Created
August 29, 2016 19:12
-
-
Save mbelletti/4778a7ec5059673f640e5f93915dc8d8 to your computer and use it in GitHub Desktop.
Troubleshooting mikrotik
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # jun/12/2016 10:08:13 by RouterOS 6.35.2 | |
| # software id = NS6T-J47L | |
| # | |
| /interface bridge | |
| add name=bridge-guests | |
| add name=bridge-media | |
| add name=bridge-phones | |
| add name=bridge-storage | |
| add name=bridge-users | |
| add name=bridge-vms | |
| /interface ethernet | |
| set [ find default-name=ether1 ] name=ATT | |
| set [ find default-name=ether6 ] name=XFinity | |
| set [ find default-name=ether2 ] name=ether2-master | |
| set [ find default-name=ether3 ] master-port=ether2-master | |
| set [ find default-name=ether4 ] master-port=ether2-master | |
| set [ find default-name=ether7 ] name=ether7-master | |
| set [ find default-name=ether8 ] master-port=ether7-master | |
| set [ find default-name=ether9 ] master-port=ether7-master | |
| /interface vlan | |
| add interface=bridge-guests name=vlan-guests vlan-id=1 | |
| add interface=bridge-media name=vlan-media vlan-id=20 | |
| add interface=bridge-phones name=vlan-phones vlan-id=3 | |
| add interface=bridge-storage name=vlan-storage vlan-id=18 | |
| add interface=bridge-users name=vlan-users vlan-id=10 | |
| add interface=bridge-vms name=vlan-vms vlan-id=19 | |
| /ip pool | |
| add name=pool-guests ranges=192.168.0.2-192.168.0.6 | |
| add name=pool-phones ranges=192.168.50.50-192.168.50.62 | |
| add name=pool-users ranges=192.168.10.2-192.168.10.62 | |
| add name=pool-storage ranges=172.31.60.2-172.31.60.6 | |
| add name=pool-vms ranges=172.19.16.2-172.19.19.254 | |
| add name=pool-media ranges=192.168.20.2-192.168.20.30 | |
| /ip dhcp-server | |
| add address-pool=pool-guests disabled=no interface=bridge-guests name=dhcp-guests | |
| add address-pool=pool-phones disabled=no interface=bridge-phones name=dhcp-phones | |
| add address-pool=pool-users disabled=no interface=bridge-users name=dhcp-users | |
| add address-pool=pool-storage disabled=no interface=bridge-storage name=dhcp-storage | |
| add address-pool=pool-vms disabled=no interface=bridge-vms name=dhcp-vms | |
| add address-pool=pool-media disabled=no interface=bridge-media name=dhcp-media | |
| /interface bridge port | |
| add bridge=bridge-users interface=ether5 | |
| add bridge=bridge-phones interface=ether10 | |
| /ip address | |
| add address=192.168.0.1/29 interface=bridge-guests network=192.168.0.0 | |
| add address=192.168.50.49/28 interface=bridge-phones network=192.168.50.48 | |
| add address=192.168.10.1/26 interface=bridge-users network=192.168.10.0 | |
| add address=172.31.60.1/29 interface=bridge-storage network=172.31.60.0 | |
| add address=172.19.16.1/22 interface=bridge-vms network=172.19.16.0 | |
| add address=192.168.20.1/27 interface=bridge-media network=192.168.20.0 | |
| /ip dhcp-client | |
| add dhcp-options=hostname,clientid disabled=no interface=ATT | |
| add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=XFinity | |
| /ip dhcp-server network | |
| add address=172.19.16.0/22 dns-server=208.67.220.220,208.67.222.222 domain=.ctu-vmnet.local gateway=172.19.16.1 | |
| add address=172.31.60.0/29 dns-server=208.67.220.220,208.67.222.222 domain=.local gateway=172.31.60.1 | |
| add address=192.168.0.0/29 dns-server=208.67.220.220,208.67.222.222 domain=.com gateway=192.168.0.1 | |
| add address=192.168.10.0/26 dns-server=208.67.220.220,208.67.222.222 domain=.ctu.ddns.net gateway=192.168.10.1 | |
| add address=192.168.20.0/27 dns-server=208.67.220.220,208.67.222.222 domain=.local gateway=192.168.20.1 | |
| add address=192.168.50.48/28 dns-server=208.67.220.220,208.67.222.222 domain=.com gateway=192.168.50.49 | |
