mikrotik

deschidem un terminal ” New Terminal ”

# Pentru schimbare mac WAN 1

/interface ethernet set ether1-gateway mac-address=D4:CA:6D:E2:EA:4C

# WAN PPPOE

/interface pppoe-client
add ac-name= add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
RCS-RDS default-route-distance=1 dial-on-demand=yes disabled=no \
interface=ether1-gateway keepalive-timeout=disabled max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe-out1 password=parola profile=\
default service-name= use-peer-dns=yes user=utilizator

/ip firewall nat
add action=masquerade chain=srcnat comment=pppoe-out1 out-interface=\
pppoe-out1

/ip dhcp-client
add comment=default configuration dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway

# WAN ip fix

/ip address

add address=176.97.239.206/29 interface=ether1-gateway network=176.97.239.200

/ip route

add dst-address=0.0.0.0/0 gateway=176.97.239.201 comment=added by setup

/ip firewall nat

add action=masquerade chain=srcnat comment=ether1-gateway out-interface=\
ether1-gateway

# WAN DHCP

/ip dhcp-client

add comment=default configuration dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway

/ip firewall nat

add action=masquerade chain=srcnat comment=ether1-gateway out-interface=\
ether1-gateway

# Gata WAN config

# FIREWALL CONFIG ( suplimentar , asigura accesul din WAN )

/ip firewall filter

add action=drop chain=input comment=”default configuration” disabled=yes \
in-interface=ether1-gateway1

add action=drop chain=input comment=”default configuration” disabled=yes \
in-interface=sfp1-gateway

add action=drop chain=input comment=”SSH DROP” dst-port=22 protocol=tcp

/ip address

add address=192.168.88.1/24 comment=default configuration interface=\
ether2-master-local network=192.168.88.0

ip dhcp-server network

add address=192.168.88.0/24 comment=default configuration dns-server=\
192.168.88.1 gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip address
add address=192.168.88.1/24 comment=default configuration interface=\
ether2-master-local network=192.168.88.0

# nat ip pppoe-out1

/ip firewall nat

# SATEL pppoe-out1

add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 81-81 udp dst-port=81 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.2 to-ports=81
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 81-81 tcp dst-port=81 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=81
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7090-7090 tcp dst-port=7090 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=7090
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7090-7090 udp dst-port=7090 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.2 to-ports=7090
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7091-7091 tcp dst-port=7091 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=7091
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7091-7091 udp dst-port=7091 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.2 to-ports=7091
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7094-7094 tcp dst-port=7094 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.2 to-ports=7094
add action=dst-nat chain=dstnat comment=\
pppoe-out1 Satel 192.168.88.2 7094-7094 udp dst-port=7094 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.2 to-ports=7094

# DVR pppoe-out1

add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 89-89 tcp dst-port=89 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.3 to-ports=89
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 89-89 udp dst-port=89 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.3 to-ports=89
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 37777-37777 tcp dst-port=37777 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.3 to-ports=\
37777
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 37777-37777 udp dst-port=37777 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.3 to-ports=\
37777
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 37778-37778 tcp dst-port=37778 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.3 to-ports=\
37778
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 37778-37778 udp dst-port=37778 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.3 to-ports=\
37778
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 7070-7070 tcp dst-port=7070 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.3 to-ports=7070
add action=dst-nat chain=dstnat comment=\
pppoe-out1 DVR 192.168.88.3 7070-7070 udp dst-port=7070 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.3 to-ports=7070

# FIBARO pppoe-out1

add action=dst-nat chain=dstnat comment=pppoe-out1 Fibaro 192.168.88.27-8090-8080 tcp \
dst-port=8090 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.88.27 to-ports=80
add action=dst-nat chain=dstnat comment=pppoe-out1 Fibaro 192.168.88.27-8090-8080 udp \
dst-port=8090 in-interface=pppoe-out1 protocol=udp to-addresses=\
192.168.88.27 to-ports=80

# NAS pppoe-out1

add action=dst-nat chain=dstnat comment=\
pppoe-out 192.168.88.34 NAS 80-80 tcp dst-port=80 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.34 to-ports=80
add action=dst-nat chain=dstnat comment=\
pppoe-out1 192.168.88.34 NAS 80-80 udp dst-port=80 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.34 to-ports=80
add action=dst-nat chain=dstnat comment=\
pppoe-out1 192.168.88.34 NAS 8050-8080 tcp dst-port=8050 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.34 to-ports=8080
add action=dst-nat chain=dstnat comment=\
pppoe-out1 192.168.88.34 NAS 8050-8080 udp dst-port=8050 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.34 to-ports=8080
add action=dst-nat chain=dstnat comment=\
pppoe-out1 192.168.88.34 FTP 2222-21 tcp dst-port=2222 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.88.34 to-ports=21
add action=dst-nat chain=dstnat comment=\
pppoe-out1 192.168.88.34 FTP 2222-21 udp dst-port=2222 in-interface=\
pppoe-out1 protocol=udp to-addresses=192.168.88.34 to-ports=21

# nat ip ether1-gateway

/ip firewall nat

# SATEL ether1-gateway

add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 81-81 udp dst-port=81 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.2 to-ports=81
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 81-81 tcp dst-port=81 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.2 to-ports=81
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7090-7090 tcp dst-port=7090 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.2 to-ports=7090
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7090-7090 udp dst-port=7090 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.2 to-ports=7090
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7091-7091 tcp dst-port=7091 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.2 to-ports=7091
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7091-7091 udp dst-port=7091 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.2 to-ports=7091
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7094-7094 tcp dst-port=7094 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.2 to-ports=7094
add action=dst-nat chain=dstnat comment=\
ether1-gateway Satel 192.168.88.2 7094-7094 udp dst-port=7094 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.2 to-ports=7094

