[more] [more] Конфиг
# jun/30/2016 12:26:41 by RouterOS 6.35rc3
#
/interface ovpn-client
add auth=md5 certificate=odessa.crt_0 connect-to= disabled=yes \
mac-address= name=VPN-REIKARTZ port= user=username
/interface bridge
add arp=proxy-arp name=bridge_local
/interface ethernet
set [ find default-name=ether7 ] comment=TRUNK name=TRUNK-ether3
set [ find default-name=ether5 ] comment=DATAGROUP name=WAN-Datagroup_eth1
set [ find default-name=ether6 ] comment=TENET mac-address= \
name="WAN-TENET(eth2)"
set [ find default-name=ether8 ] name=ether4
set [ find default-name=ether1 ] name=ether5
set [ find default-name=ether2 ] name=ether6
set [ find default-name=ether3 ] name=ether7
set [ find default-name=ether4 ] arp=proxy-arp name=ether8
/interface pppoe-client
add disabled=no interface="WAN-TENET(eth2)" max-mru=1480 max-mtu=1480 mrru=\
1600 name=PPPOE-TENET password=smudecul user=foodmarket
/interface l2tp-client
add connect-to= dial-on-demand=yes disabled=no ipsec-secret="" mrru=1600 name=l2tp_TO_REIKARTZ password=\
use-ipsec=yes user=odessa
/ip neighbor discovery
set TRUNK-ether3 comment=TRUNK
set WAN-Datagroup_eth1 comment=DATAGROUP
set "WAN-TENET(eth2)" comment=TENET
/interface vlan
add interface=TRUNK-ether3 name=Vlan100 vlan-id=100
add interface=TRUNK-ether3 name=Vlan_Local vlan-id=25
add interface=TRUNK-ether3 name=Vlan_WiFi vlan-id=26
/ip neighbor discovery
set Vlan_Local discover=no
set Vlan_WiFi discover=no
/ip pool
add name=Pool_Local ranges=192.168.0.2-192.168.0.254
add name=Pool_WiFi ranges=10.10.10.2-10.10.11.254
add name=Router_pool ranges=192.168.88.150-192.168.88.160
add name=VPN_POOL ranges=10.48.0.2-10.48.0.10
/ip dhcp-server
add add-arp=yes address-pool=Pool_Local authoritative=yes disabled=no \
interface=Vlan_Local lease-time=2h name=Server_Local
add add-arp=yes address-pool=Pool_WiFi authoritative=yes disabled=no \
interface=Vlan_WiFi lease-time=2h name=Server_WiFi
add add-arp=yes address-pool=Router_pool authoritative=yes disabled=no \
interface=ether8 lease-time=2h name=Router_DHCP_IP
/ppp profile
add dns-server=192.168.3.1 name=OpenVPN use-encryption=required
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 interface=ether8 network=192.168.88.0
add address=10.10.10.1/23 interface=Vlan_WiFi network=10.10.10.0
add address=192.168.0.1/24 interface=Vlan_Local network=192.168.0.0
add address=192.168.90.1/24 interface=ether7 network=192.168.90.0
add address=IP/30 interface=WAN-Datagroup_eth1 network=\
IP
add address=10.90.90.1/26 interface=Vlan100 network=10.90.90.0
/ip dhcp-server lease
add address=10.10.10.119 client-id=1:24:a4:3c:98:26:8d mac-address=\
24:A4:3C:98:26:8D server=Server_WiFi
add address=10.10.10.126 client-id=1:24:a4:3c:32:ea:68 mac-address=\
24:A4:3C:32:EA:68 server=Server_WiFi
add address=10.10.10.116 client-id=1:24:a4:3c:98:27:64 mac-address=\
24:A4:3C:98:27:64 server=Server_WiFi
add address=10.10.10.130 client-id=1:24:a4:3c:32:ea:3d mac-address=\
24:A4:3C:32:EA:3D server=Server_WiFi
add address=10.10.10.133 client-id=1:24:a4:3c:34:2:a5 mac-address=\
24:A4:3C:34:02:A5 server=Server_WiFi
add address=10.10.10.127 client-id=1:24:a4:3c:98:28:f1 mac-address=\
24:A4:3C:98:28:F1 server=Server_WiFi
add address=10.10.10.117 client-id=1:24:a4:3c:98:29:59 mac-address=\
24:A4:3C:98:29:59 server=Server_WiFi
add address=10.10.10.131 client-id=1:24:a4:3c:98:26:92 mac-address=\
24:A4:3C:98:26:92 server=Server_WiFi
