-
Notifications
You must be signed in to change notification settings - Fork 2
/
router.conf
178 lines (178 loc) · 8.04 KB
/
router.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# jan/04/1970 03:57:53 by RouterOS 6.10
# software id = ZF9G-CUQV
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=10.1.1.1-10.1.1.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=ether2-master-local name=default
/port
set 0 name=serial0
/queue type
add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=1500k
add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=256k pcq-rate=1M
/queue tree
add max-limit=128k name=p2p packet-mark=p2p parent=global queue=default
add name=http packet-mark=http parent=global priority=2 queue=pcq_down
add limit-at=256 max-limit=1M name=other packet-mark=other parent=global priority=4 \
queue=default
add name=misc packet-mark=misc parent=global priority=1 queue=default
add name=upload packet-mark=http parent=ether1-gateway queue=pcq_up
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=10.1.0.1/22 comment="default configuration" interface=ether2-master-local \
network=10.1.0.0
add address=184.23.16.13/24 interface=ether1-gateway network=184.23.16.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway use-peer-dns=no
/ip dhcp-server network
add address=10.1.0.0/22 comment="default configuration" dns-server=10.1.0.1 gateway=\
10.1.0.1 wins-server=10.1.0.4
/ip dns
set allow-remote-requests=yes cache-size=10240KiB servers=208.67.222.222,208.67.220.220
/ip dns static
add address=10.1.0.1 name=router
add address=10.1.0.1 name=router.kingman
add address=10.1.0.1 name=router.kingmanhall.org
add address=10.1.0.2 name=switch_netcloset_hp
add address=10.1.0.2 name=switch_netcloset_hp.kingman
add address=10.1.0.2 name=switch_netcloset_hp.kingmanhall.org
add address=10.1.0.3 name=switch_study_hp
add address=10.1.0.3 name=switch_study_hp.kingman
add address=10.1.0.3 name=switch_study_hp.kingmanhall.org
add address=10.1.0.4 name=kingmanhall.org
add address=10.1.0.4 name=www.kingmanhall.org
add address=10.1.0.4 name=mobius
add address=10.1.0.4 name=mobius.kingman
add address=10.1.0.4 name=mobius.kingmanhall.org
add address=10.1.0.6 name=switch_netcloset_1
add address=10.1.0.6 name=switch_netcloset_1.kingman
add address=10.1.0.6 name=switch_netcloset_1.kingmanhall.org
add address=10.1.0.7 name=switch_netcloset_2
add address=10.1.0.7 name=switch_netcloset_2.kingman
add address=10.1.0.7 name=switch_netcloset_2.kingmanhall.org
add address=10.1.0.10 name=bigbrother
add address=10.1.0.10 name=bigbrother.kingman
add address=10.1.0.10 name=bigbrother.kingmanhall.org
add address=10.1.0.11 name=wap_1d
add address=10.1.0.11 name=wap_1d.kingman
add address=10.1.0.11 name=wap_1d.kingmanhall.org
add address=10.1.0.12 name=wap_netcloset
add address=10.1.0.12 name=wap_netcloset.kingman
add address=10.1.0.12 name=wap_netcloset.kingmanhall.org
add address=10.1.0.13 name=wap_2l
add address=10.1.0.13 name=wap_2l.kingman
add address=10.1.0.13 name=wap_2l.kingmanhall.org
add address=10.1.0.14 name=wap_study
add address=10.1.0.14 name=wap_study.kingman
add address=10.1.0.14 name=wap_study.kingmanhall.org
add address=10.1.0.15 name=wap_dining
add address=10.1.0.15 name=wap_dining.kingman
add address=10.1.0.15 name=wap_dining.kingmanhall.org
add address=10.1.0.16 name=wap_3g
add address=10.1.0.16 name=wap_3g.kingman
add address=10.1.0.16 name=wap_3g.kingmanhall.org
add address=10.1.0.20 name=bender
add address=10.1.0.20 name=bender.kingman
add address=10.1.0.20 name=bender.kingmanhall.org
add address=10.1.0.21 name=elzar
add address=10.1.0.21 name=elzar.kingman
add address=10.1.0.21 name=elzar.kingmanhall.org
add address=10.1.0.22 name=zoidberg
add address=10.1.0.22 name=zoidberg.kingman
add address=10.1.0.22 name=zoidberg.kingmanhall.org
add address=10.1.0.23 name=hermes
add address=10.1.0.23 name=hermes.kingman
add address=10.1.0.23 name=hermes.kingmanhall.org
add address=10.1.0.24 name=hypnotoad
add address=10.1.0.24 name=hypnotoad.kingman
add address=10.1.0.24 name=hypnotoad.kingmanhall.org
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=p2p_conn p2p=all-p2p
add action=mark-packet chain=prerouting connection-mark=p2p_conn new-packet-mark=p2p \
passthrough=no
add action=mark-connection chain=prerouting dst-port=80,443 new-connection-mark=http_conn \
protocol=tcp
add action=mark-connection chain=prerouting dst-port=123 new-connection-mark=http_conn \
protocol=udp
add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=http_conn \
protocol=tcp
add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=http_conn \
protocol=udp
add action=mark-connection chain=prerouting new-connection-mark=http_conn protocol=icmp
add action=mark-packet chain=prerouting connection-mark=http_conn new-packet-mark=http \
passthrough=no
add action=mark-connection chain=prerouting dst-port=20,21,22,25,69,143,194,220,445,587 \
new-connection-mark=misc_conn protocol=tcp
add action=mark-connection chain=prerouting dst-port=20,22,69,194,220 \
new-connection-mark=misc_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=misc_conn new-packet-mark=misc \
passthrough=no
add action=mark-connection chain=prerouting new-connection-mark=other_conn
add action=mark-packet chain=prerouting connection-mark=other_conn new-packet-mark=other \
passthrough=no
/ip firewall nat
add chain=srcnat dst-address=192.168.0.0/16 src-address=10.1.0.0/22 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-address=184.23.16.13 dst-port=80 protocol=tcp \
to-addresses=10.1.0.4 to-ports=80
add action=dst-nat chain=dstnat dst-address=184.23.16.13 dst-port=443 protocol=tcp \
to-addresses=10.1.0.4 to-ports=443
add action=dst-nat chain=dstnat dst-address=184.23.16.13 dst-port=2222 protocol=tcp \
to-addresses=10.1.0.4 to-ports=2222
add action=masquerade chain=srcnat dst-address=10.1.0.4 dst-port=80 out-interface=\
ether2-master-local protocol=tcp src-address=10.1.0.0/22 to-addresses=0.0.0.0 \
to-ports=80
add action=masquerade chain=srcnat dst-address=10.1.0.4 dst-port=443 out-interface=\
ether2-master-local protocol=tcp src-address=10.1.0.0/22 to-addresses=0.0.0.0 \
to-ports=443
add action=masquerade chain=srcnat dst-address=10.1.0.4 dst-port=2222 out-interface=\
ether2-master-local protocol=tcp src-address=10.1.0.0/22 to-addresses=0.0.0.0 \
to-ports=2222
/ip route
add distance=1 gateway=184.23.16.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl disabled=no
set api disabled=yes
/ip traffic-flow
set interfaces=ether1-gateway
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether2-master-local type=internal
add interface=ether1-gateway type=external
/system clock
set time-zone-name=America/Los_Angeles
/system ntp client
set enabled=yes primary-ntp=67.23.181.241 secondary-ntp=69.167.160.102
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local