commit c1182721ac236c9c159cfd9b43b8d42fa4279634 Author: Git SFTP Date: Mon Dec 8 12:05:06 2025 -0300 Primeiro Commit - Backup Mikrotik diff --git a/03-12-2025.NAT01-CCR2004.backup b/03-12-2025.NAT01-CCR2004.backup new file mode 100644 index 0000000..6222423 Binary files /dev/null and b/03-12-2025.NAT01-CCR2004.backup differ diff --git a/03-12-2025.NAT01-CCR2004.rsc b/03-12-2025.NAT01-CCR2004.rsc new file mode 100644 index 0000000..11302ed --- /dev/null +++ b/03-12-2025.NAT01-CCR2004.rsc @@ -0,0 +1,488 @@ +# 2025-12-03 14:25:33 by RouterOS 7.18.2 +# software id = 1MXX-5Y0X +# +# model = CCR2004-16G-2S+ +# serial number = HG809WX52HQ +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\ + ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR" +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25 +add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30 +add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610 +add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441 +add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133 +add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233 +/interface list +add name=OSPFv3 +add name=LAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip dhcp-server option +add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'" +/ip dhcp-server option sets +add name=acs_ip options=acs_ip +/ip pool +add name=TR69 ranges=10.25.0.50-10.25.63.200 +add name=pool1 ranges=198.18.0.1-198.18.0.4 +/ip dhcp-server +add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \ + lease-time=1d name=025-Gestao_TR69 +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\ + pool1 use-encryption=yes use-ipv6=no use-mpls=no +/routing id +add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\ + connected,static +add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\ + connected version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +set 3 target=echo +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.35 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \ + max-mtu=1500 use-ipsec=yes +/interface list member +add interface=2133-OSPF-B1 list=OSPFv3 +add interface=2233-OSPF-B2 list=OSPFv3 +add interface=0024-GERENCIA-L2 list=LAN +add interface=0124-GERENCIA-L3 list=LAN +add interface=0025-VoIP-TR69 list=LAN +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1 +/ip address +add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \ + network=10.0.24.0 +add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \ + network=10.1.21.32 +add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \ + network=10.1.22.32 +add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\ + 0030-TIP-IXC network=45.228.244.8 +add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\ + 0025-VoIP-TR69 network=10.25.0.0 +add address=45.228.244.97/27 comment="### GTW 0041" interface=\ + 0041-Servicos-IPv4 network=45.228.244.96 +add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.31 +add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\ + 1441-itx-sw-hw-03 network=10.0.5.4 +add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.30 +/ip dhcp-server network +add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35 +/ip dns +set servers=45.228.244.121,45.228.246.122 +/ip firewall address-list +add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local +add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local +add address=198.18.0.1 list=POOL-GERENCIA +add address=198.18.0.2 list=POOL-GERENCIA +add address=198.18.0.3 list=POOL-GERENCIA +add address=198.18.0.4 list=POOL-GERENCIA +add address=100.64.0.0/10 comment=CGNAT list=rede_local +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.244.10 list=Zeus +add address=45.228.244.12 list=Zeus +add address=45.228.244.11 list=Zeus +add address=45.228.244.8/29 list=SERVIDORES +add address=45.228.244.4 disabled=yes list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=45.228.246.4 disabled=yes list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS +add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=45.228.244.96/27 list=SERVIDORES +add address=10.64.69.0/30 list=CONFIAVEIS +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.0/30 list=LOCAL-VPN-NAT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.246.96/27 list=SERVIDORES +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=45.228.244.0/22 list=CONFIAVEIS +add address=10.0.13.0/24 list=CONFIAVEIS +add address=45.228.244.30 list=SERVIDORES +add address=100.64.0.0/10 list=ACPT-INPUT +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\ + icmp +add action=accept chain=input comment="Permit - ICMP" protocol=icmp +add action=accept chain=input comment="Permit - OSPF Protocol" \ + in-interface-list=OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\ + 500,4500,1701 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\ + ipsec-esp +add action=accept chain=forward comment="Permit - Upload Src" \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\ + DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - TCP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - UDP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\ + GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\ + ACS-CPEs +add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\ + GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs +add action=accept chain=forward comment="Permit -TCP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp +add action=accept chain=forward comment="Permit - UDP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \ + protocol=udp +add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \ + dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \ + dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\ + SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - VLAN0030 All" \ + dst-address-list=0030-SERVIDORES +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp +add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \ + in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp +add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\ + 45.228.244.30 dst-port=8443 protocol=tcp +add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \ + protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Unifi (TCP) - External" \ + dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=input comment="Permit - Unifi (UDP) - External" \ + dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp +add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \ + src-address-list=ACPT-INPUT +add action=accept chain=forward dst-address-list=CWPs +add action=drop chain=forward log-prefix=Drop-Ford-all- +add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input- +/ip firewall nat +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \ + to-addresses=10.0.24.145 +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145 +add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \ + to-addresses=45.228.244.30 +add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\ + !10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\ + 45.228.244.31 +add action=src-nat chain=srcnat comment=\ + "#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\ + 10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35 +add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \ + dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\ + main suppress-hw-offload=no +/ipv6 route +add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\ + "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set telnet address=10.0.0.0/8 disabled=yes port=2323 +set ftp disabled=yes +set www address=2804:47e4:8c0::/48 disabled=yes port=8080 +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes +set winbox address=\ + 45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292 +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip ssh +set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote +/ip traffic-flow +set cache-entries=64k interfaces=2233-OSPF-B2 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1 +add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2 +add address=2804:47e4:1::35 advertise=no comment=\ + "# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0610-Servicos-IPv6 +add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2 +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +/ipv6 firewall filter +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment="Permit - Web (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \ + protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Web (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\ + OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=forward comment="Drop - All" log-prefix=telic- +add action=drop chain=input log-prefix=drop-input- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=0610-Servicos-IPv6 \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes +add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes +/ppp aaa +set use-radius=yes +/ppp secret +add name=andrefix profile=L2VPN service=l2tp +add name=danielfix profile=L2VPN service=l2tp +/radius +add address=10.1.24.138 service=login src-address=10.1.24.35 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=10.25.0.0/18 +add area=ospf-area-0 disabled=no prefix=45.228.244.96/27 +add area=ospf-area-0 disabled=no prefix=45.228.244.16/28 +add area=ospf-area-0 disabled=no prefix=45.228.244.8/29 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \ + interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \ + interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \ + type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\ + 1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT01-CCR2004 +/system logging +set 0 topics=info,!dhcp +add action=echo disabled=yes prefix=test_ topics=\ + debug,dhcp,!radvd,!dhcp,!ospf +add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.124 +add address=200.20.186.76 +/system resource irq rps +set sfp-sfpplus1 disabled=no +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add name=atualizacao on-event="/system reboot" policy=reboot start-date=\ + 2025-03-18 start-time=05:30:50 +/system script +add dont-require-permissions=yes name=backup-ftp owner=telicfix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\r\ + \n# Conex\E3o FTP\r\ + \n:global host 10.0.24.137\r\ + \n:global usuario backups\r\ + \n:global senha backups@fixfibra2@\r\ + \n:global diretorio /SFTP/backups/mikrotik/router/\r\ + \n# Pega o nome do Router\r\ + \n:global identifica [/system identity get name]\r\ + \n# Gera data no formato AAAA-MM-DD\r\ + \n:global data [/system clock get date]\r\ + \n:global ano [:pick \$data 0 4]\r\ + \n:global mes [:pick \$data 5 7]\r\ + \n:global dia [:pick \$data 8 10]\r\ + \n\r\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\r\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\r\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\r\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\r\ + \n:log info \"Processando...\";\r\ + \n:delay 5s\r\ + \n:log info \"Conectando FTP Server...\";\r\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\r\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=21 upload=yes mode=ftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\r\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \r\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=21 upload=yes mode=ftp dst\ + -path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\r\ + \n:delay 1\r\ + \n:log info \"Backup enviado com sucesso...\";\r\ + \n:log info \"Removendo arquivos...\";\r\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\r\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\r\ + \n:log info \"Rotina de backup finalizada...\";\r\ + \n:log warning \"***************************************\";" +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.b +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=static +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/04-12-2025.NAT01-CCR2004.backup b/04-12-2025.NAT01-CCR2004.backup new file mode 100644 index 0000000..3d6cc4f Binary files /dev/null and b/04-12-2025.NAT01-CCR2004.backup differ diff --git a/04-12-2025.NAT01-CCR2004.rsc b/04-12-2025.NAT01-CCR2004.rsc new file mode 100644 index 0000000..00fd49c --- /dev/null +++ b/04-12-2025.NAT01-CCR2004.rsc @@ -0,0 +1,492 @@ +# 2025-12-04 15:28:42 by RouterOS 7.18.2 +# software id = 1MXX-5Y0X +# +# model = CCR2004-16G-2S+ +# serial number = HG809WX52HQ +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\ + ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR" +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25 +add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30 +add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610 +add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441 +add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133 +add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233 +/interface list +add name=OSPFv3 +add name=LAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip dhcp-server option +add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'" +/ip dhcp-server option sets +add name=acs_ip options=acs_ip +/ip pool +add name=TR69 ranges=10.25.0.50-10.25.63.200 +add name=pool1 ranges=198.18.0.1-198.18.0.4 +/ip dhcp-server +add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \ + lease-time=1d name=025-Gestao_TR69 +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\ + pool1 use-encryption=yes use-ipv6=no use-mpls=no +/routing id +add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\ + connected,static +add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\ + connected version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +set 3 target=echo +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.35 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \ + max-mtu=1500 use-ipsec=yes +/interface list member +add interface=2133-OSPF-B1 list=OSPFv3 +add interface=2233-OSPF-B2 list=OSPFv3 +add interface=0024-GERENCIA-L2 list=LAN +add interface=0124-GERENCIA-L3 list=LAN +add interface=0025-VoIP-TR69 list=LAN +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1 +/ip address +add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \ + network=10.0.24.0 +add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \ + network=10.1.21.32 +add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \ + network=10.1.22.32 +add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\ + 0030-TIP-IXC network=45.228.244.8 +add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\ + 0025-VoIP-TR69 network=10.25.0.0 +add address=45.228.244.97/27 comment="### GTW 0041" interface=\ + 0041-Servicos-IPv4 network=45.228.244.96 +add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.31 +add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\ + 1441-itx-sw-hw-03 network=10.0.5.4 +add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.30 +/ip dhcp-server network +add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35 +/ip dns +set servers=45.228.244.121,45.228.246.122 +/ip firewall address-list +add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local +add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local +add address=198.18.0.1 list=POOL-GERENCIA +add address=198.18.0.2 list=POOL-GERENCIA +add address=198.18.0.3 list=POOL-GERENCIA +add address=198.18.0.4 list=POOL-GERENCIA +add address=100.64.0.0/10 comment=CGNAT list=rede_local +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.244.10 list=Zeus +add address=45.228.244.12 list=Zeus +add address=45.228.244.11 list=Zeus +add address=45.228.244.8/29 list=SERVIDORES +add address=45.228.244.4 disabled=yes list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=45.228.246.4 disabled=yes list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS +add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=45.228.244.96/27 list=SERVIDORES +add address=10.64.69.0/30 list=CONFIAVEIS +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.0/30 list=LOCAL-VPN-NAT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.246.96/27 list=SERVIDORES +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=45.228.244.0/22 list=CONFIAVEIS +add address=10.0.13.0/24 list=CONFIAVEIS +add address=45.228.244.30 list=SERVIDORES +add address=100.64.0.0/10 list=ACPT-INPUT +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\ + icmp +add action=accept chain=input comment="Permit - ICMP" protocol=icmp +add action=accept chain=input comment="Permit - OSPF Protocol" \ + in-interface-list=OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\ + 500,4500,1701 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\ + ipsec-esp +add action=accept chain=forward comment="Permit - Upload Src" \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\ + DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - TCP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - UDP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\ + GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\ + ACS-CPEs +add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\ + GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs +add action=accept chain=forward comment="Permit -TCP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp +add action=accept chain=forward comment="Permit - UDP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \ + protocol=udp +add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \ + dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \ + dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\ + SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - VLAN0030 All" \ + dst-address-list=0030-SERVIDORES +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp +add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \ + in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp +add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\ + 45.228.244.30 dst-port=8443 protocol=tcp +add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \ + protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Unifi (TCP) - External" \ + dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=input comment="Permit - Unifi (UDP) - External" \ + dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp +add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \ + src-address-list=ACPT-INPUT +add action=accept chain=forward dst-address-list=CWPs +add action=drop chain=forward log-prefix=Drop-Ford-all- +add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input- +/ip firewall nat +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \ + to-addresses=10.0.24.145 +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145 +add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \ + to-addresses=45.228.244.30 +add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\ + !10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\ + 45.228.244.31 +add action=src-nat chain=srcnat comment=\ + "#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\ + 10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35 +add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \ + dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\ + main suppress-hw-offload=no +/ipv6 route +add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\ + "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set telnet address=10.0.0.0/8 disabled=yes port=2323 +set ftp disabled=yes +set www address=2804:47e4:8c0::/48 disabled=yes port=8080 +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes +set winbox address=\ + 45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292 +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip ssh +set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote +/ip traffic-flow +set cache-entries=64k interfaces=2233-OSPF-B2 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1 +add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2 +add address=2804:47e4:1::35 advertise=no comment=\ + "# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0610-Servicos-IPv6 +add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2 +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +/ipv6 firewall filter +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment="Permit - Web (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \ + protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Web (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\ + OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=forward comment="Drop - All" log-prefix=telic- +add action=drop chain=input log-prefix=drop-input- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=0610-Servicos-IPv6 \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes +add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes +/ppp aaa +set use-radius=yes +/ppp secret +add name=andrefix profile=L2VPN service=l2tp +add name=danielfix profile=L2VPN service=l2tp +/radius +add address=10.1.24.138 service=login src-address=10.1.24.35 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=10.25.0.0/18 +add area=ospf-area-0 disabled=no prefix=45.228.244.96/27 +add area=ospf-area-0 disabled=no prefix=45.228.244.16/28 +add area=ospf-area-0 disabled=no prefix=45.228.244.8/29 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \ + interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \ + interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \ + type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\ + 1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT01-CCR2004 +/system logging +set 0 topics=info,!dhcp +add action=echo disabled=yes prefix=test_ topics=\ + debug,dhcp,!radvd,!dhcp,!ospf +add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.124 +add address=200.20.186.76 +/system resource irq rps +set sfp-sfpplus1 disabled=no +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add name=atualizacao on-event="/system reboot" policy=reboot start-date=\ + 2025-03-18 start-time=05:30:50 +add interval=2d name=backup-ftp on-event=backup-ftp policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ + start-date=2025-12-03 start-time=01:00:00 +/system script +add dont-require-permissions=yes name=backup-ftp owner=danielfix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n# Conexao FTP\ + \n:global host 2804:47e4:1::137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/\ + \n# Pega o nome do Router\ + \n:global identifica [/system identity get name]\ + \n# Gera data no formato AAAA-MM-DD\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando FTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";" +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.b +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=static +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/05-12-2025.NAT01-CCR2004.backup b/05-12-2025.NAT01-CCR2004.backup new file mode 100644 index 0000000..3232752 Binary files /dev/null and b/05-12-2025.NAT01-CCR2004.backup differ diff --git a/05-12-2025.NAT01-CCR2004.rsc b/05-12-2025.NAT01-CCR2004.rsc new file mode 100644 index 0000000..af96d7b --- /dev/null +++ b/05-12-2025.NAT01-CCR2004.rsc @@ -0,0 +1,492 @@ +# 2025-12-05 01:00:00 by RouterOS 7.18.2 +# software id = 1MXX-5Y0X +# +# model = CCR2004-16G-2S+ +# serial number = HG809WX52HQ +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\ + ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR" +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25 +add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30 +add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610 +add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441 +add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133 +add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233 +/interface list +add name=OSPFv3 +add name=LAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip dhcp-server option +add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'" +/ip dhcp-server option sets +add name=acs_ip options=acs_ip +/ip pool +add name=TR69 ranges=10.25.0.50-10.25.63.200 +add name=pool1 ranges=198.18.0.1-198.18.0.4 +/ip dhcp-server +add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \ + lease-time=1d name=025-Gestao_TR69 +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\ + pool1 use-encryption=yes use-ipv6=no use-mpls=no +/routing id +add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\ + connected,static +add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\ + connected version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +set 3 target=echo +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.35 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \ + max-mtu=1500 use-ipsec=yes +/interface list member +add interface=2133-OSPF-B1 list=OSPFv3 +add interface=2233-OSPF-B2 list=OSPFv3 +add interface=0024-GERENCIA-L2 list=LAN +add interface=0124-GERENCIA-L3 list=LAN +add interface=0025-VoIP-TR69 list=LAN +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1 +/ip address +add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \ + network=10.0.24.0 +add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \ + network=10.1.21.32 +add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \ + network=10.1.22.32 +add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\ + 0030-TIP-IXC network=45.228.244.8 +add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\ + 0025-VoIP-TR69 network=10.25.0.0 +add address=45.228.244.97/27 comment="### GTW 0041" interface=\ + 0041-Servicos-IPv4 network=45.228.244.96 +add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.31 +add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\ + 1441-itx-sw-hw-03 network=10.0.5.4 +add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.30 +/ip dhcp-server network +add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35 +/ip dns +set servers=45.228.244.121,45.228.246.122 +/ip firewall address-list +add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local +add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local +add address=198.18.0.1 list=POOL-GERENCIA +add address=198.18.0.2 list=POOL-GERENCIA +add address=198.18.0.3 list=POOL-GERENCIA +add address=198.18.0.4 list=POOL-GERENCIA +add address=100.64.0.0/10 comment=CGNAT list=rede_local +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.244.10 list=Zeus +add address=45.228.244.12 list=Zeus +add address=45.228.244.11 list=Zeus +add address=45.228.244.8/29 list=SERVIDORES +add address=45.228.244.4 disabled=yes list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=45.228.246.4 disabled=yes list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS +add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=45.228.244.96/27 list=SERVIDORES +add address=10.64.69.0/30 list=CONFIAVEIS +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.0/30 list=LOCAL-VPN-NAT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.246.96/27 list=SERVIDORES +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=45.228.244.0/22 list=CONFIAVEIS +add address=10.0.13.0/24 list=CONFIAVEIS +add address=45.228.244.30 list=SERVIDORES +add address=100.64.0.0/10 list=ACPT-INPUT +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\ + icmp +add action=accept chain=input comment="Permit - ICMP" protocol=icmp +add action=accept chain=input comment="Permit - OSPF Protocol" \ + in-interface-list=OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\ + 500,4500,1701 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\ + ipsec-esp +add action=accept chain=forward comment="Permit - Upload Src" \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\ + DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - TCP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - UDP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\ + GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\ + ACS-CPEs +add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\ + GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs +add action=accept chain=forward comment="Permit -TCP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp +add action=accept chain=forward comment="Permit - UDP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \ + protocol=udp +add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \ + dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \ + dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\ + SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - VLAN0030 All" \ + dst-address-list=0030-SERVIDORES +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp +add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \ + in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp +add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\ + 45.228.244.30 dst-port=8443 protocol=tcp +add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \ + protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Unifi (TCP) - External" \ + dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=input comment="Permit - Unifi (UDP) - External" \ + dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp +add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \ + src-address-list=ACPT-INPUT +add action=accept chain=forward dst-address-list=CWPs +add action=drop chain=forward log-prefix=Drop-Ford-all- +add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input- +/ip firewall nat +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \ + to-addresses=10.0.24.145 +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145 +add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \ + to-addresses=45.228.244.30 +add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\ + !10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\ + 45.228.244.31 +add action=src-nat chain=srcnat comment=\ + "#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\ + 10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35 +add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \ + dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\ + main suppress-hw-offload=no +/ipv6 route +add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\ + "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set telnet address=10.0.0.0/8 disabled=yes port=2323 +set ftp disabled=yes +set www address=2804:47e4:8c0::/48 disabled=yes port=8080 +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes +set winbox address=\ + 45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292 +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip ssh +set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote +/ip traffic-flow +set cache-entries=64k interfaces=2233-OSPF-B2 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1 +add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2 +add address=2804:47e4:1::35 advertise=no comment=\ + "# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0610-Servicos-IPv6 +add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2 +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +/ipv6 firewall filter +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment="Permit - Web (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \ + protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Web (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\ + OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=forward comment="Drop - All" log-prefix=telic- +add action=drop chain=input log-prefix=drop-input- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=0610-Servicos-IPv6 \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes +add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes +/ppp aaa +set use-radius=yes +/ppp secret +add name=andrefix profile=L2VPN service=l2tp +add name=danielfix profile=L2VPN service=l2tp +/radius +add address=10.1.24.138 service=login src-address=10.1.24.35 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=10.25.0.0/18 +add area=ospf-area-0 disabled=no prefix=45.228.244.96/27 +add area=ospf-area-0 disabled=no prefix=45.228.244.16/28 +add area=ospf-area-0 disabled=no prefix=45.228.244.8/29 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \ + interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \ + interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \ + type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\ + 1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT01-CCR2004 +/system logging +set 0 topics=info,!dhcp +add action=echo disabled=yes prefix=test_ topics=\ + debug,dhcp,!radvd,!dhcp,!ospf +add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.124 +add address=200.20.186.76 +/system resource irq rps +set sfp-sfpplus1 disabled=no +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add name=atualizacao on-event="/system reboot" policy=reboot start-date=\ + 2025-03-18 start-time=05:30:50 +add interval=2d name=backup-ftp on-event=backup-ftp policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ + start-date=2025-12-03 start-time=01:00:00 +/system script +add dont-require-permissions=yes name=backup-ftp owner=danielfix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n# Conexao SFTP\ + \n:global host 2804:47e4:1::137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/\ + \n# Pega o nome do Router\ + \n:global identifica [/system identity get name]\ + \n# Gera data no formato AAAA-MM-DD\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";" +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.b +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=static +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/05-12-2025.SEDE-4011.backup b/05-12-2025.SEDE-4011.backup new file mode 100644 index 0000000..ed59aff Binary files /dev/null and b/05-12-2025.SEDE-4011.backup differ diff --git a/05-12-2025.SEDE-4011.rsc b/05-12-2025.SEDE-4011.rsc new file mode 100644 index 0000000..2d65c01 --- /dev/null +++ b/05-12-2025.SEDE-4011.rsc @@ -0,0 +1,606 @@ +# 2025-12-05 11:18:56 by RouterOS 7.20.5 +# software id = HSR5-2Z4K +# +# model = RB4011iGS+ +# serial number = D4440C82B0CE +/interface ethernet +set [ find default-name=ether1 ] name=ether1-PoEIN +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether10 ] name=ether10-PoE-Out poe-out=off +set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\ + "Sede x DataCom" +/interface vlan +add interface=sfp-sfpplus1 name=vlanif_13 vlan-id=13 +add interface=sfp-sfpplus1 name=vlanif_24 vlan-id=24 +add interface=sfp-sfpplus1 name=vlanif_26 vlan-id=26 +add interface=sfp-sfpplus1 name=vlanif_69 vlan-id=69 +add interface=sfp-sfpplus1 name=vlanif_70 vlan-id=70 +add interface=sfp-sfpplus1 name=vlanif_71 vlan-id=71 +add interface=sfp-sfpplus1 name=vlanif_72 vlan-id=72 +add interface=sfp-sfpplus1 name=vlanif_124 vlan-id=124 +add comment=uplink-vs01-IPv6 interface=sfp-sfpplus1 name=vlanif_199 vlan-id=\ + 199 +add comment=uplink-vs02-IPv4 interface=sfp-sfpplus1 name=vlanif_299 vlan-id=\ + 299 +/interface list +add comment=defconf name=WAN +add comment=defconf name=LAN +/ip pool +add name=069_SEDE_ADM ranges=192.168.0.50-192.168.0.220 +add name=070_pool_TI_NOC ranges=192.168.70.50-192.168.70.100 +add name=071_REDE_CELULARES ranges=192.168.71.50-192.168.71.200 +add name=013-iOT-30-99 ranges=10.0.13.30-10.0.13.99 +add name=013-iOT-150-199 ranges=10.0.13.150-10.0.13.199 +add name=072-Hotspot-Unifi ranges=192.168.72.50-192.168.72.200 +/ip dhcp-server +add address-pool=069_SEDE_ADM interface=vlanif_69 lease-time=1w name=\ + 069_SEDE_FIX +add address-pool=070_pool_TI_NOC interface=vlanif_70 lease-time=1w name=\ + 070_DHCP_TI_NOC +add address-pool=071_REDE_CELULARES disabled=yes interface=vlanif_71 \ + lease-time=8h name=071_DHCP_SEDE_OUTROS +add add-arp=yes address-pool=013-iOT-30-99 interface=vlanif_13 lease-time=8h \ + name=013-iOT +add add-arp=yes address-pool=072-Hotspot-Unifi interface=vlanif_72 \ + lease-time=2h name=072-DHCP-HOTSPOT +/ipv6 pool +add name=v6_pool_LAN prefix=2804:47e4:8c0:3000::/52 prefix-length=64 +add name=v6_pool_LAN_NOC prefix=2804:47e4:8c0:1000::/52 prefix-length=64 +add name=v6_pool_LAN_CELULARES prefix=2804:47e4:8c0:2000::/52 prefix-length=\ + 64 +add name=v6_pool_013_iot prefix=2804:47e4:8c0:4000::/52 prefix-length=64 +/port +set 0 name=serial0 +set 1 name=serial1 +/ppp profile +add change-tcp-mss=no local-address=192.168.70.2 name=L2TP_NOC \ + remote-address=070_pool_TI_NOC remote-ipv6-prefix-pool=v6_pool_LAN_NOC \ + use-compression=no use-encryption=yes use-mpls=no use-upnp=no +add change-tcp-mss=no local-address=192.168.0.2 name=L2TP rate-limit=\ + 15MB/15MB remote-address=069_SEDE_ADM remote-ipv6-prefix-pool=v6_pool_LAN \ + use-compression=no use-encryption=yes use-mpls=no use-upnp=no +/snmp community +set [ find default=yes ] name=ctcorp-lan +/system logging action +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.23 target=remote +/disk settings +set auto-media-interface=*D auto-media-sharing=yes auto-smb-sharing=yes +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2TP enabled=yes keepalive-timeout=\ + disabled max-mru=1500 max-mtu=1500 use-ipsec=required +/ip address +add address=10.0.24.23/24 interface=vlanif_24 network=10.0.24.0 +add address=192.168.0.2/24 interface=vlanif_69 network=192.168.0.0 +add address=10.0.13.23/24 interface=vlanif_13 network=10.0.13.0 +add address=172.31.32.22/30 comment="Enlace B2" interface=vlanif_299 network=\ + 172.31.32.20 +add address=172.31.31.22/30 comment="Enlace B1" interface=vlanif_199 network=\ + 172.31.31.20 +add address=10.1.24.23/24 interface=vlanif_124 network=10.1.24.0 +add address=192.168.70.2/24 interface=vlanif_70 network=192.168.70.0 +add address=192.168.100.2/24 interface=vlanif_71 network=192.168.100.0 +add address=45.228.244.4 interface=lo network=45.228.244.4 +add address=45.228.246.4 interface=lo network=45.228.246.4 +add address=10.0.26.23/24 interface=vlanif_26 network=10.0.26.0 +add address=192.168.72.2/24 comment="GATEWAY HOTSPOT UNFI" interface=\ + vlanif_72 network=192.168.72.0 +add address=10.0.70.1/30 comment=fiore-teste interface=*1C network=10.0.70.0 +add address=10.0.70.1/30 interface=*1D network=10.0.70.0 +/ip arp +add address=10.0.13.95 comment=P2-SensorDeFase-Preta interface=vlanif_13 \ + mac-address=18:DE:50:A4:6A:F6 +add address=192.168.0.78 interface=vlanif_69 mac-address=98:E5:5B:1F:D5:C4 +/ip cloud +set update-time=no +/ip dhcp-client +# Interface not active +add comment=defconf interface=ether1-PoEIN +/ip dhcp-server lease +add address=192.168.0.5 client-id=1:44:3b:32:52:67:5 comment=DVR mac-address=\ + 44:3B:32:52:67:05 server=069_SEDE_FIX +add address=192.168.0.7 client-id=1:dc:a6:32:99:e5:ac comment="TV NOC" \ + mac-address=DC:A6:32:99:E5:AC server=069_SEDE_FIX +add address=192.168.0.9 client-id=1:c:96:e6:22:6a:9c comment="impressroa hp" \ + mac-address=0C:96:E6:22:6A:9C server=069_SEDE_FIX +add address=192.168.0.12 comment="Impressora XEROX" mac-address=\ + 9C:93:4E:6D:39:E1 server=069_SEDE_FIX +add address=192.168.0.24 client-id=1:0:c:29:a8:3d:34 comment=\ + "Servidor microsfot" mac-address=00:0C:29:A8:3D:34 server=069_SEDE_FIX +add address=192.168.0.41 client-id=1:24:52:6a:45:7:1 comment="NVR da SEDE" \ + mac-address=24:52:6A:45:07:01 server=069_SEDE_FIX +add address=192.168.0.20 comment="#SW_2_andar - AP refeitorio" mac-address=\ + 00:00:00:00:00:20 server=069_SEDE_FIX +add address=192.168.0.105 client-id=1:44:3b:32:86:2d:7e comment=\ + "CAMERA ESTOQUE" mac-address=44:3B:32:86:2D:7E server=069_SEDE_FIX +add address=192.168.0.97 client-id=1:b2:68:a6:2d:65:d5 mac-address=\ + B2:68:A6:2D:65:D5 server=069_SEDE_FIX +add address=192.168.0.194 client-id=1:0:26:8b:a:92:ea comment=\ + "TELEFONE IP CAROL" mac-address=00:26:8B:0A:92:EA server=069_SEDE_FIX +add address=192.168.0.6 comment="TARCILA - LDAP FS" mac-address=\ + 00:50:56:80:31:63 server=069_SEDE_FIX +add address=192.168.0.8 comment="PrintServer - OpenAudit" mac-address=\ + 00:00:00:00:00:03 server=069_SEDE_FIX +add address=192.168.0.11 comment="Impressora RICOH" mac-address=\ + 00:26:73:8D:9E:F3 server=069_SEDE_FIX +add address=192.168.0.17 comment="Nextcloud - FIX" mac-address=\ + 00:00:00:00:00:17 server=069_SEDE_FIX +add address=192.168.0.16 comment="REBECA - WIKI" mac-address=\ + 00:00:00:00:00:16 server=069_SEDE_FIX +add address=192.168.0.10 comment="Impressora RICOH" mac-address=\ + 00:00:00:00:00:10 server=069_SEDE_FIX +add address=192.168.0.99 client-id=1:d8:36:5f:40:5:4f comment="CAMERA PIA" \ + mac-address=D8:36:5F:40:05:4F server=069_SEDE_FIX +add address=192.168.0.163 comment="### ALAMR INTEBRAS" mac-address=\ + 48:51:CF:DE:5E:11 server=069_SEDE_FIX +add address=192.168.0.50 client-id=1:bc:32:5f:f4:f6:82 mac-address=\ + BC:32:5F:F4:F6:82 server=069_SEDE_FIX +add address=192.168.70.99 client-id=1:84:7b:57:e7:91:77 mac-address=\ + 84:7B:57:E7:91:77 server=070_DHCP_TI_NOC +add address=192.168.0.73 client-id=1:74:e5:f9:94:97:15 mac-address=\ + 74:E5:F9:94:97:15 server=069_SEDE_FIX +add address=192.168.0.202 client-id=1:7c:5c:f8:24:6f:fd mac-address=\ + 7C:5C:F8:24:6F:FD server=069_SEDE_FIX +add address=192.168.0.140 client-id=1:5c:cd:5b:d9:cc:b3 mac-address=\ + 5C:CD:5B:D9:CC:B3 server=069_SEDE_FIX +add address=10.0.13.181 client-id=1:dc:a6:32:99:e5:ac comment=\ + "SEDE - Raspberry Pi" mac-address=DC:A6:32:99:E5:AC server=013-iOT +add address=192.168.0.61 client-id=1:74:e5:f9:3c:38:40 mac-address=\ + 74:E5:F9:3C:38:40 server=069_SEDE_FIX +add address=10.0.13.32 comment="SEDE - Sensor de temperatura" mac-address=\ + FC:F5:C4:AB:4C:8A server=013-iOT +add address=10.0.13.39 comment="P4 - Ar condcionado" mac-address=\ + 1C:39:29:24:FC:BB server=013-iOT +add address=10.0.13.40 comment="P2 - Ar condcionado" mac-address=\ + 1C:39:29:03:FB:B4 server=013-iOT +add address=10.0.13.49 comment="SEDE - AR - Atendimento2" mac-address=\ + 1C:39:29:7F:A3:1A server=013-iOT +add address=10.0.13.50 comment="SEDE - AR - Atendimento1" mac-address=\ + 1C:39:29:7E:E2:53 server=013-iOT +add address=192.168.0.13 comment=CASAOS mac-address=00:00:00:00:00:13 server=\ + 069_SEDE_FIX +add address=10.0.13.96 comment=P1-F.VERMELHA mac-address=18:DE:50:38:BC:8E \ + server=013-iOT +add address=10.0.13.93 comment="SEDE - IR-AC-ADM" mac-address=\ + 1C:90:FF:8E:95:83 server=013-iOT +add address=10.0.13.44 comment="P1 - Ar condcionado" mac-address=\ + 1C:39:29:15:78:F3 server=013-iOT +add address=10.0.13.57 comment="P4 - Ar condcionado 2" mac-address=\ + 1C:39:29:BD:44:49 server=013-iOT +add address=10.0.13.94 comment=P4-ALARME mac-address=44:3B:32:5A:CD:AC \ + server=013-iOT +add address=10.0.13.51 comment=P4-F.VERMELHA mac-address=18:DE:50:AF:BF:85 \ + server=013-iOT +add address=192.168.0.134 client-id=1:84:7b:57:e7:91:27 mac-address=\ + 84:7B:57:E7:91:27 server=069_SEDE_FIX +add address=10.0.13.35 comment=P3-F.VERMELHA mac-address=18:DE:50:A4:6E:9E \ + server=013-iOT +add address=192.168.0.18 comment="NC container - PROXY" mac-address=\ + 00:00:00:00:00:18 server=069_SEDE_FIX +add address=10.0.13.97 comment=P2-F.VERMELHA mac-address=18:DE:50:AF:BE:27 \ + server=013-iOT +add address=10.0.13.95 comment=P2-F.PRETA mac-address=18:DE:50:A4:6A:F6 \ + server=013-iOT +add address=10.0.13.99 comment=P2-ALARME mac-address=30:E1:F1:A3:18:D9 \ + server=013-iOT +add address=10.0.13.45 comment=P4-SONOFF mac-address=18:DE:50:A6:94:67 \ + server=013-iOT +add address=10.0.13.36 comment=P3-F.PRETA mac-address=18:DE:50:A4:76:95 \ + server=013-iOT +add address=10.0.13.56 comment=P4-F.PRETA mac-address=18:DE:50:A4:64:A7 \ + server=013-iOT +add address=10.0.13.53 comment=P1-F.PRETA mac-address=18:DE:50:0A:CC:20 \ + server=013-iOT +add address=10.0.13.54 comment=P1-PRETA-SABESP mac-address=18:DE:50:38:C1:44 \ + server=013-iOT +add address=10.0.13.55 comment=P1-VERMELHA-SABESP mac-address=\ + 18:DE:50:38:C7:AF server=013-iOT +add address=10.0.13.52 comment=SEDE-FECHADURA-ESTOQUE mac-address=\ + D8:1F:12:39:DE:F3 server=013-iOT +add address=10.0.13.41 comment=P4-TEMP-RACK mac-address=50:8B:B9:5E:39:84 \ + server=013-iOT +add address=10.0.13.42 comment=P4-TEMP-GERADOR mac-address=1C:90:FF:F0:B7:E6 \ + server=013-iOT +add address=10.0.13.58 comment=P1-TEMP-RACK mac-address=A8:80:55:18:AC:13 \ + server=013-iOT +add address=10.0.13.34 comment=P4-TEMP_BATERIA mac-address=50:8B:B9:30:B6:26 \ + server=013-iOT +add address=10.0.13.59 comment=P3-DETEC-FUMACA mac-address=1C:90:FF:B1:69:62 \ + server=013-iOT +add address=10.0.13.31 client-id=1:f4:ce:23:a4:c1:58 comment=P3-TEMP-BATERIA \ + mac-address=50:8B:B9:2D:C4:C3 server=013-iOT +add address=10.0.13.30 comment=P4-DETC_FUMACA mac-address=18:DE:50:C4:B7:E7 \ + server=013-iOT +add address=10.0.13.48 client-id=1:46:ee:40:4f:14:91 comment=SEDE_CELULAR-TI \ + mac-address=46:EE:40:4F:14:91 server=013-iOT +add address=10.0.13.33 comment=P3-TEMP_RACK mac-address=50:8B:B9:5E:1A:59 \ + server=013-iOT +add address=10.0.13.62 comment=P2-DETEC_FUMACA mac-address=18:DE:50:C4:BF:D2 \ + server=013-iOT +add address=10.0.13.174 comment=P2-TEMP_RACK mac-address=A8:80:55:1D:90:0A \ + server=013-iOT +add address=10.0.13.175 comment=P2-TEMP_PORTA mac-address=A8:80:55:1B:67:1B \ + server=013-iOT +add address=10.0.13.68 mac-address=FC:3C:D7:DD:B3:5D server=013-iOT +add address=192.168.0.19 comment="SW estoque" mac-address=00:00:00:00:00:19 \ + server=069_SEDE_FIX +add address=192.168.0.21 comment="teste IA" mac-address=00:00:00:00:00:21 \ + server=069_SEDE_FIX +add address=10.0.13.78 comment=P3-AC-LG-22Btu mac-address=34:E6:E6:57:1D:DC \ + server=013-iOT +add address=10.0.13.69 mac-address=D8:C8:0C:02:B7:3C server=013-iOT +add address=10.0.13.70 mac-address=D8:C8:0C:02:B4:B5 server=013-iOT +add address=192.168.0.78 client-id=1:98:e5:5b:1f:d5:c4 mac-address=\ + 98:E5:5B:1F:D5:C4 server=069_SEDE_FIX +add address=192.168.0.53 client-id=1:b8:27:eb:7c:fd:82 mac-address=\ + B8:27:EB:7C:FD:82 server=069_SEDE_FIX +add address=192.168.0.110 client-id=1:0:21:b7:b3:3c:4 mac-address=\ + 00:21:B7:B3:3C:04 server=069_SEDE_FIX +/ip dhcp-server network +add address=10.0.13.0/24 dns-server=45.228.246.122,45.228.244.121 domain=\ + fixfibra.br gateway=10.0.13.23 +add address=192.168.0.0/24 comment="DNS - sede 192.168.0.6" dns-server=\ + 192.168.0.6 domain=fixfibra.br gateway=192.168.0.2 +add address=192.168.70.0/24 dns-server=192.168.0.6 domain=fixfibra.br \ + gateway=192.168.70.2 +add address=192.168.71.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ + fixfibra.guest gateway=192.168.71.2 +add address=192.168.72.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ + fixfibra.guest gateway=192.168.72.2 +/ip dns +set cache-max-ttl=1d servers=192.168.0.6,2804:47e4:1::120,2804:47e4:8002::124 +/ip firewall address-list +add address=192.168.0.6 list=Allow_sede +add address=192.168.0.24 list=Allow_sede +add address=192.168.0.7 list=Allow_sede +add address=192.168.70.0/24 list=AL_CELULARES-DROP +add address=10.0.0.0/8 list=AL_CELULARES-DROP +add address=192.168.0.0/24 list=AL_CELULARES-DROP +add address=192.168.70.0/24 list=AL_SEDE-DROP +add address=10.0.0.0/8 list=AL_SEDE-DROP +add address=192.168.0.15 list=Allow_sede +add address=10.0.24.10 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.12 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.13 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.14 list=AL-ACP-FERNANDA-OLT +add address=10.0.0.0/8 list=AL_SAIDA_RFC_4193 +add address=192.168.0.0/16 list=AL_SAIDA_RFC_4193 +add address=172.16.0.0/12 list=AL_SAIDA_RFC_4193 +add address=10.0.24.0/24 list=AL_GERENCIA_TI-NOC +add address=10.1.24.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.47 list=Allow_sede +add address=192.168.0.46 list=Allow_sede +add address=192.168.0.45 list=Allow_sede +add address=192.168.0.20 list=Allow_sede +add address=192.168.0.16 list=Allow_sede +add address=192.168.0.11 list=Allow_sede +add address=192.168.0.12 list=Allow_sede +add address=192.168.0.13 list=Allow_sede +add address=192.168.0.202 comment=NOTE-DAVI list=Allow-RASP +add address=192.168.0.140 comment=NOTE-LEO list=Allow-RASP +add address=192.168.0.73 comment=NOTE-GILMAR list=Allow-RASP +add address=192.168.0.95 list=Allow_sede +add address=192.168.0.17 list=Allow_sede +add address=10.0.24.11 list=AL-ACP-FERNANDA-OLT +add address=192.168.0.5 list=Allow_sede +add address=192.168.0.206 list=Allow_sede +add address=192.168.100.0/24 list=AL-ALLOW-71-unifi +add address=192.168.0.250 list=Allow_sede +add address=192.168.0.22 list=Allow_sede +add address=192.168.0.35 list=Allow_sede +add address=192.168.0.34 list=Allow_sede +add address=192.168.0.21 list=Allow_sede +add address=192.168.0.30 list=Allow_sede +add address=192.168.0.32 list=Allow_sede +add address=192.168.0.31 list=Allow_sede +add address=192.168.0.19 list=Allow_sede +add address=192.168.0.18 list=Allow_sede +add address=192.168.0.36 list=Allow_sede +add address=192.168.0.14 list=Allow_sede +add address=192.168.0.37 list=Allow_sede +add address=192.168.0.40 list=Allow_sede +add address=10.25.0.0/18 list=AL_GERENCIA_TI-NOC +add address=192.168.0.8 list=Allow_sede +add address=192.168.0.9 list=Allow_sede +add address=192.168.0.85 list=Allow_sede +add address=10.0.26.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.50 list=Allow_sede +add address=192.168.0.108 list=Allow_sede +add address=192.168.0.27 list=Allow_sede +add address=192.168.0.54 list=Allow_sede +add address=191.9.20.40 list=CASA-ANDRE +add address=172.20.0.0/22 list=AL_GERENCIA_TI-NOC +add address=172.20.8.0/22 list=AL_GERENCIA_TI-NOC +add address=192.168.0.41 list=Allow_sede +add address=192.168.0.25 list=Allow_sede +add address=192.168.0.39 list=Allow_sede +add address=192.168.0.53 list=Allow_sede +add address=192.168.80.0/24 list=Allow_sede +add address=10.0.13.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.78 list=Allow_sede +add address=192.168.0.26 list=Allow_sede +add address=192.168.0.2 list=Allow_sede +add address=10.0.70.0/30 list=Allow_sede +add address=192.168.0.110 list=Allow_sede +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +/ip firewall nat +add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ + 45.228.244.4 dst-port=443 protocol=tcp to-addresses=192.168.0.17 \ + to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ + dst-address=45.228.244.4 dst-port=5349 protocol=tcp to-addresses=\ + 192.168.0.17 to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ + dst-address=45.228.244.4 dst-port=5349 protocol=udp to-addresses=\ + 192.168.0.17 to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ + 45.228.244.4 dst-port=80 protocol=tcp to-addresses=192.168.0.17 to-ports=\ + 80 +add action=dst-nat chain=dstnat comment="## NAT - GERADOR POP 1" dst-address=\ + 45.228.244.4 dst-port=1351 protocol=tcp to-addresses=10.0.13.103 \ + to-ports=1351 +add action=src-nat chain=srcnat comment="## NAT PARA APP MAPEAMENTO DE PORTA" \ + dst-address-list=AL-ACP-FERNANDA-OLT src-address=192.168.0.15 \ + to-addresses=10.0.24.23 +add action=src-nat chain=srcnat comment="## NAT WAN - IOT NAT 246.4" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=10.0.13.0/24 \ + to-addresses=45.228.246.4 +add action=src-nat chain=srcnat comment="## NAT WAN - SEDE 69" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.0.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT WAN - NOC 70" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.70.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT WAN - HOTSPOT 72" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.72.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT - vlan 24 X TI-NOC" \ + dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ + to-addresses=10.0.24.23 +add action=src-nat chain=srcnat comment="## NAT - vlan 124 X TI-NOC" \ + dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ + to-addresses=10.1.24.23 +add action=src-nat chain=srcnat comment="## NAT WAN - UPDATE" disabled=yes \ + dst-address-list=!AL_SAIDA_RFC_4193 to-addresses=45.228.244.4 +/ip firewall raw +add action=accept chain=prerouting comment=\ + "## Regra para portal de mapeamento" dst-address-list=AL-ACP-FERNANDA-OLT \ + src-address=192.168.0.15 +add action=accept chain=prerouting comment="## Regra para Teste GenieACS" \ + dst-address=10.0.24.136 src-address=192.168.0.13 +add action=accept chain=prerouting comment="## Liberacao - UNIFI - OUTROS" \ + dst-address=192.168.0.24 src-address-list=AL-ALLOW-71-unifi +add action=accept chain=prerouting comment="## Regra de saida da VLAN 70" \ + src-address=192.168.70.0/24 +add action=accept chain=prerouting comment=\ + "## Regra de liberacao da Vlan 70 para host da vlan 69" dst-address=\ + 192.168.70.0/24 src-address-list=Allow_sede +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 69 para outras redes" dst-address-list=\ + AL_SEDE-DROP src-address=192.168.0.0/24 +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 71 para outras redes" disabled=yes \ + dst-address-list=AL_CELULARES-DROP src-address=192.168.100.0/24 +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 72 para outras redes" dst-address=\ + !192.168.0.24 dst-address-list=AL_CELULARES-DROP src-address=\ + 192.168.72.0/24 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add check-gateway=ping comment="## Default Route - B2" disabled=no distance=\ + 20 dst-address=0.0.0.0/0 gateway=172.31.32.21 pref-src="" routing-table=\ + main scope=30 suppress-hw-offload=no target-scope=10 +add check-gateway=arp comment="## Default Route - B1" disabled=no distance=\ + 100 dst-address=0.0.0.0/0 gateway=172.31.31.21 routing-table=main scope=\ + 30 suppress-hw-offload=no target-scope=10 +add comment="## GERENCIA 053-RADIOS" disabled=yes distance=1 dst-address=\ + 192.168.10.0/24 gateway=10.0.24.33 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="Gerencia vlan 25" disabled=no distance=1 dst-address=\ + 10.25.0.0/18 gateway=10.0.24.35 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="## Gerencia contratos bloqueados B2" disabled=no distance=1 \ + dst-address=172.20.8.0/22 gateway=10.0.24.8 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="## Gerencia contratos bloqueados B1" disabled=no distance=1 \ + dst-address=172.20.0.0/22 gateway=10.0.24.9 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +/ipv6 route +add check-gateway=ping comment="## Default Route - VS01" disabled=no \ + distance=20 dst-address=::/0 gateway=2804:47e4:0:1::15 routing-table=main \ + scope=30 suppress-hw-offload=no target-scope=10 +add check-gateway=ping comment="## Default Route - VS02" disabled=no \ + distance=100 dst-address=::/0 gateway=2804:47e4:8000:1::15 routing-table=\ + main scope=30 suppress-hw-offload=no target-scope=10 +add blackhole comment=BLACKHOLE disabled=no distance=255 dst-address=\ + 2804:47e4:8c0::/48 gateway="" routing-table=main scope=30 \ + suppress-hw-offload=no +/ip service +set ftp disabled=yes +set telnet disabled=yes +set www disabled=yes +set winbox address=10.0.0.0/8,45.228.244.0/22,2804:47e4::/32,192.168.0.0/16 \ + port=8292 +set api disabled=yes +set api-ssl disabled=yes +set ssh address=2804:47e4:8c0::/48,10.1.24.0/24 port=9022 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::16/126 advertise=no comment=Enlace-VS01 interface=\ + vlanif_199 +add address=::1 from-pool=v6_pool_LAN interface=vlanif_69 +add address=::1 from-pool=v6_pool_LAN_NOC interface=vlanif_70 +add address=::1 from-pool=v6_pool_013_iot interface=vlanif_13 +add address=2804:47e4:8000:1::16/126 advertise=no comment=Enlace-VS02 \ + interface=vlanif_299 +add address=fe80::4a8f:5aff:fe7a:1c7e advertise=no interface=vlanif_71 +/ipv6 firewall address-list +add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 +add address=::1/128 comment="defconf: lo" list=bad_ipv6 +add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 +add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 +add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 +add address=100::/64 comment="defconf: discard only " list=bad_ipv6 +add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 +add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 +add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 +add address=2804:47e4:8c0::/48 list="Bloco Sede" +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=Servicos_sede +add address=2804:47e4:8c0:3000::17/128 list=Servicos_sede +add address=fc00::/7 list=RFC-IPv6 +add address=fe80::/64 list=RFC-IPv6 +add address=ff00::/8 list=RFC-IPv6 +add address=2001::/23 list=bad_ipv6 +add address=2804:47e4:8002::124/128 list=Servicos_sede +add address=2804:47e4:8c0:3000::22/128 comment=OCS-INVETORY list=\ + Servicos_sede +add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=Servicos_sede +add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=DVR +add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=DVR +/ipv6 firewall filter +add action=accept chain=input comment="Permit - ICPMv6" protocol=icmpv6 +add action=accept chain=input comment="Permit - Link local" dst-address-list=\ + RFC-IPv6 src-address-list=RFC-IPv6 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=input comment="Drop - input " disabled=yes +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - foward - estab, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + "Bloco Sede" +add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ + Servicos_sede dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ + DVR dst-port=37777 protocol=tcp +add action=accept chain=forward comment="TURN - TALK NC" dst-address=\ + 2804:47e4:8c0:3000::17/128 dst-port=5349 protocol=tcp +add action=accept chain=forward comment="TURN - TALK NC" dst-address=\ + 2804:47e4:8c0:3000::17/128 dst-port=5349 protocol=udp +add action=drop chain=forward disabled=yes +/ipv6 firewall raw +add action=accept chain=prerouting comment="Aceita ICMPv6" disabled=yes \ + protocol=icmpv6 +add action=accept chain=prerouting comment=\ + "Aceita HTTP e HTTPS na interface WAN" disabled=yes dst-address-list=\ + Servicos_sede dst-port=80,443 protocol=tcp +add action=accept chain=prerouting comment="Permit -RFC" disabled=yes \ + dst-address-list=RFC-IPv6 src-address-list=RFC-IPv6 +add action=accept chain=prerouting comment="Bloco FIX " disabled=yes \ + dst-address-list=FIX-MeuBloco src-address-list=FIX-MeuBloco +add action=accept chain=prerouting comment=\ + "Aceita com prefixo de origem a sede" disabled=yes src-address-list=\ + "Bloco Sede" +add action=accept chain=prerouting comment="Aceita local Multicast" disabled=\ + yes dst-address=ff02::/16 +add action=drop chain=prerouting comment="Drop src bogon IP's" disabled=yes \ + src-address-list=bad_ipv6 +add action=drop chain=prerouting comment="Drop dst bogon IP's" disabled=yes \ + dst-address-list=bad_ipv6 +add action=accept chain=prerouting comment="Aceita todo o resto da WAN" \ + disabled=yes in-interface=vlanif_199 +add action=drop chain=prerouting comment="Descarta o resto" disabled=yes \ + log-prefix=debug_ +add action=accept chain=prerouting comment="Aceita DNS na interface WAN" \ + disabled=yes dst-port=53 protocol=udp +/ipv6 nd +set [ find default=yes ] managed-address-configuration=yes \ + other-configuration=yes +add dns=2804:47e4:8c0:3000::6 interface=vlanif_70 \ + managed-address-configuration=yes other-configuration=yes ra-preference=\ + high +add interface=vlanif_13 managed-address-configuration=yes \ + other-configuration=yes +add dns=2804:47e4:8c0:3000::6 interface=vlanif_69 \ + managed-address-configuration=yes other-configuration=yes ra-preference=\ + high +add advertise-dns=no interface=vlanif_199 managed-address-configuration=yes \ + ra-preference=low +add interface=vlanif_71 managed-address-configuration=yes \ + other-configuration=yes ra-preference=high +/mpls settings +set allow-fast-path=no propagate-ttl=no +/ppp secret +add name=andrefix profile=L2TP_NOC remote-address=192.168.70.10 service=l2tp +add name=daniel.sato profile=L2TP_NOC remote-address=192.168.70.11 service=\ + l2tp +add name=telicfix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp +add name=telicfix2 profile=L2TP_NOC remote-address=192.168.70.13 service=l2tp +add name=diego profile=L2TP service=l2tp +add disabled=yes name=diego2 profile=L2TP service=l2tp +add disabled=yes name=guilherme profile=L2TP_NOC remote-address=192.168.70.14 \ + service=l2tp +add name=otaviofix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp +add name=mariana.batista profile=L2TP_NOC remote-address=192.168.70.14 \ + service=l2tp +add name=ppp1 profile=L2TP_NOC remote-address=192.168.70.15 routes=\ + 192.168.70.2 service=l2tp +/radius +add address=10.1.24.138 comment="Radius - 10.1.24.138" require-message-auth=\ + no service=login src-address=10.1.24.23 timeout=300ms +/radius incoming +set accept=yes +/snmp +set contact="FIX FIBRA" enabled=yes location="\"Av. Nossa Sra. dos Navegantes,\ + \_1222 - Eldorado, Diadema - SP, 09972-260\"" src-address=10.0.24.23 \ + trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=SEDE-4011 +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=45.228.244.121 +add address=45.228.246.122 +add address=2804:47e4:1::120 +add address=2894:47e4:8002::124 +/system scheduler +add name="Reboot=UPD" on-event="/system reboot" policy=reboot start-date=\ + 2025-03-13 start-time=22:45:00 +/system watchdog +set watchdog-timer=no +/tool bandwidth-server +set enabled=no +/tool mac-server +set allowed-interface-list=LAN +/tool mac-server mac-winbox +set allowed-interface-list=LAN +/tool netwatch +add disabled=no down-script="/log info message=\"Deviando upload para rota de \ + backup\"\r\ + \n/ip route/disable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ + \n" host=192.33.4.12 http-codes="" interval=1m test-script="" type=icmp \ + up-script="/log info message=\"Deviando upload para rota princiapl\"\r\ + \n/ip route/enable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ + \n" +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/CGNAT01/05-12-2025.CGNAT_FIX01.backup b/CGNAT01/05-12-2025.CGNAT_FIX01.backup new file mode 100644 index 0000000..a529ee1 Binary files /dev/null and b/CGNAT01/05-12-2025.CGNAT_FIX01.backup differ diff --git a/CGNAT01/05-12-2025.CGNAT_FIX01.rsc b/CGNAT01/05-12-2025.CGNAT_FIX01.rsc new file mode 100644 index 0000000..838aaf1 --- /dev/null +++ b/CGNAT01/05-12-2025.CGNAT_FIX01.rsc @@ -0,0 +1,1647 @@ +# 2025-12-05 11:49:43 by RouterOS 7.19.4 +# software id = HWM1-WN09 +# +# model = CCR2116-12G-4S+ +# serial number = HFA09E2RDJP +/interface bridge +add comment="{CGNat IXCSoft}" name=IXCCGNat73 +add comment="{CGNat IXCSoft}" name=IXCCGNat75 +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=sfp-sfpplus3 ] disabled=yes +set [ find default-name=sfp-sfpplus4 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] loop-protect=off name=\ + sfpplus1_SW03-P10 +set [ find default-name=sfp-sfpplus2 ] name=sfpplus2_SW03-P11 +/interface bonding +add name=Eth-trunk1 slaves=sfpplus2_SW03-P11,sfpplus1_SW03-P10 +/interface vlan +add interface=Eth-trunk1 loop-protect=off name=0024-GERENCIA-L2 vlan-id=24 +add interface=Eth-trunk1 loop-protect=off name=0101-iBGP-B1 vlan-id=101 +add interface=Eth-trunk1 name=0102-UPLOAD-PPPoE-B1 vlan-id=102 +add interface=Eth-trunk1 loop-protect=off name=0124-GERENCIA-L3 vlan-id=124 +add interface=Eth-trunk1 loop-protect=off name=0201-iBGP-B2 vlan-id=201 +add interface=Eth-trunk1 name=0202-UPLOAD-PPPoE-B2 vlan-id=202 +/interface vrrp +add interface=0102-UPLOAD-PPPoE-B1 interval=5s name=0102-VRRP-MASTER \ + priority=200 vrid=102 +add interface=0202-UPLOAD-PPPoE-B2 interval=5s name=0202-VRRP-BACKUP vrid=202 +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip ipsec proposal +set [ find default=yes ] disabled=yes +/ip pool +add comment="CGNat IXCSoft" name=poolIXCCGNat ranges=\ + 100.102.0.0/20,100.100.0.0/20 +/port +set 0 name=serial0 +/routing bgp template +set default as=267083 disabled=no output.network=bgp-networks +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/ip smb +set enabled=no +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=2h4m udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=none protocol="" +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface ovpn-server server +add mac-address=FE:30:37:FB:9A:15 name=ovpn-server1 +/ip address +add address=10.0.24.22/24 interface=0024-GERENCIA-L2 network=10.0.24.0 +add address=172.17.2.3/29 interface=0201-iBGP-B2 network=172.17.2.0 +add address=172.17.1.3/29 interface=0101-iBGP-B1 network=172.17.1.0 +add address=10.1.24.22/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.245.0 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.0 +add address=45.228.245.1 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.1 +add address=45.228.245.2 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.2 +add address=45.228.245.3 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.3 +add address=45.228.245.4 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.4 +add address=45.228.245.5 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.5 +add address=45.228.245.6 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.6 +add address=45.228.245.7 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.7 +add address=45.228.245.8 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.8 +add address=45.228.245.9 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.9 +add address=45.228.245.10 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.10 +add address=45.228.245.11 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.11 +add address=45.228.245.12 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.12 +add address=45.228.245.13 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.13 +add address=45.228.245.14 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.14 +add address=45.228.245.15 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.15 +add address=45.228.245.16 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.16 +add address=45.228.245.17 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.17 +add address=45.228.245.18 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.18 +add address=45.228.245.19 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.19 +add address=45.228.245.20 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.20 +add address=45.228.245.21 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.21 +add address=45.228.245.22 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.22 +add address=45.228.245.23 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.23 +add address=45.228.245.24 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.24 +add address=45.228.245.25 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.25 +add address=45.228.245.26 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.26 +add address=45.228.245.27 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.27 +add address=45.228.245.28 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.28 +add address=45.228.245.29 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.29 +add address=45.228.245.30 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.30 +add address=45.228.245.31 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.31 +add address=45.228.245.32 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.32 +add address=45.228.245.33 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.33 +add address=45.228.245.34 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.34 +add address=45.228.245.35 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.35 +add address=45.228.245.36 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.36 +add address=45.228.245.37 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.37 +add address=45.228.245.38 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.38 +add address=45.228.245.39 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.39 +add address=45.228.245.40 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.40 +add address=45.228.245.41 