat comment="PORTA TS LIBERADA PARA MERCADO" dst-address=45.236.87.28 dst-port=4141 in-interface=vlan1499-uplink protocol=tcp to-addresses=192.168.0.19 to-ports=3389 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.31.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.31.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="Redir para contabilidade Mercado" dst-address=45.236.87.28 dst-port=3389 protocol=tcp src-address=186.211.103.8 to-addresses=192.168.0.19 /ip route add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=45.236.87.21 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp address=45.236.84.24/32,45.236.84.25/32 disabled=yes port=10021 set www disabled=yes port=10080 set ssh address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22" port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.236.84.1/32" port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb set allow-guests=no interfaces=loopbridge /ip smb shares set [ find default=yes ] disabled=yes /ipv6 address add address=2804:4de8:800:4000::2 advertise=no interface=bonding-predio /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=dvr.protek profile=profile1 service=pppoe /radius add address=45.236.84.27 disabled=yes service=ppp src-address=192.168.200.21 add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.21 timeout=3s /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { accept; }" add chain=ospf-in disabled=yes rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.21; accept; }" add chain=ospf-in disabled=yes rule="if (dst == 192.168.199.1) { set pref-src 192.168.200.21 }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) { accept }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) { accept }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) { accept }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) { accept }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) { accept }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=50 disabled=no interfaces=vlan1499-uplink networks=45.236.87.20/30 priority=1 add area=backbone-v2 auth-id=2 auth-key=uoalouola1 cost=10 disabled=no interfaces=bonding-predio networks=45.236.87.24/30 add area=backbone-v3 auth-id=2 auth-key=uoalouola1 cost=10 disabled=no interfaces=bonding-predio priority=1 /snmp set contact="Acacio " enabled=yes location="General Carneiro/PR" trap-version=3 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-Cliente-Predio /system logging add action=remote topics=critical add action=remote topics=error add action=remote topics=info,!dhcp add action=remote topics=warning /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jun/19/2023 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Cliente.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Cliente\" file=backup-mikrotik_Cliente.rsc start-tls=yes" /tool e-mail set address=smtps.uhserver.com.com from=financeiro@proteknet.com.br port=465 user=financeiro@proteknet.com.br /tool romon set enabled=yes