Primeiro Commit - Backup Mikrotik
This commit is contained in:
Git SFTP
468
CGNAT02/05-12-2025.NAT02-CCR2004.rsc
Normal file
468
CGNAT02/05-12-2025.NAT02-CCR2004.rsc
Normal file
@@ -0,0 +1,468 @@
|
||||
# 2025-12-05 12:34:34 by RouterOS 7.20.5
|
||||
# software id = R71A-HA5S
|
||||
#
|
||||
# model = CCR2004-16G-2S+
|
||||
# serial number = HG809N0C8R9
|
||||
/interface ethernet
|
||||
set [ find default-name=ether1 ] disabled=yes
|
||||
set [ find default-name=ether2 ] disabled=yes
|
||||
set [ find default-name=ether3 ] disabled=yes
|
||||
set [ find default-name=ether4 ] disabled=yes
|
||||
set [ find default-name=ether5 ] disabled=yes
|
||||
set [ find default-name=ether6 ] disabled=yes
|
||||
set [ find default-name=ether7 ] disabled=yes
|
||||
set [ find default-name=ether8 ] disabled=yes
|
||||
set [ find default-name=ether9 ] disabled=yes
|
||||
set [ find default-name=ether10 ] disabled=yes
|
||||
set [ find default-name=ether11 ] disabled=yes
|
||||
set [ find default-name=ether12 ] disabled=yes
|
||||
set [ find default-name=ether13 ] disabled=yes
|
||||
set [ find default-name=ether14 ] disabled=yes
|
||||
set [ find default-name=ether15 ] disabled=yes
|
||||
set [ find default-name=ether16 ] disabled=yes
|
||||
set [ find default-name=sfp-sfpplus2 ] disabled=yes
|
||||
/interface vlan
|
||||
add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24
|
||||
add interface=sfp-sfpplus1 name=0042-Servicos-IPv4 vlan-id=42
|
||||
add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124
|
||||
add interface=sfp-sfpplus1 name=0620-Servicos-IPv6 vlan-id=620
|
||||
add interface=sfp-sfpplus1 name=2142-OSPF_B1 vlan-id=2142
|
||||
add interface=sfp-sfpplus1 name=2242-OSPF_B2 vlan-id=2242
|
||||
add interface=sfp-sfpplus1 name=2602-IPv4-HEXA vlan-id=2602
|
||||
add interface=sfp-sfpplus1 name=vlan1441-itx-sw-hw-04 vlan-id=1441
|
||||
/interface list
|
||||
add exclude=all include=static name=ospf-interfaces
|
||||
/interface lte apn
|
||||
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
|
||||
/ip pool
|
||||
add name=pool1 ranges=198.18.0.5-198.18.0.8
|
||||
/ip smb users
|
||||
set [ find default=yes ] disabled=yes
|
||||
/ipv6 pool
|
||||
add name=pool-enlace prefix=2804:47e4:8000:1::1c/126 prefix-length=128
|
||||
/port
|
||||
set 0 name=serial0
|
||||
/ppp profile
|
||||
add change-tcp-mss=no local-address=10.0.24.33 name=L2TP remote-address=pool1 \
|
||||
use-compression=no use-encryption=yes use-upnp=no
|
||||
/routing id
|
||||
add disabled=no id=10.0.24.33 name=OSPF select-dynamic-id=only-static
|
||||
/routing ospf instance
|
||||
add disabled=no name=ospf originate-default=never out-filter-chain=OSPF-OUT \
|
||||
redistribute=connected,static router-id=OSPF routing-table=main
|
||||
add disabled=no name=ospfv3 originate-default=never out-filter-chain=\
|
||||
OSPFv3-OUT redistribute=connected router-id=OSPF version=3
|
||||
/routing ospf area
|
||||
add disabled=no instance=ospf name=ospf-area-0
|
||||
add disabled=no instance=ospfv3 name=ospfv3-area-0
|
||||
/snmp community
|
||||
set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan
|
||||
/system logging action
|
||||
add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\
|
||||
10.0.24.33 target=remote
|
||||
/ip smb
|
||||
set enabled=no
|
||||
/ip firewall connection tracking
|
||||
set enabled=yes udp-timeout=10s
|
||||