add address=10.10.10.132 client-id=1:24:a4:3c:98:25:9e mac-address=\
24:A4:3C:98:25:9E server=Server_WiFi
add address=10.10.10.115 client-id=1:24:a4:3c:32:ec:12 mac-address=\
24:A4:3C:32:EC:12 server=Server_WiFi
add address=10.10.10.120 client-id=1:24:a4:3c:98:29:55 mac-address=\
24:A4:3C:98:29:55 server=Server_WiFi
add address=10.10.10.114 client-id=1:24:a4:3c:98:26:d8 mac-address=\
24:A4:3C:98:26:D8 server=Server_WiFi
add address=10.10.10.99 client-id=1:24:a4:3c:98:24:5e mac-address=\
24:A4:3C:98:24:5E server=Server_WiFi
add address=10.10.10.128 client-id=1:24:a4:3c:32:ea:aa mac-address=\
24:A4:3C:32:EA:AA server=Server_WiFi
add address=10.10.10.118 client-id=1:24:a4:3c:98:2a:c7 mac-address=\
24:A4:3C:98:2A:C7 server=Server_WiFi
add address=192.168.88.155 client-id=1:14:da:e9:91:3f:f5 comment="BASIC PC" \
mac-address=14:DA:E9:91:3F:F5 server=Router_DHCP_IP
add address=10.10.10.155 always-broadcast=yes comment="BASIC Phone" \
mac-address=A8:A6:68:18:90:96 server=Server_WiFi
add address=10.10.10.160 client-id=1:14:da:e9:91:3f:f5 comment=\
"BASIC PC(wifi)" mac-address=14:DA:E9:91:3F:F5 server=Server_WiFi
add address=192.168.0.115 client-id=1:f8:32:e4:3e:e3:a4 mac-address=\
F8:32:E4:3E:E3:A4 server=Server_Local
add address=192.168.0.169 client-id=1:64:70:2:80:3:f1 mac-address=\
64:70:02:80:03:F1 server=Server_Local
add address=192.168.0.150 client-id=1:14:da:e9:91:3f:f5 mac-address=\
14:DA:E9:91:3F:F5 server=Server_Local
/ip dhcp-server network
add address=10.10.10.0/23 dns-server=10.10.10.1 gateway=10.10.10.1 netmask=23
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 \
netmask=24
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8
/ip dns static
add address=127.0.0.1 disabled=yes name="*\\.vk\\.com"
/ip firewall filter
add action=drop chain=forward content=vk.com disabled=yes protocol=tcp \
src-address=10.10.10.0/23
add action=drop chain=forward disabled=yes dst-address=IP \
protocol=tcp src-address=10.10.10.0/23
add action=drop chain=forward disabled=yes src-address=10.10.10.86
add action=drop chain=input comment="53 PORT SPAM" dst-port=53 in-interface=\
PPPOE-TENET protocol=tcp src-address-list=DNS_Flood
add action=drop chain=input dst-port=53 in-interface="WAN-TENET(eth2)" \
protocol=udp src-address-list=DNS_Flood
add action=drop chain=input dst-port=53 in-interface=WAN-Datagroup_eth1 \
protocol=udp src-address-list=DNS_Flood
add action=add-src-to-address-list address-list=DNS_Flood \
address-list-timeout=1h chain=input dst-port=53 in-interface=PPPOE-TENET \
protocol=udp
add action=drop chain=input dst-port=53 in-interface=PPPOE-TENET protocol=udp \
src-address-list=DNS_Flood
/ip firewall mangle
add action=mark-routing chain=prerouting comment="MY NET" disabled=yes \
new-routing-mark=WAN_DATAGROUP passthrough=no src-address=192.168.88.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
WAN_DATAGROUP passthrough=no src-address=192.168.90.0/24
add action=mark-routing chain=prerouting comment=Local disabled=yes \
new-routing-mark=WAN_DATAGROUP passthrough=no src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment=WIFI new-routing-mark=\
WAN_TENET passthrough=no src-address=10.10.10.0/23
/ip firewall nat
add action=masquerade chain=srcnat comment=LOCAL_TO_INTERNET out-interface=\
PPPOE-TENET src-address=192.168.88.0/24
add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \
src-address=192.168.88.0/24
add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \
src-address=192.168.90.0/24
add action=masquerade chain=srcnat comment=WIFI_TO_INTERNET out-interface=\
PPPOE-TENET src-address=10.10.10.0/23
add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \
src-address=10.10.10.0/23
add action=masquerade chain=srcnat comment=REIKARTZ_SITE dst-address=\
192.168.1.6 out-interface=l2tp_TO_REIKARTZ src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.6 out-interface=\
l2tp_TO_REIKARTZ src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="TO CISCO" disabled=yes \
dst-address=10.90.90.21 out-interface=Vlan100 src-address=192.168.88.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=10.90.90.22 \
out-interface=Vlan100 src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=SERVIO dst-address=192.168.26.100 \
out-interface=l2tp_TO_REIKARTZ src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.26.100 out-interface=\
l2tp_TO_REIKARTZ src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="LOCAL_TO DATAGROUP" \
out-interface=PPPOE-TENET src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=WAN-Datagroup_eth1 \
src-address=192.168.0.0/24
/ip proxy
set parent-proxy=0.0.0.0 port=3128 src-address=10.10.10.160
/ip route
add comment="TO CISCO" disabled=yes distance=1 dst-address=10.90.90.21/32 \
gateway=Vlan100 pref-src=10.90.90.1 routing-mark=WAN_DATAGROUP scope=10
add disabled=yes distance=1 dst-address=10.90.90.22/32 gateway=Vlan100 \
pref-src=10.90.90.1 routing-mark=WAN_DATAGROUP scope=10
add check-gateway=ping comment=TENET distance=3 gateway=PPPOE-TENET \
routing-mark=WAN_TENET
add check-gateway=ping comment=DATAGROUP distance=2 gateway=77.222.147.89
add distance=1 dst-address=192.168.1.0/24 gateway=l2tp_TO_REIKARTZ
add distance=1 dst-address=192.168.1.6/32 gateway=l2tp_TO_REIKARTZ
add distance=1 dst-address=192.168.3.0/24 gateway=l2tp_TO_REIKARTZ
add distance=1 dst-address=192.168.26.100/32 gateway=l2tp_TO_REIKARTZ
add distance=1 dst-address=192.168.166.0/24 gateway=l2tp_TO_REIKARTZ
/ip route rule
add action=unreachable disabled=yes dst-address=192.168.0.0/24 src-address=\
192.168.88.0/24
add action=unreachable disabled=yes dst-address=192.168.88.0/24 src-address=\
192.168.0.0/24
add action=unreachable dst-address=10.10.10.0/24 src-address=192.168.88.0/24
add action=unreachable dst-address=192.168.88.0/24 src-address=10.10.10.0/24
add action=unreachable dst-address=10.10.10.0/24 src-address=192.168.0.0/24
add action=unreachable dst-address=192.168.0.0/24 src-address=10.10.10.0/24
add action=unreachable dst-address=10.10.10.0/23 src-address=10.90.90.0/26
add action=unreachable dst-address=10.90.90.0/26 src-address=10.10.10.0/23
add action=unreachable dst-address=10.90.90.0/26 src-address=192.168.0.0/24
add action=unreachable dst-address=192.168.0.0/24 src-address=10.90.90.0/26
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.88.0/24,192.168.90.0/24
set api disabled=yes
set winbox address=192.168.88.0/24,192.168.90.0/24
set api-ssl disabled=yes
/lcd
set backlight-timeout=5m color-scheme=dark
/lcd pin
set hide-pin-number=yes pin-number=3062
/system clock
set time-zone-name=Europe/Kiev
/system ntp client
set enabled=yes primary-ntp=91.198.10.4 secondary-ntp=193.34.155.4
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=\
disabled
[/more]
http://imageshack.com/a/img922/9244/vCxuQR.jpg [/more]