# routerboard: yes # model: RB3011UiAS # serial-number: 71A006D0D42A # firmware-type: ipq8060 # factory-firmware: 3.27 # current-firmware: 7.15.3 # upgrade-firmware: 7.15.3 # # channel: stable # installed-version: 7.15.3 # # # 2024-10-05 17:14:49 by RouterOS 7.15.3 # software id = 9CZT-HYGG # # model = RB3011UiAS # serial number = 71A006D0D42A /interface bridge add name=Roteador port-cost-mode=short add fast-forward=no name=bridge1-Paineis port-cost-mode=short add fast-forward=no name=loopback port-cost-mode=short /interface ethernet set [ find default-name=ether1 ] disabled=yes name=ether1-POE set [ find default-name=ether2 ] comment="LINK- VILA RURAL ( REDUNDANCIA)" set [ find default-name=ether3 ] comment=PTP-FITA-VELHA set [ find default-name=ether4 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full comment=ROTEADOR set [ find default-name=ether5 ] comment=PTK-RKT-IRATIN-02 set [ find default-name=ether6 ] comment=PTK-RKT-IRATIN-01 set [ find default-name=ether7 ] comment=PTK-PB-IRATIN-M2 set [ find default-name=ether8 ] disabled=yes set [ find default-name=ether9 ] comment="PTK-VIRGILIO-02(AP)" set [ find default-name=ether10 ] comment="LINK 4011 VINDO DO MARCIO" /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=Protek-SBSJ1 /ip pool add name=pool_pppoe ranges=100.65.42.41-100.65.42.90 add name=pgcorte ranges=192.168.19.0/24 add name=dhcp_pool5 ranges=192.168.3.2-192.168.3.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.32.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.32.0/24 /ip smb users set [ find default=yes ] disabled=yes /ipv6 pool add name=POOL-DHCP-V6-PD prefix=2804:4de8:1b00::/40 prefix-length=64 add name=POOL-SLAAC-TUNEL-V6 prefix=2804:4de8:1c00::/40 prefix-length=64 /port set 0 name=serial0 /ppp profile set *0 dns-server=45.236.84.18,45.236.84.19 local-address=192.168.18.1 only-one=yes rate-limit=1m/2m remote-address=pool_pppoe session-timeout=1d23h use-ipv6=no use-mpls=no add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.18.1 name=10mb only-one=yes rate-limit=10m/10m remote-address=pool_pppoe session-timeout=1d23h use-ipv6=no use-mpls=no set *FFFFFFFE dns-server=45.236.84.18,45.236.84.19 local-address=192.168.18.1 rate-limit=1m/2m remote-address=pool_pppoe use-ipv6=no /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.22 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.22 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes add addresses=0.0.0.0/0 name=airspan write-access=yes /system logging action set 0 memory-lines=100 set 1 disk-lines-per-file=100 /ip smb set interfaces=loopback /interface bridge filter # no interface add action=accept chain=input in-bridge=*F # no interface add action=accept chain=input in-bridge=*11 src-mac-address=DC:9F:DB:EC:7A:4B/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*C src-mac-address=00:27:22:3C:77:88/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*D src-mac-address=00:15:6D:3C:3E:83/FF:FF:FF:FF:FF:FF add action=accept chain=input mac-protocol=pppoe-discovery add action=accept chain=input mac-protocol=pppoe add action=drop chain=input disabled=yes /interface bridge port add bridge=bridge1-Paineis ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis interface=ether5 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis interface=ether6 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis interface=ether7 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis interface=ether8 internal-path-cost=10 path-cost=10 add bridge=bridge1-Paineis interface=ether9 internal-path-cost=10 path-cost=10 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes /ip firewall connection tracking set enabled=yes udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=1024 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add disabled=no interface=bridge1-Paineis max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PPPoE add disabled=no interface=bridge1-Paineis max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PTK-RKT-IRATIN-01 /interface pptp-server server # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead set default-profile=*2 enabled=yes max-mru=1460 max-mtu=1460 /ip address add address=10.0.0.161/27 comment=#Paineis/Bridge interface=bridge1-Paineis network=10.0.0.160 add address=192.168.200.22 interface=loopback network=192.168.200.22 add address=192.168.3.1/24 interface=Roteador network=192.168.3.0 add address=192.168.103.101/30 interface=bridge1-Paineis network=192.168.103.100 add address=192.168.100.89/30 interface=bridge1-Paineis