[siniy1388_1@budka_troll_24_2] > export compact
# nov/12/2019 12:38:28 by RouterOS 6.43
#
# model = 750GL
/interface bridge
add fast-forward=no mtu=1500 name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether5 ] auto-negotiation=no speed=100Mbps
/interface vlan
add interface=ether1 name=vlan101 vlan-id=101
add interface=ether1 name=vlan104 vlan-id=104
add interface=ether1 name=vlan105 vlan-id=105
/interface ethernet switch port
set 0 default-vlan-id=0 vlan-mode=fallback
set 1 default-vlan-id=0 vlan-mode=fallback
set 2 default-vlan-id=0 vlan-mode=fallback
set 3 default-vlan-id=0 vlan-mode=fallback
set 5 default-vlan-id=0 vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ppp profile
add change-tcp-mss=yes local-address=10.2.0.1 name=Tariff_1/0.5 only-one=yes rate-limit=512k/1024k use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes local-address=10.2.0.1 name=Traff_2/1 only-one=yes rate-limit=1M/2M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes local-address=10.2.0.1 name=Tarif_5/3 only-one=yes rate-limit=3M/5M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes comment="Tarif_100/100 admin" local-address=10.2.0.1 name=Tarif_100/100 only-one=yes rate-limit=15M/15M use-compression=no \
use-encryption=no use-mpls=no
add change-tcp-mss=yes local-address=10.2.0.1 name=Traff_3/2 only-one=yes rate-limit=2M/3M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes comment=Tarif_5/5 local-address=10.2.0.1 name=Tarif_5/5 only-one=yes rate-limit=6M/6M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes comment=Tarif_10. local-address=10.2.0.1 name=Tarif_10./10 only-one=yes rate-limit=10M/10M use-compression=no use-encryption=no \
use-mpls=no
add change-tcp-mss=yes local-address=10.2.0.1 name=Tarif_6/3 only-one=yes rate-limit=3M/6M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes local-address=10.2.0.1 name=Traff_0 only-one=yes rate-limit=0M/0M use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=yes comment=Tarif_15 local-address=10.2.0.1 name=Tarif_15./15 only-one=yes rate-limit=15M/15M use-compression=no use-encryption=no \
use-mpls=no
add change-tcp-mss=yes comment=Tarif_20 local-address=10.2.0.1 name=Tarif_20./20 only-one=yes rate-limit=20M/20M use-compression=no use-encryption=no \
use-mpls=no
/queue type
set 0 pfifo-limit=500
set 1 pfifo-limit=500
set 9 pfifo-limit=500
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=10000
/interface bridge port
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether5
/interface pppoe-server server
add default-profile=Tariff_1/0.5 disabled=no interface=bridge1 keepalive-timeout=30 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=service1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
add address=xxx.xxx.222.138/29 interface=ether1 network=xxx.xxx.222.136
add address=192.168.2.1/24 disabled=yes network=192.168.2.0
add address=xxx.xxx.217.130 disabled=yes interface=ether1 network=xxx.xxx.217.130
add address=xxx.xxx.217.1 interface=vlan101 network=xxx.xxx.217.130
add address=xxx.xxx.217.1 interface=vlan104 network=xxx.xxx.217.131
add address=xxx.xxx.217.1 interface=vlan105 network=xxx.xxx.217.132
/ip dhcp-client
add default-route-distance=2 dhcp-options=hostname,clientid interface=ether1
/ip dns
set servers=83.149.24.244,83.149.24.243
/ip firewall filter
add action=drop chain=input dst-port=445 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=445 in-interface=ether1 protocol=udp
add action=drop chain=input comment=Dudiki src-address-list=Dudiki
add action=add-src-to-address-list address-list="" address-list-timeout=none-dynamic chain=input disabled=yes protocol=tcp
add action=drop chain=forward comment=spammer1 dst-port=25 protocol=tcp src-address-list=spammer
add action=add-dst-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment=spaamer2 connection-limit=30,32 disabled=yes dst-port=\
25 limit=50,5:packet protocol=tcp src-address-list=!spammer
add action=accept chain=forward comment="Access Internet From VLAN" disabled=yes src-address=xxx.xxx.217.0/24
/ip firewall nat
add action=accept chain=srcnat src-address=xxx.xxx.222.139
add action=accept chain=srcnat src-address=xxx.xxx.222.141
add action=accept chain=srcnat src-address=xxx.xxx.222.140
add action=accept chain=srcnat src-address=xxx.xxx.222.142
add action=accept chain=srcnat disabled=yes src-address=xxx.xxx.217.131
add action=accept chain=srcnat disabled=yes src-address=xxx.xxx.217.132
add action=accept chain=srcnat disabled=yes src-address=xxx.xxx.217.130
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat comment="Off Trooleyb 1.108" dst-port=8108 protocol=tcp to-addresses=192.168.1.108 to-ports=443
add action=dst-nat chain=dstnat comment="Off Trooleyb 1.109" dst-port=8109 protocol=tcp to-addresses=192.168.1.109 to-ports=443
add action=netmap chain=dstnat comment="AMD Vertikal" dst-port=3389 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3389
add action=netmap chain=dstnat comment="AMD BUH" dst-port=3390 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3390
add action=netmap chain=dstnat comment="AMD pallet" dst-port=3391 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3491
add action=netmap chain=dstnat comment=Metall dst-port=3392 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3392
add action=netmap chain=dstnat comment=14 dst-port=3397 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3397
add action=netmap chain=dstnat comment="my 7 043" dst-port=3398 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3398
add action=netmap chain=dstnat comment=temp1 dst-port=3396 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3396
add action=netmap chain=dstnat comment=09 dst-port=3393 in-interface=ether1 protocol=tcp to-addresses=192.168.1.42 to-ports=3393
add action=src-nat chain=srcnat comment="AP Troll-Off" dst-address=192.168.1.108 dst-port=443 protocol=tcp to-addresses=192.168.1.2
add action=src-nat chain=srcnat comment="AP Troll-Off 109" dst-address=192.168.1.109 dst-port=443 protocol=tcp to-addresses=192.168.1.2
add action=src-nat chain=srcnat comment="Router Buxx" dst-address=10.2.0.3 dst-port=80 protocol=tcp to-addresses=192.168.1.2
/ip proxy
set cache-path=web-proxy1 enabled=yes
/ip proxy access
add action=deny redirect-to="ui-company.ru/index.php\?option=com_content&view=article&id=89&catid=10"
/ip route
add disabled=yes distance=2 gateway=xxx.xxx.217.129 routing-mark=conn_29
add distance=1 gateway=xxx.xxx.222.137
set enabled=yes primary-ntp=79.165.63.245 secondary-ntp=91.206.16.3
/system routerboard settings
set silent-boot=no
отключен-удален