/ip neighbor discovery-settings
|
||||
set discover-interface-list=all
|
||||
/ip settings
|
||||
set max-neighbor-entries=8192
|
||||
/ipv6 settings
|
||||
set max-neighbor-entries=8192 soft-max-neighbor-entries=8191
|
||||
/interface l2tp-server server
|
||||
set allow-fast-path=yes authentication=chap,mschap1,mschap2 default-profile=\
|
||||
L2TP enabled=yes keepalive-timeout=60 l2tpv3-ether-interface-list=all \
|
||||
max-mru=1480 max-mtu=1480 one-session-per-host=yes use-ipsec=yes
|
||||
/interface list member
|
||||
add interface=2142-OSPF_B1 list=ospf-interfaces
|
||||
add interface=2242-OSPF_B2 list=ospf-interfaces
|
||||
/interface ovpn-server server
|
||||
add mac-address=FE:6F:8A:36:83:70 name=ovpn-server1
|
||||
/ip address
|
||||
add address=10.0.24.33/24 interface=0024-GERENCIA-L2 network=10.0.24.0
|
||||
add address=10.1.21.42/30 interface=2142-OSPF_B1 network=10.1.21.40
|
||||
add address=10.1.22.42/30 interface=2242-OSPF_B2 network=10.1.22.40
|
||||
add address=45.228.246.97/27 comment="### 246.97 - Gateway-042" interface=\
|
||||
0042-Servicos-IPv4 network=45.228.246.96
|
||||
add address=10.1.24.33/24 interface=0124-GERENCIA-L3 network=10.1.24.0
|
||||
add address=45.228.246.31 interface=lo network=45.228.246.31
|
||||
add address=45.228.246.16 interface=lo network=45.228.246.16
|
||||
add address=10.0.5.9/30 interface=vlan1441-itx-sw-hw-04 network=10.0.5.8
|
||||
add address=45.228.246.64 comment=IPv4-pub-NAT-HEXA interface=lo network=\
|
||||
45.228.246.64
|
||||
add address=10.95.200.1/24 comment=IPv4-priv-NAT-HEXA interface=\
|
||||
2602-IPv4-HEXA network=10.95.200.0
|
||||
/ip cloud
|
||||
set update-time=no
|
||||
/ip dns
|
||||
set servers=45.228.246.122,45.228.244.121
|
||||
/ip firewall address-list
|
||||
add address=45.228.244.4 list=CONFIAVEIS
|
||||
add address=45.228.246.4 list=CONFIAVEIS
|
||||
add address=10.1.24.0/24 list=CONFIAVEIS
|
||||
add address=10.0.24.0/24 list=CONFIAVEIS
|
||||
add address=10.25.0.0/18 list=CONFIAVEIS
|
||||
add address=45.228.244.8/29 list=CONFIAVEIS
|
||||
add address=45.228.244.96/27 list=CONFIAVEIS
|
||||
add address=45.228.246.96/27 list=CONFIAVEIS
|
||||
add address=100.64.0.0/10 list=CONFIAVEIS
|
||||
add address=10.64.69.0/30 list=CONFIAVEIS
|
||||
add address=45.228.244.121 list=DNS-SERVERs
|
||||
add address=45.228.246.122 list=DNS-SERVERs
|
||||
add address=45.228.244.101 list=DNS-SERVERs
|
||||
add address=45.228.246.102 list=DNS-SERVERs
|
||||
add address=45.228.246.100 list=DNS-SERVERs
|
||||
add address=45.228.244.8/29 list=0030-SERVIDORES
|
||||
add address=45.228.244.96/27 list=SERVIDORES
|
||||
add address=45.228.246.96/27 list=SERVIDORES
|
||||
add address=10.25.0.25 list=GeniACS
|
||||
add address=45.228.246.105 list=GeniACS
|
||||
add address=45.228.245.0/24 list=ACS-CPEs
|
||||
add address=45.228.247.0/24 list=ACS-CPEs
|
||||
add address=10.25.0.0/18 list=ACS-CPEs
|
||||
add address=198.18.0.8 list=POOL-GERENCIA
|
||||
add address=198.18.0.7 list=POOL-GERENCIA
|
||||
add address=198.18.0.6 list=POOL-GERENCIA
|
||||
add address=198.18.0.5 list=POOL-GERENCIA
|
||||
add address=10.0.24.0/24 list=LOCAL-VPN-NAT
|
||||
add address=198.18.0.4/30 list=LOCAL-VPN-NAT
|
||||
add address=45.228.244.0/22 list=BLOCO-FIX
|
||||
add address=45.228.244.4 list=ACPT-INPUT
|
||||
add address=10.1.24.0/24 list=ACPT-INPUT
|
||||
add address=45.228.246.4 list=ACPT-INPUT