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.41 +add address=45.228.245.42 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.42 +add address=45.228.245.43 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.43 +add address=45.228.245.44 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.44 +add address=45.228.245.45 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.45 +add address=45.228.245.46 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.46 +add address=45.228.245.47 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.47 +add address=45.228.245.48 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.48 +add address=45.228.245.49 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.49 +add address=45.228.245.50 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.50 +add address=45.228.245.51 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.51 +add address=45.228.245.52 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.52 +add address=45.228.245.53 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.53 +add address=45.228.245.54 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.54 +add address=45.228.245.55 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.55 +add address=45.228.245.56 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.56 +add address=45.228.245.57 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.57 +add address=45.228.245.58 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.58 +add address=45.228.245.59 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.59 +add address=45.228.245.60 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.60 +add address=45.228.245.61 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.61 +add address=45.228.245.62 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.62 +add address=45.228.245.63 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.63 +add address=45.228.245.64 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.64 +add address=45.228.245.65 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.65 +add address=45.228.245.66 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.66 +add address=45.228.245.67 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.67 +add address=45.228.245.68 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.68 +add address=45.228.245.69 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.69 +add address=45.228.245.70 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.70 +add address=45.228.245.71 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.71 +add address=45.228.245.72 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.72 +add address=45.228.245.73 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.73 +add address=45.228.245.74 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.74 +add address=45.228.245.75 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.75 +add address=45.228.245.76 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.76 +add address=45.228.245.77 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.77 +add address=45.228.245.78 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.78 +add address=45.228.245.79 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.79 +add address=45.228.245.80 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.80 +add address=45.228.245.81 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.81 +add address=45.228.245.82 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.82 +add address=45.228.245.83 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.83 +add address=45.228.245.84 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.84 +add address=45.228.245.85 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.85 +add address=45.228.245.86 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.86 +add address=45.228.245.87 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.87 +add address=45.228.245.88 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.88 +add address=45.228.245.89 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.89 +add address=45.228.245.90 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.90 +add address=45.228.245.91 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.91 +add address=45.228.245.92 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.92 +add address=45.228.245.93 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.93 +add address=45.228.245.94 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.94 +add address=45.228.245.95 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.95 +add address=45.228.245.96 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.96 +add address=45.228.245.97 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.97 +add address=45.228.245.98 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.98 +add address=45.228.245.99 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.99 +add address=45.228.245.100 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.100 +add address=45.228.245.101 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.101 +add address=45.228.245.102 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.102 +add address=45.228.245.103 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.103 +add address=45.228.245.104 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.104 +add address=45.228.245.105 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.105 +add address=45.228.245.106 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.106 +add address=45.228.245.107 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.107 +add address=45.228.245.108 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.108 +add address=45.228.245.109 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.109 +add address=45.228.245.110 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.110 +add address=45.228.245.111 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.111 +add address=45.228.245.112 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.112 +add address=45.228.245.113 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.113 +add address=45.228.245.114 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.114 +add address=45.228.245.115 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.115 +add address=45.228.245.116 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.116 +add address=45.228.245.117 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.117 +add address=45.228.245.118 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.118 +add address=45.228.245.119 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.119 +add address=45.228.245.120 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.120 +add address=45.228.245.121 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.121 +add address=45.228.245.122 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.122 +add address=45.228.245.123 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.123 +add address=45.228.245.124 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.124 +add address=45.228.245.125 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.125 +add address=45.228.245.126 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.126 +add address=45.228.245.127 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.127 +add address=45.228.245.128 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.128 +add address=45.228.245.129 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.129 +add address=45.228.245.130 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.130 +add address=45.228.245.131 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.131 +add address=45.228.245.132 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.132 +add address=45.228.245.133 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.133 +add address=45.228.245.134 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.134 +add address=45.228.245.135 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.135 +add address=45.228.245.136 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.136 +add address=45.228.245.137 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.137 +add address=45.228.245.138 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.138 +add address=45.228.245.139 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.139 +add address=45.228.245.140 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.140 +add address=45.228.245.141 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.141 +add address=45.228.245.142 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.142 +add address=45.228.245.143 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.143 +add address=45.228.245.144 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.144 +add address=45.228.245.145 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.145 +add address=45.228.245.146 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.146 +add address=45.228.245.147 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.147 +add address=45.228.245.148 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.148 +add address=45.228.245.149 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.149 +add address=45.228.245.150 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.150 +add address=45.228.245.151 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.151 +add address=45.228.245.152 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.152 +add address=45.228.245.153 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.153 +add address=45.228.245.154 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.154 +add address=45.228.245.155 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.155 +add address=45.228.245.156 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.156 +add address=45.228.245.157 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.157 +add address=45.228.245.158 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.158 +add address=45.228.245.159 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.159 +add address=45.228.245.160 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.160 +add address=45.228.245.161 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.161 +add address=45.228.245.162 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.162 +add address=45.228.245.163 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.163 +add address=45.228.245.164 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.164 +add address=45.228.245.165 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.165 +add address=45.228.245.166 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.166 +add address=45.228.245.167 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.167 +add address=45.228.245.168 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.168 +add address=45.228.245.169 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.169 +add address=45.228.245.170 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.170 +add address=45.228.245.171 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.171 +add address=45.228.245.172 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.172 +add address=45.228.245.173 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.173 +add address=45.228.245.174 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.174 +add address=45.228.245.175 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.175 +add address=45.228.245.176 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.176 +add address=45.228.245.177 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.177 +add address=45.228.245.178 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.178 +add address=45.228.245.179 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.179 +add address=45.228.245.180 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.180 +add address=45.228.245.181 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.181 +add address=45.228.245.182 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.182 +add address=45.228.245.183 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.183 +add address=45.228.245.184 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.184 +add address=45.228.245.185 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.185 +add address=45.228.245.186 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.186 +add address=45.228.245.187 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.187 +add address=45.228.245.188 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.188 +add address=45.228.245.189 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.189 +add address=45.228.245.190 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.190 +add address=45.228.245.191 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.191 +add address=45.228.245.192 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.192 +add address=45.228.245.193 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.193 +add address=45.228.245.194 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.194 +add address=45.228.245.195 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.195 +add address=45.228.245.196 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.196 +add address=45.228.245.197 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.197 +add address=45.228.245.198 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.198 +add address=45.228.245.199 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.199 +add address=45.228.245.200 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.200 +add address=45.228.245.201 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.201 +add address=45.228.245.202 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.202 +add address=45.228.245.203 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.203 +add address=45.228.245.204 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.204 +add address=45.228.245.205 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.205 +add address=45.228.245.206 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.206 +add address=45.228.245.207 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.207 +add address=45.228.245.208 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.208 +add address=45.228.245.209 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.209 +add address=45.228.245.210 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.210 +add address=45.228.245.211 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.211 +add address=45.228.245.212 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.212 +add address=45.228.245.213 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.213 +add address=45.228.245.214 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.214 +add address=45.228.245.215 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.215 +add address=45.228.245.216 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.216 +add address=45.228.245.217 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.217 +add address=45.228.245.218 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.218 +add address=45.228.245.219 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.219 +add address=45.228.245.220 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.220 +add address=45.228.245.221 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.221 +add address=45.228.245.222 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.222 +add address=45.228.245.223 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.223 +add address=45.228.245.224 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.224 +add address=45.228.245.225 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.225 +add address=45.228.245.226 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.226 +add address=45.228.245.227 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.227 +add address=45.228.245.228 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.228 +add address=45.228.245.229 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.229 +add address=45.228.245.230 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.230 +add address=45.228.245.231 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.231 +add address=45.228.245.232 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.232 +add address=45.228.245.233 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.233 +add address=45.228.245.234 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.234 +add address=45.228.245.235 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.235 +add address=45.228.245.236 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.236 +add address=45.228.245.237 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.237 +add address=45.228.245.238 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.238 +add address=45.228.245.239 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.239 +add address=45.228.245.240 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.240 +add address=45.228.245.241 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.241 +add address=45.228.245.242 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.242 +add address=45.228.245.243 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.243 +add address=45.228.245.244 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.244 +add address=45.228.245.245 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.245 +add address=45.228.245.246 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.246 +add address=45.228.245.247 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.247 +add address=45.228.245.248 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.248 +add address=45.228.245.249 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.249 +add address=45.228.245.250 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.250 +add address=45.228.245.251 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.251 +add address=45.228.245.252 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.252 +add address=45.228.245.253 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.253 +add address=45.228.245.254 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.254 +add address=45.228.245.255 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.255 +add address=45.228.247.0 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.0 +add address=45.228.247.1 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.1 +add address=45.228.247.2 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.2 +add address=45.228.247.3 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.3 +add address=45.228.247.4 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.4 +add address=45.228.247.5 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.5 +add address=45.228.247.6 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.6 +add address=45.228.247.7 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.7 +add address=45.228.247.8 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.8 +add address=45.228.247.9 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.9 +add address=45.228.247.10 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.10 +add address=45.228.247.11 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.11 +add address=45.228.247.12 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.12 +add address=45.228.247.13 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.13 +add address=45.228.247.14 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.14 +add address=45.228.247.15 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.15 +add address=45.228.247.16 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.16 +add address=45.228.247.17 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.17 +add address=45.228.247.18 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.18 +add address=45.228.247.19 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.19 +add address=45.228.247.20 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.20 +add address=45.228.247.21 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.21 +add address=45.228.247.22 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.22 +add address=45.228.247.23 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.23 +add address=45.228.247.24 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.24 +add address=45.228.247.25 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.25 +add address=45.228.247.26 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.26 +add address=45.228.247.27 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.27 +add address=45.228.247.28 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.28 +add address=45.228.247.29 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.29 +add address=45.228.247.30 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.30 +add address=45.228.247.31 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.31 +add address=45.228.247.32 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.32 +add address=45.228.247.33 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.33 +add address=45.228.247.34 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.34 +add address=45.228.247.35 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.35 +add address=45.228.247.36 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.36 +add address=45.228.247.37 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.37 +add address=45.228.247.38 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.38 +add address=45.228.247.39 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.39 +add address=45.228.247.40 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.40 +add address=45.228.247.41 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.41 +add address=45.228.247.42 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.42 +add address=45.228.247.43 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.43 +add address=45.228.247.44 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.44 +add address=45.228.247.45 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.45 +add address=45.228.247.46 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.46 +add address=45.228.247.47 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.47 +add address=45.228.247.48 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.48 +add address=45.228.247.49 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.49 +add address=45.228.247.50 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.50 +add address=45.228.247.51 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.51 +add address=45.228.247.52 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.52 +add address=45.228.247.53 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.53 +add address=45.228.247.54 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.54 +add address=45.228.247.55 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.55 +add address=45.228.247.56 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.56 +add address=45.228.247.57 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.57 +add address=45.228.247.58 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.58 +add address=45.228.247.59 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.59 +add address=45.228.247.60 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.60 +add address=45.228.247.61 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.61 +add address=45.228.247.62 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.62 +add address=45.228.247.63 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.63 +add address=45.228.247.64 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.64 +add address=45.228.247.65 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.65 +add address=45.228.247.66 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.66 +add address=45.228.247.67 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.67 +add address=45.228.247.68 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.68 +add address=45.228.247.69 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.69 +add address=45.228.247.70 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.70 +add address=45.228.247.71 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.71 +add address=45.228.247.72 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.72 +add address=45.228.247.73 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.73 +add address=45.228.247.74 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.74 +add address=45.228.247.75 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.75 +add address=45.228.247.76 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.76 +add address=45.228.247.77 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.77 +add address=45.228.247.78 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.78 +add address=45.228.247.79 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.79 +add address=45.228.247.80 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.80 +add address=45.228.247.81 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.81 +add address=45.228.247.82 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.82 +add address=45.228.247.83 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.83 +add address=45.228.247.84 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.84 +add address=45.228.247.85 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.85 +add address=45.228.247.86 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.86 +add address=45.228.247.87 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.87 +add address=45.228.247.88 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.88 +add address=45.228.247.89 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.89 +add address=45.228.247.90 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.90 +add address=45.228.247.91 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.91 +add address=45.228.247.92 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.92 +add address=45.228.247.93 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.93 +add address=45.228.247.94 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.94 +add address=45.228.247.95 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.95 +add address=45.228.247.96 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.96 +add address=45.228.247.97 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.97 +add address=45.228.247.98 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.98 +add address=45.228.247.99 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.99 +add address=45.228.247.100 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.100 +add address=45.228.247.101 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.101 +add address=45.228.247.102 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.102 +add address=45.228.247.103 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.103 +add address=45.228.247.104 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.104 +add address=45.228.247.105 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.105 +add address=45.228.247.106 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.106 +add address=45.228.247.107 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.107 +add address=45.228.247.108 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.108 +add address=45.228.247.109 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.109 +add address=45.228.247.110 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.110 +add address=45.228.247.111 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.111 +add address=45.228.247.112 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.112 +add address=45.228.247.113 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.113 +add address=45.228.247.114 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.114 +add address=45.228.247.115 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.115 +add address=45.228.247.116 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.116 +add address=45.228.247.117 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.117 +add address=45.228.247.118 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.118 +add address=45.228.247.119 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.119 +add address=45.228.247.120 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.120 +add address=45.228.247.121 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.121 +add address=45.228.247.122 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.122 +add address=45.228.247.123 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.123 +add address=45.228.247.124 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.124 +add address=45.228.247.125 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.125 +add address=45.228.247.126 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.126 +add address=45.228.247.127 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.127 +add address=45.228.247.128 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.128 +add address=45.228.247.129 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.129 +add address=45.228.247.130 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.130 +add address=45.228.247.131 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.131 +add address=45.228.247.132 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.132 +add address=45.228.247.133 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.133 +add address=45.228.247.134 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.134 +add address=45.228.247.135 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.135 +add address=45.228.247.136 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.136 +add address=45.228.247.137 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.137 +add address=45.228.247.138 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.138 +add address=45.228.247.139 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.139 +add address=45.228.247.140 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.140 +add address=45.228.247.141 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.141 +add address=45.228.247.142 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.142 +add address=45.228.247.143 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.143 +add address=45.228.247.144 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.144 +add address=45.228.247.145 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.145 +add address=45.228.247.146 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.146 +add address=45.228.247.147 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.147 +add address=45.228.247.148 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.148 +add address=45.228.247.149 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.149 +add address=45.228.247.150 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.150 +add address=45.228.247.151 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.151 +add address=45.228.247.152 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.152 +add address=45.228.247.153 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.153 +add address=45.228.247.154 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.154 +add address=45.228.247.155 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.155 +add address=45.228.247.156 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.156 +add address=45.228.247.157 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.157 +add address=45.228.247.158 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.158 +add address=45.228.247.159 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.159 +add address=45.228.247.160 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.160 +add address=45.228.247.161 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.161 +add address=45.228.247.162 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.162 +add address=45.228.247.163 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.163 +add address=45.228.247.164 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.164 +add address=45.228.247.165 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.165 +add address=45.228.247.166 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.166 +add address=45.228.247.167 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.167 +add address=45.228.247.168 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.168 +add address=45.228.247.169 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.169 +add address=45.228.247.170 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.170 +add address=45.228.247.171 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.171 +add address=45.228.247.172 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.172 +add address=45.228.247.173 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.173 +add address=45.228.247.174 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.174 +add address=45.228.247.175 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.175 +add address=45.228.247.176 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.176 +add address=45.228.247.177 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.177 +add address=45.228.247.178 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.178 +add address=45.228.247.179 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.179 +add address=45.228.247.180 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.180 +add address=45.228.247.181 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.181 +add address=45.228.247.182 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.182 +add address=45.228.247.183 