Primeiro Commit - Backup Mikrotik
This commit is contained in:
Git SFTP
492
NAT01/07-12-2025.NAT01-CCR2004.rsc
Normal file
492
NAT01/07-12-2025.NAT01-CCR2004.rsc
Normal file
@@ -0,0 +1,492 @@
|
||||
# 2025-12-07 01:00:00 by RouterOS 7.18.2
|
||||
# software id = 1MXX-5Y0X
|
||||
#
|
||||
# model = CCR2004-16G-2S+
|
||||
# serial number = HG809WX52HQ
|
||||
/interface ethernet
|
||||
set [ find default-name=ether1 ] disabled=yes
|
||||
set [ find default-name=ether2 ] disabled=yes
|
||||
set [ find default-name=ether3 ] disabled=yes
|
||||
set [ find default-name=ether4 ] disabled=yes
|
||||
set [ find default-name=ether5 ] disabled=yes
|
||||
set [ find default-name=ether6 ] disabled=yes
|
||||
set [ find default-name=ether7 ] disabled=yes
|
||||
set [ find default-name=ether8 ] disabled=yes
|
||||
set [ find default-name=ether9 ] disabled=yes
|
||||
set [ find default-name=ether10 ] disabled=yes
|
||||
set [ find default-name=ether11 ] disabled=yes
|
||||
set [ find default-name=ether12 ] disabled=yes
|
||||
set [ find default-name=ether13 ] disabled=yes
|
||||
set [ find default-name=ether14 ] disabled=yes
|
||||
set [ find default-name=ether15 ] disabled=yes
|
||||
set [ find default-name=ether16 ] disabled=yes
|
||||
set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-full,100M-baseT-fu\
|
||||
ll,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR"
|
||||
set [ find default-name=sfp-sfpplus2 ] disabled=yes
|
||||
/interface vlan
|
||||
add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24
|
||||
add interface=sfp-sfpplus1 name=0025-VoIP-TR69 vlan-id=25
|
||||
add interface=sfp-sfpplus1 name=0030-TIP-IXC vlan-id=30
|
||||
add interface=sfp-sfpplus1 name=0041-Servicos-IPv4 vlan-id=41
|
||||
add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124
|
||||
add interface=sfp-sfpplus1 name=0610-Servicos-IPv6 vlan-id=610
|
||||
add interface=sfp-sfpplus1 name=1441-itx-sw-hw-03 vlan-id=1441
|
||||
add interface=sfp-sfpplus1 name=2133-OSPF-B1 vlan-id=2133
|
||||
add interface=sfp-sfpplus1 name=2233-OSPF-B2 vlan-id=2233
|
||||
/interface list
|
||||
add name=OSPFv3
|
||||
add name=LAN
|
||||
/interface lte apn
|
||||
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
|
||||
/ip dhcp-server option
|
||||
add code=43 name=acs_ip value="0x011F'http://acs.fixfibra.com.br:7547'"
|
||||
/ip dhcp-server option sets
|
||||
add name=acs_ip options=acs_ip
|
||||
/ip pool
|
||||
add name=TR69 ranges=10.25.0.50-10.25.63.200
|
||||
add name=pool1 ranges=198.18.0.1-198.18.0.4
|
||||
/ip dhcp-server
|
||||
add address-pool=TR69 dhcp-option-set=acs_ip interface=0025-VoIP-TR69 \
|
||||
lease-time=1d name=025-Gestao_TR69
|
||||
/ip smb users
|
||||
set [ find default=yes ] disabled=yes
|
||||
/port
|
||||
set 0 name=serial0
|
||||
/ppp profile
|
||||
add change-tcp-mss=yes local-address=10.0.24.35 name=L2VPN remote-address=\
|
||||
pool1 use-encryption=yes use-ipv6=no use-mpls=no
|
||||
/routing id
|
||||
add disabled=no id=10.0.24.34 name=OSPF select-dynamic-id=only-static
|
||||
/routing ospf instance
|
||||
add disabled=no name=ospf out-filter-chain=OSPF-OUT redistribute=\
|
||||
connected,static
|
||||
add disabled=no name=ospfv3 out-filter-chain=OSPFv3-OUT redistribute=\
|
||||
connected version=3
|
||||
/routing ospf area
|
||||
add disabled=no instance=ospf name=ospf-area-0
|
||||
add disabled=no instance=ospfv3 name=ospfv3-area-0
|
||||
/snmp community
|
||||
set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan
|
||||
/system logging action
|
||||
set 3 target=echo
|
||||
add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\