|
||||
add address=10.0.24.0/24 list=ACPT-INPUT
|
||||
add address=10.1.21.32/30 list=ACPT-INPUT
|
||||
add address=10.1.22.32/30 list=ACPT-INPUT
|
||||
add address=10.25.0.0/18 list=ACPT-INPUT
|
||||
add address=45.228.244.8/29 list=ACPT-INPUT
|
||||
add address=45.228.244.96/27 list=ACPT-INPUT
|
||||
add address=10.0.5.4/30 list=ACPT-INPUT
|
||||
add address=45.228.244.96/27 list=zabbix-agent
|
||||
add address=45.228.246.96/27 list=zabbix-agent
|
||||
add address=45.228.244.101 list=CWPs
|
||||
add address=45.228.246.102 list=CWPs
|
||||
add address=10.95.200.0/24 list=LAN-HEXA
|
||||
/ip firewall filter
|
||||
add action=fasttrack-connection chain=forward connection-state=\
|
||||
established,related hw-offload=yes
|
||||
add action=accept chain=forward connection-state=established,related
|
||||
add action=accept chain=forward comment="Permit - ICMP Protocol" disabled=yes \
|
||||
protocol=icmp
|
||||
add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \
|
||||
dst-address=45.228.246.100 dst-port=53 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \
|
||||
dst-address=45.228.246.100 dst-port=53 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - acs - 7547 tcp" disabled=\
|
||||
yes dst-address=45.228.246.105 dst-port=7547 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - Upload SRC" disabled=yes \
|
||||
src-address-list=CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - DNS (TCP)" disabled=yes \
|
||||
dst-address-list=DNS-SERVERs dst-port=53 protocol=tcp src-address-list=\
|
||||
CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - DNS (UDP)" disabled=yes \
|
||||
dst-address-list=DNS-SERVERs dst-port=53 protocol=udp src-address-list=\
|
||||
CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - NTPSec (UDP)" disabled=yes \
|
||||
dst-address-list=DNS-SERVERs dst-port=123 protocol=udp src-address-list=\
|
||||
CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - HTTPs (TCP)" disabled=yes \
|
||||
dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - HTTPs (UDP)" disabled=yes \
|
||||
dst-address-list=SERVIDORES dst-port=80,443 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - Servicos (TCP)" disabled=\
|
||||
yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - Servicos (UDP)" disabled=\
|
||||
yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - Servicos" disabled=yes \
|
||||
dst-address-list=SERVIDORES src-address-list=SERVIDORES
|
||||
add action=accept chain=forward comment="Permit - Radios" disabled=yes \
|
||||
in-interface=*16
|
||||
add action=accept chain=forward comment="Permit - Radios" disabled=yes \
|
||||
out-interface=*16
|
||||
add action=accept chain=forward comment="Permit - OpaSuite (exception)" \
|
||||
disabled=yes dst-address=45.228.246.98
|
||||
add action=accept chain=input comment="Permit - Estab and Related" \
|
||||
connection-state=established,related disabled=yes
|
||||
add action=accept chain=input comment="Permit - ICMP" disabled=yes protocol=\
|
||||
icmp
|
||||
add action=accept chain=input comment="Permit - OSPF Protocol" disabled=yes \
|
||||
in-interface-list=ospf-interfaces protocol=ospf
|
||||
add action=accept chain=input comment="Permit - IPsec Ports" disabled=yes \
|
||||
dst-port=500,1701,4500 protocol=udp
|
||||
add action=accept chain=input comment="Permit - IPsec Protocol" disabled=yes \
|
||||
protocol=ipsec-esp
|
||||
