2023-05-02 20:25:40 +00:00
|
|
|
# may/02/2023 22:16:43 by RouterOS 7.8
|
2023-04-19 20:17:44 +00:00
|
|
|
# software id = GU1A-JDES
|
|
|
|
#
|
|
|
|
# model = RB3011UiAS
|
|
|
|
# serial number = B88D0BD46C83
|
|
|
|
/interface bridge
|
|
|
|
add name=bridge-officina
|
2023-05-02 20:25:40 +00:00
|
|
|
/interface ethernet
|
|
|
|
set [ find default-name=ether1 ] name=ether1-wan
|
|
|
|
set [ find default-name=ether5 ] name=ether5-vela
|
|
|
|
set [ find default-name=ether6 ] name=ether6-switch
|
|
|
|
set [ find default-name=ether7 ] name=ether7-cassiopea
|
2023-04-19 20:17:44 +00:00
|
|
|
/interface list
|
|
|
|
add name=WAN
|
|
|
|
add name=LAN
|
2023-05-02 20:25:40 +00:00
|
|
|
/interface lte apn
|
|
|
|
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
|
2023-04-19 20:17:44 +00:00
|
|
|
/interface wireless security-profiles
|
|
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
|
|
/ip pool
|
2023-05-02 20:25:40 +00:00
|
|
|
add name=dhcp_pool_officina ranges=192.168.5.128-192.168.5.254
|
|
|
|
add name=dhcp_pool_vela ranges=192.168.3.10-192.168.3.254
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip dhcp-server
|
2023-05-02 20:25:40 +00:00
|
|
|
add address-pool=dhcp_pool_officina interface=bridge-officina lease-time=1h \
|
|
|
|
name=dhcp-officina
|
|
|
|
add address-pool=dhcp_pool_vela interface=ether5-vela lease-time=1h name=\
|
|
|
|
dhcp-vela
|
|
|
|
/port
|
|
|
|
set 0 name=serial0
|
2023-04-19 20:17:44 +00:00
|
|
|
/queue tree
|
2023-05-02 20:25:40 +00:00
|
|
|
add max-limit=3M name=upload parent=ether1-wan
|
2023-04-19 20:17:44 +00:00
|
|
|
add limit-at=20M max-limit=20M name=other_upload packet-mark=other_traffic \
|
|
|
|
parent=upload priority=1
|
|
|
|
add limit-at=20M max-limit=40M name=heavy_upload packet-mark=heavy_traffic \
|
|
|
|
parent=upload
|
|
|
|
add max-limit=30M name=download parent=bridge-officina
|
|
|
|
add limit-at=200M max-limit=200M name=other_download packet-mark=\
|
|
|
|
other_traffic parent=download priority=1
|
|
|
|
add limit-at=120M max-limit=200M name=heavy_download packet-mark=\
|
|
|
|
heavy_traffic parent=download
|
2023-05-02 20:25:40 +00:00
|
|
|
/routing bgp template
|
|
|
|
set default disabled=no output.network=bgp-networks
|
|
|
|
/routing ospf instance
|
|
|
|
add disabled=no name=default-v2
|
|
|
|
add disabled=no name=default-v3 version=3
|
|
|
|
/routing ospf area
|
|
|
|
add disabled=yes instance=default-v2 name=backbone-v2
|
|
|
|
add disabled=yes instance=default-v3 name=backbone-v3
|
2023-04-19 20:17:44 +00:00
|
|
|
/interface bridge port
|
2023-05-02 20:25:40 +00:00
|
|
|
add bridge=bridge-officina ingress-filtering=no interface=ether6-switch
|
|
|
|
add bridge=bridge-officina ingress-filtering=no interface=ether7-cassiopea
|
|
|
|
add bridge=bridge-officina ingress-filtering=no interface=ether8
|
|
|
|
add bridge=bridge-officina ingress-filtering=no interface=ether9
|
|
|
|
add bridge=bridge-officina ingress-filtering=no interface=ether10
|
2023-04-19 20:17:44 +00:00
|
|
|
/interface bridge settings
|
|
|
|
set use-ip-firewall=yes