|
||||
10.0.24.35 target=remote
|
||||
/ip firewall connection tracking
|
||||
set enabled=yes tcp-established-timeout=12h udp-timeout=10s
|
||||
/ip neighbor discovery-settings
|
||||
set discover-interface-list=!dynamic
|
||||
/ip settings
|
||||
set max-neighbor-entries=8192
|
||||
/ipv6 settings
|
||||
set max-neighbor-entries=8192 soft-max-neighbor-entries=8191
|
||||
/interface l2tp-server server
|
||||
set allow-fast-path=yes default-profile=L2VPN enabled=yes max-mru=1500 \
|
||||
max-mtu=1500 use-ipsec=yes
|
||||
/interface list member
|
||||
add interface=2133-OSPF-B1 list=OSPFv3
|
||||
add interface=2233-OSPF-B2 list=OSPFv3
|
||||
add interface=0024-GERENCIA-L2 list=LAN
|
||||
add interface=0124-GERENCIA-L3 list=LAN
|
||||
add interface=0025-VoIP-TR69 list=LAN
|
||||
/interface ovpn-server server
|
||||
add auth=sha1,md5 mac-address=FE:4C:24:17:C5:80 name=ovpn-server1
|
||||
/ip address
|
||||
add address=10.0.24.35/24 comment="## MGNT L2" interface=0024-GERENCIA-L2 \
|
||||
network=10.0.24.0
|
||||
add address=10.1.21.34/30 comment="### OSPF -VS01" interface=2133-OSPF-B1 \
|
||||
network=10.1.21.32
|
||||
add address=10.1.22.34/30 comment="### OSPF -VS02" interface=2233-OSPF-B2 \
|
||||
network=10.1.22.32
|
||||
add address=45.228.244.9/29 comment="## POOL - TIP e IXC" interface=\
|
||||
0030-TIP-IXC network=45.228.244.8
|
||||
add address=10.25.0.35/18 comment="## GATEWAY VoIP E TR069" interface=\
|
||||
0025-VoIP-TR69 network=10.25.0.0
|
||||
add address=45.228.244.97/27 comment="### GTW 0041" interface=\
|
||||
0041-Servicos-IPv4 network=45.228.244.96
|
||||
add address=10.1.24.35/24 interface=0124-GERENCIA-L3 network=10.1.24.0
|
||||
add address=45.228.244.31 comment="### LOOPBACK" interface=lo network=\
|
||||
45.228.244.31
|
||||
add address=10.0.5.5/30 comment="### OSPF - SWCORE" interface=\
|
||||
1441-itx-sw-hw-03 network=10.0.5.4
|
||||
add address=45.228.244.30 comment="### LOOPBACK" interface=lo network=\
|
||||
45.228.244.30
|
||||
/ip dhcp-server network
|
||||
add address=10.25.0.0/18 dhcp-option=acs_ip gateway=10.25.0.35
|
||||
/ip dns
|
||||
set servers=45.228.244.121,45.228.246.122
|
||||
/ip firewall address-list
|
||||
add address=10.0.0.0/8 comment="REDE INTERNA" list=rede_local
|
||||
add address=10.25.0.0/18 comment="REDE VOZ" list=rede_local
|
||||
add address=198.18.0.1 list=POOL-GERENCIA
|
||||
add address=198.18.0.2 list=POOL-GERENCIA
|
||||
add address=198.18.0.3 list=POOL-GERENCIA
|
||||
add address=198.18.0.4 list=POOL-GERENCIA
|
||||
add address=100.64.0.0/10 comment=CGNAT list=rede_local
|
||||
add address=45.228.244.4 list=ACPT-INPUT
|
||||
add address=10.1.24.0/24 list=ACPT-INPUT
|
||||
add address=45.228.246.4 list=ACPT-INPUT
|
||||
add address=10.0.24.0/24 list=ACPT-INPUT
|
||||
add address=10.1.21.32/30 list=ACPT-INPUT
|
||||
add address=10.1.22.32/30 list=ACPT-INPUT
|
||||
add address=10.25.0.0/18 list=ACPT-INPUT
|
||||
add address=45.228.244.8/29 list=ACPT-INPUT
|
||||
add address=45.228.244.96/27 list=ACPT-INPUT
|
||||
add address=45.228.244.121 list=DNS-SERVERs
|
||||
add address=45.228.246.122 list=DNS-SERVERs
|
||||
add address=45.228.244.101 list=DNS-SERVERs
|
||||
add address=45.228.246.102 list=DNS-SERVERs
|
||||
add address=45.228.244.96/27 list=zabbix-agent
|
||||
add address=45.228.246.96/27 list=zabbix-agent
|
||||
add address=45.228.244.101 list=CWPs
|
||||
add address=45.228.246.102 list=CWPs
|
||||
add address=10.25.0.25 list=GeniACS
|
||||
add address=45.228.246.105 list=GeniACS
|
||||
add address=45.228.244.10 list=Zeus
|
||||
add address=45.228.244.12 list=Zeus
|
||||