add action=accept chain=input comment="Permit - L2TP Protocol" disabled=yes \
|
||||
protocol=l2tp
|
||||
add action=accept chain=input comment="Permit - Winbox Service" disabled=yes \
|
||||
dst-port=8292 protocol=tcp src-address-list=ACPT-INPUT
|
||||
add action=accept chain=input comment="Permit - Trusted" disabled=yes \
|
||||
src-address-list=ACPT-INPUT
|
||||
add action=accept chain=forward disabled=yes dst-address-list=CWPs
|
||||
add action=drop chain=forward disabled=yes log-prefix=drop-all-
|
||||
add action=drop chain=input disabled=yes
|
||||
/ip firewall nat
|
||||
add action=src-nat chain=srcnat comment=\
|
||||
"NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" disabled=yes \
|
||||
dst-address=10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=\
|
||||
10.0.24.33
|
||||
add action=src-nat chain=srcnat comment="SRC-NAT-HEXA - 45.228.246.64" \
|
||||
src-address-list=LAN-HEXA to-addresses=45.228.246.64
|
||||
add action=src-nat chain=srcnat comment="DEFAULT NAT - 246.31" dst-address=\
|
||||
!10.0.0.0/8 dst-address-list=!SERVIDORES protocol=!ospf src-address=\
|
||||
10.0.24.0/24 to-addresses=45.228.246.31
|
||||
add action=src-nat chain=srcnat comment="## regra UPDATE" disabled=yes \
|
||||
dst-address-list=!POOL-GERENCIA protocol=!ospf to-addresses=45.228.246.31
|
||||
/ip firewall service-port
|
||||
set ftp disabled=yes
|
||||
set tftp disabled=yes
|
||||
set h323 disabled=yes
|
||||
set sip disabled=yes
|
||||
set pptp disabled=yes
|
||||
/ip ipsec profile
|
||||
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
|
||||
/ip route
|
||||
add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \
|
||||
dst-address=45.228.246.64/27 gateway="" pref-src="" routing-table=main \
|
||||
scope=30 suppress-hw-offload=no target-scope=10
|
||||
add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \
|
||||
dst-address=45.228.246.16/28 gateway="" pref-src="" routing-table=main \
|
||||
scope=30 suppress-hw-offload=no target-scope=10
|
||||
add disabled=no distance=210 dst-address=0.0.0.0/0 gateway=10.1.22.41 \
|
||||
pref-src="" routing-table=main scope=20 suppress-hw-offload=no \
|
||||
target-scope=10
|
||||
/ipv6 route
|
||||
add disabled=no distance=200 dst-address=::/0 gateway=2804:47e4:8000:1::21 \
|
||||
routing-table=main scope=30 target-scope=10
|
||||
add disabled=yes distance=20 dst-address=::/0 gateway=2804:47e4:8000:1::19 \
|
||||
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
|
||||
/ip service
|
||||
set ftp disabled=yes
|
||||
set ssh disabled=yes
|
||||
set telnet disabled=yes
|
||||
set www disabled=yes
|
||||
set winbox address=45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4::/32 \
|
||||
port=8292
|
||||
set api disabled=yes
|
||||
set api-ssl disabled=yes
|
||||
/ip smb shares
|
||||
set [ find default=yes ] directory=/pub
|
||||
/ip traffic-flow
|
||||
set active-flow-timeout=5m cache-entries=64k interfaces=2142-OSPF_B1
|
||||
/ip traffic-flow target
|
||||
add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5
|
||||
add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5
|
||||
/ip upnp
|
||||
set enabled=yes
|
||||
/ip upnp interfaces
|
||||
add interface=*16 type=internal
|
||||
add interface=2142-OSPF_B1 type=external
|
||||
/ipv6 address
|
||||
add address=2804:47e4:8002::33 advertise=no comment=\
|
||||
"# Desativar o Advertase e depois desativar ND | BUG com Firewall" \
