# routerboard: yes # model: CCR1009-8G-1S # serial-number: 588E048F3701 # firmware-type: tilegx # factory-firmware: 3.19 # current-firmware: 7.12.1 # upgrade-firmware: 7.12.1 # # channel: stable # installed-version: 7.12.1 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U device changed lucas write 2024-07-04 22:11:31 # U device changed lucas write 2024-07-04 22:11:28 # # 2024-07-15 09:06:26 by RouterOS 7.12.1 # software id = YC9P-DDG1 # # model = CCR1009-8G-1S # serial number = 588E048F3701 /interface bridge add fast-forward=no name=loopbridge add name=vlan /interface ethernet set [ find default-name=ether2 ] comment="LINK - Vilmar x C\E9u Azul" name="ether2 - Link - Vilmar x CA" set [ find default-name=ether3 ] advertise=100M-baseT-full,1G-baseT-full comment="Vilmar X marco5 ( redundancia) 100mb" set [ find default-name=ether4 ] comment=controlador set [ find default-name=ether5 ] comment="SANTA ROSA" name=ether5-starosa set [ find default-name=ether6 ] comment="OMINI 2.4" set [ find default-name=ether7 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full comment=VLAN set [ find default-name=ether8 ] comment="PP PELE" /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool ranges=100.65.16.2-100.65.16.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.19.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.19.0/24 /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 bridge=vlan dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 remote-address=pool add bridge=vlan change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 rate-limit=10m/10m remote-address=pool use-upnp=no /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.9 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.9 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api,!web,!romon,!rest-api" add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,password,sensitive,!reboot,!winbox,!web,!sniff,!api,!romon,!rest-api" #error exporting "/interface/bridge/calea" /interface bridge filter add chain=input in-bridge=loopbridge # no interface add action=accept chain=input in-bridge=*A src-mac-address=00:27:22:64:11:28/FF:FF:FF:FF:FF:FF add action=accept chain=input in-bridge=loopbridge src-mac-address=00:00:00:00:00:00/00:00:00:00:00:00 # no interface add action=accept chain=input in-bridge=*D src-mac-address=00:27:22:2A:85:33/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*A src-mac-address=00:27:22:BA:57:C4/FF:FF:FF:FF:FF:FF add action=accept chain=input mac-protocol=pppoe-discovery add action=accept chain=input mac-protocol=pppoe add action=drop chain=input disabled=yes add chain=input in-bridge=loopbridge # no interface add action=accept chain=input in-bridge=*A src-mac-address=00:27:22:64:11:28/FF:FF:FF:FF:FF:FF add action=accept chain=input in-bridge=loopbridge src-mac-address=00:00:00:00:00:00/00:00:00:00:00:00 # no interface add action=accept chain=input in-bridge=*D src-mac-address=00:27:22:2A:85:33/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*A src-mac-address=00:27:22:BA:57:C4/FF:FF:FF:FF:FF:FF add action=accept chain=input mac-protocol=pppoe-discovery add action=accept chain=input mac-protocol=pppoe add action=drop chain=input disabled=yes /interface bridge port add bridge=vlan ingress-filtering=no interface=ether1 add bridge=vlan interface=ether7 add bridge=vlan interface=ether6 /ip neighbor discovery-settings set discover-interface-list=all /ip settings set rp-filter=loose tcp-syncookies=yes /ipv6 settings set disable-ipv6=yes /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add disabled=no interface=vlan one-session-per-host=yes service-name=PPPOE_VLAN /ip address add address=192.168.254.1/29 interface="ether2 - Link - Vilmar x CA" network=192.168.254.0 add address=192.168.200.9 interface=loopbridge network=192.168.200.9 add address=192.168.100.121/30 interface=vlan network=192.168.100.120 add address=192.168.100.33/30 interface=vlan network=192.168.100.32 add address=192.168.99.49/29 interface=ether8 network=192.168.99.48 add address=192.168.99.169/29 interface=ether5-starosa network=192.168.99.168 add address=192.168.100.189/30 interface=vlan network=192.168.100.188 add address=192.168.103.1/29 interface=vlan network=192.168.103.0 add address=192.168.99.116/29 interface=ether3 network=192.168.99.112 add address=192.168.103.129/29 interface=vlan network=192.168.103.128 add address=192.168.103.121/29 interface=vlan network=192.168.103.120 add address=192.168.100.137/29 interface=vlan network=192.168.100.136 add address=192.168.100.97/29 interface=ether6 network=192.168.100.96 add address=192.168.5.1/30 interface=ether4 network=192.168.5.0 add address=192.168.1.1/24 disabled=yes interface=ether7 network=192.168.1.0 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting "/ip/firewall/calea" /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.19.