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.183 +add address=45.228.247.184 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.184 +add address=45.228.247.185 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.185 +add address=45.228.247.186 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.186 +add address=45.228.247.187 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.187 +add address=45.228.247.188 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.188 +add address=45.228.247.189 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.189 +add address=45.228.247.190 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.190 +add address=45.228.247.191 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.191 +add address=45.228.247.192 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.192 +add address=45.228.247.193 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.193 +add address=45.228.247.194 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.194 +add address=45.228.247.195 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.195 +add address=45.228.247.196 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.196 +add address=45.228.247.197 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.197 +add address=45.228.247.198 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.198 +add address=45.228.247.199 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.199 +add address=45.228.247.200 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.200 +add address=45.228.247.201 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.201 +add address=45.228.247.202 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.202 +add address=45.228.247.203 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.203 +add address=45.228.247.204 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.204 +add address=45.228.247.205 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.205 +add address=45.228.247.206 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.206 +add address=45.228.247.207 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.207 +add address=45.228.247.208 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.208 +add address=45.228.247.209 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.209 +add address=45.228.247.210 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.210 +add address=45.228.247.211 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.211 +add address=45.228.247.212 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.212 +add address=45.228.247.213 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.213 +add address=45.228.247.214 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.214 +add address=45.228.247.215 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.215 +add address=45.228.247.216 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.216 +add address=45.228.247.217 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.217 +add address=45.228.247.218 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.218 +add address=45.228.247.219 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.219 +add address=45.228.247.220 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.220 +add address=45.228.247.221 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.221 +add address=45.228.247.222 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.222 +add address=45.228.247.223 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.223 +add address=45.228.247.224 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.224 +add address=45.228.247.225 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.225 +add address=45.228.247.226 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.226 +add address=45.228.247.227 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.227 +add address=45.228.247.228 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.228 +add address=45.228.247.229 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.229 +add address=45.228.247.230 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.230 +add address=45.228.247.231 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.231 +add address=45.228.247.232 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.232 +add address=45.228.247.233 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.233 +add address=45.228.247.234 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.234 +add address=45.228.247.235 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.235 +add address=45.228.247.236 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.236 +add address=45.228.247.237 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.237 +add address=45.228.247.238 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.238 +add address=45.228.247.239 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.239 +add address=45.228.247.240 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.240 +add address=45.228.247.241 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.241 +add address=45.228.247.242 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.242 +add address=45.228.247.243 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.243 +add address=45.228.247.244 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.244 +add address=45.228.247.245 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.245 +add address=45.228.247.246 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.246 +add address=45.228.247.247 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.247 +add address=45.228.247.248 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.248 +add address=45.228.247.249 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.249 +add address=45.228.247.250 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.250 +add address=45.228.247.251 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.251 +add address=45.228.247.252 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.252 +add address=45.228.247.253 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.253 +add address=45.228.247.254 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.254 +add address=45.228.247.255 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.255 +add address=172.17.1.11/29 interface=0102-UPLOAD-PPPoE-B1 network=172.17.1.8 +add address=172.17.2.11/29 interface=0202-UPLOAD-PPPoE-B2 network=172.17.2.8 +add address=172.17.1.14/29 interface=0102-VRRP-MASTER network=172.17.1.8 +add address=172.17.2.14/29 interface=0202-VRRP-BACKUP network=172.17.2.8 +/ip dns +set servers=10.0.24.120,45.228.246.122 +/ip firewall address-list +add address=100.100.0.0/20 list=bgp-networks +add address=100.100.8.0/21 list=bgp-networks +add address=100.102.8.0/21 list=bgp-networks +add address=100.102.0.0/20 list=bgp-networks +add address=45.228.245.0/24 list=bgp-networks +add address=45.228.247.0/24 list=bgp-networks +add address=10.0.24.15 comment="IXCProvedor endereco IP do sistema" list=\ + rede_local +add address=100.100.0.0/21 list=bgp-networks +add address=100.102.0.0/21 list=bgp-networks +add address=10.64.69.0/30 list=bgp-networks +add address=191.253.17.12 list=DDDoS +add address=92.223.98.98 list=DDDoS +add address=94.154.1.28 list=DDDoS +add address=103.216.155.208 list=DDDoS +add address=163.61.125.104 list=DDDoS +add address=211.154.31.109 list=DDDoS +add address=13.35.205.252 list=DDDoS +add address=163.61.124.50 list=DDDoS +add address=163.61.124.188 list=DDDoS +add address=163.61.124.110 list=DDDoS +add address=163.61.124.100 list=DDDoS +add address=163.61.124.168 list=DDDoS +add address=163.61.124.232 list=DDDoS +add address=163.61.124.20 list=DDDoS +add address=125.227.188.190 list=DDDoS +add address=103.248.152.87 list=DDDoS +add address=17.85.112.19 list=DDDoS_FASE1 +add address=104.18.3.144 list=DDDoS_FASE1 +add address=149.36.49.54 list=DDDoS_FASE1 +add address=154.197.56.102 list=DDDoS_FASE1 +add address=117.173.186.53 list=DDOS2 +add address=80.78.23.17 list=DDOS2 +add address=113.137.166.224 list=DDOS2 +add address=203.107.62.232 list=DDOS2 +add address=119.28.22.227 list=DDOS2 +add address=111.18.139.154 list=DDOS2 +add address=5.252.33.225 list=DDOS2 +add address=45.228.245.0/24 list=BGP-port-drop +add address=45.228.247.0/24 list=BGP-port-drop +/ip firewall filter +add action=drop chain=input disabled=yes log=yes log-prefix=25 protocol=tcp \ + src-port=25 +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +/ip firewall nat +add action=masquerade chain=srcnat disabled=yes log=yes log-prefix=MAsCarede \ + src-address=10.1.24.22 to-addresses=45.228.254.1 +add action=jump chain=srcnat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat src-address=100.64.0.0/10 +add action=jump chain=srcIXCCGNat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat-100.102.0.0-20 src-address=100.102.0.0/20 +add action=jump chain=srcIXCCGNat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat-100.100.0.0-20 src-address=100.100.0.0/20 +add action=jump chain=srcIXCCGNat-100.102.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-21 src-address=100.102.0.0/21 +add action=jump chain=srcIXCCGNat-100.102.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-22 src-address=100.102.0.0/22 +add action=jump chain=srcIXCCGNat-100.102.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-23 src-address=100.102.0.0/23 +add action=jump chain=srcIXCCGNat-100.102.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.2.0-23 src-address=100.102.2.0/23 +add action=jump chain=srcIXCCGNat-100.102.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.4.0-22 src-address=100.102.4.0/22 +add action=jump chain=srcIXCCGNat-100.102.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.4.0-23 src-address=100.102.4.0/23 +add action=jump chain=srcIXCCGNat-100.102.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.6.0-23 src-address=100.102.6.0/23 +add action=jump chain=srcIXCCGNat-100.102.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-21 src-address=100.102.8.0/21 +add action=jump chain=srcIXCCGNat-100.102.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-22 src-address=100.102.8.0/22 +add action=jump chain=srcIXCCGNat-100.102.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-23 src-address=100.102.8.0/23 +add action=jump chain=srcIXCCGNat-100.102.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.10.0-23 src-address=100.102.10.0/23 +add action=jump chain=srcIXCCGNat-100.102.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.12.0-22 src-address=100.102.12.0/22 +add action=jump chain=srcIXCCGNat-100.102.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.12.0-23 src-address=100.102.12.0/23 +add action=jump chain=srcIXCCGNat-100.102.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.14.0-23 src-address=100.102.14.0/23 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.0.0/24 to-addresses=45.228.245.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.0.0/24 to-addresses=45.228.245.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.1.0/24 to-addresses=45.228.245.0/24 \ + to-ports=5500-9499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.1.0/24 to-addresses=45.228.245.0/24 \ + to-ports=5500-9499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.2.0/24 to-addresses=45.228.245.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.2.0/24 to-addresses=45.228.245.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.3.0/24 to-addresses=45.228.245.0/24 \ + to-ports=13500-17499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.3.0/24 to-addresses=45.228.245.0/24 \ + to-ports=13500-17499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.4.0/24 to-addresses=45.228.245.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.4.0/24 to-addresses=45.228.245.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.5.0/24 to-addresses=45.228.245.0/24 \ + to-ports=21500-25499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.5.0/24 to-addresses=45.228.245.0/24 \ + to-ports=21500-25499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.6.0/24 to-addresses=45.228.245.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.6.0/24 to-addresses=45.228.245.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.7.0/24 to-addresses=45.228.245.0/24 \ + to-ports=29500-33499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.7.0/24 to-addresses=45.228.245.0/24 \ + to-ports=29500-33499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.8.0/24 to-addresses=45.228.245.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.8.0/24 to-addresses=45.228.245.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.9.0/24 to-addresses=45.228.245.0/24 \ + to-ports=37500-41499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.9.0/24 to-addresses=45.228.245.0/24 \ + to-ports=37500-41499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.10.0/24 to-addresses=45.228.245.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.10.0/24 to-addresses=45.228.245.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.11.0/24 to-addresses=45.228.245.0/24 \ + to-ports=45500-49499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.11.0/24 to-addresses=45.228.245.0/24 \ + to-ports=45500-49499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.12.0/24 to-addresses=45.228.245.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.12.0/24 to-addresses=45.228.245.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.13.0/24 to-addresses=45.228.245.0/24 \ + to-ports=53500-57499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.13.0/24 to-addresses=45.228.245.0/24 \ + to-ports=53500-57499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.14.0/24 to-addresses=45.228.245.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.14.0/24 to-addresses=45.228.245.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.15.0/24 to-addresses=45.228.245.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.15.0/24 to-addresses=45.228.245.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat comment="{CGNat IXCSoft}" src-address=\ + 100.102.0.0/20 to-addresses=45.228.245.0/24 +add action=jump chain=srcIXCCGNat-100.100.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-21 src-address=100.100.0.0/21 +add action=jump chain=srcIXCCGNat-100.100.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-22 src-address=100.100.0.0/22 +add action=jump chain=srcIXCCGNat-100.100.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-23 src-address=100.100.0.0/23 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.0.0/24 to-addresses=45.228.247.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.0.0/24 to-addresses=45.228.247.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.1.0/24 to-addresses=45.228.247.0/24 \ + to-ports=5500-9499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.1.0/24 to-addresses=45.228.247.0/24 \ + to-ports=5500-9499 +add action=jump chain=srcIXCCGNat-100.100.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.2.0-23 src-address=100.100.2.0/23 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.2.0/24 to-addresses=45.228.247.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.2.0/24 to-addresses=45.228.247.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.3.0/24 to-addresses=45.228.247.0/24 \ + to-ports=13500-17499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.3.0/24 to-addresses=45.228.247.0/24 \ + to-ports=13500-17499 +add action=jump chain=srcIXCCGNat-100.100.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.4.0-22 src-address=100.100.4.0/22 +add action=jump chain=srcIXCCGNat-100.100.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.4.0-23 src-address=100.100.4.0/23 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.4.0/24 to-addresses=45.228.247.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.4.0/24 to-addresses=45.228.247.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.5.0/24 to-addresses=45.228.247.0/24 \ + to-ports=21500-25499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.5.0/24 to-addresses=45.228.247.0/24 \ + to-ports=21500-25499 +add action=jump chain=srcIXCCGNat-100.100.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.6.0-23 src-address=100.100.6.0/23 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.6.0/24 to-addresses=45.228.247.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.6.0/24 to-addresses=45.228.247.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.7.0/24 to-addresses=45.228.247.0/24 \ + to-ports=29500-33499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.7.0/24 to-addresses=45.228.247.0/24 \ + to-ports=29500-33499 +add action=jump chain=srcIXCCGNat-100.100.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-21 src-address=100.100.8.0/21 +add action=jump chain=srcIXCCGNat-100.100.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-22 src-address=100.100.8.0/22 +add action=jump chain=srcIXCCGNat-100.100.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-23 src-address=100.100.8.0/23 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.8.0/24 to-addresses=45.228.247.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.8.0/24 to-addresses=45.228.247.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.9.0/24 to-addresses=45.228.247.0/24 \ + to-ports=37500-41499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.9.0/24 to-addresses=45.228.247.0/24 \ + to-ports=37500-41499 +add action=jump chain=srcIXCCGNat-100.100.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.10.0-23 src-address=100.100.10.0/23 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.10.0/24 to-addresses=45.228.247.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.10.0/24 to-addresses=45.228.247.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.11.0/24 to-addresses=45.228.247.0/24 \ + to-ports=45500-49499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.11.0/24 to-addresses=45.228.247.0/24 \ + to-ports=45500-49499 +add action=jump chain=srcIXCCGNat-100.100.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.12.0-22 src-address=100.100.12.0/22 +add action=jump chain=srcIXCCGNat-100.100.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.12.0-23 src-address=100.100.12.0/23 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.12.0/24 to-addresses=45.228.247.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.12.0/24 to-addresses=45.228.247.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.13.0/24 to-addresses=45.228.247.0/24 \ + to-ports=53500-57499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.13.0/24 to-addresses=45.228.247.0/24 \ + to-ports=53500-57499 +add action=jump chain=srcIXCCGNat-100.100.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.14.0-23 src-address=100.100.14.0/23 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.14.0/24 to-addresses=45.228.247.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.14.0/24 to-addresses=45.228.247.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.15.0/24 to-addresses=45.228.247.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.15.0/24 to-addresses=45.228.247.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat comment="{CGNat IXCSoft}" src-address=\ + 100.100.0.0/20 to-addresses=45.228.247.0/24 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.1 to-addresses=45.228.245.0 to-ports=1500-1999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.1 to-addresses=45.228.245.0 to-ports=1500-1999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.2 to-addresses=45.228.245.0 to-ports=2000-2499 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.2 to-addresses=45.228.245.0 to-ports=2000-2499 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.3 to-addresses=45.228.245.0 to-ports=2500-2999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.3 to-addresses=45.228.245.0 to-ports=2500-2999 +/ip firewall raw +add action=drop chain=prerouting protocol=udp src-port=19,25,1900,11211 +add action=drop chain=prerouting dst-address-list=BGP-port-drop protocol=udp \ + src-port=179 +add action=drop chain=prerouting dst-address-list=BGP-port-drop protocol=udp \ + src-port=179 +add action=drop chain=prerouting protocol=tcp src-port=19,25,1900,11211 +add action=drop chain=prerouting dst-port=19,25,1900,11211 protocol=udp +add action=drop chain=prerouting dst-port=19,25,1900,11211 protocol=tcp +add action=drop chain=prerouting dst-port=19,25,1900,11211 protocol=tcp +add action=drop chain=prerouting disabled=yes dst-address-list=DDDoS \ + log-prefix=DDDoS_ +add action=drop chain=prerouting disabled=yes dst-address-list=DDDoS_FASE1 \ + log-prefix=DDDoS_ +add action=drop chain=prerouting disabled=yes dst-address=104.18.3.144 \ + dst-port=443 protocol=tcp +add action=drop chain=prerouting disabled=yes dst-address=149.36.49.54 \ + dst-port=5000 port="" protocol=udp +add action=drop chain=prerouting disabled=yes dst-address=154.197.56.102 \ + dst-port=799 protocol=tcp +add action=drop chain=prerouting disabled=yes dst-address-list=DDOS2 \ + protocol=udp +add action=drop chain=prerouting disabled=yes dst-address-list=DDOS2 \ + protocol=tcp +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec policy +set 0 disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=##BLACKHOLE disabled=no distance=1 dst-address=\ + 100.100.0.0/20 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=##BLACKHOLE disabled=no distance=1 dst-address=\ + 100.102.0.0/20 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment="## BLACKHOLE" disabled=no distance=255 dst-address=\ + 45.228.245.0/24 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment="## BLACKHOLE" disabled=no distance=255 dst-address=\ + 45.228.247.0/24 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=##BLACKHOLE disabled=no distance=255 dst-address=\ + 10.64.69.0/30 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment=TEMPORARIO-DDoS disabled=yes distance=10 dst-address=0.0.0.0/0 \ + gateway=172.17.1.1 routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole comment=TESTE disabled=no distance=1 dst-address=80.78.23.17/32 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no +/ip service +set ftp disabled=yes +set telnet disabled=yes +set winbox address=10.0.0.0/8,45.228.244.0/22 port=8292 +set api-ssl disabled=yes +set www disabled=yes port=8880 +set ssh address=10.0.0.0/8,45.228.244.0/22 port=9022 +set api address=10.0.0.0/8 disabled=yes port=9728 +/ip traffic-flow +set cache-entries=512k enabled=yes interfaces="0202-VRRP-BACKUP,0202-UPLOAD-PP\ + PoE-B2,0201-iBGP-B2,0102-VRRP-MASTER,0102-UPLOAD-PPPoE-B1,0101-iBGP-B1" \ + packet-sampling=yes sampling-interval=10 sampling-space=5 +/ip traffic-flow target +add dst-address=10.0.24.129 port=3057 +/ip upnp +set allow-disable-external-interface=yes +/ipv6 nd +set [ find default=yes ] disabled=yes +/ppp aaa +set interim-update=20m use-radius=yes +/radius +add address=10.1.24.138 service=ppp,login src-address=10.1.24.22 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=no interfaces=0101-iBGP-B1 min-rx=200ms min-tx=200ms multiplier=\ + 3 +add disabled=no interfaces=0201-iBGP-B2 min-rx=200ms min-tx=200ms multiplier=\ + 3 +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing bgp connection +add as=267083 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no \ + input.filter=IBGP-BORDA-01-IN listen=yes local.address=172.17.1.3 .role=\ + ibgp name=BORDA-01 output.filter-chain=IBGP-BORDA-01-OUT .network=\ + bgp-networks remote.address=172.17.1.1/32 .as=267083 .port=179 \ + routing-table=main templates=default +add as=267083 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no \ + input.filter=IBGP-BORDA-02-IN listen=yes local.address=172.17.2.3 .role=\ + ibgp name=BORDA-02 output.filter-chain=IBGP-BORDA-02-OUT .network=\ + bgp-networks remote.address=172.17.2.2/32 .as=267083 .port=179 \ + routing-table=main templates=default +add as=267083 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no \ + input.filter=IBGP-BRAS-POP3-IN listen=yes local.address=172.17.1.3 .role=\ + ibgp name=BRAS-POP3 output.filter-chain=IBGP-BRAS-OUT .network=\ + bgp-networks remote.address=172.17.1.5/32 .as=267083 .port=179 \ + routing-table=main templates=default use-bfd=no +add as=267083 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no \ + input.filter=IBGP-BRAS-POP1-IN listen=yes local.address=172.17.2.3 .role=\ + ibgp name=BRAS-POP4 output.filter-chain=IBGP-BRAS-OUT .network=\ + bgp-networks remote.address=172.17.2.6/32 .as=267083 .port=179 \ + routing-table=main templates=default use-bfd=no +/routing filter rule +add chain=IBGP-BRAS-POP1-IN disabled=no rule="if (dst in 100.100.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 400; accept; }" +add chain=IBGP-BRAS-POP1-IN disabled=no rule="if (dst in 100.102.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 90; accept; }" +add chain=IBGP-BRAS-POP1-IN disabled=no rule="reject;" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="if (dst in 100.100.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 90; accept; }" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="if (dst in 100.102.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 400; accept; }" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="if (dst in 10.64.69.0/30 && dst-\ + len in 30-32) { set bgp-local-pref 400; accept; }" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="reject;" +add chain=IBGP-BRAS-OUT disabled=no rule="reject;" +add chain=IBGP-BORDA-01-IN disabled=no rule=\ + "if (dst in 0.0.0.0/0) { set bgp-local-pref 400; accept }" +add chain=IBGP-BORDA-01-IN disabled=no rule="reject;" +add chain=IBGP-BORDA-02-IN disabled=no rule=\ + "if (dst in 0.0.0.0/0) { set bgp-local-pref 90; accept }" +add chain=IBGP-BORDA-02-IN disabled=no rule="reject;" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 45.228.245.0/24) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 45.228.247.0/24) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 100.100.0.0/20) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 100.102.0.0/20) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 10.64.69.0/30) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule="reject;" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 45.228.245.0/24) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 45.228.247.0/24) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 100.100.0.0/20) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 100.102.0.0/20) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule="reject;" +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-autodetect=no time-zone-name=America/Sao_Paulo +/system console +set [ find ] disabled=yes +/system identity +set name=CGNAT_FIX01 +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.120 +add address=10.0.24.124 +/system routerboard settings +# Firmware upgraded successfully, please reboot for changes to take effect! +set enter-setup-on=delete-key +/system script +add dont-require-permissions=no name=backupSFTP owner=otaviofix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n#Conexao SFTP\ + \n\ + \n:global host 10.1.24.137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/CGNAT01\ + \n\ + \n#Pega o nome do Router\ + \n\ + \n:global identifica [/system identity get name]\ + \n\ + \n#Gera data no formato AAAA-MM-DD\ + \n\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";\ + \n\ + \n" +/system watchdog +set watchdog-timer=no +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com.br port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.br +/tool romon +set enabled=yes +/tool romon port +add interface=0024-GERENCIA-L2 +/user aaa +set default-group=full use-radius=yes diff --git a/CGNAT02/05-12-2025.CGNAT_FIX02.backup b/CGNAT02/05-12-2025.CGNAT_FIX02.backup new file mode 100644 index 0000000..8e9c353 Binary files /dev/null and b/CGNAT02/05-12-2025.CGNAT_FIX02.backup differ diff --git a/CGNAT02/05-12-2025.CGNAT_FIX02.rsc b/CGNAT02/05-12-2025.CGNAT_FIX02.rsc new file mode 100644 index 0000000..4d77561 --- /dev/null +++ b/CGNAT02/05-12-2025.CGNAT_FIX02.rsc @@ -0,0 +1,1647 @@ +# 2025-12-05 12:18:28 by RouterOS 7.20.5 +# software id = BPEI-910L +# +# model = CCR1036-8G-2S+ +# serial number = D8380C4E0863 +/interface bridge +add comment="{CGNat IXCSoft}" name=IXCCGNat73 port-cost-mode=short +add comment="{CGNat IXCSoft}" name=IXCCGNat75 port-cost-mode=short +add name=LoopWAN port-cost-mode=short +/interface ethernet +set [ find default-name=ether1 ] disabled=yes mac-address=64:D1:54:37:EE:54 +set [ find default-name=ether2 ] disabled=yes mac-address=64:D1:54:37:EE:55 +set [ find default-name=ether3 ] disabled=yes mac-address=64:D1:54:37:EE:56 +set [ find default-name=ether4 ] disabled=yes mac-address=64:D1:54:37:EE:57 +set [ find default-name=ether5 ] disabled=yes mac-address=64:D1:54:37:EE:58 +set [ find default-name=ether6 ] disabled=yes mac-address=64:D1:54:37:EE:59 +set [ find default-name=ether7 ] disabled=yes mac-address=64:D1:54:37:EE:5A +set [ find default-name=ether8 ] disabled=yes mac-address=64:D1:54:37:EE:5B +set [ find default-name=sfp-sfpplus1 ] comment="porta 1 - SFP" loop-protect=\ + off mac-address=64:D1:54:37:EE:52 name=sfpplus1_SW04_P07 +set [ find default-name=sfp-sfpplus2 ] comment="porta 2 - SFP" mac-address=\ + 64:D1:54:37:EE:53 name=sfpplus2_SW04_P08 +/interface bonding +add name=Eth-trunk1 slaves=sfpplus1_SW04_P07,sfpplus2_SW04_P08 +/interface vlan +add interface=Eth-trunk1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=Eth-trunk1 name=0101-iBGP-B1 vlan-id=101 +add interface=Eth-trunk1 name=0102-UPLOAD-PPPoE-B1 vlan-id=102 +add interface=Eth-trunk1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=Eth-trunk1 name=0201-iBGP-B2 vlan-id=201 +add interface=Eth-trunk1 name=0202-UPLOAD-PPPoE-B2 vlan-id=202 +/interface vrrp +add interface=0102-UPLOAD-PPPoE-B1 interval=5s name=0102-VRRP-BACKUP vrid=102 +add interface=0202-UPLOAD-PPPoE-B2 interval=5s name=0202-VRRP-MASTER \ + priority=200 vrid=202 +/interface list +add name=WAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +set 1 name=serial1 +/routing bgp instance +add as=267083 name=bgp-instance-1 vrf=main +/routing bgp template +set default as=267083 disabled=no output.default-originate=never .network=\ + bgp-networks routing-table=main +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +add name=logServer remote=10.0.24.134 remote-log-format=syslog remote-port=\ + 65014 src-address=10.0.24.21 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=2h4m udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic protocol="" +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:BD:D4:5D:81:23 name=ovpn-server1 +/ip address +add address=10.0.24.21/24 comment="### VLAN de gestao" interface=\ + 0024-GERENCIA-L2 network=10.0.24.0 +add address=10.1.24.21/24 comment="### VLAN de gestao" interface=\ + 0124-GERENCIA-L3 network=10.1.24.0 +add address=172.17.2.4/29 interface=0201-iBGP-B2 network=172.17.2.0 +add address=172.17.1.4/29 interface=0101-iBGP-B1 network=172.17.1.0 +add address=45.228.245.1 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.1 +add address=45.228.245.2 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.2 +add address=45.228.245.3 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.3 +add address=45.228.245.4 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.4 +add address=45.228.245.5 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.5 +add address=45.228.245.6 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.6 +add address=45.228.245.7 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.7 +add address=45.228.245.8 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.8 +add address=45.228.245.9 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.9 +add address=45.228.245.10 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.10 +add address=45.228.245.11 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.11 +add address=45.228.245.12 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.12 +add address=45.228.245.13 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.13 +add address=45.228.245.14 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.14 +add address=45.228.245.15 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.15 +add address=45.228.245.16 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.16 +add address=45.228.245.17 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.17 +add address=45.228.245.18 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.18 +add address=45.228.245.19 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.19 +add address=45.228.245.20 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.20 +add address=45.228.245.21 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.21 +add address=45.228.245.22 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.22 +add address=45.228.245.23 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.23 +add address=45.228.245.24 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.24 +add address=45.228.245.25 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.25 +add address=45.228.245.26 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.26 +add address=45.228.245.27 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.27 +add address=45.228.245.28 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.28 +add address=45.228.245.29 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.29 +add address=45.228.245.30 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.30 +add address=45.228.245.31 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.31 +add address=45.228.245.32 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.32 +add address=45.228.245.33 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.33 +add address=45.228.245.34 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.34 +add address=45.228.245.35 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.35 +add address=45.228.245.36 