|
||||
interface=0620-Servicos-IPv6
|
||||
add address=2804:47e4:8000:1::22/126 advertise=no interface=2242-OSPF_B2
|
||||
add address=2804:47e4:0:1::22/126 advertise=no interface=2142-OSPF_B1
|
||||
add address=2804:47e4:8000:1::1a/126 advertise=no disabled=yes interface=\
|
||||
2602-IPv4-HEXA
|
||||
add address=2804:47e4:8002:2601::33 advertise=no comment="## LAN SAGE" \
|
||||
disabled=yes interface=lo
|
||||
/ipv6 firewall address-list
|
||||
add address=2804:47e4::/32 list=FIX-MeuBloco
|
||||
add address=2804:47e4:1::/64 list=AL-ACPT-SERVICOS
|
||||
add address=2804:47e4:1::141/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::142/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:1::125/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::/64 list=AL-ACPT-SERVICOS
|
||||
add address=2804:47e4:1::122/128 list=ACL-hosepdage
|
||||
add address=2804:47e4::/32 list=CONFIAVEIS
|
||||
add address=2804:47e4:8002::/64 list=SERVIDORES
|
||||
add address=2804:47e4:1::/64 list=SERVIDORES
|
||||
add address=2804:47e4:1::120/128 list=DNS-SERVER
|
||||
add address=2804:47e4:8002::124/128 list=DNS-SERVER
|
||||
add address=2804:47e4:0:1::22/128 list=INPUT-OSPFv3
|
||||
add address=2804:47e4:8000:1::22/128 list=INPUT-OSPFv3
|
||||
add address=2804:47e4:8002::7777/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::230/128 list=DNS-SERVER
|
||||
add address=2804:47e4:8002::110/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::228/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::145/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::15/128 disabled=yes list=ACL-hosepdage
|
||||
add address=2804:47e4:1::141/128 list=CWPs
|
||||
add address=2804:47e4:8002::142/128 list=CWPs
|
||||
/ipv6 firewall filter
|
||||
add action=accept chain=input comment=ICMPV6 protocol=icmpv6
|
||||
add action=accept chain=forward comment="Permit - Established, related" \
|
||||
connection-state=established,related
|
||||
add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6
|
||||
add action=accept chain=input comment="Permit - input - estab, related" \
|
||||
connection-state=established,related
|
||||
add action=accept chain=input comment="Permit - OSPFv3" in-interface-list=\
|
||||
ospf-interfaces protocol=ospf
|
||||
add action=accept chain=input comment="Permit - Link Local" src-address=\
|
||||
fe80::/10
|
||||
add action=accept chain=forward comment="Permit - Upload" src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - All (excecao)" \
|
||||
dst-address-list=ACL-hosepdage
|
||||
add action=accept chain=forward comment=IXC dst-address=\
|
||||
2804:47e4:8002::15/128 dst-port=80,443 protocol=tcp
|
||||
add action=accept chain=forward comment=IXC dst-address=\
|
||||
2804:47e4:8002::15/128 dst-port=80,443 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - REVERSO" dst-address=\
|
||||
2804:47e4:8002::230/128 dst-port=53 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - REVERSO" dst-address=\
|
||||
2804:47e4:8002::230/128 dst-port=53 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - Servicos (all)" \
|
||||
dst-address-list=AL-ACPT-SERVICOS src-address-list=AL-ACPT-SERVICOS
|
||||
add action=accept chain=forward comment="Permit - DNS (udp)" \
|
||||
dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - DNS (tcp)" \
|
||||
dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - WebServer (udp)" \