network=192.168.100.88 add address=10.0.0.225/28 interface=bridge1-Paineis network=10.0.0.224 add address=192.168.254.76/29 interface=ether2 network=192.168.254.72 add address=192.168.22.1/30 interface=ether2 network=192.168.22.0 add address=192.168.99.201/30 interface=ether10 network=192.168.99.200 add address=192.168.104.57/29 interface=bridge1-Paineis network=192.168.104.56 add address=192.168.104.100/29 interface=bridge1-Paineis network=192.168.104.96 add address=192.168.99.193/29 interface=bridge1-Paineis network=192.168.99.192 /ip dhcp-server add address-pool=dhcp_pool5 disabled=yes interface=ether3 lease-time=10m name=server1 /ip dns set max-udp-packet-size=512 servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=accept chain=input disabled=yes src-address-list=acesso-ok add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.32.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.32.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.32.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.32.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura add action=fasttrack-connection chain=forward disabled=yes hw-offload=yes add action=accept chain=forward disabled=yes /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.32.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.32.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip route add disabled=no distance=121 dst-address=100.65.38.0/24 gateway=192.168.99.4 add disabled=no distance=121 dst-address=45.236.87.253/32 gateway=192.168.99.4 /ip service set telnet disabled=yes port=10023 set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address=45.236.86.37/32,45.236.84.34/32,45.236.84.0/22 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb shares set [ find default=yes ] directory=/pub /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 address add address=2804:4de8:1000::a/128 advertise=no interface=loopback add address=2804:4de8:1002:a::2 advertise=no interface=ether4 add address=2804:4de8:1002:c::1 advertise=no interface=ether2 add address=2804:4de8:1002:d::1 advertise=no interface=ether7 /ipv6 nd set [ find default=yes ] advertise-dns=no /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torre.indubra profile=*13 service=pppoe add name=jefinho2 profile=*13 service=pppoe add comment="Cliente queria uma passagem, cobrado R\$1000,00 pelo servi\E7o" disabled=yes name=virgilio.capataz profile=*13 service=pppoe add name=repetidora.bombeiro service=pppoe add name=antonio.muller profile=*13 service=pppoe add name=torre.jefinho profile=*13 service=pppoe add name=eliseu2 service=pppoe add comment=roteador-rpt-nicanor name=teste.loja profile=*13 service=pppoe add name=torre.nicanor service=pppoe add name=gustavo.vensao profile=10mb service=pppoe add disabled=yes name=alegambeta profile=10mb service=pppoe add name=lucas.teste profile=10mb service=pppoe /radius add address=45.236.84.27 disabled=yes require-message-auth=no service=ppp src-address=192.168.200.22 timeout=900ms add address=192.168.199.1 comment="IXCProvedor configuracao radius" require-message-auth=no service=ppp,hotspot,wireless src-address=192.168.200.22 timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=no /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.22; accept; }" add chain=ospf-in disabled=yes rule="if (dst == 192.168.199.1) { set pref-src 192.168.200.22 }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) { accept }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) { accept }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) { accept }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) { accept }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) { accept }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=bridge1-Paineis networks=10.0.0.160/27 passive priority=1 use-bfd=no add area=backbone-v2 auth-id=1 auth-key="" cost=30 disabled=no interfaces=ether10 networks=192.168.99.201/30 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether2 networks=192.168.22.0/30 priority=1 type=ptp /routing ospf static-neighbor add address=192.168.99.4%ether9 area=backbone-v2 disabled=no poll-interval=1m /snmp set contact="Acacio Correa " enabled=yes location="[-26.42434465, -51.31973698]" trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Sao_Paulo /system identity set name="Protek - Jefinho" /system logging set 1 topics=error,!ospf /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 add address=200.160.0.8 /system scheduler add disabled=yes interval=1d name=bkps on-event=bkps