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.36 +add address=45.228.245.37 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.37 +add address=45.228.245.38 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.38 +add address=45.228.245.39 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.39 +add address=45.228.245.40 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.40 +add address=45.228.245.41 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.41 +add address=45.228.245.42 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.42 +add address=45.228.245.43 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.43 +add address=45.228.245.44 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.44 +add address=45.228.245.45 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.45 +add address=45.228.245.46 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.46 +add address=45.228.245.47 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.47 +add address=45.228.245.48 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.48 +add address=45.228.245.49 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.49 +add address=45.228.245.50 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.50 +add address=45.228.245.51 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.51 +add address=45.228.245.52 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.52 +add address=45.228.245.53 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.53 +add address=45.228.245.54 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.54 +add address=45.228.245.55 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.55 +add address=45.228.245.56 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.56 +add address=45.228.245.57 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.57 +add address=45.228.245.58 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.58 +add address=45.228.245.59 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.59 +add address=45.228.245.60 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.60 +add address=45.228.245.61 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.61 +add address=45.228.245.62 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.62 +add address=45.228.245.63 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.63 +add address=45.228.245.64 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.64 +add address=45.228.245.65 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.65 +add address=45.228.245.66 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.66 +add address=45.228.245.67 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.67 +add address=45.228.245.68 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.68 +add address=45.228.245.69 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.69 +add address=45.228.245.70 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.70 +add address=45.228.245.71 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.71 +add address=45.228.245.72 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.72 +add address=45.228.245.73 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.73 +add address=45.228.245.74 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.74 +add address=45.228.245.75 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.75 +add address=45.228.245.76 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.76 +add address=45.228.245.77 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.77 +add address=45.228.245.78 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.78 +add address=45.228.245.79 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.79 +add address=45.228.245.80 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.80 +add address=45.228.245.81 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.81 +add address=45.228.245.82 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.82 +add address=45.228.245.83 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.83 +add address=45.228.245.84 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.84 +add address=45.228.245.85 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.85 +add address=45.228.245.86 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.86 +add address=45.228.245.87 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.87 +add address=45.228.245.88 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.88 +add address=45.228.245.89 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.89 +add address=45.228.245.90 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.90 +add address=45.228.245.91 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.91 +add address=45.228.245.92 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.92 +add address=45.228.245.93 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.93 +add address=45.228.245.94 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.94 +add address=45.228.245.95 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.95 +add address=45.228.245.96 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.96 +add address=45.228.245.97 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.97 +add address=45.228.245.98 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.98 +add address=45.228.245.99 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.99 +add address=45.228.245.100 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.100 +add address=45.228.245.101 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.101 +add address=45.228.245.102 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.102 +add address=45.228.245.103 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.103 +add address=45.228.245.104 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.104 +add address=45.228.245.105 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.105 +add address=45.228.245.106 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.106 +add address=45.228.245.107 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.107 +add address=45.228.245.108 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.108 +add address=45.228.245.109 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.109 +add address=45.228.245.110 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.110 +add address=45.228.245.111 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.111 +add address=45.228.245.112 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.112 +add address=45.228.245.113 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.113 +add address=45.228.245.114 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.114 +add address=45.228.245.115 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.115 +add address=45.228.245.116 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.116 +add address=45.228.245.117 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.117 +add address=45.228.245.118 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.118 +add address=45.228.245.119 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.119 +add address=45.228.245.120 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.120 +add address=45.228.245.121 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.121 +add address=45.228.245.122 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.122 +add address=45.228.245.123 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.123 +add address=45.228.245.124 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.124 +add address=45.228.245.125 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.125 +add address=45.228.245.126 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.126 +add address=45.228.245.127 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.127 +add address=45.228.245.128 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.128 +add address=45.228.245.129 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.129 +add address=45.228.245.130 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.130 +add address=45.228.245.131 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.131 +add address=45.228.245.132 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.132 +add address=45.228.245.133 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.133 +add address=45.228.245.134 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.134 +add address=45.228.245.135 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.135 +add address=45.228.245.136 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.136 +add address=45.228.245.137 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.137 +add address=45.228.245.138 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.138 +add address=45.228.245.139 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.139 +add address=45.228.245.140 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.140 +add address=45.228.245.141 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.141 +add address=45.228.245.142 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.142 +add address=45.228.245.143 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.143 +add address=45.228.245.144 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.144 +add address=45.228.245.145 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.145 +add address=45.228.245.146 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.146 +add address=45.228.245.147 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.147 +add address=45.228.245.148 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.148 +add address=45.228.245.149 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.149 +add address=45.228.245.150 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.150 +add address=45.228.245.151 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.151 +add address=45.228.245.152 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.152 +add address=45.228.245.153 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.153 +add address=45.228.245.154 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.154 +add address=45.228.245.155 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.155 +add address=45.228.245.156 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.156 +add address=45.228.245.157 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.157 +add address=45.228.245.158 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.158 +add address=45.228.245.159 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.159 +add address=45.228.245.160 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.160 +add address=45.228.245.161 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.161 +add address=45.228.245.162 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.162 +add address=45.228.245.163 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.163 +add address=45.228.245.164 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.164 +add address=45.228.245.165 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.165 +add address=45.228.245.166 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.166 +add address=45.228.245.167 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.167 +add address=45.228.245.168 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.168 +add address=45.228.245.169 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.169 +add address=45.228.245.170 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.170 +add address=45.228.245.171 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.171 +add address=45.228.245.172 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.172 +add address=45.228.245.173 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.173 +add address=45.228.245.174 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.174 +add address=45.228.245.175 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.175 +add address=45.228.245.176 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.176 +add address=45.228.245.177 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.177 +add address=45.228.245.178 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.178 +add address=45.228.245.179 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.179 +add address=45.228.245.180 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.180 +add address=45.228.245.181 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.181 +add address=45.228.245.182 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.182 +add address=45.228.245.183 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.183 +add address=45.228.245.184 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.184 +add address=45.228.245.185 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.185 +add address=45.228.245.186 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.186 +add address=45.228.245.187 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.187 +add address=45.228.245.188 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.188 +add address=45.228.245.189 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.189 +add address=45.228.245.190 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.190 +add address=45.228.245.191 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.191 +add address=45.228.245.192 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.192 +add address=45.228.245.193 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.193 +add address=45.228.245.194 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.194 +add address=45.228.245.195 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.195 +add address=45.228.245.196 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.196 +add address=45.228.245.197 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.197 +add address=45.228.245.198 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.198 +add address=45.228.245.199 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.199 +add address=45.228.245.200 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.200 +add address=45.228.245.201 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.201 +add address=45.228.245.202 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.202 +add address=45.228.245.203 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.203 +add address=45.228.245.204 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.204 +add address=45.228.245.205 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.205 +add address=45.228.245.206 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.206 +add address=45.228.245.207 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.207 +add address=45.228.245.208 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.208 +add address=45.228.245.209 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.209 +add address=45.228.245.210 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.210 +add address=45.228.245.211 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.211 +add address=45.228.245.212 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.212 +add address=45.228.245.213 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.213 +add address=45.228.245.214 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.214 +add address=45.228.245.215 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.215 +add address=45.228.245.216 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.216 +add address=45.228.245.217 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.217 +add address=45.228.245.218 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.218 +add address=45.228.245.219 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.219 +add address=45.228.245.220 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.220 +add address=45.228.245.221 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.221 +add address=45.228.245.222 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.222 +add address=45.228.245.223 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.223 +add address=45.228.245.224 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.224 +add address=45.228.245.225 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.225 +add address=45.228.245.226 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.226 +add address=45.228.245.227 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.227 +add address=45.228.245.228 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.228 +add address=45.228.245.229 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.229 +add address=45.228.245.230 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.230 +add address=45.228.245.231 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.231 +add address=45.228.245.232 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.232 +add address=45.228.245.233 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.233 +add address=45.228.245.234 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.234 +add address=45.228.245.235 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.235 +add address=45.228.245.236 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.236 +add address=45.228.245.237 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.237 +add address=45.228.245.238 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.238 +add address=45.228.245.239 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.239 +add address=45.228.245.240 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.240 +add address=45.228.245.241 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.241 +add address=45.228.245.242 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.242 +add address=45.228.245.243 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.243 +add address=45.228.245.244 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.244 +add address=45.228.245.245 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.245 +add address=45.228.245.246 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.246 +add address=45.228.245.247 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.247 +add address=45.228.245.248 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.248 +add address=45.228.245.249 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.249 +add address=45.228.245.250 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.250 +add address=45.228.245.251 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.251 +add address=45.228.245.252 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.252 +add address=45.228.245.253 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.253 +add address=45.228.245.254 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.254 +add address=45.228.245.255 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.255 +add address=45.228.247.0 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.0 +add address=45.228.247.1 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.1 +add address=45.228.247.2 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.2 +add address=45.228.247.3 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.3 +add address=45.228.247.4 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.4 +add address=45.228.247.5 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.5 +add address=45.228.247.6 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.6 +add address=45.228.247.7 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.7 +add address=45.228.247.8 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.8 +add address=45.228.247.9 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.9 +add address=45.228.247.10 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.10 +add address=45.228.247.11 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.11 +add address=45.228.247.12 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.12 +add address=45.228.247.13 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.13 +add address=45.228.247.14 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.14 +add address=45.228.247.15 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.15 +add address=45.228.247.16 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.16 +add address=45.228.247.17 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.17 +add address=45.228.247.18 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.18 +add address=45.228.247.19 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.19 +add address=45.228.247.20 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.20 +add address=45.228.247.21 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.21 +add address=45.228.247.22 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.22 +add address=45.228.247.23 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.23 +add address=45.228.247.24 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.24 +add address=45.228.247.25 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.25 +add address=45.228.247.26 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.26 +add address=45.228.247.27 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.27 +add address=45.228.247.28 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.28 +add address=45.228.247.29 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.29 +add address=45.228.247.30 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.30 +add address=45.228.247.31 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.31 +add address=45.228.247.32 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.32 +add address=45.228.247.33 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.33 +add address=45.228.247.34 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.34 +add address=45.228.247.35 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.35 +add address=45.228.247.36 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.36 +add address=45.228.247.37 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.37 +add address=45.228.247.38 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.38 +add address=45.228.247.39 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.39 +add address=45.228.247.40 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.40 +add address=45.228.247.41 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.41 +add address=45.228.247.42 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.42 +add address=45.228.247.43 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.43 +add address=45.228.247.44 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.44 +add address=45.228.247.45 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.45 +add address=45.228.247.46 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.46 +add address=45.228.247.47 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.47 +add address=45.228.247.48 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.48 +add address=45.228.247.49 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.49 +add address=45.228.247.50 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.50 +add address=45.228.247.51 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.51 +add address=45.228.247.52 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.52 +add address=45.228.247.53 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.53 +add address=45.228.247.54 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.54 +add address=45.228.247.55 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.55 +add address=45.228.247.56 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.56 +add address=45.228.247.57 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.57 +add address=45.228.247.58 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.58 +add address=45.228.247.59 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.59 +add address=45.228.247.60 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.60 +add address=45.228.247.61 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.61 +add address=45.228.247.62 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.62 +add address=45.228.247.63 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.63 +add address=45.228.247.64 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.64 +add address=45.228.247.65 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.65 +add address=45.228.247.66 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.66 +add address=45.228.247.67 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.67 +add address=45.228.247.68 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.68 +add address=45.228.247.69 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.69 +add address=45.228.247.70 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.70 +add address=45.228.247.71 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.71 +add address=45.228.247.72 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.72 +add address=45.228.247.73 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.73 +add address=45.228.247.74 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.74 +add address=45.228.247.75 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.75 +add address=45.228.247.76 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.76 +add address=45.228.247.77 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.77 +add address=45.228.247.78 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.78 +add address=45.228.247.79 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.79 +add address=45.228.247.80 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.80 +add address=45.228.247.81 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.81 +add address=45.228.247.82 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.82 +add address=45.228.247.83 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.83 +add address=45.228.247.84 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.84 +add address=45.228.247.85 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.85 +add address=45.228.247.86 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.86 +add address=45.228.247.87 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.87 +add address=45.228.247.88 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.88 +add address=45.228.247.89 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.89 +add address=45.228.247.90 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.90 +add address=45.228.247.91 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.91 +add address=45.228.247.92 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.92 +add address=45.228.247.93 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.93 +add address=45.228.247.94 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.94 +add address=45.228.247.95 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.95 +add address=45.228.247.96 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.96 +add address=45.228.247.97 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.97 +add address=45.228.247.98 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.98 +add address=45.228.247.99 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.99 +add address=45.228.247.100 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.100 +add address=45.228.247.101 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.101 +add address=45.228.247.102 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.102 +add address=45.228.247.103 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.103 +add address=45.228.247.104 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.104 +add address=45.228.247.105 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.105 +add address=45.228.247.106 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.106 +add address=45.228.247.107 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.107 +add address=45.228.247.108 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.108 +add address=45.228.247.109 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.109 +add address=45.228.247.110 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.110 +add address=45.228.247.111 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.111 +add address=45.228.247.112 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.112 +add address=45.228.247.113 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.113 +add address=45.228.247.114 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.114 +add address=45.228.247.115 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.115 +add address=45.228.247.116 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.116 +add address=45.228.247.117 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.117 +add address=45.228.247.118 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.118 +add address=45.228.247.119 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.119 +add address=45.228.247.120 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.120 +add address=45.228.247.121 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.121 +add address=45.228.247.122 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.122 +add address=45.228.247.123 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.123 +add address=45.228.247.124 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.124 +add address=45.228.247.125 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.125 +add address=45.228.247.126 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.126 +add address=45.228.247.127 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.127 +add address=45.228.247.128 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.128 +add address=45.228.247.129 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.129 +add address=45.228.247.130 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.130 +add address=45.228.247.131 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.131 +add address=45.228.247.132 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.132 +add address=45.228.247.133 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.133 +add address=45.228.247.134 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.134 +add address=45.228.247.135 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.135 +add address=45.228.247.136 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.136 +add address=45.228.247.137 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.137 +add address=45.228.247.138 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.138 +add address=45.228.247.139 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.139 +add address=45.228.247.140 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.140 +add address=45.228.247.141 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.141 +add address=45.228.247.142 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.142 +add address=45.228.247.143 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.143 +add address=45.228.247.144 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.144 +add address=45.228.247.145 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.145 +add address=45.228.247.146 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.146 +add address=45.228.247.147 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.147 +add address=45.228.247.148 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.148 +add address=45.228.247.149 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.149 +add address=45.228.247.150 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.150 +add address=45.228.247.151 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.151 +add address=45.228.247.152 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.152 +add address=45.228.247.153 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.153 +add address=45.228.247.154 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.154 +add address=45.228.247.155 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.155 +add address=45.228.247.156 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.156 +add address=45.228.247.157 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.157 +add address=45.228.247.158 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.158 +add address=45.228.247.159 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.159 +add address=45.228.247.160 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.160 +add address=45.228.247.161 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.161 +add address=45.228.247.162 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.162 +add address=45.228.247.163 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.163 +add address=45.228.247.164 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.164 +add address=45.228.247.165 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.165 +add address=45.228.247.166 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.166 +add address=45.228.247.167 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.167 +add address=45.228.247.168 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.168 +add address=45.228.247.169 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.169 +add address=45.228.247.170 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.170 +add address=45.228.247.171 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.171 +add address=45.228.247.172 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.172 +add address=45.228.247.173 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.173 +add address=45.228.247.174 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.174 +add address=45.228.247.175 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.175 +add address=45.228.247.176 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.176 +add address=45.228.247.177 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.177 +add