|
||||
dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \
|
||||
protocol=udp
|
||||
add action=accept chain=forward comment="Permit - WebServer (tcp)" \
|
||||
dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \
|
||||
protocol=tcp
|
||||
add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \
|
||||
protocol=tcp src-address-list=FIX-MeuBloco
|
||||
add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\
|
||||
tcp src-address-list=FIX-MeuBloco
|
||||
add action=accept chain=input comment="Permit - SSH" dst-address=\
|
||||
2804:47e4:8002::f120/128 dst-port=9022 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - CWP" dst-address-list=CWPs
|
||||
add action=drop chain=input comment=drop-input
|
||||
add action=drop chain=forward comment="drop - All" log-prefix=dropv6-
|
||||
/ipv6 nd
|
||||
set [ find default=yes ] advertise-dns=no disabled=yes \
|
||||
managed-address-configuration=yes other-configuration=yes ra-preference=\
|
||||
low
|
||||
add advertise-dns=no interface=0620-Servicos-IPv6 \
|
||||
managed-address-configuration=yes
|
||||
add advertise-dns=no interface=2142-OSPF_B1 managed-address-configuration=yes
|
||||
add advertise-dns=no interface=2242-OSPF_B2 managed-address-configuration=yes
|
||||
/ppp secret
|
||||
add name=andrefix profile=L2TP service=l2tp
|
||||
add name=danielfix profile=L2TP service=l2tp
|
||||
add name=otaviofix profile=L2TP service=l2tp
|
||||
/radius
|
||||
add address=10.0.24.24 disabled=yes require-message-auth=no service=login \
|
||||
timeout=300ms
|
||||
add address=10.0.24.24 disabled=yes require-message-auth=no service=login \
|
||||
timeout=300ms
|
||||
/routing bfd configuration
|
||||
add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5
|
||||
add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5
|
||||
/routing filter rule
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.246.96/27 && dst-len > 27) {reject} else {accept}"
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.246.64/27 && dst-len > 27) {reject} else {accept}"
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.246.16/28 && dst-len > 28) {reject} else {accept}"
|
||||
add chain=OSPFv3-OUT disabled=no rule=\
|
||||
"if (dst in 2804:47e4:8002::/48 && dst-len > 48) {reject} else {accept}"
|
||||
/routing ospf area range
|
||||
add area=ospf-area-0 disabled=no prefix=45.228.246.96/27
|
||||
add area=ospfv3-area-0 disabled=no prefix=2804:47e4:8002::/64
|
||||
add area=ospf-area-0 disabled=no prefix=45.228.246.64/27
|
||||
/routing ospf interface-template
|
||||
add area=ospf-area-0 auth=md5 auth-id=1 cost=20 disabled=no interfaces=\
|
||||
2242-OSPF_B2 networks=10.1.22.40/30 priority=1 type=ptp
|
||||
add area=ospf-area-0 auth=md5 auth-id=1 cost=100 disabled=no interfaces=\
|
||||
2142-OSPF_B1 networks=10.1.21.40/30 priority=1 type=ptp
|
||||
add area=ospfv3-area-0 cost=20 disabled=no interfaces=2242-OSPF_B2 networks=\
|
||||
2804:47e4:8000:1::22/126 priority=1 type=ptp
|
||||
add area=ospfv3-area-0 cost=100 disabled=no interfaces=2142-OSPF_B1 networks=\
|
||||
2804:47e4:0:1::22/126 priority=1 type=ptp
|
||||
add area=ospf-area-0 disabled=no interfaces=all passive
|
||||
add area=ospfv3-area-0 disabled=no interfaces=all passive
|
||||
/snmp
|
||||
set contact="FIX FIBRA" enabled=yes location=\
|
||||
"\"R. Antonio Dias Adorno, 375,Diadema,SP,BR\"" trap-version=2