|
|
|
|
/ip neighbor discovery-settings
|
|
|
|
set discover-interface-list=!dynamic
|
2023-05-02 20:25:40 +00:00
|
|
|
/ip settings
|
|
|
|
set max-neighbor-entries=8192
|
2023-04-19 20:17:44 +00:00
|
|
|
/ipv6 settings
|
2023-05-02 20:25:40 +00:00
|
|
|
set accept-redirects=no accept-router-advertisements=no max-neighbor-entries=\
|
|
|
|
8192
|
2023-04-19 20:17:44 +00:00
|
|
|
/interface list member
|
2023-05-02 20:25:40 +00:00
|
|
|
add interface=ether1-wan list=WAN
|
|
|
|
add interface=*C list=LAN
|
|
|
|
/interface ovpn-server server
|
|
|
|
set auth=sha1,md5
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip address
|
2023-05-02 20:25:40 +00:00
|
|
|
add address=192.168.7.128/24 interface=ether1-wan network=192.168.7.0
|
2023-04-19 20:17:44 +00:00
|
|
|
add address=192.168.5.20/24 interface=bridge-officina network=192.168.5.0
|
2023-05-02 20:25:40 +00:00
|
|
|
add address=192.168.3.1/24 interface=ether5-vela network=192.168.3.0
|
|
|
|
/ip dhcp-server lease
|
|
|
|
add address=192.168.3.2 client-id=1:70:a7:41:80:97:bd mac-address=\
|
|
|
|
70:A7:41:80:97:BD server=dhcp-vela
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip dhcp-server network
|
|
|
|
add address=192.168.3.0/24 gateway=192.168.3.1
|
2023-05-02 20:25:40 +00:00
|
|
|
add address=192.168.5.0/24 gateway=192.168.5.20 netmask=24
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip dns
|
|
|
|
set servers=208.67.220.220,208.67.222.222,1.1.1.1,8.8.8.8,8.8.4.4
|
2023-05-02 20:25:40 +00:00
|
|
|
/ip firewall filter
|
|
|
|
add action=accept chain=input connection-state=established,related
|
|
|
|
add action=accept chain=input in-interface=bridge-officina
|
|
|
|
add action=accept chain=input comment="Allow ICMP from everyone. Ping is essen\
|
|
|
|
tial to understand if network works." in-interface=all-ethernet protocol=\
|
|
|
|
icmp
|
|
|
|
add action=drop chain=input
|
|
|
|
add action=accept chain=forward connection-state=established,related
|
|
|
|
add action=accept chain=forward in-interface=bridge-officina
|
|
|
|
add action=accept chain=forward comment=\
|
|
|
|
"Allow forwarding from Vela to WAN only." in-interface=ether5-vela \
|
|
|
|
out-interface=ether1-wan
|
|
|
|
add action=drop chain=forward
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip firewall mangle
|
|
|
|
add action=mark-connection chain=forward connection-mark=!heavy \
|
|
|
|
new-connection-mark=generic
|
|
|
|
add action=mark-connection chain=forward connection-bytes=20000000-1797783552 \
|
|
|
|
connection-mark=generic connection-rate=1200k-100M new-connection-mark=\
|
|
|
|
heavy passthrough=yes protocol=tcp
|
|
|
|
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
|
|
|
|
heavy_traffic passthrough=no
|
|
|
|
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
|
|
|
|
other_traffic passthrough=no
|
|
|
|
/ip firewall nat
|
2023-05-02 20:25:40 +00:00
|
|
|
add action=masquerade chain=srcnat comment=\
|
|
|
|
"Allow access to Internet for officina's LAN" out-interface=ether1-wan \
|
|
|
|
src-address=192.168.5.0/24 to-addresses=192.168.1.128