add address=45.228.244.11 list=Zeus
|
||||
add address=45.228.244.8/29 list=SERVIDORES
|
||||
add address=45.228.244.4 disabled=yes list=CONFIAVEIS
|
||||
add address=10.1.24.0/24 list=CONFIAVEIS
|
||||
add address=45.228.246.4 disabled=yes list=CONFIAVEIS
|
||||
add address=10.0.24.0/24 list=CONFIAVEIS
|
||||
add address=10.25.0.0/18 list=CONFIAVEIS
|
||||
add address=45.228.244.8/29 disabled=yes list=CONFIAVEIS
|
||||
add address=45.228.244.96/27 disabled=yes list=CONFIAVEIS
|
||||
add address=45.228.244.8/29 list=0030-SERVIDORES
|
||||
add address=45.228.246.96/27 disabled=yes list=CONFIAVEIS
|
||||
add address=100.64.0.0/10 list=CONFIAVEIS
|
||||
add address=45.228.244.96/27 list=SERVIDORES
|
||||
add address=10.64.69.0/30 list=CONFIAVEIS
|
||||
add address=10.0.24.0/24 list=LOCAL-VPN-NAT
|
||||
add address=198.18.0.0/30 list=LOCAL-VPN-NAT
|
||||
add address=10.0.5.4/30 list=ACPT-INPUT
|
||||
add address=45.228.244.0/22 list=BLOCO-FIX
|
||||
add address=45.228.246.96/27 list=SERVIDORES
|
||||
add address=45.228.246.100 list=DNS-SERVERs
|
||||
add address=45.228.245.0/24 list=ACS-CPEs
|
||||
add address=45.228.247.0/24 list=ACS-CPEs
|
||||
add address=10.25.0.0/18 list=ACS-CPEs
|
||||
add address=45.228.244.0/22 list=CONFIAVEIS
|
||||
add address=10.0.13.0/24 list=CONFIAVEIS
|
||||
add address=45.228.244.30 list=SERVIDORES
|
||||
add address=100.64.0.0/10 list=ACPT-INPUT
|
||||
/ip firewall filter
|
||||
add action=fasttrack-connection chain=forward connection-state=\
|
||||
established,related hw-offload=yes
|
||||
add action=accept chain=forward connection-state=established,related
|
||||
add action=accept chain=forward comment="Permit - ICMP Protocol" protocol=\
|
||||
icmp
|
||||
add action=accept chain=input comment="Permit - ICMP" protocol=icmp
|
||||
add action=accept chain=input comment="Permit - OSPF Protocol" \
|
||||
in-interface-list=OSPFv3 protocol=ospf
|
||||
add action=accept chain=input comment="Permit - IPsec Ports" dst-port=\
|
||||
500,4500,1701 protocol=udp
|
||||
add action=accept chain=input comment="Permit - IPsec Protocol" protocol=\
|
||||
ipsec-esp
|
||||
add action=accept chain=forward comment="Permit - Upload Src" \
|
||||
src-address-list=CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - DNS" dst-address-list=\
|
||||
DNS-SERVERs dst-port=53 protocol=tcp src-address-list=CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - DNS" dst-address-list=\
|
||||
DNS-SERVERs dst-port=53 protocol=udp src-address-list=CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - NTPSec" dst-address-list=\
|
||||
DNS-SERVERs dst-port=123 log-prefix=ntp- protocol=udp src-address-list=\
|
||||
CONFIAVEIS
|
||||
add action=accept chain=forward comment="Permit - TCP HTTPs" \
|
||||
dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - UDP HTTPs" \
|
||||
dst-address-list=SERVIDORES dst-port=80,443 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - TCP ACS" dst-address-list=\
|
||||
GeniACS dst-port=7547 log-prefix=ACS- protocol=tcp src-address-list=\
|
||||
ACS-CPEs
|
||||
add action=accept chain=forward comment="Permit - UDP ACS" dst-address-list=\
|
||||
GeniACS dst-port=7547 protocol=udp src-address-list=ACS-CPEs
|
||||
add action=accept chain=forward comment="Permit -TCP Others" \
|
||||
dst-address-list=SERVIDORES dst-port=3000,3001 protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - UDP Others" \
|
||||
dst-address-list=SERVIDORES dst-port=3000,3001,3478,5514,8443,8080 \
|
||||
protocol=udp
|
||||
add action=accept chain=forward comment="Permit - UniFi NATed (TCP)" \
|
||||