address=45.228.247.178 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.178 +add address=45.228.247.179 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.179 +add address=45.228.247.180 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.180 +add address=45.228.247.181 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.181 +add address=45.228.247.182 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.182 +add address=45.228.247.183 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.183 +add address=45.228.247.184 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.184 +add address=45.228.247.185 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.185 +add address=45.228.247.186 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.186 +add address=45.228.247.187 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.187 +add address=45.228.247.188 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.188 +add address=45.228.247.189 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.189 +add address=45.228.247.190 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.190 +add address=45.228.247.191 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.191 +add address=45.228.247.192 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.192 +add address=45.228.247.193 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.193 +add address=45.228.247.194 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.194 +add address=45.228.247.195 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.195 +add address=45.228.247.196 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.196 +add address=45.228.247.197 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.197 +add address=45.228.247.198 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.198 +add address=45.228.247.199 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.199 +add address=45.228.247.200 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.200 +add address=45.228.247.201 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.201 +add address=45.228.247.202 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.202 +add address=45.228.247.203 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.203 +add address=45.228.247.204 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.204 +add address=45.228.247.205 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.205 +add address=45.228.247.206 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.206 +add address=45.228.247.207 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.207 +add address=45.228.247.208 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.208 +add address=45.228.247.209 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.209 +add address=45.228.247.210 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.210 +add address=45.228.247.211 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.211 +add address=45.228.247.212 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.212 +add address=45.228.247.213 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.213 +add address=45.228.247.214 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.214 +add address=45.228.247.215 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.215 +add address=45.228.247.216 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.216 +add address=45.228.247.217 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.217 +add address=45.228.247.218 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.218 +add address=45.228.247.219 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.219 +add address=45.228.247.220 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.220 +add address=45.228.247.221 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.221 +add address=45.228.247.222 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.222 +add address=45.228.247.223 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.223 +add address=45.228.247.224 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.224 +add address=45.228.247.225 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.225 +add address=45.228.247.226 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.226 +add address=45.228.247.227 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.227 +add address=45.228.247.228 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.228 +add address=45.228.247.229 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.229 +add address=45.228.247.230 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.230 +add address=45.228.247.231 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.231 +add address=45.228.247.232 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.232 +add address=45.228.247.233 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.233 +add address=45.228.247.234 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.234 +add address=45.228.247.235 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.235 +add address=45.228.247.236 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.236 +add address=45.228.247.237 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.237 +add address=45.228.247.238 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.238 +add address=45.228.247.239 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.239 +add address=45.228.247.240 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.240 +add address=45.228.247.241 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.241 +add address=45.228.247.242 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.242 +add address=45.228.247.243 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.243 +add address=45.228.247.244 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.244 +add address=45.228.247.245 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.245 +add address=45.228.247.246 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.246 +add address=45.228.247.247 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.247 +add address=45.228.247.248 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.248 +add address=45.228.247.249 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.249 +add address=45.228.247.250 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.250 +add address=45.228.247.251 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.251 +add address=45.228.247.252 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.252 +add address=45.228.247.253 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.253 +add address=45.228.247.254 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.254 +add address=45.228.247.255 comment="{CGNat IXCSoft}" interface=IXCCGNat75 \ + network=45.228.247.255 +add address=45.228.245.0 comment="{CGNat IXCSoft}" interface=IXCCGNat73 \ + network=45.228.245.0 +add address=172.17.1.12/29 interface=0102-UPLOAD-PPPoE-B1 network=172.17.1.8 +add address=172.17.1.14/29 interface=0102-VRRP-BACKUP network=172.17.1.8 +add address=172.17.2.12/29 interface=0202-UPLOAD-PPPoE-B2 network=172.17.2.8 +add address=172.17.2.14/29 interface=0202-VRRP-MASTER network=172.17.2.8 +/ip cloud +set update-time=no +/ip dns +set servers=45.228.246.122,1.1.1.1,45.228.244.121 +/ip firewall address-list +add address=100.100.0.0/21 list=bgp-networks +add address=100.102.0.0/21 list=bgp-networks +add address=100.102.8.0/21 list=bgp-networks +add address=100.100.8.0/21 list=bgp-networks +add address=45.228.245.0/24 list=bgp-networks +add address=45.228.247.0/24 list=bgp-networks +add address=100.100.0.0/20 list=bgp-networks +add address=100.102.0.0/20 list=bgp-networks +add address=10.0.24.15 comment="IXCProvedor endereco IP do sistema" list=\ + rede_local +add address=191.253.17.12 list=DDDoS +add address=92.223.98.98 list=DDDoS +add address=94.154.1.28 list=DDDoS +add address=103.216.155.208 list=DDDoS +add address=203.107.60.167 list=DDDoS +add address=211.154.31.109 list=DDDoS +add address=13.35.205.252 list=DDDoS +add address=163.61.124.50 list=DDDoS +add address=163.61.124.188 list=DDDoS +add address=163.61.124.110 list=DDDoS +add address=163.61.124.100 list=DDDoS +add address=163.61.124.168 list=DDDoS +add address=163.61.124.232 list=DDDoS +add address=163.61.124.20 list=DDDoS +add address=163.61.125.104 list=DDDoS +add address=103.248.152.87 list=DDDoS +add address=80.78.23.17 list=DDOS2 +add address=117.173.186.53 list=DDOS2 +add address=113.137.166.224 list=DDOS2 +add address=203.107.62.232 list=DDOS2 +add address=119.28.22.227 list=DDOS2 +add address=5.252.33.225 list=DDOS2 +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +/ip firewall nat +add action=src-nat chain=srcnat comment="NAT DEFAULT - andre" disabled=yes \ + to-addresses=45.228.247.2 +add action=jump chain=srcnat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat src-address=100.64.0.0/10 +add action=jump chain=srcIXCCGNat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat-100.102.0.0-20 src-address=100.102.0.0/20 +add action=jump chain=srcIXCCGNat-100.102.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-21 src-address=100.102.0.0/21 +add action=jump chain=srcIXCCGNat-100.102.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-22 src-address=100.102.0.0/22 +add action=jump chain=srcIXCCGNat-100.102.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.0.0-23 src-address=100.102.0.0/23 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.0.0/24 to-addresses=45.228.245.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.0.0/24 to-addresses=45.228.245.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.1.0/24 to-addresses=45.228.245.0/24 \ + to-ports=5500-9499 +add action=netmap chain=srcIXCCGNat-100.102.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.1.0/24 to-addresses=45.228.245.0/24 \ + to-ports=5500-9499 +add action=jump chain=srcIXCCGNat-100.102.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.2.0-23 src-address=100.102.2.0/23 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.2.0/24 to-addresses=45.228.245.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.2.0/24 to-addresses=45.228.245.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.3.0/24 to-addresses=45.228.245.0/24 \ + to-ports=13500-17499 +add action=netmap chain=srcIXCCGNat-100.102.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.3.0/24 to-addresses=45.228.245.0/24 \ + to-ports=13500-17499 +add action=jump chain=srcIXCCGNat-100.102.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.4.0-22 src-address=100.102.4.0/22 +add action=jump chain=srcIXCCGNat-100.102.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.4.0-23 src-address=100.102.4.0/23 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.4.0/24 to-addresses=45.228.245.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.4.0/24 to-addresses=45.228.245.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.5.0/24 to-addresses=45.228.245.0/24 \ + to-ports=21500-25499 +add action=netmap chain=srcIXCCGNat-100.102.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.5.0/24 to-addresses=45.228.245.0/24 \ + to-ports=21500-25499 +add action=jump chain=srcIXCCGNat-100.102.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.6.0-23 src-address=100.102.6.0/23 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.6.0/24 to-addresses=45.228.245.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.6.0/24 to-addresses=45.228.245.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.7.0/24 to-addresses=45.228.245.0/24 \ + to-ports=29500-33499 +add action=netmap chain=srcIXCCGNat-100.102.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.7.0/24 to-addresses=45.228.245.0/24 \ + to-ports=29500-33499 +add action=jump chain=srcIXCCGNat-100.102.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-21 src-address=100.102.8.0/21 +add action=jump chain=srcIXCCGNat-100.102.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-22 src-address=100.102.8.0/22 +add action=jump chain=srcIXCCGNat-100.102.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.8.0-23 src-address=100.102.8.0/23 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.8.0/24 to-addresses=45.228.245.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.8.0/24 to-addresses=45.228.245.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.9.0/24 to-addresses=45.228.245.0/24 \ + to-ports=37500-41499 +add action=netmap chain=srcIXCCGNat-100.102.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.9.0/24 to-addresses=45.228.245.0/24 \ + to-ports=37500-41499 +add action=jump chain=srcIXCCGNat-100.102.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.10.0-23 src-address=100.102.10.0/23 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.10.0/24 to-addresses=45.228.245.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.10.0/24 to-addresses=45.228.245.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.11.0/24 to-addresses=45.228.245.0/24 \ + to-ports=45500-49499 +add action=netmap chain=srcIXCCGNat-100.102.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.11.0/24 to-addresses=45.228.245.0/24 \ + to-ports=45500-49499 +add action=jump chain=srcIXCCGNat-100.102.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.12.0-22 src-address=100.102.12.0/22 +add action=jump chain=srcIXCCGNat-100.102.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.12.0-23 src-address=100.102.12.0/23 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.12.0/24 to-addresses=45.228.245.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.12.0/24 to-addresses=45.228.245.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.13.0/24 to-addresses=45.228.245.0/24 \ + to-ports=53500-57499 +add action=netmap chain=srcIXCCGNat-100.102.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.13.0/24 to-addresses=45.228.245.0/24 \ + to-ports=53500-57499 +add action=jump chain=srcIXCCGNat-100.102.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.102.14.0-23 src-address=100.102.14.0/23 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.14.0/24 to-addresses=45.228.245.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.14.0/24 to-addresses=45.228.245.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.102.15.0/24 to-addresses=45.228.245.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat-100.102.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.102.15.0/24 to-addresses=45.228.245.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat comment="{CGNat IXCSoft}" src-address=\ + 100.102.0.0/20 to-addresses=45.228.245.0/24 +add action=jump chain=srcIXCCGNat comment="{CGNat IXCSoft}" jump-target=\ + srcIXCCGNat-100.100.0.0-20 src-address=100.100.0.0/20 +add action=jump chain=srcIXCCGNat-100.100.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-21 src-address=100.100.0.0/21 +add action=jump chain=srcIXCCGNat-100.100.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-22 src-address=100.100.0.0/22 +add action=jump chain=srcIXCCGNat-100.100.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.0.0-23 src-address=100.100.0.0/23 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.0.0/24 to-addresses=45.228.247.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.0.0/24 to-addresses=45.228.247.0/24 \ + to-ports=1500-5499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.1.0/24 to-addresses=45.228.247.0/24 \ + to-ports=5500-9499 +add action=netmap chain=srcIXCCGNat-100.100.0.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.1.0/24 to-addresses=45.228.247.0/24 \ + to-ports=5500-9499 +add action=jump chain=srcIXCCGNat-100.100.0.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.2.0-23 src-address=100.100.2.0/23 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.2.0/24 to-addresses=45.228.247.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.2.0/24 to-addresses=45.228.247.0/24 \ + to-ports=9500-13499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.3.0/24 to-addresses=45.228.247.0/24 \ + to-ports=13500-17499 +add action=netmap chain=srcIXCCGNat-100.100.2.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.3.0/24 to-addresses=45.228.247.0/24 \ + to-ports=13500-17499 +add action=jump chain=srcIXCCGNat-100.100.0.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.4.0-22 src-address=100.100.4.0/22 +add action=jump chain=srcIXCCGNat-100.100.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.4.0-23 src-address=100.100.4.0/23 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.4.0/24 to-addresses=45.228.247.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.4.0/24 to-addresses=45.228.247.0/24 \ + to-ports=17500-21499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.5.0/24 to-addresses=45.228.247.0/24 \ + to-ports=21500-25499 +add action=netmap chain=srcIXCCGNat-100.100.4.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.5.0/24 to-addresses=45.228.247.0/24 \ + to-ports=21500-25499 +add action=jump chain=srcIXCCGNat-100.100.4.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.6.0-23 src-address=100.100.6.0/23 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.6.0/24 to-addresses=45.228.247.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.6.0/24 to-addresses=45.228.247.0/24 \ + to-ports=25500-29499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.7.0/24 to-addresses=45.228.247.0/24 \ + to-ports=29500-33499 +add action=netmap chain=srcIXCCGNat-100.100.6.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.7.0/24 to-addresses=45.228.247.0/24 \ + to-ports=29500-33499 +add action=jump chain=srcIXCCGNat-100.100.0.0-20 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-21 src-address=100.100.8.0/21 +add action=jump chain=srcIXCCGNat-100.100.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-22 src-address=100.100.8.0/22 +add action=jump chain=srcIXCCGNat-100.100.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.8.0-23 src-address=100.100.8.0/23 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.8.0/24 to-addresses=45.228.247.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.8.0/24 to-addresses=45.228.247.0/24 \ + to-ports=33500-37499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.9.0/24 to-addresses=45.228.247.0/24 \ + to-ports=37500-41499 +add action=netmap chain=srcIXCCGNat-100.100.8.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.9.0/24 to-addresses=45.228.247.0/24 \ + to-ports=37500-41499 +add action=jump chain=srcIXCCGNat-100.100.8.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.10.0-23 src-address=100.100.10.0/23 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.10.0/24 to-addresses=45.228.247.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.10.0/24 to-addresses=45.228.247.0/24 \ + to-ports=41500-45499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.11.0/24 to-addresses=45.228.247.0/24 \ + to-ports=45500-49499 +add action=netmap chain=srcIXCCGNat-100.100.10.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.11.0/24 to-addresses=45.228.247.0/24 \ + to-ports=45500-49499 +add action=jump chain=srcIXCCGNat-100.100.8.0-21 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.12.0-22 src-address=100.100.12.0/22 +add action=jump chain=srcIXCCGNat-100.100.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.12.0-23 src-address=100.100.12.0/23 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.12.0/24 to-addresses=45.228.247.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.12.0/24 to-addresses=45.228.247.0/24 \ + to-ports=49500-53499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.13.0/24 to-addresses=45.228.247.0/24 \ + to-ports=53500-57499 +add action=netmap chain=srcIXCCGNat-100.100.12.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.13.0/24 to-addresses=45.228.247.0/24 \ + to-ports=53500-57499 +add action=jump chain=srcIXCCGNat-100.100.12.0-22 comment="{CGNat IXCSoft}" \ + jump-target=srcIXCCGNat-100.100.14.0-23 src-address=100.100.14.0/23 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.14.0/24 to-addresses=45.228.247.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.14.0/24 to-addresses=45.228.247.0/24 \ + to-ports=57500-61499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=tcp src-address=100.100.15.0/24 to-addresses=45.228.247.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat-100.100.14.0-23 comment="{CGNat IXCSoft}" \ + protocol=udp src-address=100.100.15.0/24 to-addresses=45.228.247.0/24 \ + to-ports=61500-65499 +add action=netmap chain=srcIXCCGNat comment="{CGNat IXCSoft} - aqui" \ + src-address=100.100.0.0/20 to-addresses=45.228.247.0/24 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.1 to-addresses=45.228.245.0 to-ports=1500-1999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.1 to-addresses=45.228.245.0 to-ports=1500-1999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.2 to-addresses=45.228.245.0 to-ports=2000-2499 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.2 to-addresses=45.228.245.0 to-ports=2000-2499 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=tcp \ + src-address=10.64.69.3 to-addresses=45.228.245.0 to-ports=2500-2999 +add action=netmap chain=srcnat comment="NAT - TESTE CGNAT" protocol=udp \ + src-address=10.64.69.3 to-addresses=45.228.245.0 to-ports=2500-2999 +/ip firewall raw +add action=drop chain=prerouting dst-address-list=DDOS2 protocol=udp +add action=drop chain=prerouting dst-address-list=DDOS2 protocol=tcp +add action=drop chain=prerouting protocol=udp src-port=19,25,1900,11211 +add action=drop chain=prerouting protocol=tcp src-port=19,25,1900,11211 +add action=drop chain=prerouting dst-port=19,25,1900,11211 protocol=udp +add action=drop chain=prerouting dst-port=19,25,1900,11211 log-prefix=japa \ + protocol=tcp +add action=drop chain=prerouting disabled=yes dst-address=104.18.3.144 +add action=drop chain=prerouting disabled=yes dst-address=149.36.49.54 +add action=drop chain=prerouting disabled=yes dst-address=154.197.56.102 +add action=drop chain=prerouting disabled=yes dst-address-list=DDDoS \ + log-prefix=ddos_ +/ip ipsec policy +set 0 disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip pool +add comment="CGNat IXCSoft" name=FTTH next-pool=*11 ranges="100.104.0.2-100.10\ + 4.0.252,100.104.1.2-100.104.1.252,100.104.2.2-100.104.2.252,100.104.3.2-10\ + 0.104.3.252,100.104.4.2-100.104.4.252,100.104.5.2-100.104.5.254,100.104.6.\ + 2-100.104.6.254,100.104.7.2-100.104.7.254" +/ip route +add comment=TEMPORARIO-DDoS disabled=yes distance=10 dst-address=0.0.0.0/0 \ + gateway=172.17.2.2 routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add comment=CGNAT-REDUZIDO disabled=yes distance=10 dst-address=10.64.69.0/24 \ + gateway=172.17.1.11 pref-src="" routing-table=main scope=20 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=1 dst-address=\ + 100.100.0.0/20 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Balckhole disabled=no distance=1 dst-address=\ + 100.102.0.0/20 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment="## BLACKHOLE" disabled=no distance=255 dst-address=\ + 45.228.245.0/24 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment="## BLACKHOLE" disabled=no distance=255 dst-address=\ + 45.228.247.0/24 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +/ip service +set ftp disabled=yes port=2120 +set www disabled=yes port=8020 +set telnet disabled=yes port=8023 +set winbox address=10.0.0.0/8,45.228.244.0/22 port=8292 +set api-ssl disabled=yes +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes port=9728 +/ip smb shares +set [ find default=yes ] directory=/pub +/ip traffic-flow +set active-flow-timeout=1m cache-entries=512k enabled=yes interfaces="0202-VRR\ + P-MASTER,0202-UPLOAD-PPPoE-B2,0201-iBGP-B2,0102-VRRP-BACKUP,0102-UPLOAD-PP\ + PoE-B1,0101-iBGP-B1" packet-sampling=yes sampling-interval=10 \ + sampling-space=5 +/ip traffic-flow target +add dst-address=10.0.24.129 port=3058 +/ip upnp +set show-dummy-rule=no +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes +/lcd +set backlight-timeout=10m color-scheme=dark enabled=no read-only-mode=yes \ + touch-screen=disabled +/ppp aaa +set accounting=no interim-update=20m +/radius +add address=10.0.24.15 comment="IXCProvedor configuracao radius" \ + require-message-auth=no service=ppp,hotspot,wireless src-address=\ + 10.0.24.21 timeout=3s +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=no interfaces=*1F min-rx=200ms min-tx=200ms multiplier=3 +add disabled=no interfaces=*20 min-rx=200ms min-tx=200ms multiplier=3 +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing bgp connection +add cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no input.filter=\ + IBGP-BORDA-01-IN instance=bgp-instance-1 listen=yes local.address=\ + 172.17.1.4 .role=ibgp name=BORDA-01 nexthop-choice=force-self \ + output.default-originate=never .filter-chain=IBGP-BORDA-01-OUT .network=\ + bgp-networks remote.address=172.17.1.1/32 .as=267083 routing-table=main \ + templates=default use-bfd=no +add cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no input.filter=\ + IBGP-BORDA-02-IN instance=bgp-instance-1 listen=yes local.address=\ + 172.17.2.4 .role=ibgp name=BORDA-02 nexthop-choice=force-self \ + output.default-originate=never .filter-chain=IBGP-BORDA-02-OUT .network=\ + bgp-networks remote.address=172.17.2.2/32 .as=267083 routing-table=main \ + templates=default use-bfd=no +add cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no input.filter=\ + IBGP-BRAS-POP4-IN instance=bgp-instance-1 listen=yes local.address=\ + 172.17.2.4 .role=ibgp name=BRAS-POP4 output.default-originate=never \ + .filter-chain=IBGP-BRAS-OUT .network=bgp-networks remote.address=\ + 172.17.2.6/32 .as=267083 routing-table=main templates=default use-bfd=no +add cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no input.filter=\ + IBGP-BRAS-POP3-IN instance=bgp-instance-1 listen=yes local.address=\ + 172.17.1.4 .role=ibgp name=BRAS-POP3 output.default-originate=never \ + .filter-chain=IBGP-BRAS-OUT .network=bgp-networks remote.address=\ + 172.17.1.5/32 .as=267083 routing-table=main templates=default use-bfd=no +/routing filter rule +add chain=IBGP-BRAS-POP4-IN disabled=no rule="if (dst in 100.100.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 400; accept; }" +add chain=IBGP-BRAS-POP4-IN disabled=no rule="if (dst in 100.102.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 90; accept; }" +add chain=IBGP-BRAS-POP4-IN disabled=no rule="reject;" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="if (dst in 100.100.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 90; accept; }" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="if (dst in 100.102.0.0/20 && dst\ + -len in 20-21) { set bgp-local-pref 400; accept; }" +add chain=IBGP-BRAS-POP3-IN disabled=no rule="reject;" +add chain=IBGP-BRAS-OUT disabled=no rule="reject;" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 45.228.245.0/24) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 45.228.247.0/24) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 100.100.0.0/20 ) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule=\ + "if (dst == 100.102.0.0/20) { accept }" +add chain=IBGP-BORDA-01-OUT disabled=no rule="reject;" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 45.228.245.0/24) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 45.228.247.0/24) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 100.100.0.0/20) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule=\ + "if (dst == 100.102.0.0/20) { accept }" +add chain=IBGP-BORDA-02-OUT disabled=no rule="reject;" +add chain=IBGP-BORDA-02-IN disabled=no rule=\ + "if (dst in 0.0.0.0/0) { set bgp-local-pref 400; accept }" +add chain=IBGP-BORDA-02-IN disabled=no rule="reject;" +add chain=IBGP-BORDA-01-IN disabled=no rule=\ + "if (dst in 0.0.0.0/0) { set bgp-local-pref 90; accept }" +add chain=IBGP-BORDA-01-IN disabled=no rule="reject;" +add chain=IBGP-BORDA-IN disabled=no rule="reject;" +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Antonio Dias Adorno, 375,Diadema,SP,BR\"" src-address=10.0.24.21 \ + trap-version=2 +/system clock +set time-zone-autodetect=no time-zone-name=America/Sao_Paulo +/system identity +set name=CGNAT_FIX02 +/system leds +set 0 interface=sfpplus1_SW04_P07 leds=sfpplus1-led1 type=interface-speed +set 1 leds=sfpplus1-led2 type=interface-activity +set 2 leds=sfpplus2-led1 type=interface-speed +set 3 leds=sfpplus2-led2 type=interface-activity +/system logging +add action=logServer topics=info +add action=logServer prefix=log_ topics=critical +add action=logServer prefix=log_ topics=error +add action=logServer topics=health +add action=logServer topics=warning +add action=logServer topics=system +add action=logServer topics=firewall +/system ntp client +set enabled=yes +/system ntp client servers +add address=45.228.246.122 +add address=10.0.24.120 +/system scheduler +add disabled=yes interval=3d name=backup_ftp on-event=backup_ftp policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\ + 2023-03-10 start-time=03:00:00 +add interval=1d name=IXCProvedor_agendamento-backup on-event=\ + IXCProvedor-fazer-e-enviar-backup policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\ + 2024-02-13 start-time=04:15:00 +/system script +add dont-require-permissions=no name=backup_ftp owner=otaviofix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n#Conexao SFTP\ + \n\ + \n:global host 10.1.24.137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/CGNAT02\ + \n\ + \n#Pega o nome do Router\ + \n\ + \n:global identifica [/system identity get name]\ + \n\ + \n#Gera data no formato AAAA-MM-DD\ + \n\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";\ + \n" +add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=\ + sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \ + source="export file=backup-mikrotik_CGNAT_FIX02.rsc; :log info message=\"I\ + XCSoft enviando backup por email\"; /tool e-mail send to=\"infra@fixfibra.\ + com.br\" subject=\"backup-CGNAT_FIX02\" file=backup-mikrotik_CGNAT_FIX02.r\ + sc start-tls=yes" +/system watchdog +set automatic-supout=no watchdog-timer=no +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com.br port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.br +/tool romon +set enabled=yes diff --git a/CGNAT02/05-12-2025.NAT02-CCR2004.backup b/CGNAT02/05-12-2025.NAT02-CCR2004.backup new file mode 100644 index 0000000..251c5ab Binary files /dev/null and b/CGNAT02/05-12-2025.NAT02-CCR2004.backup differ diff --git a/CGNAT02/05-12-2025.NAT02-CCR2004.rsc b/CGNAT02/05-12-2025.NAT02-CCR2004.rsc new file mode 100644 index 0000000..625b628 --- /dev/null +++ b/CGNAT02/05-12-2025.NAT02-CCR2004.rsc @@ -0,0 +1,468 @@ +# 2025-12-05 12:34:34 by RouterOS 7.20.5 +# software id = R71A-HA5S +# +# model = CCR2004-16G-2S+ +# serial number = HG809N0C8R9 +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0042-Servicos-IPv4 vlan-id=42 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0620-Servicos-IPv6 vlan-id=620 +add interface=sfp-sfpplus1 name=2142-OSPF_B1 vlan-id=2142 +add interface=sfp-sfpplus1 name=2242-OSPF_B2 vlan-id=2242 +add interface=sfp-sfpplus1 name=2602-IPv4-HEXA vlan-id=2602 +add interface=sfp-sfpplus1 name=vlan1441-itx-sw-hw-04 vlan-id=1441 +/interface list +add exclude=all include=static name=ospf-interfaces +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip pool +add name=pool1 ranges=198.18.0.5-198.18.0.8 +/ip smb users +set [ find default=yes ] disabled=yes +/ipv6 pool +add name=pool-enlace prefix=2804:47e4:8000:1::1c/126 prefix-length=128 +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=no local-address=10.0.24.33 name=L2TP remote-address=pool1 \ + use-compression=no use-encryption=yes use-upnp=no +/routing id +add disabled=no id=10.0.24.33 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf originate-default=never out-filter-chain=OSPF-OUT \ + redistribute=connected,static router-id=OSPF routing-table=main +add disabled=no name=ospfv3 originate-default=never out-filter-chain=\ + OSPFv3-OUT redistribute=connected router-id=OSPF version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.33 target=remote +/ip smb +set enabled=no +/ip firewall connection tracking +set enabled=yes udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=all +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes authentication=chap,mschap1,mschap2 default-profile=\ + L2TP enabled=yes keepalive-timeout=60 l2tpv3-ether-interface-list=all \ + max-mru=1480 max-mtu=1480 one-session-per-host=yes use-ipsec=yes +/interface list member +add interface=2142-OSPF_B1 list=ospf-interfaces +add interface=2242-OSPF_B2 list=ospf-interfaces +/interface ovpn-server server +add mac-address=FE:6F:8A:36:83:70 name=ovpn-server1 +/ip address +add address=10.0.24.33/24 interface=0024-GERENCIA-L2 network=10.0.24.0 +add address=10.1.21.42/30 interface=2142-OSPF_B1 network=10.1.21.40 +add address=10.1.22.42/30 interface=2242-OSPF_B2 network=10.1.22.40 +add address=45.228.246.97/27 comment="### 246.97 - Gateway-042" interface=\ + 0042-Servicos-IPv4 network=45.228.246.96 +add address=10.1.24.33/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.246.31 interface=lo network=45.228.246.31 +add address=45.228.246.16 interface=lo network=45.228.246.16 +add address=10.0.5.9/30 interface=vlan1441-itx-sw-hw-04 network=10.0.5.8 +add address=45.228.246.64 comment=IPv4-pub-NAT-HEXA interface=lo network=\ + 45.228.246.64 +add address=10.95.200.1/24 comment=IPv4-priv-NAT-HEXA interface=\ + 2602-IPv4-HEXA network=10.95.200.0 +/ip cloud +set update-time=no +/ip dns +set servers=45.228.246.122,45.228.244.121 +/ip firewall address-list +add address=45.228.244.4 list=CONFIAVEIS +add address=45.228.246.4 list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 list=CONFIAVEIS +add address=45.228.244.96/27 list=CONFIAVEIS +add address=45.228.246.96/27 list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=10.64.69.0/30 list=CONFIAVEIS +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.244.96/27 list=SERVIDORES +add address=45.228.246.96/27 list=SERVIDORES +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=198.18.0.8 list=POOL-GERENCIA +add address=198.18.0.7 list=POOL-GERENCIA +add address=198.18.0.6 list=POOL-GERENCIA +add address=198.18.0.5 list=POOL-GERENCIA +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.4/30 list=LOCAL-VPN-NAT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.95.200.0/24 list=LAN-HEXA +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" disabled=yes \ + protocol=icmp +add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \ + dst-address=45.228.246.100 dst-port=53 protocol=tcp +add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \ + dst-address=45.228.246.100 dst-port=53 protocol=udp +add action=accept chain=forward comment="Permit - acs - 7547 tcp" disabled=\ + yes dst-address=45.228.246.105 dst-port=7547 protocol=tcp +add action=accept chain=forward comment="Permit - Upload SRC" disabled=yes \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS (TCP)" disabled=yes \ + dst-address-list=DNS-SERVERs dst-port=53 protocol=tcp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS (UDP)" disabled=yes \ + dst-address-list=DNS-SERVERs dst-port=53 protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec (UDP)" disabled=yes \ + dst-address-list=DNS-SERVERs dst-port=123 protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - HTTPs (TCP)" disabled=yes \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - HTTPs (UDP)" disabled=yes \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - Servicos (TCP)" disabled=\ + yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (UDP)" disabled=\ + yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" disabled=yes \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Radios" disabled=yes \ + in-interface=*16 +add action=accept chain=forward comment="Permit - Radios" disabled=yes \ + out-interface=*16 +add action=accept chain=forward comment="Permit - OpaSuite (exception)" \ + disabled=yes dst-address=45.228.246.98 +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related disabled=yes +add action=accept chain=input comment="Permit - ICMP" disabled=yes protocol=\ + icmp +add action=accept chain=input comment="Permit - OSPF Protocol" disabled=yes \ + in-interface-list=ospf-interfaces protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" disabled=yes \ + dst-port=500,1701,4500 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" disabled=yes \ + protocol=ipsec-esp +add action=accept chain=input comment="Permit - L2TP Protocol" disabled=yes \ + protocol=l2tp +add action=accept chain=input comment="Permit - Winbox Service" disabled=yes \ + dst-port=8292 protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Trusted" disabled=yes \ + src-address-list=ACPT-INPUT +add action=accept chain=forward disabled=yes dst-address-list=CWPs +add action=drop chain=forward disabled=yes log-prefix=drop-all- +add action=drop chain=input disabled=yes +/ip firewall nat +add action=src-nat chain=srcnat comment=\ + "NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" disabled=yes \ + dst-address=10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=\ + 10.0.24.33 +add action=src-nat chain=srcnat comment="SRC-NAT-HEXA - 45.228.246.64" \ + src-address-list=LAN-HEXA to-addresses=45.228.246.64 +add action=src-nat chain=srcnat comment="DEFAULT NAT - 246.31" dst-address=\ + !10.0.0.0/8 dst-address-list=!SERVIDORES protocol=!ospf src-address=\ + 10.0.24.0/24 to-addresses=45.228.246.31 +add action=src-nat chain=srcnat comment="## regra UPDATE" disabled=yes \ + dst-address-list=!POOL-GERENCIA protocol=!ospf to-addresses=45.228.246.