# routerboard: yes # model: RB4011iGS+ # revision: r2 # serial-number: F0380F0988A7 # firmware-type: al2 # factory-firmware: 6.47.10 # current-firmware: 7.15.3 # upgrade-firmware: 7.15.3 # # channel: stable # installed-version: 7.15.3 # # # 2024-10-05 16:10:02 by RouterOS 7.15.3 # software id = DUPD-5PBB # # model = RB4011iGS+ # serial number = F0380F0988A7 /interface bridge add name=PP-PTK-HUESLEI port-cost-mode=short add name=PP-PTK-IRATINxFTVL port-cost-mode=short add name=PTK-GRD-IRATIN-01 port-cost-mode=short add name=PTK-PB-IRATIN-M5 port-cost-mode=short add name=loopbridge port-cost-mode=short /interface ethernet set [ find default-name=ether2 ] comment="LINK MARCIO" set [ find default-name=ether3 ] comment=PP-VILA-IRATIN set [ find default-name=ether4 ] comment=PP-PTK-COLINA set [ find default-name=ether5 ] comment=PTK-PP-RECANTO set [ find default-name=ether7 ] comment=PTK-GRD-IRATIN-01 set [ find default-name=ether8 ] comment="PP-Jefinho x Hueslei" set [ find default-name=ether9 ] comment=PTK-PWB-IRATIN-M5 set [ find default-name=ether10 ] comment="REDUNDANCIA 3011" /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool1_pppoe ranges=100.65.42.90-100.65.42.120 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.70.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.89.0/24 /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 dns-server=45.236.84.18,45.236.84.19 local-address=192.168.18.1 remote-address=pool1_pppoe /routing ospf instance add disabled=no name=default-v2 redistribute=connected router-id=192.168.200.27 add disabled=no name=backbone-v3 redistribute=connected router-id=192.168.200.27 version=3 /routing ospf area add disabled=no instance=default-v2 name=default-v2 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /interface bridge port add bridge=PTK-PB-IRATIN-M5 interface=ether9 internal-path-cost=10 path-cost=10 add bridge=PP-PTK-HUESLEI interface=ether8 internal-path-cost=10 path-cost=10 add bridge=PTK-GRD-IRATIN-01 interface=ether7 internal-path-cost=10 path-cost=10 add bridge=PP-PTK-HUESLEI interface=ether6 internal-path-cost=10 path-cost=10 /ip firewall connection tracking set udp-timeout=10s /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add disabled=no interface=PP-PTK-IRATINxFTVL one-session-per-host=yes service-name=PP-PTK-IRATINxFTVL add disabled=no interface=PTK-PB-IRATIN-M5 service-name=PTK-PB-IRATIN-M5 add disabled=no interface=ether3 one-session-per-host=yes service-name=pppoe add disabled=no interface=PP-PTK-HUESLEI one-session-per-host=yes service-name=PP-PTK-HUSLEI add disabled=no interface=PTK-GRD-IRATIN-01 one-session-per-host=yes service-name=PTK-GRD-IRATIN-01 /ip address add address=192.168.254.52/29 interface=ether2 network=192.168.254.48 add address=192.168.200.27 interface=loopbridge network=192.168.200.27 add address=192.168.254.57/29 interface=ether3 network=192.168.254.56 add address=192.168.99.1/29 interface=ether5 network=192.168.99.0 add address=192.168.98.1/29 interface=ether4 network=192.168.98.0 add address=192.168.104.161/30 interface=PTK-GRD-IRATIN-01 network=192.168.104.160 add address=192.168.104.165/30 interface=PP-PTK-HUESLEI network=192.168.104.164 add address=192.168.104.169/29 interface=PTK-PB-IRATIN-M5 network=192.168.104.168 add address=192.168.99.202/30 interface=ether10 network=192.168.99.200 add address=192.168.1.1/24 disabled=yes interface=ether6 network=192.168.1.0 add address=192.168.104.189/30 interface=PP-PTK-HUESLEI network=192.168.104.188 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=181.214.230.16 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 protocol=tcp src-address=172.21.70.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.70.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 protocol=tcp src-address=172.22.89.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.89.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address=172.21.70.0/24 to-addresses=181.214.230.16 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=181.214.230.16 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address=172.22.89.0/24 to-addresses=181.214.230.16 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=181.214.230.16 to-ports=8086 /ip service set telnet disabled=yes port=10023 set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address=45.236.86.37/32,45.236.84.34/32,45.236.84.0/22 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb shares set [ find default=yes ] directory=/pub /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=jefinho2 service=pppoe add name=torre.indubra service=pppoe add name=lucas.teste service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" require-message-auth=no service=ppp,hotspot,wireless src-address=192.168.200.27 timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /routing ospf interface-template add area=default-v2 cost=40 disabled=no interfaces=ether2 networks=192.168.254.48/29 priority=1 add area=default-v2 cost=30 disabled=no interfaces=ether10 networks=192.168.99.201/30 priority=1 add area=default-v2 cost=10 disabled=no interfaces=ether3 networks=192.168.254.56/29 priority=1 add area=default-v2 cost=10 disabled=no interfaces=ether5 networks=192.168.99.0/29 priority=1 type=ptp add area=default-v2 cost=10 disabled=no interfaces=ether4 networks=192.168.98.0/29 priority=1 type=ptp /snmp set contact="Acacio Correa " enabled=yes location="[-26.42434465, -51.31973698]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Jefinho_4011 /system note set show-at-login=no /system resource irq rps set sfp-sfpplus1 disabled=no /tool romon set enabled=yes