dst-address=10.0.24.145 dst-port=80,6789,8080,8880,8843,27117 protocol=\
|
||||
tcp
|
||||
add action=accept chain=forward comment="Permit - UniFi NATed (UDP)" \
|
||||
dst-address=10.0.24.145 dst-port=123,3478,5514 protocol=udp
|
||||
add action=accept chain=forward comment="Permit - Servicos" dst-address-list=\
|
||||
SERVIDORES src-address-list=SERVIDORES
|
||||
add action=accept chain=forward comment="Permit - VLAN0030 All" \
|
||||
dst-address-list=0030-SERVIDORES
|
||||
add action=accept chain=input comment="Permit - Estab and Related" \
|
||||
connection-state=established,related
|
||||
add action=accept chain=input comment="Permit - L2TP Protocol" protocol=l2tp
|
||||
add action=accept chain=input comment="Permit - DHCP Protocol" dst-port=67-68 \
|
||||
in-interface=0025-VoIP-TR69 log-prefix=DHCP- protocol=udp
|
||||
add action=accept chain=input comment="Permit - Unifi (TCP)" dst-address=\
|
||||
45.228.244.30 dst-port=8443 protocol=tcp
|
||||
add action=accept chain=input comment="Permit - Winbox Service" dst-port=8292 \
|
||||
protocol=tcp src-address-list=ACPT-INPUT
|
||||
add action=accept chain=input comment="Permit - Unifi (TCP) - External" \
|
||||
dst-address=45.228.244.30 dst-port=80,6789,8080,8880,8843,27117 protocol=\
|
||||
tcp
|
||||
add action=accept chain=input comment="Permit - Unifi (UDP) - External" \
|
||||
dst-address=45.228.244.30 dst-port=123,3478,5514 protocol=udp
|
||||
add action=accept chain=input comment="Permit - Trusted" log-prefix=input- \
|
||||
src-address-list=ACPT-INPUT
|
||||
add action=accept chain=forward dst-address-list=CWPs
|
||||
add action=drop chain=forward log-prefix=Drop-Ford-all-
|
||||
add action=drop chain=input comment="DROP - GERAL" log-prefix=drop-input-
|
||||
/ip firewall nat
|
||||
add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\
|
||||
45.228.244.30 dst-port=80,443,6789,8080,8880,8843,8443 protocol=tcp \
|
||||
to-addresses=10.0.24.145
|
||||
add action=dst-nat chain=dstnat comment="UnifiControler - IN" dst-address=\
|
||||
45.228.244.30 dst-port=80,3478 protocol=udp to-addresses=10.0.24.145
|
||||
add action=src-nat chain=srcnat comment="UniFI - OUT" src-address=10.0.24.145 \
|
||||
to-addresses=45.228.244.30
|
||||
add action=src-nat chain=srcnat comment="Default NAT - VLAN 24" dst-address=\
|
||||
!10.0.0.0/8 protocol=!ospf src-address-list=LOCAL-VPN-NAT to-addresses=\
|
||||
45.228.244.31
|
||||
add action=src-nat chain=srcnat comment=\
|
||||
"#### NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" dst-address=\
|
||||
10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=10.0.24.35
|
||||
add action=src-nat chain=srcnat comment="## Regra UPDATE" disabled=yes \
|
||||
dst-address=!10.0.0.0/8 protocol=!ospf to-addresses=45.228.244.31
|
||||
/ip firewall service-port
|
||||
set ftp disabled=yes
|
||||
set tftp disabled=yes
|
||||
set h323 disabled=yes
|
||||
set sip disabled=yes
|
||||
set pptp disabled=yes
|
||||
/ip ipsec profile
|
||||
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
|
||||
/ip route
|
||||
add blackhole comment=Blackhole disabled=no distance=255 dst-address=\
|
||||
45.228.244.8/29 gateway="" pref-src="" routing-table=main scope=30 \
|
||||
suppress-hw-offload=no target-scope=10
|
||||
add blackhole comment=Blackhole disabled=no distance=255 dst-address=\
|
||||
45.228.244.16/28 gateway="" pref-src="" routing-table=main scope=30 \
|
||||
suppress-hw-offload=no target-scope=10
|
||||
add blackhole comment=Blackhole disabled=no distance=255 dst-address=\
|
||||
45.228.244.64/27 gateway="" pref-src="" routing-table=main scope=30 \
|
||||
suppress-hw-offload=no target-scope=10