|
||||
/system clock
|
||||
set time-zone-name=America/Sao_Paulo
|
||||
/system identity
|
||||
set name=NAT02-CCR2004
|
||||
/system logging
|
||||
add action=echo disabled=yes prefix=snmp_ topics=debug,snmp
|
||||
add action=Gray disabled=yes prefix=snmp_ topics=debug,snmp
|
||||
add action=Gray prefix=CRI topics=critical
|
||||
add action=Gray prefix=BK topics=backup
|
||||
add action=Gray prefix=INFO topics=info
|
||||
add action=Gray prefix=WARM topics=warning
|
||||
/system note
|
||||
set show-at-login=no
|
||||
/system ntp client
|
||||
set enabled=yes
|
||||
/system ntp client servers
|
||||
add address=10.0.24.120
|
||||
add address=10.0.24.124
|
||||
/system routerboard settings
|
||||
set enter-setup-on=delete-key
|
||||
/system scheduler
|
||||
add comment="Crodar dia 25/01 as 3 da manha" name=Atualizacao on-event=\
|
||||
"/system reboot" policy=reboot start-date=2025-03-11 start-time=03:00:00
|
||||
/system script
|
||||
add dont-require-permissions=no name=backupSFTP owner=otaviofix policy=\
|
||||
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
|
||||
log warning \"***************************************\"\
|
||||
\n#Conexao SFTP\
|
||||
\n\
|
||||
\n:global host 10.1.24.137\
|
||||
\n:global usuario backups\
|
||||
\n:global senha backups@fixfibra2@\
|
||||
\n:global diretorio /SFTP/backups/mikrotik/router/CGNAT02\
|
||||
\n\
|
||||
\n#Pega o nome do Router\
|
||||
\n\
|
||||
\n:global identifica [/system identity get name]\
|
||||
\n\
|
||||
\n#Gera data no formato AAAA-MM-DD\
|
||||
\n\
|
||||
\n:global data [/system clock get date]\
|
||||
\n:global ano [:pick \$data 0 4]\
|
||||
\n:global mes [:pick \$data 5 7]\
|
||||
\n:global dia [:pick \$data 8 10]\
|
||||
\n\
|
||||
\n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\
|
||||
\n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\
|
||||
\n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\
|
||||
\n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\
|
||||
\n:log info \"Processando...\";\
|
||||
\n:delay 5s\
|
||||
\n\
|
||||
\n:log info \"Conectando SFTP Server...\";\
|
||||
\n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\
|
||||
\";\
|
||||
\n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\
|
||||
kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\
|
||||
tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\
|
||||
\n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\
|
||||
\n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\
|
||||
\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \
|
||||
dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\
|
||||
\n:delay 1\
|
||||
\n\
|
||||
\n:log info \"Backup enviado com sucesso...\";\
|
||||
\n:log info \"Removendo arquivos...\";\
|
||||
\n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\
|
||||
\n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\
|
||||
\n:log info \"Rotina de backup finalizada...\";\
|
||||
\n:log warning \"***************************************\";\
|
||||
\n"
|
||||
/tool bandwidth-server
|
||||
set enabled=no
|
||||
/tool mac-server
|
||||
set allowed-interface-list=none
|
||||
/tool mac-server mac-winbox
|
||||
set allowed-interface-list=none
|
||||
/tool mac-server ping
|
||||
set enabled=no
|
||||
/tool romon
|
||||
set enabled=yes
|
||||
/user aaa
|
||||
set use-radius=yes
|
||||
Reference in New Issue
Block a user