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.19.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address=172.22.19.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.19.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura /ip firewall nat add action=src-nat chain=srcnat disabled=yes src-address=192.168.32.0/24 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=192.168.99.184/29 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=186.211.110.224/27 to-addresses=45.236.84.9 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.100.9 dst-port=80,443 protocol=tcp to-addresses=192.168.99.90 add action=src-nat chain=srcnat disabled=yes src-address=192.168.32.0/24 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=186.211.110.224/27 to-addresses=45.236.84.9 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.100.9 dst-port=80,443 protocol=tcp to-addresses=192.168.99.90 add action=src-nat chain=srcnat disabled=yes src-address=192.168.32.0/24 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=192.168.99.184/29 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=186.211.110.224/27 to-addresses=45.236.84.9 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.100.9 dst-port=80,443 protocol=tcp to-addresses=192.168.99.90 add action=src-nat chain=srcnat disabled=yes src-address=192.168.32.0/24 to-addresses=45.236.84.9 add action=src-nat chain=srcnat disabled=yes src-address=186.211.110.224/27 to-addresses=45.236.84.9 add action=dst-nat chain=dstnat comment="Redir para acesso Controladora VOLT" disabled=yes dst-address=192.168.200.9 dst-port=80,443 protocol=tcp to-addresses=192.168.0.34 add action=src-nat chain=srcnat comment="NAT Rede Controladora VOLT" src-address=192.168.5.0/24 to-addresses=192.168.200.9 add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.100.9 dst-port=80,443 protocol=tcp to-addresses=192.168.99.90 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.19.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.19.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 /ip service set telnet disabled=yes set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10,0.0.0.0/0 port=8888 set ssh address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22,10.0.0.0/8,172.16.0.0/16" port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb set allow-guests=no interfaces=loopbridge /ip ssh set allow-none-crypto=yes /ip upnp set show-dummy-rule=no /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torrevilmar profile=profile1 service=pppoe add name=acacio profile=profile1 service=pppoe add name=teste profile=profile1 service=pppoe add name=alice.pimentel profile=profile1 service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.9 timeout=3s /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.9; accept; }" add chain=ospf-in disabled=no rule="if (dst == 192.168.199.1) { set pref-src 192.168.200.9 }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) { accept }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) { accept }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) { accept }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) { accept }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) { accept }" /routing ospf interface-template add area=backbone-v2 disabled=no interfaces="ether2 - Link - Vilmar x CA" networks=192.168.254.0/29 type=ptp add area=backbone-v2 disabled=no interfaces=ether5-starosa networks=192.168.99.169/29 type=ptp add area=backbone-v2 cost=20 disabled=no interfaces=ether3 networks=192.168.99.113/29 type=ptp add area=backbone-v2 disabled=no interfaces=ether8 networks=192.168.99.49/29 /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=3 /system clock set time-zone-autodetect=no time-zone-name=America/Sao_Paulo /system clock manual set time-zone=-02:00 /system identity set name="Protek - Vilmar" /system leds set 0 disabled=yes /system logging set 0 topics=info,!e-mail /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=greenlantern.proteknet.com.br add address=pool.ntp.br /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2023-06-19 start-time=04:00:00 /system script add dont-require-permissions=no name=Backup-diario owner=acacio policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system backup save dont-encrypt=yes name=protek-vilmar;:delay 2s;/tool e-mail send to=mkseguro2@protonmail.com subject=\"Backup Protek Vilmar\" file=protek-vilmar.backup;:delay 15s;file remove 0" add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Vilmar.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Vilmar\" file=backup-mikrotik_Vilmar.rsc start-tls=yes" /system watchdog set watchdog-timer=no /tool e-mail set from=financeiro@proteknet.com.br port=465 server=smtps.uhserver.com.com user=financeiro@proteknet.com.br /tool romon set enabled=yes