# routerboard: yes # model: RB2011iL # serial-number: 762507E9E066 # firmware-type: ar9344 # factory-firmware: 3.33 # current-firmware: 7.15.2 # upgrade-firmware: 7.15.2 # # channel: stable # installed-version: 7.15.2 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U filter rule added nzmmaster write 2024-10-03 12:21:31 # U user nzmmaster changed nzmmaster write 2024-10-03 12:18:58 # policy # U ip service changed nzmmaster write 2024-10-03 12:18:38 # U config changed nzmmaster write 2024-10-03 12:18:01 # U filter rule changed flwvlw write 2024-09-05 18:18:30 # U filter rule changed flwvlw write 2024-09-05 18:18:22 # # 2024-10-05 14:50:43 by RouterOS 7.15.2 # software id = W88V-93EL # # model = RB2011iL # serial number = 762507E9E066 /interface bridge add name=Giotti port-cost-mode=short add name=bridge1 port-cost-mode=short add name=loopbridge port-cost-mode=short /interface ethernet set [ find default-name=ether1 ] comment="LINK FIBRA" set [ find default-name=ether2 ] comment="PPPoE Everton" set [ find default-name=ether4 ] comment="Link -> Marco 5" /interface vlan add interface=ether1 name=vlan204 vlan-id=204 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip pool add name=pgcorte ranges=192.168.42.0/24 add name=pool1 ranges=100.65.25.200-100.65.25.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.40.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.40.0/24 /ip smb users set [ find default=yes ] disabled=yes /ipv6 pool add name=POOL-DHCP-V6-PD prefix=2804:4de8:1700::/40 prefix-length=64 add name=POOL-SLAAC-TUNEL-V6 prefix=2804:4de8:1800::/40 prefix-length=64 /ppp profile set *0 bridge=bridge1 dhcpv6-pd-pool=POOL-DHCP-V6-PD dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 remote-address=pool1 remote-ipv6-prefix-pool=POOL-SLAAC-TUNEL-V6 use-mpls=no add change-tcp-mss=yes dhcpv6-pd-pool=POOL-DHCP-V6-PD dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=Giotti rate-limit=100m/100m remote-address=pool1 remote-ipv6-prefix-pool=POOL-SLAAC-TUNEL-V6 use-mpls=no /routing bgp template set default disabled=no output.network=bgp-networks add as=268227 disabled=no name=as268227 output.redistribute="" router-id=192.168.200.30 /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.30 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.30 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /ip smb set interfaces=bridge1 /interface bridge port add bridge=bridge1 ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=ether7 internal-path-cost=10 path-cost=10 add bridge=Giotti ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 /ip firewall connection tracking set enabled=no udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=all /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=service1 add disabled=no interface=Giotti max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=Giotti /ip address add address=192.168.99.130/30 interface=ether1 network=192.168.99.128 add address=192.168.200.30 interface=loopbridge network=192.168.200.30 add address=192.168.99.133/30 interface=ether4 network=192.168.99.132 /ip dns set servers=45.236.84.18,45.236.84.19,2804:4de8:800:8000::18,2804:4de8:800:8000::19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.40.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.40.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.40.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.40.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura add action=fasttrack-connection chain=forward connection-state="" hw-offload=yes add action=accept chain=forward add action=drop chain=input dst-port=161 in-interface=ether1 protocol=udp src-address=!45.236.84.0/24 /ip firewall nat # dst-nat action is not possible when connection tracking is disabled add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.40.0/24 to-addresses=192.168.199.1 to-ports=8082 # dst-nat action is not possible when connection tracking is disabled add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 # dst-nat action is not possible when connection tracking is disabled add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.40.0/24 to-addresses=192.168.199.1 to-ports=8086 # dst-nat action is not possible when connection tracking is disabled add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip route add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=192.168.99.129 pref-src=192.168.200.30 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ipv6 route add disabled=no distance=121 dst-address=::/0 gateway=2804:4de8:1002:6::1 routing-table=main scope=30 target-scope=10 /ip service set telnet disabled=yes port=10023 set ftp disabled=yes port=10021 set www disabled=yes port=10080 set ssh address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.236.84.0/22,45.187.80.250/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb shares set [ find default=yes ] directory=/pub /ipv6 address add address=2804:4de8:1000::8/128 advertise=no interface=loopbridge add address=2804:4de8:1002:6::2 advertise=no interface=ether1 /ipv6 dhcp-server add address-pool=POOL-SLAAC-TUNEL-V6 interface=bridge1 lease-time=1h name=server1 /ipv6 nd set [ find default=yes ] disabled=yes managed-address-configuration=yes other-configuration=yes add interface=Giotti managed-address-configuration=yes other-configuration=yes add interface=bridge1 managed-address-configuration=yes other-configuration=yes /ppp aaa set interim-update=20m use-radius=yes /ppp secret add disabled=yes name=everton.g service=pppoe /radius add address=45.236.84.27 disabled=yes require-message-auth=no service=ppp src-address=192.168.200.30 add address=192.168.199.1 comment="IXCProvedor configuracao radius" require-message-auth=no service=ppp,hotspot,wireless src-address=192.168.200.30 timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=no /routing bgp connection add as=268227 disabled=no input.filter=iBGP-in local.address=2804:4de8:1002:6::1 .role=ibgp name=iBGP-as268227 output.default-originate=never .filter-chain=iBGP-out .redistribute="" remote.address=2804:4de8:1002:6::2/128 .allowed-as=268227 .as=268227 router-id=192.168.200.30 routing-table=main templates=as268227 /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.30; accept;}" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) {accept}" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) {accept}" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) {accept}" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) {accept}" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) {accept}" add chain=ospfv3-in disabled=no rule="if (dst in 2804:4de8::/32) { accept }" add chain=ospfv3-in disabled=no rule="if (dst in ::/0) { accept }" add chain=ospfv3-out disabled=no rule="if (dst in 2804:4de8::/32) { accept }" add chain=iBGP-in disabled=no rule="if (dst in 2804:4de8::/32) { accept }" add chain=iBGP-in disabled=no rule="if (dst in ::/0) { accept }" add chain=iBGP-out disabled=no rule="if (dst in 2804:4de8::/32) { accept }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether1 networks=192.168.99.128/30 priority=1 type=nbma add area=backbone-v3 cost=10 disabled=no interfaces=ether1 priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether4 networks=192.168.99.132/30 priority=1 /routing ospf static-neighbor add address=192.168.99.129%vlan204 area=backbone-v2 disabled=no poll-interval=1m add address=2804:4de8:1002:6::1%ether1 area=backbone-v3 disabled=no /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name="Protek - Ervateira Giotti" /system logging add disabled=yes topics=debug,ospf /system note set show-at-login=no /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2023-12-13 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_ErvateiraGiotti.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-ErvateiraGiotti\" file=backup-mikrotik_ErvateiraGiotti.rsc start-tls=yes" /system watchdog set automatic-supout=no watchdog-timer=no /tool e-mail set from=financeiro@proteknet.com.br port=465 server=smtps.uhserver.com user=financeiro@proteknet.com.br /tool romon set enabled=yes /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api"