|
|
|
|
add action=masquerade chain=srcnat comment=\
|
|
|
|
"Allow access to Internet for Vela's public LAN" out-interface=ether1-wan \
|
|
|
|
src-address=192.168.3.0/24 to-addresses=192.168.1.128
|
|
|
|
add action=dst-nat chain=dstnat comment="(\?) Legacy rule for serverozzo\?" \
|
|
|
|
disabled=yes dst-port=8010 protocol=tcp to-addresses=192.168.5.10 \
|
|
|
|
to-ports=22
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip route
|
2023-05-02 20:25:40 +00:00
|
|
|
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.7.1
|
|
|
|
/ipv6 route
|
|
|
|
add disabled=no dst-address=2000::/3 gateway=\
|
|
|
|
fe80::20d:b9ff:fe44:e5f1%ether1-wan
|
|
|
|
add disabled=no dst-address=2001:470:c844:202::/64 gateway=\
|
|
|
|
2001:470:c844:200::10
|
|
|
|
add disabled=no dst-address=2001:470:c844:204::/64 gateway=\
|
|
|
|
2001:470:c844:200:2e0:81ff:fed0:ec03
|
|
|
|
add disabled=no dst-address=2001:470:c844:100::/64 gateway=\
|
|
|
|
2001:470:c844:200::10
|
2023-04-19 20:17:44 +00:00
|
|
|
/ip service
|
|
|
|
set telnet port=30023
|
|
|
|
set ftp disabled=yes
|
|
|
|
set www port=30080
|
|
|
|
set ssh port=30022
|
|
|
|
set www-ssl certificate=webfig disabled=no
|
|
|
|
set api disabled=yes
|
|
|
|
set api-ssl disabled=yes
|
|
|
|
/ipv6 address
|
|
|
|
add address=2001:470:c844:200::1 interface=bridge-officina
|
|
|
|
/ipv6 firewall filter
|
|
|
|
add action=accept chain=forward connection-state=established,related
|
|
|
|
add action=accept chain=forward src-address=2001:470:c844::/48
|
|
|
|
add action=reject chain=forward reject-with=icmp-admin-prohibited
|
|
|
|
/ipv6 firewall mangle
|
|
|
|
add action=mark-connection chain=forward connection-mark=!heavy dst-address=\
|
|
|
|
!2001:470:c844:200::/56 new-connection-mark=generic passthrough=yes
|
|
|
|
add action=mark-connection chain=forward connection-bytes=10000000-1797783552 \
|
|
|
|
connection-mark=generic connection-rate=200k-100M new-connection-mark=\
|
|
|
|
heavy passthrough=yes protocol=tcp
|
|
|
|
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
|
|
|
|
heavy_traffic passthrough=no
|
|
|
|
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
|
|
|
|
other_traffic passthrough=no
|
|
|
|
add action=mark-connection chain=forward connection-bytes=1000000-0 \
|
|
|
|
connection-mark=generic connection-rate=1200k-100M disabled=yes \
|
|
|
|
new-connection-mark=heavy protocol=tcp
|
|
|
|
/ipv6 nd
|
|
|
|
set [ find default=yes ] interface=bridge-officina ra-interval=10s-30s
|
|
|
|
/system clock
|
|
|
|
set time-zone-name=Europe/Rome
|
|
|
|
/system identity
|
|
|
|
set name=porceddu
|
|
|
|
/system ntp client
|
2023-05-02 20:25:40 +00:00
|
|
|
set enabled=yes
|
|
|
|
/system ntp client servers
|
|
|
|
add address=193.204.114.232
|
|
|
|
add address=193.204.114.105
|
2023-04-19 20:17:44 +00:00
|
|
|
/tool graphing interface
|
2023-05-02 20:25:40 +00:00
|
|
|
add interface=ether1-wan store-on-disk=no
|
2023-04-19 20:17:44 +00:00
|
|
|
/tool graphing resource
|
|
|
|
add store-on-disk=no
|
|
|
|
/tool sniffer
|
|
|
|
set file-name=giomba.pcap
|