# DVR ether1-gateway

add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 89-89 tcp dst-port=89 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.3 to-ports=89
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 89-89 udp dst-port=89 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.3 to-ports=89
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 37777-37777 tcp dst-port=37777 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.3 to-ports=\
37777
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 37777-37777 udp dst-port=37777 \
in-interface=ether1-gateway protocol=udp to-addresses=192.168.88.3 to-ports=\
37777
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 37778-37778 tcp dst-port=37778 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.3 to-ports=\
37778
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 37778-37778 udp dst-port=37778 \
in-interface=ether1-gateway protocol=udp to-addresses=192.168.88.3 to-ports=\
37778
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 7070-7070 tcp dst-port=7070 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.3 to-ports=7070
add action=dst-nat chain=dstnat comment=\
ether1-gateway DVR 192.168.88.3 7070-7070 udp dst-port=7070 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.3 to-ports=7070

# FIBARO ether1-gateway

add action=dst-nat chain=dstnat comment=ether1-gateway Fibaro 192.168.88.27-8090-8080 tcp \
dst-port=8090 in-interface=ether1-gateway protocol=tcp to-addresses=\
192.168.88.27 to-ports=80
add action=dst-nat chain=dstnat comment=ether1-gateway Fibaro 192.168.88.27-8090-8080 udp \
dst-port=8090 in-interface=ether1-gateway protocol=udp to-addresses=\
192.168.88.27 to-ports=80

# NAS ether1-gateway

add action=dst-nat chain=dstnat comment=\
pppoe-out 192.168.88.34 NAS 80-80 tcp dst-port=80 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.34 to-ports=80
add action=dst-nat chain=dstnat comment=\
ether1-gateway 192.168.88.34 NAS 80-80 udp dst-port=80 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.34 to-ports=80
add action=dst-nat chain=dstnat comment=\
ether1-gateway 192.168.88.34 NAS 8050-8080 tcp dst-port=8050 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.34 to-ports=8080
add action=dst-nat chain=dstnat comment=\
ether1-gateway 192.168.88.34 NAS 8050-8080 udp dst-port=8050 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.34 to-ports=8080
add action=dst-nat chain=dstnat comment=\
ether1-gateway 192.168.88.34 FTP 2222-21 tcp dst-port=2222 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.34 to-ports=21
add action=dst-nat chain=dstnat comment=\
ether1-gateway 192.168.88.34 FTP 2222-21 udp dst-port=2222 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.34 to-ports=21

/ip service

set telnet address=0.0.0.0/0 port=8023
set ftp address=0.0.0.0/0 port=8021
set www address=0.0.0.0/0 port=8010
set ssh address=0.0.0.0/0 port=8022
set api address=0.0.0.0/0
set winbox address=0.0.0.0/0
set api-ssl address=0.0.0.0/0

/system clock

set time-zone-name=Europe/Bucharest

/system ntp client

set enabled=yes mode=unicast primary-ntp=93.114.42.129 secondary-ntp=91.208.179.1 \

/system identity

set name=test

/system script

add name=disable_numbers=1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=/system script\r\
\n/interface ethernet disable numbers=1

add name=enable_numbers=1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=/system script\r\
\n/interface ethernet enable numbers=1
add name=log to mail policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=:while ( [:pick [/system clock get date] 7 11]\2014\ ) do={ :de\
lay 01s }\r\
\n:delay 01s\r\
\n/log info \time updated; uptime: \$[/system resource get uptime]\\r\
\n:local es \\$[/system identity get name] rebooted on \$[/system clock g\
et date] \$[/system clock get time] uptime \$[/system resource get uptime]\
\\r\
\n:delay 01s\r\
\n:local eb \Log contents (with 01 seconds delay):\\r\\n\\r\
\n:foreach le in=[/log print as-value] do={\r\
\n :set eb (\$eb.[:tostr [(\$le-\time\)]].\ \.[:tostr [(\$le-\topi\
cs\)]].\: \.[:tostr [(\$le-\message\)]].\\\r\\n\)\r\
\n}\r\
\n/tool e-mail send to=\mail@mas90.ro\ subject=\$es body=\$eb

add name=ip_wan_to_mail policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=/export file=ip_wan_to_mail.txt\r\
\n/tool e-mail send to=\log@mas90.ro\ subject=([/system identity get nam\
e] . \ export file ip txt \ . [/system clock get time] . \ \ . [/syst\
em clock get date] . \ Export\) file=ip_wan_to_mail.t\
xt # in file trebuie sa existe urmatorul fisier ip_wan_to_mail.txt

/tool e-mail
set address=89.42.216.156 from=mail@mas90.ro last-status=succeeded password=\
parola port=587 user=mail@mas90.ro

# VPN Configurare

/ip pool

add name=”VPN PPTP 241-249″ ranges=192.168.88.241-192.168.88.249
/ppp profile

add bridge=bridge-local dns-server=8.8.8.8 local-address=192.168.88.250 name=\
vpn remote-address=”VPN 192.168.88.241-192.168.88.254″ use-encryption=yes
/ip firewall filter

add chain=input in-interface=ether1-gateway protocol=ipsec-ah

/ppp secret

add name=user password=parola profile=vpn service=pptp

/interface pptp-server server

set authentication=pap,chap,mschap1,mschap2 default-profile=vpn enabled=yes \
max-mru=1460 max-mtu=1460

#Log de 500 lini

/system logging action

set 0 memory-lines=500