|
||||
add blackhole comment=Blackhole disabled=no distance=255 dst-address=\
|
||||
45.228.244.96/27 gateway="" pref-src="" routing-table=main scope=30 \
|
||||
suppress-hw-offload=no target-scope=10
|
||||
add disabled=no dst-address=10.0.13.0/24 gateway=10.0.24.23 routing-table=\
|
||||
main suppress-hw-offload=no
|
||||
/ipv6 route
|
||||
add blackhole disabled=no distance=255 dst-address=2804:47e4:8002::/64 \
|
||||
gateway="" routing-table=main scope=30 suppress-hw-offload=no \
|
||||
target-scope=10
|
||||
add blackhole disabled=no distance=255 dst-address=2804:47e4:1::/64 gateway=\
|
||||
"" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
|
||||
/ip service
|
||||
set telnet address=10.0.0.0/8 disabled=yes port=2323
|
||||
set ftp disabled=yes
|
||||
set www address=2804:47e4:8c0::/48 disabled=yes port=8080
|
||||
set ssh disabled=yes port=9022
|
||||
set api address=10.0.0.0/8 disabled=yes
|
||||
set winbox address=\
|
||||
45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4:8c0::/48 port=8292
|
||||
set api-ssl disabled=yes
|
||||
/ip smb shares
|
||||
set [ find default=yes ] directory=/pub
|
||||
/ip ssh
|
||||
set ciphers=aes-gcm,aes-ctr,aes-cbc,3des-cbc,null forwarding-enabled=remote
|
||||
/ip traffic-flow
|
||||
set cache-entries=64k interfaces=2233-OSPF-B2
|
||||
/ip traffic-flow target
|
||||
add dst-address=10.0.24.128 port=9996 src-address=10.0.24.33 version=5
|
||||
/ip upnp
|
||||
set show-dummy-rule=no
|
||||
/ipv6 address
|
||||
add address=2804:47e4:0:1::12/126 advertise=no interface=2133-OSPF-B1
|
||||
add address=2804:47e4:8000:1::12/126 advertise=no interface=2233-OSPF-B2
|
||||
add address=2804:47e4:1::35 advertise=no comment=\
|
||||
"# # Desativar o Advertase e depois desativar ND | BUG com Firewall" \
|
||||
interface=0610-Servicos-IPv6
|
||||
add address=2804:47e4:0:1::25/126 advertise=no interface=0024-GERENCIA-L2
|
||||
/ipv6 firewall address-list
|
||||
add address=2804:47e4::/32 list=FIX-MeuBloco
|
||||
add address=2804:47e4:1::141/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:8002::142/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:1::125/128 list=ACL-hosepdage
|
||||
add address=2804:47e4:1::122/128 list=ACL-hosepdage
|
||||
add address=2804:47e4::/32 list=CONFIAVEIS
|
||||
add address=2804:47e4:8002::/64 list=SERVIDORES
|
||||
add address=2804:47e4:1::/64 list=SERVIDORES
|
||||
add address=2804:47e4:1::120/128 list=DNS-SERVER
|
||||
add address=2804:47e4:8002::124/128 list=DNS-SERVER
|
||||
add address=2804:47e4:0:1::12/128 list=INPUT-OSPFv3
|
||||
add address=2804:47e4:8000:1::12/128 list=INPUT-OSPFv3
|
||||
add address=2804:47e4:8002::230/128 list=DNS-SERVER
|
||||
add address=2804:47e4:8002::145/128 list=ACL-hosepdage
|
||||
/ipv6 firewall filter
|
||||
add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6
|
||||
add action=accept chain=forward comment="Permit - Established, related" \
|
||||
connection-state=established,related
|
||||
add action=accept chain=forward comment="Permit - DNS (udp)" \
|
||||
dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - DNS (tcp)" \
|
||||
dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - Upload" src-address-list=\
|
||||
FIX-MeuBloco
|
||||
add action=accept chain=forward comment="Permit - All (excecao)" \
|
||||
dst-address-list=ACL-hosepdage
|
||||
add action=accept chain=forward comment="Permit - Web (tcp)" \
|
||||
dst-address-list=SERVIDORES dst-port=443,3000,3001,6789,8080,8443,8880 \
|
||||
protocol=tcp
|
||||
add action=accept chain=forward comment="Permit - Servicos (all)" \
|
||||
