# routerboard: yes # model: RB3011UiAS # serial-number: 757B0682038E # firmware-type: ipq8060 # factory-firmware: 3.27 # current-firmware: 6.45.6 # upgrade-firmware: 7.12.1 # # channel: stable # installed-version: 7.12.1 # # # 2024-07-15 10:34:59 by RouterOS 7.12.1 # software id = DWK5-4YML # # model = RB3011UiAS # serial number = 757B0682038E /interface bridge add name=bridge add name=loopbridge /interface ethernet set [ find default-name=ether3 ] comment=ROTEADOR name=ether3-painel set [ find default-name=ether4 ] comment=PTK-OMINI-COLINA-2.4 name=ether4-painel set [ find default-name=ether5 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full name=ether5-painel-NABOR set [ find default-name=ether6 ] comment=NABOR name=ether6-painel rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether7 ] comment="LINK - PP-PTK-COLINA" name=ether7-link set [ find default-name=ether9 ] advertise="10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT,5G-baseT,10G-baseT" comment=PTK-RKT-COLINA-01 set [ find default-name=ether10 ] comment=PP-PTK-GUILHERME /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool1 ranges=100.65.42.161-100.65.42.210 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.34.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.34.0/24 add name=pool-vpn ranges=192.168.16.0/24 /ipv6 pool add name=POOL-DHCP-V6-PD prefix=2804:4de8:1500::/40 prefix-length=64 add name=POOL-SLAAC-TUNEL-V6 prefix=2804:4de8:1600::/40 prefix-length=64 /port set 0 name=serial0 /ppp profile add dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 rate-limit=10m/10m remote-address=pool1 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static,modem router-id=192.168.200.24 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.24 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api" #error exporting "/interface/bridge/calea" /interface bridge port add bridge=bridge ingress-filtering=no interface=ether3-painel add bridge=bridge ingress-filtering=no interface=ether4-painel add bridge=bridge ingress-filtering=no interface=ether9 add bridge=bridge interface=ether8 /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add default-profile=profile1 disabled=no interface=bridge one-session-per-host=yes service-name=service1 add default-profile=profile1 disabled=no interface=ether10 one-session-per-host=yes service-name=pppoe_ptp_guilherme /ip address add address=192.168.200.24 interface=loopbridge network=192.168.200.24 add address=192.168.98.4/29 interface=ether7-link network=192.168.98.0 add address=192.168.103.17/29 interface=bridge network=192.168.103.16 add address=192.168.103.25/29 interface=bridge network=192.168.103.24 add address=192.168.103.113/29 interface=bridge network=192.168.103.112 add address=192.168.103.13/30 interface=bridge network=192.168.103.12 add address=192.168.99.73/29 interface=ether10 network=192.168.99.72 add address=192.168.101.121/29 interface=ether9 network=192.168.101.120 add address=192.168.101.137/29 interface=ether9 network=192.168.101.136 add address=192.168.99.25/29 interface=ether6-painel network=192.168.99.24 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting "/ip/firewall/calea" /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.34.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.34.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.34.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.34.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura /ip firewall nat add action=src-nat chain=srcnat src-address=100.64.38.0/23 to-addresses=45.236.84.196 add action=src-nat chain=srcnat src-address=100.64.38.0/23 to-addresses=45.236.84.196 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.34.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.34.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 add action=src-nat chain=srcnat src-address=192.168.16.0/24 to-addresses=45.236.84.7 /ip service set telnet disabled=yes set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb set allow-guests=no interfaces=loopbridge /ip smb shares set [ find default=yes ] disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 address add address=2804:4de8:1000::b/128 advertise=no interface=loopbridge add address=2804:4de8:1002:a::1 advertise=no interface=ether7-link add address=2804:4de8:1002:b::1 advertise=no interface=ether9 add address=2804:4de8:1002:17::1 advertise=no interface=ether4-painel /ipv6 nd set [ find default=yes ] advertise-dns=no /lcd set time-interval=hour /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torre.colina profile=profile1 service=pppoe add name=teste profile=profile1 service=pppoe add name=teste.loja profile=profile1 service=pppoe add name=lucas.123 profile=profile1 service=pppoe /radius add address=45.236.84.27 disabled=yes service=ppp src-address=192.168.200.24 add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.24 timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=no /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.24; accept; }" add chain=ospf-in disabled=yes rule="if (dst == 192.168.199.1) { set pref-src 192.168.200.24 }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) { accept }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) { accept }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) { accept }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) { accept }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) { accept }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether7-link networks=192.168.98.0/29 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether10 networks=192.168.99.72/29 priority=1 type=ptp use-bfd=no add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether6-painel networks=192.168.99.24/29 priority=1 add area=backbone-v3 cost=10 disabled=no interfaces=ether7-link priority=1 use-bfd=no add area=backbone-v3 cost=10 disabled=no interfaces=ether9 priority=1 use-bfd=no add area=backbone-v3 cost=10 disabled=no interfaces=ether4-painel priority=1 type=ptp use-bfd=no /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-Colina /system note set show-at-login=no /system ntp client set enabled=yes /system ntp server set manycast=yes /system ntp client servers add address=45.236.84.23 add address=200.189.40.8 /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2023-06-19 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Colina.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Colina\" file=backup-mikrotik_Colina.rsc start-tls=yes" /system watchdog set automatic-supout=no watch-address=192.168.98.1 watchdog-timer=no /tool e-mail set from=financeiro@proteknet.com.br port=465 server=smtps.uhserver.com.com user=financeiro@proteknet.com.br /tool romon set enabled=yes