policy=ftp,read,write,policy,test,password,sensitive start-date=2013-05-22 start-time=04:04:00 add disabled=yes interval=1w name=reboot on-event="/system reboot" policy=ftp,reboot,read,write,policy,test start-date=2013-12-16 start-time=04:00:00 add disabled=yes name=schedule1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2017-12-15 start-time=08:35:00 add disabled=yes interval=52w1d name=reboot-ospf on-event="/system reboot" policy=reboot,read,write,policy,test,password,sensitive start-date=2018-04-19 start-time=01:36:00 add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2023-06-19 start-time=04:00:00 /system script add dont-require-permissions=no name=bkps owner=admin policy=ftp,read,write,policy,test,password,sensitive source="# automated backup 2\_External ftp\r\n\r\n# ftp configuration\r\n:local ftphost \"192.168.248.2\"\r\n:local ftpuser \"protek\"\r\n:local ftppassword \"protek-net-13\"\r\n:local ftppath \"ftp_files/\"\r\n\r\n# months array\r\n:local months (\"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\"aug\",\"sep\",\"oct\",\"nov\",\"dec\");\r\n\r\n# get time\r\n:local ts [/system clock get time]\r\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\n\r\n# get Date\r\n:local ds [/system clock get date]\r\n# convert name of month to number\r\n:local month [ :pick \$ds 0 3 ];\r\n:local mm ([ :find \$months \$month -1 ] + 1);\r\n:if (\$mm < 10) do={ :set mm (\"0\" . \$mm); }\r\n# set \$ds to format YYYY-MM-DD\r\n:set ds ([:pick \$ds 7 11] . \$mm . [:pick \$ds 4 6])\r\n\r\n# file name for system backup - file name will be UMDB-servername-date-time.backup\r\n:local fname1 (\"/UMDB-\".[/system identity get name].\"-\".\$ds.\"-\".\$ts.\".backup\")\r\n# file name for config export - file name will be UMDB-servername-date-time.rsc\r\n:local fname2 (\"/UMDB-\".[/system identity get name].\"-\".\$ds.\"-\".\$ts.\".rsc\")\r\n\r\n# backup the data\r\n/system backup save name=\$fname1\r\n:log info message=\"System backup finished (1/2).\";\r\n/export file=\$fname2\r\n:log info message=\"Config export finished (2/2).\"\r\n\r\n# upload the system backup\r\n:log info message=\"Uploading system backup (1/2).\"\r\n/tool fetch address=\"\$ftphost\" src-path=\$fname1 user=\"\$ftpuser\" mode=ftp password=\"\$ftppassword\" dst-path=\"\$ftppath/\$fname1\" upload=yes\r\n# upload the config export\r\n:log info message=\"Uploading config export (2/2).\"\r\n/tool fetch address=\"\$ftphost\" src-path=\$fname2 user=\"\$ftpuser\" mode=ftp password=\"\$ftppassword\" dst-path=\"\$ftppath/\$fname2\" upload=yes\r\n\r\n# delay time to finish the upload - increase it if your backup file is big\r\n:delay 10s;\r\n# find file name start with UMDB- then remove\r\n:foreach i in=[/file find] do={ :if ([:typeof [:find [/file get \$i name] \"UMDB-\"]]!=\"nil\") do={/file remove \$i}; }\r\n:log info message=\"Configuration backup finished.\";\r\n" add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Jefinho.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Jefinho\" file=backup-mikrotik_Jefinho.rsc start-tls=yes" /system watchdog set ping-start-after-boot=10m watchdog-timer=no /tool e-mail set from=financeiro@proteknet.com.br port=465 server=smtps.uhserver.com.com user=financeiro@proteknet.com.br /tool netwatch add disabled=yes down-script=":log info \"Problema interface ether10\"\r\n:log info \"Desabilitando interface ether10 por 5 segundos\"\r\n/interface ethernet disable [find name=\"ether10\"]\r\nping 192.168.200.2 count=5\r\n:log info \"Reabilitando interface ether10\"\r\n/interface ethernet enable [find name=\"ether10\"]" host=192.168.100.70 interval=1m timeout=1s type=simple add disabled=yes down-script=":log info \"Problema interface ether2\"\r\n:log info \"Desabilitando interface ether2 por 5 segundos\"\r\n/interface ethernet disable [find name=\"ether2\"]\r\nping 192.168.200.2 count=5\r\n:log info \"Reabilitando interface ether2\"\r\n/interface ethernet enable [find name=\"ether2\"]" host=192.168.100.130 interval=1m timeout=1s type=simple add disabled=yes down-script=":log info \"Problema interface ether6\"\r\n:log info \"Desabilitando interface ether6 por 5 segundos\"\r\n/interface ethernet disable [find name=\"ether6\"]\r\nping 192.168.200.2 count=5\r\n:log info \"Reabilitando interface ether6\"\r\n/interface ethernet enable [find name=\"ether6\"]" host=192.168.100.138 interval=1m timeout=1s type=simple /tool romon set enabled=yes /tool sniffer set file-name=teste filter-interface=*F18616 filter-port=8081 /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api"