dst-address-list=SERVIDORES src-address-list=SERVIDORES
|
||||
add action=accept chain=forward comment="Permit - Web (udp)" \
|
||||
dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \
|
||||
protocol=udp
|
||||
add action=accept chain=input comment=ICMPV6 protocol=icmpv6
|
||||
add action=accept chain=input comment="Permit - OSFPv3" in-interface-list=\
|
||||
OSPFv3 protocol=ospf
|
||||
add action=accept chain=input comment="Permit - Link Local" src-address=\
|
||||
fe80::/10
|
||||
add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \
|
||||
protocol=tcp src-address-list=FIX-MeuBloco
|
||||
add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\
|
||||
tcp src-address-list=FIX-MeuBloco
|
||||
add action=accept chain=input comment="Permit - input - estab, related" \
|
||||
connection-state=established,related
|
||||
add action=drop chain=forward comment="Drop - All" log-prefix=telic-
|
||||
add action=drop chain=input log-prefix=drop-input-
|
||||
/ipv6 nd
|
||||
set [ find default=yes ] advertise-dns=no disabled=yes \
|
||||
managed-address-configuration=yes ra-preference=high
|
||||
add advertise-dns=no interface=0610-Servicos-IPv6 \
|
||||
managed-address-configuration=yes ra-preference=high
|
||||
add advertise-dns=no interface=2233-OSPF-B2 managed-address-configuration=yes
|
||||
add advertise-dns=no interface=2133-OSPF-B1 managed-address-configuration=yes
|
||||
/ppp aaa
|
||||
set use-radius=yes
|
||||
/ppp secret
|
||||
add name=andrefix profile=L2VPN service=l2tp
|
||||
add name=danielfix profile=L2VPN service=l2tp
|
||||
/radius
|
||||
add address=10.1.24.138 service=login src-address=10.1.24.35
|
||||
/radius incoming
|
||||
set accept=yes
|
||||
/routing bfd configuration
|
||||
add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5
|
||||
/routing filter rule
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.244.8/29 && dst-len > 29) {reject} else {accept}"
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.244.16/28 && dst-len > 28) {reject} else {accept}"
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 45.228.244.96/27 && dst-len > 27) {reject} else {accept}"
|
||||
add chain=OSPF-OUT disabled=no rule=\
|
||||
"if (dst in 10.25.0.0/18 && dst-len > 18) {reject} else {accept}"
|
||||
add chain=OSPFv3-OUT disabled=no rule=\
|
||||
"if (dst in 2804:47e4:1::/64 && dst-len > 64) {reject} else {accept}"
|
||||
/routing ospf area range
|
||||
add area=ospf-area-0 disabled=no prefix=10.25.0.0/18
|
||||
add area=ospf-area-0 disabled=no prefix=45.228.244.96/27
|
||||
add area=ospf-area-0 disabled=no prefix=45.228.244.16/28
|
||||
add area=ospf-area-0 disabled=no prefix=45.228.244.8/29
|
||||
/routing ospf interface-template
|
||||
add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=20 disabled=no \
|
||||
interfaces=2133-OSPF-B1 networks=10.1.21.32/30 priority=1 type=ptp
|
||||
add area=ospf-area-0 auth=md5 auth-id=1 auth-key=123456 cost=100 disabled=no \
|
||||
interfaces=2233-OSPF-B2 networks=10.1.22.32/30 priority=1 type=ptp
|
||||
add area=ospfv3-area-0 cost=20 disabled=no interfaces=2133-OSPF-B1 priority=1 \
|
||||
type=ptp
|
||||
add area=ospfv3-area-0 cost=100 disabled=no interfaces=2233-OSPF-B2 priority=\
|
||||
1 type=ptp
|
||||
add area=ospf-area-0 disabled=no interfaces=all passive
|
||||
add area=ospfv3-area-0 disabled=no interfaces=all passive
|
||||
/snmp
|
||||
set contact="FIX FIBRA" enabled=yes location=\
|
||||
"\"R. Presidente Prudente, 496,Diadema,SP,BR\"" trap-version=2
|
||||
/system clock
|
||||
set time-zone-name=America/Sao_Paulo
|
||||
/system identity
|
||||
set name=NAT01-CCR2004
|
||||
