Configurazione allo stato odierno
Script esportato senza filtri (non dovrebbe contenere segreti)
This commit is contained in:
parent
091a17a378
commit
bdb840b91b
|
@ -0,0 +1,134 @@
|
|||
# apr/18/2023 23:55:25 by RouterOS 6.47.2
|
||||
# software id = GU1A-JDES
|
||||
#
|
||||
# model = RB3011UiAS
|
||||
# serial number = B88D0BD46C83
|
||||
/interface bridge
|
||||
add name=bridge-officina
|
||||
/interface list
|
||||
add name=WAN
|
||||
add name=LAN
|
||||
/interface wireless security-profiles
|
||||
set [ find default=yes ] supplicant-identity=MikroTik
|
||||
/ip pool
|
||||
add name=dhcp_pool1 ranges=192.168.5.128-192.168.5.254
|
||||
add name=dhcp_pool2 ranges=192.168.3.10-192.168.3.200
|
||||
/ip dhcp-server
|
||||
add address-pool=dhcp_pool1 disabled=no interface=bridge-officina lease-time=\
|
||||
1h name=dhcp1
|
||||
add address-pool=dhcp_pool2 interface=ether5 name=dhcp2 relay=192.168.3.1
|
||||
/queue tree
|
||||
add max-limit=3M name=upload parent=ether1
|
||||
add limit-at=20M max-limit=20M name=other_upload packet-mark=other_traffic \
|
||||
parent=upload priority=1
|
||||
add limit-at=20M max-limit=40M name=heavy_upload packet-mark=heavy_traffic \
|
||||
parent=upload
|
||||
add max-limit=30M name=download parent=bridge-officina
|
||||
add limit-at=200M max-limit=200M name=other_download packet-mark=\
|
||||
other_traffic parent=download priority=1
|
||||
add limit-at=120M max-limit=200M name=heavy_download packet-mark=\
|
||||
heavy_traffic parent=download
|
||||
/user group
|
||||
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
|
||||
sword,web,sniff,sensitive,api,romon,dude,tikapp"
|
||||
/interface bridge port
|
||||
add interface=ether2
|
||||
add interface=ether3
|
||||
add interface=ether4
|
||||
add interface=ether5
|
||||
add bridge=bridge-officina interface=ether6
|
||||
add bridge=bridge-officina interface=ether7
|
||||
add bridge=bridge-officina interface=ether8
|
||||
add bridge=bridge-officina interface=ether9
|
||||
add bridge=bridge-officina interface=ether10
|
||||
add interface=sfp1
|
||||
/interface bridge settings
|
||||
set use-ip-firewall=yes
|
||||
/ip neighbor discovery-settings
|
||||
set discover-interface-list=!dynamic
|
||||
/ipv6 settings
|
||||
set accept-redirects=no accept-router-advertisements=no
|
||||
/interface list member
|
||||
add interface=ether1 list=WAN
|
||||
add list=LAN
|
||||
/ip address
|
||||
add address=192.168.7.128/24 interface=ether1 network=192.168.7.0
|
||||
add address=192.168.5.20/24 interface=bridge-officina network=192.168.5.0
|
||||
/ip dhcp-server network
|
||||
add address=192.168.3.0/24 gateway=192.168.3.1
|
||||
add address=192.168.5.0/24 dns-server=8.8.8.8,1.1.1.1,8.8.4.4 gateway=\
|
||||
192.168.5.20 netmask=24
|
||||
/ip dns
|
||||
set servers=208.67.220.220,208.67.222.222,1.1.1.1,8.8.8.8,8.8.4.4
|
||||
/ip firewall mangle
|
||||
add action=mark-connection chain=forward connection-mark=!heavy \
|
||||
new-connection-mark=generic
|
||||
add action=mark-connection chain=forward connection-bytes=20000000-1797783552 \
|
||||
connection-mark=generic connection-rate=1200k-100M new-connection-mark=\
|
||||
heavy passthrough=yes protocol=tcp
|
||||
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
|
||||
heavy_traffic passthrough=no
|
||||
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
|
||||
other_traffic passthrough=no
|
||||
/ip firewall nat
|
||||
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
|
||||
192.168.5.0/24 to-addresses=192.168.1.128
|
||||
add action=dst-nat chain=dstnat dst-port=8010 protocol=tcp to-addresses=\
|
||||
192.168.5.10 to-ports=22
|
||||
/ip route
|
||||
add distance=1 gateway=192.168.7.1
|
||||
/ip service
|
||||
set telnet port=30023
|
||||
set ftp disabled=yes
|
||||
set www port=30080
|
||||
set ssh port=30022
|
||||
set www-ssl certificate=webfig disabled=no
|
||||
set api disabled=yes
|
||||
set api-ssl disabled=yes
|
||||
/ipv6 address
|
||||
add address=2001:470:c844:1::3/127 advertise=no disabled=yes interface=ether1
|
||||
add address=2001:470:c844:200::1 interface=bridge-officina
|
||||
add address=fd00:6073::3/127 advertise=no disabled=yes interface=ether1
|
||||
/ipv6 firewall filter
|
||||
add action=accept chain=forward connection-state=established,related
|
||||
add action=accept chain=forward src-address=2001:470:c844::/48
|
||||
add action=accept chain=forward comment=\
|
||||
"vupiuesse: allows certbot certificates renewals." dst-address=\
|
||||
2001:470:c844:200:40e4:bcff:fed0:2635/128 dst-port=80 protocol=tcp
|
||||
add action=reject chain=forward reject-with=icmp-admin-prohibited
|
||||
/ipv6 firewall mangle
|
||||
add action=mark-connection chain=forward connection-mark=!heavy dst-address=\
|
||||
!2001:470:c844:200::/56 new-connection-mark=generic passthrough=yes
|
||||
add action=mark-connection chain=forward connection-bytes=10000000-1797783552 \
|
||||
connection-mark=generic connection-rate=200k-100M new-connection-mark=\
|
||||
heavy passthrough=yes protocol=tcp
|
||||
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
|
||||
heavy_traffic passthrough=no
|
||||
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
|
||||
other_traffic passthrough=no
|
||||
add action=mark-connection chain=forward connection-bytes=1000000-0 \
|
||||
connection-mark=generic connection-rate=1200k-100M disabled=yes \
|
||||
new-connection-mark=heavy protocol=tcp
|
||||
/ipv6 nd
|
||||
set [ find default=yes ] interface=bridge-officina ra-interval=10s-30s
|
||||
/ipv6 route
|
||||
add distance=1 dst-address=2000::/3 gateway=fe80::20d:b9ff:fe44:e5f1%ether1
|
||||
add distance=1 dst-address=2001:470:c844:100::/64 gateway=\
|
||||
2001:470:c844:200::10
|
||||
add distance=1 dst-address=2001:470:c844:202::/64 gateway=\
|
||||
2001:470:c844:200::10
|
||||
add distance=1 dst-address=2001:470:c844:204::/64 gateway=\
|
||||
2001:470:c844:200:2e0:81ff:fed0:ec03
|
||||
/system clock
|
||||
set time-zone-name=Europe/Rome
|
||||
/system identity
|
||||
set name=porceddu
|
||||
/system ntp client
|
||||
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.105
|
||||
/tool graphing interface
|
||||
add interface=ether1 store-on-disk=no
|
||||
/tool graphing resource
|
||||
add store-on-disk=no
|
||||
/tool sniffer
|
||||
set file-name=giomba.pcap
|
||||
|
Loading…
Reference in New Issue