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \ + dst-address=45.228.246.64/27 gateway="" pref-src="" routing-table=main \ + scope=30 suppress-hw-offload=no target-scope=10 +add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \ + dst-address=45.228.246.16/28 gateway="" pref-src="" routing-table=main \ + scope=30 suppress-hw-offload=no target-scope=10 +add disabled=no distance=210 dst-address=0.0.0.0/0 gateway=10.1.22.41 \ + pref-src="" routing-table=main scope=20 suppress-hw-offload=no \ + target-scope=10 +/ipv6 route +add disabled=no distance=200 dst-address=::/0 gateway=2804:47e4:8000:1::21 \ + routing-table=main scope=30 target-scope=10 +add disabled=yes distance=20 dst-address=::/0 gateway=2804:47e4:8000:1::19 \ + routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set ftp disabled=yes +set ssh disabled=yes +set telnet disabled=yes +set www disabled=yes +set winbox address=45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4::/32 \ + port=8292 +set api disabled=yes +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip traffic-flow +set active-flow-timeout=5m cache-entries=64k interfaces=2142-OSPF_B1 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5 +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5 +/ip upnp +set enabled=yes +/ip upnp interfaces +add interface=*16 type=internal +add interface=2142-OSPF_B1 type=external +/ipv6 address +add address=2804:47e4:8002::33 advertise=no comment=\ + "# Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0620-Servicos-IPv6 +add address=2804:47e4:8000:1::22/126 advertise=no interface=2242-OSPF_B2 +add address=2804:47e4:0:1::22/126 advertise=no interface=2142-OSPF_B1 +add address=2804:47e4:8000:1::1a/126 advertise=no disabled=yes interface=\ + 2602-IPv4-HEXA +add address=2804:47e4:8002:2601::33 advertise=no comment="## LAN SAGE" \ + disabled=yes interface=lo +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::/64 list=AL-ACPT-SERVICOS +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:8002::/64 list=AL-ACPT-SERVICOS +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::22/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::22/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::7777/128 list=ACL-hosepdage +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::110/128 list=ACL-hosepdage +add address=2804:47e4:8002::228/128 list=ACL-hosepdage +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +add address=2804:47e4:8002::15/128 disabled=yes list=ACL-hosepdage +add address=2804:47e4:1::141/128 list=CWPs +add address=2804:47e4:8002::142/128 list=CWPs +/ipv6 firewall filter +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - OSPFv3" in-interface-list=\ + ospf-interfaces protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment=IXC dst-address=\ + 2804:47e4:8002::15/128 dst-port=80,443 protocol=tcp +add action=accept chain=forward comment=IXC dst-address=\ + 2804:47e4:8002::15/128 dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - REVERSO" dst-address=\ + 2804:47e4:8002::230/128 dst-port=53 protocol=udp +add action=accept chain=forward comment="Permit - REVERSO" dst-address=\ + 2804:47e4:8002::230/128 dst-port=53 protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=AL-ACPT-SERVICOS src-address-list=AL-ACPT-SERVICOS +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - WebServer (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=forward comment="Permit - WebServer (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=tcp +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-address=\ + 2804:47e4:8002::f120/128 dst-port=9022 protocol=tcp +add action=accept chain=forward comment="Permit - CWP" dst-address-list=CWPs +add action=drop chain=input comment=drop-input +add action=drop chain=forward comment="drop - All" log-prefix=dropv6- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes other-configuration=yes ra-preference=\ + low +add advertise-dns=no interface=0620-Servicos-IPv6 \ + managed-address-configuration=yes +add advertise-dns=no interface=2142-OSPF_B1 managed-address-configuration=yes +add advertise-dns=no interface=2242-OSPF_B2 managed-address-configuration=yes +/ppp secret +add name=andrefix profile=L2TP service=l2tp +add name=danielfix profile=L2TP service=l2tp +add name=otaviofix profile=L2TP service=l2tp +/radius +add address=10.0.24.24 disabled=yes require-message-auth=no service=login \ + timeout=300ms +add address=10.0.24.24 disabled=yes require-message-auth=no service=login \ + timeout=300ms +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5 +add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.246.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.246.64/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.246.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:8002::/48 && dst-len > 48) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=45.228.246.96/27 +add area=ospfv3-area-0 disabled=no prefix=2804:47e4:8002::/64 +add area=ospf-area-0 disabled=no prefix=45.228.246.64/27 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 cost=20 disabled=no interfaces=\ + 2242-OSPF_B2 networks=10.1.22.40/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 cost=100 disabled=no interfaces=\ + 2142-OSPF_B1 networks=10.1.21.40/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2242-OSPF_B2 networks=\ + 2804:47e4:8000:1::22/126 priority=1 type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2142-OSPF_B1 networks=\ + 2804:47e4:0:1::22/126 priority=1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Antonio Dias Adorno, 375,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT02-CCR2004 +/system logging +add action=echo disabled=yes prefix=snmp_ topics=debug,snmp +add action=Gray disabled=yes prefix=snmp_ topics=debug,snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.120 +add address=10.0.24.124 +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add comment="Crodar dia 25/01 as 3 da manha" name=Atualizacao on-event=\ + "/system reboot" policy=reboot start-date=2025-03-11 start-time=03:00:00 +/system script +add dont-require-permissions=no name=backupSFTP owner=otaviofix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n#Conexao SFTP\ + \n\ + \n:global host 10.1.24.137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/CGNAT02\ + \n\ + \n#Pega o nome do Router\ + \n\ + \n:global identifica [/system identity get name]\ + \n\ + \n#Gera data no formato AAAA-MM-DD\ + \n\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";\ + \n" +/tool bandwidth-server +set enabled=no +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=none +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/NAT01/05-12-2025.NAT01-CCR2004.backup b/NAT01/05-12-2025.NAT01-CCR2004.backup new file mode 100644 index 0000000..e62c3a7 Binary files /dev/null and b/NAT01/05-12-2025.NAT01-CCR2004.backup differ diff --git a/NAT01/05-12-2025.NAT01-CCR2004.rsc b/NAT01/05-12-2025.NAT01-CCR2004.rsc new file mode 100644 index 0000000..04e3ecb --- /dev/null +++ b/NAT01/05-12-2025.NAT01-CCR2004.rsc @@ -0,0 +1,492 @@ +# 2025-12-05 12:31:39 by RouterOS 7.18.2 +# software id = 1MXX-5Y0X +# +# model = CCR2004-16G-2S+ +# serial number = HG809WX52HQ +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\ + ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR" +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25 +add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30 +add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610 +add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441 +add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133 +add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233 +/interface list +add name=OSPFv3 +add name=LAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip dhcp-server option +add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'" +/ip dhcp-server option sets +add name=acs_ip options=acs_ip +/ip pool +add name=TR69 ranges=10.25.0.50-10.25.63.200 +add name=pool1 ranges=198.18.0.1-198.18.0.4 +/ip dhcp-server +add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \ + lease-time=1d name=025-Gestao_TR69 +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\ + pool1 use-encryption=yes use-ipv6=no use-mpls=no +/routing id +add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\ + connected,static +add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\ + connected version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +set 3 target=echo +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.35 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \ + max-mtu=1500 use-ipsec=yes +/interface list member +add interface=2133-OSPF-B1 list=OSPFv3 +add interface=2233-OSPF-B2 list=OSPFv3 +add interface=0024-GERENCIA-L2 list=LAN +add interface=0124-GERENCIA-L3 list=LAN +add interface=0025-VoIP-TR69 list=LAN +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1 +/ip address +add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \ + network=10.0.24.0 +add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \ + network=10.1.21.32 +add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \ + network=10.1.22.32 +add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\ + 0030-TIP-IXC network=45.228.244.8 +add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\ + 0025-VoIP-TR69 network=10.25.0.0 +add address=45.228.244.97/27 comment="### GTW 0041" interface=\ + 0041-Servicos-IPv4 network=45.228.244.96 +add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.31 +add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\ + 1441-itx-sw-hw-03 network=10.0.5.4 +add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.30 +/ip dhcp-server network +add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35 +/ip dns +set servers=45.228.244.121,45.228.246.122 +/ip firewall address-list +add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local +add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local +add address=198.18.0.1 list=POOL-GERENCIA +add address=198.18.0.2 list=POOL-GERENCIA +add address=198.18.0.3 list=POOL-GERENCIA +add address=198.18.0.4 list=POOL-GERENCIA +add address=100.64.0.0/10 comment=CGNAT list=rede_local +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.244.10 list=Zeus +add address=45.228.244.12 list=Zeus +add address=45.228.244.11 list=Zeus +add address=45.228.244.8/29 list=SERVIDORES +add address=45.228.244.4 disabled=yes list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=45.228.246.4 disabled=yes list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS +add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=45.228.244.96/27 list=SERVIDORES +add address=10.64.69.0/30 list=CONFIAVEIS +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.0/30 list=LOCAL-VPN-NAT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.246.96/27 list=SERVIDORES +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=45.228.244.0/22 list=CONFIAVEIS +add address=10.0.13.0/24 list=CONFIAVEIS +add address=45.228.244.30 list=SERVIDORES +add address=100.64.0.0/10 list=ACPT-INPUT +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\ + icmp +add action=accept chain=input comment="Permit - ICMP" protocol=icmp +add action=accept chain=input comment="Permit - OSPF Protocol" \ + in-interface-list=OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\ + 500,4500,1701 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\ + ipsec-esp +add action=accept chain=forward comment="Permit - Upload Src" \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\ + DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - TCP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - UDP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\ + GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\ + ACS-CPEs +add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\ + GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs +add action=accept chain=forward comment="Permit -TCP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp +add action=accept chain=forward comment="Permit - UDP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \ + protocol=udp +add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \ + dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \ + dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\ + SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - VLAN0030 All" \ + dst-address-list=0030-SERVIDORES +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp +add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \ + in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp +add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\ + 45.228.244.30 dst-port=8443 protocol=tcp +add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \ + protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Unifi (TCP) - External" \ + dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=input comment="Permit - Unifi (UDP) - External" \ + dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp +add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \ + src-address-list=ACPT-INPUT +add action=accept chain=forward dst-address-list=CWPs +add action=drop chain=forward log-prefix=Drop-Ford-all- +add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input- +/ip firewall nat +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \ + to-addresses=10.0.24.145 +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145 +add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \ + to-addresses=45.228.244.30 +add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\ + !10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\ + 45.228.244.31 +add action=src-nat chain=srcnat comment=\ + "#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\ + 10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35 +add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \ + dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\ + main suppress-hw-offload=no +/ipv6 route +add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\ + "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set telnet address=10.0.0.0/8 disabled=yes port=2323 +set ftp disabled=yes +set www address=2804:47e4:8c0::/48 disabled=yes port=8080 +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes +set winbox address=\ + 45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292 +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip ssh +set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote +/ip traffic-flow +set cache-entries=64k interfaces=2233-OSPF-B2 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1 +add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2 +add address=2804:47e4:1::35 advertise=no comment=\ + "# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0610-Servicos-IPv6 +add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2 +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +/ipv6 firewall filter +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment="Permit - Web (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \ + protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Web (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\ + OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=forward comment="Drop - All" log-prefix=telic- +add action=drop chain=input log-prefix=drop-input- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=0610-Servicos-IPv6 \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes +add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes +/ppp aaa +set use-radius=yes +/ppp secret +add name=andrefix profile=L2VPN service=l2tp +add name=danielfix profile=L2VPN service=l2tp +/radius +add address=10.1.24.138 service=login src-address=10.1.24.35 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=10.25.0.0/18 +add area=ospf-area-0 disabled=no prefix=45.228.244.96/27 +add area=ospf-area-0 disabled=no prefix=45.228.244.16/28 +add area=ospf-area-0 disabled=no prefix=45.228.244.8/29 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \ + interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \ + interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \ + type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\ + 1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT01-CCR2004 +/system logging +set 0 topics=info,!dhcp +add action=echo disabled=yes prefix=test_ topics=\ + debug,dhcp,!radvd,!dhcp,!ospf +add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.124 +add address=200.20.186.76 +/system resource irq rps +set sfp-sfpplus1 disabled=no +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add name=atualizacao on-event="/system reboot" policy=reboot start-date=\ + 2025-03-18 start-time=05:30:50 +add interval=2d name=backup-ftp on-event=backup-ftp policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ + start-date=2025-12-03 start-time=01:00:00 +/system script +add dont-require-permissions=yes name=backup-ftp owner=otaviofix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n# Conexao SFTP\ + \n:global host 2804:47e4:1::137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/NAT01\ + \n# Pega o nome do Router\ + \n:global identifica [/system identity get name]\ + \n# Gera data no formato AAAA-MM-DD\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";" +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.b +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=static +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/NAT01/07-12-2025.NAT01-CCR2004.backup b/NAT01/07-12-2025.NAT01-CCR2004.backup new file mode 100644 index 0000000..93a726f Binary files /dev/null and b/NAT01/07-12-2025.NAT01-CCR2004.backup differ diff --git a/NAT01/07-12-2025.NAT01-CCR2004.rsc b/NAT01/07-12-2025.NAT01-CCR2004.rsc new file mode 100644 index 0000000..966ea7f --- /dev/null +++ b/NAT01/07-12-2025.NAT01-CCR2004.rsc @@ -0,0 +1,492 @@ +# 2025-12-07 01:00:00 by RouterOS 7.18.2 +# software id = 1MXX-5Y0X +# +# model = CCR2004-16G-2S+ +# serial number = HG809WX52HQ +/interface ethernet +set [ find default-name=ether1 ] disabled=yes +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether9 ] disabled=yes +set [ find default-name=ether10 ] disabled=yes +set [ find default-name=ether11 ] disabled=yes +set [ find default-name=ether12 ] disabled=yes +set [ find default-name=ether13 ] disabled=yes +set [ find default-name=ether14 ] disabled=yes +set [ find default-name=ether15 ] disabled=yes +set [ find default-name=ether16 ] disabled=yes +set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\ + ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR" +set [ find default-name=sfp-sfpplus2 ] disabled=yes +/interface vlan +add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 +add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25 +add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30 +add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41 +add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 +add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610 +add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441 +add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133 +add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233 +/interface list +add name=OSPFv3 +add name=LAN +/interface lte apn +set [ find default=yes ] ip-type=ipv4 use-network-apn=no +/ip dhcp-server option +add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'" +/ip dhcp-server option sets +add name=acs_ip options=acs_ip +/ip pool +add name=TR69 ranges=10.25.0.50-10.25.63.200 +add name=pool1 ranges=198.18.0.1-198.18.0.4 +/ip dhcp-server +add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \ + lease-time=1d name=025-Gestao_TR69 +/ip smb users +set [ find default=yes ] disabled=yes +/port +set 0 name=serial0 +/ppp profile +add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\ + pool1 use-encryption=yes use-ipv6=no use-mpls=no +/routing id +add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static +/routing ospf instance +add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\ + connected,static +add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\ + connected version=3 +/routing ospf area +add disabled=no instance=ospf name=ospf-area-0 +add disabled=no instance=ospfv3 name=ospfv3-area-0 +/snmp community +set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan +/system logging action +set 3 target=echo +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.35 target=remote +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/ip settings +set max-neighbor-entries=8192 +/ipv6 settings +set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \ + max-mtu=1500 use-ipsec=yes +/interface list member +add interface=2133-OSPF-B1 list=OSPFv3 +add interface=2233-OSPF-B2 list=OSPFv3 +add interface=0024-GERENCIA-L2 list=LAN +add interface=0124-GERENCIA-L3 list=LAN +add interface=0025-VoIP-TR69 list=LAN +/interface ovpn-server server +add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1 +/ip address +add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \ + network=10.0.24.0 +add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \ + network=10.1.21.32 +add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \ + network=10.1.22.32 +add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\ + 0030-TIP-IXC network=45.228.244.8 +add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\ + 0025-VoIP-TR69 network=10.25.0.0 +add address=45.228.244.97/27 comment="### GTW 0041" interface=\ + 0041-Servicos-IPv4 network=45.228.244.96 +add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0 +add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.31 +add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\ + 1441-itx-sw-hw-03 network=10.0.5.4 +add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\ + 45.228.244.30 +/ip dhcp-server network +add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35 +/ip dns +set servers=45.228.244.121,45.228.246.122 +/ip firewall address-list +add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local +add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local +add address=198.18.0.1 list=POOL-GERENCIA +add address=198.18.0.2 list=POOL-GERENCIA +add address=198.18.0.3 list=POOL-GERENCIA +add address=198.18.0.4 list=POOL-GERENCIA +add address=100.64.0.0/10 comment=CGNAT list=rede_local +add address=45.228.244.4 list=ACPT-INPUT +add address=10.1.24.0/24 list=ACPT-INPUT +add address=45.228.246.4 list=ACPT-INPUT +add address=10.0.24.0/24 list=ACPT-INPUT +add address=10.1.21.32/30 list=ACPT-INPUT +add address=10.1.22.32/30 list=ACPT-INPUT +add address=10.25.0.0/18 list=ACPT-INPUT +add address=45.228.244.8/29 list=ACPT-INPUT +add address=45.228.244.96/27 list=ACPT-INPUT +add address=45.228.244.121 list=DNS-SERVERs +add address=45.228.246.122 list=DNS-SERVERs +add address=45.228.244.101 list=DNS-SERVERs +add address=45.228.246.102 list=DNS-SERVERs +add address=45.228.244.96/27 list=zabbix-agent +add address=45.228.246.96/27 list=zabbix-agent +add address=45.228.244.101 list=CWPs +add address=45.228.246.102 list=CWPs +add address=10.25.0.25 list=GeniACS +add address=45.228.246.105 list=GeniACS +add address=45.228.244.10 list=Zeus +add address=45.228.244.12 list=Zeus +add address=45.228.244.11 list=Zeus +add address=45.228.244.8/29 list=SERVIDORES +add address=45.228.244.4 disabled=yes list=CONFIAVEIS +add address=10.1.24.0/24 list=CONFIAVEIS +add address=45.228.246.4 disabled=yes list=CONFIAVEIS +add address=10.0.24.0/24 list=CONFIAVEIS +add address=10.25.0.0/18 list=CONFIAVEIS +add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS +add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS +add address=45.228.244.8/29 list=0030-SERVIDORES +add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS +add address=100.64.0.0/10 list=CONFIAVEIS +add address=45.228.244.96/27 list=SERVIDORES +add address=10.64.69.0/30 list=CONFIAVEIS +add address=10.0.24.0/24 list=LOCAL-VPN-NAT +add address=198.18.0.0/30 list=LOCAL-VPN-NAT +add address=10.0.5.4/30 list=ACPT-INPUT +add address=45.228.244.0/22 list=BLOCO-FIX +add address=45.228.246.96/27 list=SERVIDORES +add address=45.228.246.100 list=DNS-SERVERs +add address=45.228.245.0/24 list=ACS-CPEs +add address=45.228.247.0/24 list=ACS-CPEs +add address=10.25.0.0/18 list=ACS-CPEs +add address=45.228.244.0/22 list=CONFIAVEIS +add address=10.0.13.0/24 list=CONFIAVEIS +add address=45.228.244.30 list=SERVIDORES +add address=100.64.0.0/10 list=ACPT-INPUT +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\ + icmp +add action=accept chain=input comment="Permit - ICMP" protocol=icmp +add action=accept chain=input comment="Permit - OSPF Protocol" \ + in-interface-list=OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\ + 500,4500,1701 protocol=udp +add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\ + ipsec-esp +add action=accept chain=forward comment="Permit - Upload Src" \ + src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - DNS" dst-address-list=\ + DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS +add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\ + DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\ + CONFIAVEIS +add action=accept chain=forward comment="Permit - TCP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - UDP HTTPs" \ + dst-address-list=SERVIDORES dst-port=80,443 protocol=udp +add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\ + GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\ + ACS-CPEs +add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\ + GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs +add action=accept chain=forward comment="Permit -TCP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp +add action=accept chain=forward comment="Permit - UDP Others" \ + dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \ + protocol=udp +add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \ + dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \ + dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp +add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\ + SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - VLAN0030 All" \ + dst-address-list=0030-SERVIDORES +add action=accept chain=input comment="Permit - Estab and Related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp +add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \ + in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp +add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\ + 45.228.244.30 dst-port=8443 protocol=tcp +add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \ + protocol=tcp src-address-list=ACPT-INPUT +add action=accept chain=input comment="Permit - Unifi (TCP) - External" \ + dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\ + tcp +add action=accept chain=input comment="Permit - Unifi (UDP) - External" \ + dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp +add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \ + src-address-list=ACPT-INPUT +add action=accept chain=forward dst-address-list=CWPs +add action=drop chain=forward log-prefix=Drop-Ford-all- +add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input- +/ip firewall nat +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \ + to-addresses=10.0.24.145 +add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\ + 45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145 +add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \ + to-addresses=45.228.244.30 +add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\ + !10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\ + 45.228.244.31 +add action=src-nat chain=srcnat comment=\ + "#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\ + 10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35 +add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \ + dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add blackhole comment=Blackhole disabled=no distance=255 dst-address=\ + 45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\ + main suppress-hw-offload=no +/ipv6 route +add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \ + gateway="" routing-table=main scope=30 suppress-hw-offload=no \ + target-scope=10 +add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\ + "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 +/ip service +set telnet address=10.0.0.0/8 disabled=yes port=2323 +set ftp disabled=yes +set www address=2804:47e4:8c0::/48 disabled=yes port=8080 +set ssh disabled=yes port=9022 +set api address=10.0.0.0/8 disabled=yes +set winbox address=\ + 45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292 +set api-ssl disabled=yes +/ip smb shares +set [ find default=yes ] directory=/pub +/ip ssh +set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote +/ip traffic-flow +set cache-entries=64k interfaces=2233-OSPF-B2 +/ip traffic-flow target +add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1 +add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2 +add address=2804:47e4:1::35 advertise=no comment=\ + "# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \ + interface=0610-Servicos-IPv6 +add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2 +/ipv6 firewall address-list +add address=2804:47e4::/32 list=FIX-MeuBloco +add address=2804:47e4:1::141/128 list=ACL-hosepdage +add address=2804:47e4:8002::142/128 list=ACL-hosepdage +add address=2804:47e4:1::125/128 list=ACL-hosepdage +add address=2804:47e4:1::122/128 list=ACL-hosepdage +add address=2804:47e4::/32 list=CONFIAVEIS +add address=2804:47e4:8002::/64 list=SERVIDORES +add address=2804:47e4:1::/64 list=SERVIDORES +add address=2804:47e4:1::120/128 list=DNS-SERVER +add address=2804:47e4:8002::124/128 list=DNS-SERVER +add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3 +add address=2804:47e4:8002::230/128 list=DNS-SERVER +add address=2804:47e4:8002::145/128 list=ACL-hosepdage +/ipv6 firewall filter +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - Established, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - DNS (udp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - DNS (tcp)" \ + dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + FIX-MeuBloco +add action=accept chain=forward comment="Permit - All (excecao)" \ + dst-address-list=ACL-hosepdage +add action=accept chain=forward comment="Permit - Web (tcp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \ + protocol=tcp +add action=accept chain=forward comment="Permit - Servicos (all)" \ + dst-address-list=SERVIDORES src-address-list=SERVIDORES +add action=accept chain=forward comment="Permit - Web (udp)" \ + dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ + protocol=udp +add action=accept chain=input comment=ICMPV6 protocol=icmpv6 +add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\ + OSPFv3 protocol=ospf +add action=accept chain=input comment="Permit - Link Local" src-address=\ + fe80::/10 +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ + tcp src-address-list=FIX-MeuBloco +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=drop chain=forward comment="Drop - All" log-prefix=telic- +add action=drop chain=input log-prefix=drop-input- +/ipv6 nd +set [ find default=yes ] advertise-dns=no disabled=yes \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=0610-Servicos-IPv6 \ + managed-address-configuration=yes ra-preference=high +add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes +add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes +/ppp aaa +set use-radius=yes +/ppp secret +add name=andrefix profile=L2VPN service=l2tp +add name=danielfix profile=L2VPN service=l2tp +/radius +add address=10.1.24.138 service=login src-address=10.1.24.35 +/radius incoming +set accept=yes +/routing bfd configuration +add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 +/routing filter rule +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}" +add chain=OSPF-OUT disabled=no rule=\ + "if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}" +add chain=OSPFv3-OUT disabled=no rule=\ + "if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}" +/routing ospf area range +add area=ospf-area-0 disabled=no prefix=10.25.0.0/18 +add area=ospf-area-0 disabled=no prefix=45.228.244.96/27 +add area=ospf-area-0 disabled=no prefix=45.228.244.16/28 +add area=ospf-area-0 disabled=no prefix=45.228.244.8/29 +/routing ospf interface-template +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \ + interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp +add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \ + interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp +add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \ + type=ptp +add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\ + 1 type=ptp +add area=ospf-area-0 disabled=no interfaces=all passive +add area=ospfv3-area-0 disabled=no interfaces=all passive +/snmp +set contact="FIX FIBRA" enabled=yes location=\ + "\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=NAT01-CCR2004 +/system logging +set 0 topics=info,!dhcp +add action=echo disabled=yes prefix=test_ topics=\ + debug,dhcp,!radvd,!dhcp,!ospf +add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp +add action=Gray prefix=CRI topics=critical +add action=Gray prefix=BK topics=backup +add action=Gray prefix=INFO topics=info +add action=Gray prefix=WARM topics=warning +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=10.0.24.124 +add address=200.20.186.76 +/system resource irq rps +set sfp-sfpplus1 disabled=no +/system routerboard settings +set enter-setup-on=delete-key +/system scheduler +add name=atualizacao on-event="/system reboot" policy=reboot start-date=\ + 2025-03-18 start-time=05:30:50 +add interval=2d name=backup-ftp on-event=backup-ftp policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ + start-date=2025-12-03 start-time=01:00:00 +/system script +add dont-require-permissions=yes name=backup-ftp owner=otaviofix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n# Conexao SFTP\ + \n:global host 2804:47e4:1::137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/NAT01\ + \n# Pega o nome do Router\ + \n:global identifica [/system identity get name]\ + \n# Gera data no formato AAAA-MM-DD\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";" +/tool bandwidth-server +set enabled=no +/tool e-mail +set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\ + noc.fix@fixfibra.com.b +/tool mac-server +set allowed-interface-list=none +/tool mac-server mac-winbox +set allowed-interface-list=static +/tool mac-server ping +set enabled=no +/tool romon +set enabled=yes +/user aaa +set use-radius=yes diff --git a/RB-SEDE/05-12-2025.SEDE-4011.backup b/RB-SEDE/05-12-2025.SEDE-4011.backup new file mode 100644 index 0000000..6b50b7a Binary files /dev/null and b/RB-SEDE/05-12-2025.SEDE-4011.backup differ diff --git a/RB-SEDE/05-12-2025.SEDE-4011.rsc b/RB-SEDE/05-12-2025.SEDE-4011.rsc new file mode 100644 index 0000000..b1e6dd1 --- /dev/null +++ b/RB-SEDE/05-12-2025.SEDE-4011.rsc @@ -0,0 +1,619 @@ +# 2025-12-05 11:50:43 by RouterOS 7.20.5 +# software id = HSR5-2Z4K +# +# model = RB4011iGS+ +# serial number = D4440C82B0CE +/interface ethernet +set [ find default-name=ether1 ] name=ether1-PoEIN +set [ find default-name=ether2 ] disabled=yes +set [ find default-name=ether3 ] disabled=yes +set [ find default-name=ether4 ] disabled=yes +set [ find default-name=ether5 ] disabled=yes +set [ find default-name=ether6 ] disabled=yes +set [ find default-name=ether7 ] disabled=yes +set [ find default-name=ether8 ] disabled=yes +set [ find default-name=ether10 ] name=ether10-PoE-Out poe-out=off +set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\ + "Sede x DataCom" +/interface vlan +add interface=sfp-sfpplus1 name=vlanif_13 vlan-id=13 +add interface=sfp-sfpplus1 name=vlanif_24 vlan-id=24 +add interface=sfp-sfpplus1 name=vlanif_26 vlan-id=26 +add interface=sfp-sfpplus1 name=vlanif_69 vlan-id=69 +add interface=sfp-sfpplus1 name=vlanif_70 vlan-id=70 +add interface=sfp-sfpplus1 name=vlanif_71 vlan-id=71 +add interface=sfp-sfpplus1 name=vlanif_72 vlan-id=72 +add interface=sfp-sfpplus1 name=vlanif_124 vlan-id=124 +add comment=uplink-vs01-IPv6 interface=sfp-sfpplus1 name=vlanif_199 vlan-id=\ + 199 +add comment=uplink-vs02-IPv4 interface=sfp-sfpplus1 name=vlanif_299 vlan-id=\ + 299 +/interface list +add comment=defconf name=WAN +add comment=defconf name=LAN +/ip pool +add name=069_SEDE_ADM ranges=192.168.0.50-192.168.0.220 +add name=070_pool_TI_NOC ranges=192.168.70.50-192.168.70.100 +add name=071_REDE_CELULARES ranges=192.168.71.50-192.168.71.200 +add name=013-iOT-30-99 ranges=10.0.13.30-10.0.13.99 +add name=013-iOT-150-199 ranges=10.0.13.150-10.0.13.199 +add name=072-Hotspot-Unifi ranges=192.168.72.50-192.168.72.200 +/ip dhcp-server +add address-pool=069_SEDE_ADM interface=vlanif_69 lease-time=1w name=\ + 069_SEDE_FIX +add address-pool=070_pool_TI_NOC interface=vlanif_70 lease-time=1w name=\ + 070_DHCP_TI_NOC +add address-pool=071_REDE_CELULARES disabled=yes interface=vlanif_71 \ + lease-time=8h name=071_DHCP_SEDE_OUTROS +add add-arp=yes address-pool=013-iOT-30-99 interface=vlanif_13 lease-time=8h \ + name=013-iOT +add add-arp=yes address-pool=072-Hotspot-Unifi interface=vlanif_72 \ + lease-time=2h name=072-DHCP-HOTSPOT +/ipv6 pool +add name=v6_pool_LAN prefix=2804:47e4:8c0:3000::/52 prefix-length=64 +add name=v6_pool_LAN_NOC prefix=2804:47e4:8c0:1000::/52 prefix-length=64 +add name=v6_pool_LAN_CELULARES prefix=2804:47e4:8c0:2000::/52 prefix-length=\ + 64 +add name=v6_pool_013_iot prefix=2804:47e4:8c0:4000::/52 prefix-length=64 +/port +set 0 name=serial0 +set 1 name=serial1 +/ppp profile +add change-tcp-mss=no local-address=192.168.70.2 name=L2TP_NOC \ + remote-address=070_pool_TI_NOC remote-ipv6-prefix-pool=v6_pool_LAN_NOC \ + use-compression=no use-encryption=yes use-mpls=no use-upnp=no +add change-tcp-mss=no local-address=192.168.0.2 name=L2TP rate-limit=\ + 15MB/15MB remote-address=069_SEDE_ADM remote-ipv6-prefix-pool=v6_pool_LAN \ + use-compression=no use-encryption=yes use-mpls=no use-upnp=no +/snmp community +set [ find default=yes ] name=ctcorp-lan +/system logging action +add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ + 10.0.24.23 target=remote +/disk settings +set auto-media-interface=*D auto-media-sharing=yes auto-smb-sharing=yes +/ip firewall connection tracking +set enabled=yes tcp-established-timeout=12h udp-timeout=10s +/ip neighbor discovery-settings +set discover-interface-list=!dynamic +/interface l2tp-server server +set allow-fast-path=yes default-profile=L2TP enabled=yes keepalive-timeout=\ + disabled max-mru=1500 max-mtu=1500 use-ipsec=required +/ip address +add address=10.0.24.23/24 interface=vlanif_24 network=10.0.24.0 +add address=192.168.0.2/24 interface=vlanif_69 network=192.168.0.0 +add address=10.0.13.23/24 interface=vlanif_13 network=10.0.13.0 +add address=172.31.32.22/30 comment="Enlace B2" interface=vlanif_299 network=\ + 172.31.32.20 +add address=172.31.31.22/30 comment="Enlace B1" interface=vlanif_199 network=\ + 172.31.31.20 +add address=10.1.24.23/24 interface=vlanif_124 network=10.1.24.0 +add address=192.168.70.2/24 interface=vlanif_70 network=192.168.70.0 +add address=192.168.100.2/24 interface=vlanif_71 network=192.168.100.0 +add address=45.228.244.4 interface=lo network=45.228.244.4 +add address=45.228.246.4 interface=lo network=45.228.246.4 +add address=10.0.26.23/24 interface=vlanif_26 network=10.0.26.0 +add address=192.168.72.2/24 comment="GATEWAY HOTSPOT UNFI" interface=\ + vlanif_72 network=192.168.72.0 +add address=10.0.70.1/30 comment=fiore-teste interface=*1C network=10.0.70.0 +add address=10.0.70.1/30 interface=*1D network=10.0.70.0 +/ip arp +add address=10.0.13.95 comment=P2-SensorDeFase-Preta interface=vlanif_13 \ + mac-address=18:DE:50:A4:6A:F6 +add address=192.168.0.78 interface=vlanif_69 mac-address=98:E5:5B:1F:D5:C4 +/ip cloud +set update-time=no +/ip dhcp-client +# Interface not active +add comment=defconf interface=ether1-PoEIN +/ip dhcp-server lease +add address=192.168.0.5 client-id=1:44:3b:32:52:67:5 comment=DVR mac-address=\ + 44:3B:32:52:67:05 server=069_SEDE_FIX +add address=192.168.0.7 client-id=1:dc:a6:32:99:e5:ac comment="TV NOC" \ + mac-address=DC:A6:32:99:E5:AC server=069_SEDE_FIX +add address=192.168.0.9 client-id=1:c:96:e6:22:6a:9c comment="impressroa hp" \ + mac-address=0C:96:E6:22:6A:9C server=069_SEDE_FIX +add address=192.168.0.12 comment="Impressora XEROX" mac-address=\ + 9C:93:4E:6D:39:E1 server=069_SEDE_FIX +add address=192.168.0.24 client-id=1:0:c:29:a8:3d:34 comment=\ + "Servidor microsfot" mac-address=00:0C:29:A8:3D:34 server=069_SEDE_FIX +add address=192.168.0.41 client-id=1:24:52:6a:45:7:1 comment="NVR da SEDE" \ + mac-address=24:52:6A:45:07:01 server=069_SEDE_FIX +add address=192.168.0.20 comment="#SW_2_andar - AP refeitorio" mac-address=\ + 00:00:00:00:00:20 server=069_SEDE_FIX +add address=192.168.0.105 client-id=1:44:3b:32:86:2d:7e comment=\ + "CAMERA ESTOQUE" mac-address=44:3B:32:86:2D:7E server=069_SEDE_FIX +add address=192.168.0.97 client-id=1:b2:68:a6:2d:65:d5 mac-address=\ + B2:68:A6:2D:65:D5 server=069_SEDE_FIX +add address=192.168.0.194 client-id=1:0:26:8b:a:92:ea comment=\ + "TELEFONE IP CAROL" mac-address=00:26:8B:0A:92:EA server=069_SEDE_FIX +add address=192.168.0.6 comment="TARCILA - LDAP FS" mac-address=\ + 00:50:56:80:31:63 server=069_SEDE_FIX +add address=192.168.0.8 comment="PrintServer - OpenAudit" mac-address=\ + 00:00:00:00:00:03 server=069_SEDE_FIX +add address=192.168.0.11 comment="Impressora RICOH" mac-address=\ + 00:26:73:8D:9E:F3 server=069_SEDE_FIX +add address=192.168.0.17 comment="Nextcloud - FIX" mac-address=\ + 00:00:00:00:00:17 server=069_SEDE_FIX +add address=192.168.0.16 comment="REBECA - WIKI" mac-address=\ + 00:00:00:00:00:16 server=069_SEDE_FIX +add address=192.168.0.10 comment="Impressora RICOH" mac-address=\ + 00:00:00:00:00:10 server=069_SEDE_FIX +add address=192.168.0.99 client-id=1:d8:36:5f:40:5:4f comment="CAMERA PIA" \ + mac-address=D8:36:5F:40:05:4F server=069_SEDE_FIX +add address=192.168.0.163 comment="### ALAMR INTEBRAS" mac-address=\ + 48:51:CF:DE:5E:11 server=069_SEDE_FIX +add address=192.168.0.50 client-id=1:bc:32:5f:f4:f6:82 mac-address=\ + BC:32:5F:F4:F6:82 server=069_SEDE_FIX +add address=192.168.70.99 client-id=1:84:7b:57:e7:91:77 mac-address=\ + 84:7B:57:E7:91:77 server=070_DHCP_TI_NOC +add address=192.168.0.73 client-id=1:74:e5:f9:94:97:15 mac-address=\ + 74:E5:F9:94:97:15 server=069_SEDE_FIX +add address=192.168.0.202 client-id=1:7c:5c:f8:24:6f:fd mac-address=\ + 7C:5C:F8:24:6F:FD server=069_SEDE_FIX +add address=192.168.0.140 client-id=1:5c:cd:5b:d9:cc:b3 mac-address=\ + 5C:CD:5B:D9:CC:B3 server=069_SEDE_FIX +add address=10.0.13.181 client-id=1:dc:a6:32:99:e5:ac comment=\ + "SEDE - Raspberry Pi" mac-address=DC:A6:32:99:E5:AC server=013-iOT +add address=192.168.0.61 client-id=1:74:e5:f9:3c:38:40 mac-address=\ + 74:E5:F9:3C:38:40 server=069_SEDE_FIX +add address=10.0.13.32 comment="SEDE - Sensor de temperatura" mac-address=\ + FC:F5:C4:AB:4C:8A server=013-iOT +add address=10.0.13.39 comment="P4 - Ar condcionado" mac-address=\ + 1C:39:29:24:FC:BB server=013-iOT +add address=10.0.13.40 comment="P2 - Ar condcionado" mac-address=\ + 1C:39:29:03:FB:B4 server=013-iOT +add address=10.0.13.49 comment="SEDE - AR - Atendimento2" mac-address=\ + 1C:39:29:7F:A3:1A server=013-iOT +add address=10.0.13.50 comment="SEDE - AR - Atendimento1" mac-address=\ + 1C:39:29:7E:E2:53 server=013-iOT +add address=192.168.0.13 comment=CASAOS mac-address=00:00:00:00:00:13 server=\ + 069_SEDE_FIX +add address=10.0.13.96 comment=P1-F.VERMELHA mac-address=18:DE:50:38:BC:8E \ + server=013-iOT +add address=10.0.13.93 comment="SEDE - IR-AC-ADM" mac-address=\ + 1C:90:FF:8E:95:83 server=013-iOT +add address=10.0.13.44 comment="P1 - Ar condcionado" mac-address=\ + 1C:39:29:15:78:F3 server=013-iOT +add address=10.0.13.57 comment="P4 - Ar condcionado 2" mac-address=\ + 1C:39:29:BD:44:49 server=013-iOT +add address=10.0.13.94 comment=P4-ALARME mac-address=44:3B:32:5A:CD:AC \ + server=013-iOT +add address=10.0.13.51 comment=P4-F.VERMELHA mac-address=18:DE:50:AF:BF:85 \ + server=013-iOT +add address=192.168.0.134 client-id=1:84:7b:57:e7:91:27 mac-address=\ + 84:7B:57:E7:91:27 server=069_SEDE_FIX +add address=10.0.13.35 comment=P3-F.VERMELHA mac-address=18:DE:50:A4:6E:9E \ + server=013-iOT +add address=192.168.0.18 comment="NC container - PROXY" mac-address=\ + 00:00:00:00:00:18 server=069_SEDE_FIX +add address=10.0.13.97 comment=P2-F.VERMELHA mac-address=18:DE:50:AF:BE:27 \ + server=013-iOT +add address=10.0.13.95 comment=P2-F.PRETA mac-address=18:DE:50:A4:6A:F6 \ + server=013-iOT +add address=10.0.13.99 comment=P2-ALARME mac-address=30:E1:F1:A3:18:D9 \ + server=013-iOT +add address=10.0.13.45 comment=P4-SONOFF mac-address=18:DE:50:A6:94:67 \ + server=013-iOT +add address=10.0.13.36 comment=P3-F.PRETA mac-address=18:DE:50:A4:76:95 \ + server=013-iOT +add address=10.0.13.56 comment=P4-F.PRETA mac-address=18:DE:50:A4:64:A7 \ + server=013-iOT +add address=10.0.13.53 comment=P1-F.PRETA mac-address=18:DE:50:0A:CC:20 \ + server=013-iOT +add address=10.0.13.54 comment=P1-PRETA-SABESP mac-address=18:DE:50:38:C1:44 \ + server=013-iOT +add address=10.0.13.55 comment=P1-VERMELHA-SABESP mac-address=\ + 18:DE:50:38:C7:AF server=013-iOT +add address=10.0.13.52 comment=SEDE-FECHADURA-ESTOQUE mac-address=\ + D8:1F:12:39:DE:F3 server=013-iOT +add address=10.0.13.41 comment=P4-TEMP-RACK mac-address=50:8B:B9:5E:39:84 \ + server=013-iOT +add address=10.0.13.42 comment=P4-TEMP-GERADOR mac-address=1C:90:FF:F0:B7:E6 \ + server=013-iOT +add address=10.0.13.58 comment=P1-TEMP-RACK mac-address=A8:80:55:18:AC:13 \ + server=013-iOT +add address=10.0.13.34 comment=P4-TEMP_BATERIA mac-address=50:8B:B9:30:B6:26 \ + server=013-iOT +add address=10.0.13.59 comment=P3-DETEC-FUMACA mac-address=1C:90:FF:B1:69:62 \ + server=013-iOT +add address=10.0.13.31 client-id=1:f4:ce:23:a4:c1:58 comment=P3-TEMP-BATERIA \ + mac-address=50:8B:B9:2D:C4:C3 server=013-iOT +add address=10.0.13.30 comment=P4-DETC_FUMACA mac-address=18:DE:50:C4:B7:E7 \ + server=013-iOT +add address=10.0.13.48 client-id=1:46:ee:40:4f:14:91 comment=SEDE_CELULAR-TI \ + mac-address=46:EE:40:4F:14:91 server=013-iOT +add address=10.0.13.33 comment=P3-TEMP_RACK mac-address=50:8B:B9:5E:1A:59 \ + server=013-iOT +add address=10.0.13.62 comment=P2-DETEC_FUMACA mac-address=18:DE:50:C4:BF:D2 \ + server=013-iOT +add address=10.0.13.174 comment=P2-TEMP_RACK mac-address=A8:80:55:1D:90:0A \ + server=013-iOT +add address=10.0.13.175 comment=P2-TEMP_PORTA mac-address=A8:80:55:1B:67:1B \ + server=013-iOT +add address=10.0.13.68 mac-address=FC:3C:D7:DD:B3:5D server=013-iOT +add address=192.168.0.19 comment="SW estoque" mac-address=00:00:00:00:00:19 \ + server=069_SEDE_FIX +add address=192.168.0.21 comment="teste IA" mac-address=00:00:00:00:00:21 \ + server=069_SEDE_FIX +add address=10.0.13.78 comment=P3-AC-LG-22Btu mac-address=34:E6:E6:57:1D:DC \ + server=013-iOT +add address=10.0.13.69 mac-address=D8:C8:0C:02:B7:3C server=013-iOT +add address=10.0.13.70 mac-address=D8:C8:0C:02:B4:B5 server=013-iOT +add address=192.168.0.78 client-id=1:98:e5:5b:1f:d5:c4 mac-address=\ + 98:E5:5B:1F:D5:C4 server=069_SEDE_FIX +add address=192.168.0.53 client-id=1:b8:27:eb:7c:fd:82 mac-address=\ + B8:27:EB:7C:FD:82 server=069_SEDE_FIX +add address=192.168.0.110 client-id=1:0:21:b7:b3:3c:4 mac-address=\ + 00:21:B7:B3:3C:04 server=069_SEDE_FIX +/ip dhcp-server network +add address=10.0.13.0/24 dns-server=45.228.246.122,45.228.244.121 domain=\ + fixfibra.br gateway=10.0.13.23 +add address=192.168.0.0/24 comment="DNS - sede 192.168.0.6" dns-server=\ + 192.168.0.6 domain=fixfibra.br gateway=192.168.0.2 +add address=192.168.70.0/24 dns-server=192.168.0.6 domain=fixfibra.br \ + gateway=192.168.70.2 +add address=192.168.71.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ + fixfibra.guest gateway=192.168.71.2 +add address=192.168.72.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ + fixfibra.guest gateway=192.168.72.2 +/ip dns +set cache-max-ttl=1d servers=192.168.0.6,2804:47e4:1::120,2804:47e4:8002::124 +/ip firewall address-list +add address=192.168.0.6 list=Allow_sede +add address=192.168.0.24 list=Allow_sede +add address=192.168.0.7 list=Allow_sede +add address=192.168.70.0/24 list=AL_CELULARES-DROP +add address=10.0.0.0/8 list=AL_CELULARES-DROP +add address=192.168.0.0/24 list=AL_CELULARES-DROP +add address=192.168.70.0/24 list=AL_SEDE-DROP +add address=10.0.0.0/8 list=AL_SEDE-DROP +add address=192.168.0.15 list=Allow_sede +add address=10.0.24.10 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.12 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.13 list=AL-ACP-FERNANDA-OLT +add address=10.0.24.14 list=AL-ACP-FERNANDA-OLT +add address=10.0.0.0/8 list=AL_SAIDA_RFC_4193 +add address=192.168.0.0/16 list=AL_SAIDA_RFC_4193 +add address=172.16.0.0/12 list=AL_SAIDA_RFC_4193 +add address=10.0.24.0/24 list=AL_GERENCIA_TI-NOC +add address=10.1.24.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.47 list=Allow_sede +add address=192.168.0.46 list=Allow_sede +add address=192.168.0.45 list=Allow_sede +add address=192.168.0.20 list=Allow_sede +add address=192.168.0.16 list=Allow_sede +add address=192.168.0.11 list=Allow_sede +add address=192.168.0.12 list=Allow_sede +add address=192.168.0.13 list=Allow_sede +add address=192.168.0.202 comment=NOTE-DAVI list=Allow-RASP +add address=192.168.0.140 comment=NOTE-LEO list=Allow-RASP +add address=192.168.0.73 comment=NOTE-GILMAR list=Allow-RASP +add address=192.168.0.95 list=Allow_sede +add address=192.168.0.17 list=Allow_sede +add address=10.0.24.11 list=AL-ACP-FERNANDA-OLT +add address=192.168.0.5 list=Allow_sede +add address=192.168.0.206 list=Allow_sede +add address=192.168.100.0/24 list=AL-ALLOW-71-unifi +add address=192.168.0.250 list=Allow_sede +add address=192.168.0.22 list=Allow_sede +add address=192.168.0.35 list=Allow_sede +add address=192.168.0.34 list=Allow_sede +add address=192.168.0.21 list=Allow_sede +add address=192.168.0.30 list=Allow_sede +add address=192.168.0.32 list=Allow_sede +add address=192.168.0.31 list=Allow_sede +add address=192.168.0.19 list=Allow_sede +add address=192.168.0.18 list=Allow_sede +add address=192.168.0.36 list=Allow_sede +add address=192.168.0.14 list=Allow_sede +add address=192.168.0.37 list=Allow_sede +add address=192.168.0.40 list=Allow_sede +add address=10.25.0.0/18 list=AL_GERENCIA_TI-NOC +add address=192.168.0.8 list=Allow_sede +add address=192.168.0.9 list=Allow_sede +add address=192.168.0.85 list=Allow_sede +add address=10.0.26.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.50 list=Allow_sede +add address=192.168.0.108 list=Allow_sede +add address=192.168.0.27 list=Allow_sede +add address=192.168.0.54 list=Allow_sede +add address=191.9.20.40 list=CASA-ANDRE +add address=172.20.0.0/22 list=AL_GERENCIA_TI-NOC +add address=172.20.8.0/22 list=AL_GERENCIA_TI-NOC +add address=192.168.0.41 list=Allow_sede +add address=192.168.0.25 list=Allow_sede +add address=192.168.0.39 list=Allow_sede +add address=192.168.0.53 list=Allow_sede +add address=192.168.80.0/24 list=Allow_sede +add address=10.0.13.0/24 list=AL_GERENCIA_TI-NOC +add address=192.168.0.78 list=Allow_sede +add address=192.168.0.26 list=Allow_sede +add address=192.168.0.2 list=Allow_sede +add address=10.0.70.0/30 list=Allow_sede +add address=192.168.0.110 list=Allow_sede +/ip firewall filter +add action=fasttrack-connection chain=forward connection-state=\ + established,related hw-offload=yes +add action=accept chain=forward connection-state=established,related +/ip firewall nat +add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ + 45.228.244.4 dst-port=443 protocol=tcp to-addresses=192.168.0.17 \ + to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ + dst-address=45.228.244.4 dst-port=5349 protocol=tcp to-addresses=\ + 192.168.0.17 to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ + dst-address=45.228.244.4 dst-port=5349 protocol=udp to-addresses=\ + 192.168.0.17 to-ports=443 +add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ + 45.228.244.4 dst-port=80 protocol=tcp to-addresses=192.168.0.17 to-ports=\ + 80 +add action=dst-nat chain=dstnat comment="## NAT - GERADOR POP 1" dst-address=\ + 45.228.244.4 dst-port=1351 protocol=tcp to-addresses=10.0.13.103 \ + to-ports=1351 +add action=src-nat chain=srcnat comment="## NAT PARA APP MAPEAMENTO DE PORTA" \ + dst-address-list=AL-ACP-FERNANDA-OLT src-address=192.168.0.15 \ + to-addresses=10.0.24.23 +add action=src-nat chain=srcnat comment="## NAT WAN - IOT NAT 246.4" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=10.0.13.0/24 \ + to-addresses=45.228.246.4 +add action=src-nat chain=srcnat comment="## NAT WAN - SEDE 69" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.0.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT WAN - NOC 70" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.70.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT WAN - HOTSPOT 72" \ + dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.72.0/24 \ + to-addresses=45.228.244.4 +add action=src-nat chain=srcnat comment="## NAT - vlan 24 X TI-NOC" \ + dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ + to-addresses=10.0.24.23 +add action=src-nat chain=srcnat comment="## NAT - vlan 124 X TI-NOC" \ + dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ + to-addresses=10.1.24.23 +add action=src-nat chain=srcnat comment="## NAT WAN - UPDATE" disabled=yes \ + dst-address-list=!AL_SAIDA_RFC_4193 to-addresses=45.228.244.4 +/ip firewall raw +add action=accept chain=prerouting comment=\ + "## Regra para portal de mapeamento" dst-address-list=AL-ACP-FERNANDA-OLT \ + src-address=192.168.0.15 +add action=accept chain=prerouting comment="## Regra para Teste GenieACS" \ + dst-address=10.0.24.136 src-address=192.168.0.13 +add action=accept chain=prerouting comment="## Liberacao - UNIFI - OUTROS" \ + dst-address=192.168.0.24 src-address-list=AL-ALLOW-71-unifi +add action=accept chain=prerouting comment="## Regra de saida da VLAN 70" \ + src-address=192.168.70.0/24 +add action=accept chain=prerouting comment=\ + "## Regra de liberacao da Vlan 70 para host da vlan 69" dst-address=\ + 192.168.70.0/24 src-address-list=Allow_sede +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 69 para outras redes" dst-address-list=\ + AL_SEDE-DROP src-address=192.168.0.0/24 +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 71 para outras redes" disabled=yes \ + dst-address-list=AL_CELULARES-DROP src-address=192.168.100.0/24 +add action=drop chain=prerouting comment=\ + "## Regra de bloqueio da vlan 72 para outras redes" dst-address=\ + !192.168.0.24 dst-address-list=AL_CELULARES-DROP src-address=\ + 192.168.72.0/24 +/ip firewall service-port +set ftp disabled=yes +set tftp disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip route +add check-gateway=ping comment="## Default Route - B2" disabled=no distance=\ + 20 dst-address=0.0.0.0/0 gateway=172.31.32.21 pref-src="" routing-table=\ + main scope=30 suppress-hw-offload=no target-scope=10 +add check-gateway=arp comment="## Default Route - B1" disabled=no distance=\ + 100 dst-address=0.0.0.0/0 gateway=172.31.31.21 routing-table=main scope=\ + 30 suppress-hw-offload=no target-scope=10 +add comment="## GERENCIA 053-RADIOS" disabled=yes distance=1 dst-address=\ + 192.168.10.0/24 gateway=10.0.24.33 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="Gerencia vlan 25" disabled=no distance=1 dst-address=\ + 10.25.0.0/18 gateway=10.0.24.35 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="## Gerencia contratos bloqueados B2" disabled=no distance=1 \ + dst-address=172.20.8.0/22 gateway=10.0.24.8 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +add comment="## Gerencia contratos bloqueados B1" disabled=no distance=1 \ + dst-address=172.20.0.0/22 gateway=10.0.24.9 routing-table=main scope=30 \ + suppress-hw-offload=no target-scope=10 +/ipv6 route +add check-gateway=ping comment="## Default Route - VS01" disabled=no \ + distance=20 dst-address=::/0 gateway=2804:47e4:0:1::15 routing-table=main \ + scope=30 suppress-hw-offload=no target-scope=10 +add check-gateway=ping comment="## Default Route - VS02" disabled=no \ + distance=100 dst-address=::/0 gateway=2804:47e4:8000:1::15 routing-table=\ + main scope=30 suppress-hw-offload=no target-scope=10 +add blackhole comment=BLACKHOLE disabled=no distance=255 dst-address=\ + 2804:47e4:8c0::/48 gateway="" routing-table=main scope=30 \ + suppress-hw-offload=no +/ip service +set ftp disabled=yes +set telnet disabled=yes +set www disabled=yes +set winbox address=10.0.0.0/8,45.228.244.0/22,2804:47e4::/32,192.168.0.0/16 \ + port=8292 +set api disabled=yes +set api-ssl disabled=yes +set ssh address=2804:47e4:8c0::/48,10.1.24.0/24,192.168.0.0/16 port=9022 +/ip upnp +set show-dummy-rule=no +/ipv6 address +add address=2804:47e4:0:1::16/126 advertise=no comment=Enlace-VS01 interface=\ + vlanif_199 +add address=::1 from-pool=v6_pool_LAN interface=vlanif_69 +add address=::1 from-pool=v6_pool_LAN_NOC interface=vlanif_70 +add address=::1 from-pool=v6_pool_013_iot interface=vlanif_13 +add address=2804:47e4:8000:1::16/126 advertise=no comment=Enlace-VS02 \ + interface=vlanif_299 +add address=fe80::4a8f:5aff:fe7a:1c7e advertise=no interface=vlanif_71 +/ipv6 firewall address-list +add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 +add address=::1/128 comment="defconf: lo" list=bad_ipv6 +add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 +add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 +add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 +add address=100::/64 comment="defconf: discard only " list=bad_ipv6 +add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 +add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 +add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 +add address=2804:47e4:8c0::/48 list=SEDE-2804-47e4-8c0/48 +add address=2804:47e4::/32 list=FIX-2804-47e4/32 +add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=Servicos_sede +add address=2804:47e4:8c0:3000::17/128 comment=NC-IPv6 list=Servicos_sede +add address=fc00::/7 list=RFC-IPv6 +add address=fe80::/64 list=RFC-IPv6 +add address=ff00::/8 list=RFC-IPv6 +add address=2001::/23 list=bad_ipv6 +add address=2804:47e4:8c0:3000::22/128 comment=OCS-INVETORY list=\ + Servicos_sede +add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=Servicos_sede +add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=DVR +add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=DVR +/ipv6 firewall filter +add action=accept chain=input comment="Permit - ICPMv6" protocol=icmpv6 +add action=accept chain=input comment="Permit - input - estab, related" \ + connection-state=established,related +add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ + protocol=tcp src-address-list=FIX-2804-47e4/32 +add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 +add action=accept chain=forward comment="Permit - foward - estab, related" \ + connection-state=established,related +add action=accept chain=forward comment="Permit - Upload" src-address-list=\ + SEDE-2804-47e4-8c0/48 +add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ + Servicos_sede dst-port=80,443 protocol=tcp +add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ + DVR dst-port=37777 protocol=tcp +add action=drop chain=forward disabled=yes +/ipv6 nd +set [ find default=yes ] managed-address-configuration=yes \ + other-configuration=yes +add dns=2804:47e4:8c0:3000::6 interface=vlanif_70 \ + managed-address-configuration=yes other-configuration=yes ra-preference=\ + high +add interface=vlanif_13 managed-address-configuration=yes \ + other-configuration=yes +add dns=2804:47e4:8c0:3000::6 interface=vlanif_69 \ + managed-address-configuration=yes other-configuration=yes ra-preference=\ + high +add advertise-dns=no interface=vlanif_199 managed-address-configuration=yes \ + ra-preference=low +add interface=vlanif_71 managed-address-configuration=yes \ + other-configuration=yes ra-preference=high +/mpls settings +set allow-fast-path=no propagate-ttl=no +/ppp secret +add name=andrefix profile=L2TP_NOC remote-address=192.168.70.10 service=l2tp +add name=daniel.sato profile=L2TP_NOC remote-address=192.168.70.11 service=\ + l2tp +add name=telicfix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp +add name=telicfix2 profile=L2TP_NOC remote-address=192.168.70.13 service=l2tp +add name=diego profile=L2TP service=l2tp +add disabled=yes name=diego2 profile=L2TP service=l2tp +add disabled=yes name=guilherme profile=L2TP_NOC remote-address=192.168.70.14 \ + service=l2tp +add name=otaviofix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp +add name=mariana.batista profile=L2TP_NOC remote-address=192.168.70.14 \ + service=l2tp +add name=ppp1 profile=L2TP_NOC remote-address=192.168.70.15 routes=\ + 192.168.70.2 service=l2tp +/radius +add address=10.1.24.138 comment="Radius - 10.1.24.138" require-message-auth=\ + no service=login src-address=10.1.24.23 timeout=300ms +/radius incoming +set accept=yes +/snmp +set contact="FIX FIBRA" enabled=yes location="\"Av. Nossa Sra. dos Navegantes,\ + \_1222 - Eldorado, Diadema - SP, 09972-260\"" src-address=10.0.24.23 \ + trap-version=2 +/system clock +set time-zone-name=America/Sao_Paulo +/system identity +set name=SEDE-4011 +/system note +set show-at-login=no +/system ntp client +set enabled=yes +/system ntp client servers +add address=45.228.244.121 +add address=45.228.246.122 +add address=2804:47e4:1::120 +add address=2894:47e4:8002::124 +/system scheduler +add name="Reboot=UPD" on-event="/system reboot" policy=reboot start-date=\ + 2025-03-13 start-time=22:45:00 +/system script +add dont-require-permissions=no name=backupSFTP owner=danielfix policy=\ + ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ + log warning \"***************************************\"\ + \n#Conexao SFTP\ + \n:global host 10.1.24.137\ + \n:global usuario backups\ + \n:global senha backups@fixfibra2@\ + \n:global diretorio /SFTP/backups/mikrotik/router/RB-SEDE\ + \n\ + \n#Pega o nome do Router\ + \n:global identifica [/system identity get name]\ + \n\ + \n#Gera data no formato AAAA-MM-DD\ + \n:global data [/system clock get date]\ + \n:global ano [:pick \$data 0 4]\ + \n:global mes [:pick \$data 5 7]\ + \n:global dia [:pick \$data 8 10]\ + \n\ + \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ + \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ + \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ + \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ + \n:log info \"Processando...\";\ + \n:delay 5s\ + \n\ + \n:log info \"Conectando SFTP Server...\";\ + \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ + \";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ + kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ + tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ + \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ + \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ + dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:delay 1\ + \n\ + \n:log info \"Backup enviado com sucesso...\";\ + \n:log info \"Removendo arquivos...\";\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ + \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ + \n:log info \"Rotina de backup finalizada...\";\ + \n:log warning \"***************************************\";\ + \n\ + \n" +/system watchdog +set watchdog-timer=no +/tool bandwidth-server +set enabled=no +/tool mac-server +set allowed-interface-list=LAN +/tool mac-server mac-winbox +set allowed-interface-list=LAN +/tool netwatch +add disabled=no down-script="/log info message=\"Deviando upload para rota de \ + backup\"\r\ + \n/ip route/disable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ + \n" host=192.33.4.12 http-codes="" interval=1m test-script="" type=icmp \ + up-script="/log info message=\"Deviando upload para rota princiapl\"\r\ + \n/ip route/enable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ + \n" +/tool romon +set enabled=yes +/user aaa +set use-radius=yes