/system logging
|
||||
set 0 topics=info,!dhcp
|
||||
add action=echo disabled=yes prefix=test_ topics=\
|
||||
debug,dhcp,!radvd,!dhcp,!ospf
|
||||
add action=echo disabled=yes prefix=Firewall topics=debug,!radvd,!snmp
|
||||
add action=Gray prefix=CRI topics=critical
|
||||
add action=Gray prefix=BK topics=backup
|
||||
add action=Gray prefix=INFO topics=info
|
||||
add action=Gray prefix=WARM topics=warning
|
||||
/system note
|
||||
set show-at-login=no
|
||||
/system ntp client
|
||||
set enabled=yes
|
||||
/system ntp client servers
|
||||
add address=10.0.24.124
|
||||
add address=200.20.186.76
|
||||
/system resource irq rps
|
||||
set sfp-sfpplus1 disabled=no
|
||||
/system routerboard settings
|
||||
set enter-setup-on=delete-key
|
||||
/system scheduler
|
||||
add name=atualizacao on-event="/system reboot" policy=reboot start-date=\
|
||||
2025-03-18 start-time=05:30:50
|
||||
add interval=2d name=backup-ftp on-event=backup-ftp policy=\
|
||||
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
|
||||
start-date=2025-12-03 start-time=01:00:00
|
||||
/system script
|
||||
add dont-require-permissions=yes name=backup-ftp owner=otaviofix policy=\
|
||||
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
|
||||
log warning \"***************************************\"\
|
||||
\n# Conexao SFTP\
|
||||
\n:global host 2804:47e4:1::137\
|
||||
\n:global usuario backups\
|
||||
\n:global senha backups@fixfibra2@\
|
||||
\n:global diretorio /SFTP/backups/mikrotik/router/NAT01\
|
||||
\n# Pega o nome do Router\
|
||||
\n:global identifica [/system identity get name]\
|
||||
\n# Gera data no formato AAAA-MM-DD\
|
||||
\n:global data [/system clock get date]\
|
||||
\n:global ano [:pick \$data 0 4]\
|
||||
\n:global mes [:pick \$data 5 7]\
|
||||
\n:global dia [:pick \$data 8 10]\
|
||||
\n\
|
||||
\n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\
|
||||
\n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\
|
||||
\n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\
|
||||
\n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\
|
||||
\n:log info \"Processando...\";\
|
||||
\n:delay 5s\
|
||||
\n\
|
||||
\n:log info \"Conectando SFTP Server...\";\
|
||||
\n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\
|
||||
\";\
|
||||
\n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\
|
||||
kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\
|
||||
tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\
|
||||
\n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\
|
||||
\n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\
|
||||
\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \
|
||||
dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\
|
||||
\n:delay 1\
|
||||
\n\
|
||||
\n:log info \"Backup enviado com sucesso...\";\
|
||||
\n:log info \"Removendo arquivos...\";\
|
||||
\n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\
|
||||
\n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\
|
||||
\n:log info \"Rotina de backup finalizada...\";\
|
||||
\n:log warning \"***************************************\";"
|
||||
/tool bandwidth-server
|
||||
set enabled=no
|
||||
/tool e-mail
|
||||
set from=noc.fix@fixfibra.com. port=587 server=smtp.gmail.com user=\
|
||||
noc.fix@fixfibra.com.b
|
||||
/tool mac-server
|
||||
set allowed-interface-list=none
|
||||
/tool mac-server mac-winbox
|
||||
set allowed-interface-list=static
|
||||
/tool mac-server ping
|
||||
set enabled=no
|
||||
/tool romon
|
||||
set enabled=yes
|
||||
/user aaa
|
||||
set use-radius=yes
|
||||
Reference in New Issue
Block a user