| /ip firewall filter | |
| add action=drop chain=input dst-address=192.168.50.48/28 src-address=192.168.0.0/29 | |
| add action=drop chain=input dst-address=192.168.10.0/26 src-address=192.168.0.0/29 | |
| add action=drop chain=input dst-address=172.31.60.0/29 src-address=192.168.0.0/29 | |
| add action=drop chain=input dst-address=172.19.16.0/22 src-address=192.168.0.0/29 | |
| add action=drop chain=input dst-address=192.168.20.0/27 src-address=192.168.0.0/29 | |
| add action=drop chain=input dst-address=192.168.0.0/29 src-address=192.168.50.48/28 | |
| add action=drop chain=input dst-address=192.168.10.0/26 src-address=192.168.50.48/28 | |
| add action=drop chain=input dst-address=172.31.60.0/29 src-address=192.168.50.48/28 | |
| add action=drop chain=input dst-address=172.19.16.0/22 src-address=192.168.50.48/28 | |
| add action=drop chain=input dst-address=192.168.20.0/27 src-address=192.168.50.48/28 | |
| add action=drop chain=input dst-address=192.168.0.0/29 src-address=192.168.10.0/26 | |
| add action=drop chain=input dst-address=192.168.50.48/28 src-address=192.168.10.0/26 | |
| add action=drop chain=input dst-address=192.168.0.0/29 src-address=172.31.60.0/29 | |
| add action=drop chain=input dst-address=192.168.50.48/28 src-address=172.31.60.0/29 | |
| add action=drop chain=input dst-address=192.168.0.0/29 src-address=172.19.16.0/22 | |
| add action=drop chain=input dst-address=192.168.50.48/28 src-address=172.19.16.0/22 | |
| add action=drop chain=input dst-address=172.19.16.0/22 src-address=172.19.16.0/22 | |
| add action=drop chain=input dst-address=192.168.0.0/29 src-address=192.168.20.0/27 | |
| add action=drop chain=input dst-address=192.168.50.48/28 src-address=192.168.20.0/27 | |
| add action=drop chain=input dst-address=192.168.20.0/27 src-address=192.168.20.0/27 | |
| add chain=input protocol=icmp | |
| add chain=input connection-state=established,related | |
| add action=drop chain=input in-interface=ATT | |
| add action=drop chain=input in-interface=XFinity | |
| add action=fasttrack-connection chain=forward connection-state=established,related | |
| add chain=forward connection-state=established,related | |
| add action=drop chain=forward connection-state=invalid | |
| add action=drop chain=forward comment="drop all from ATT not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ATT | |
| /ip firewall mangle | |
| add chain=prerouting dst-address=104.53.220.0/22 in-interface=bridge-users | |
| add chain=prerouting dst-address=104.53.220.0/22 in-interface=bridge-storage | |
| add chain=prerouting dst-address=104.53.220.0/22 in-interface=bridge-vms | |
| add chain=prerouting dst-address=104.53.220.0/22 in-interface=bridge-media | |
| add chain=prerouting dst-address=24.6.112.0/20 in-interface=bridge-guests | |
| add chain=prerouting dst-address=24.6.112.0/20 in-interface=bridge-phones | |
| add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ATT new-connection-mark=mark-ATT | |
| add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=XFinity new-connection-mark=mark-XFinity | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-users new-connection-mark=mark-ATT per-connection-classifier=both-addresses:2/0 | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-storage new-connection-mark=mark-ATT per-connection-classifier=both-addresses:2/0 | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-vms new-connection-mark=mark-ATT per-connection-classifier=both-addresses:2/0 | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-media new-connection-mark=mark-ATT per-connection-classifier=both-addresses:2/0 | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-guests new-connection-mark=mark-XFinity per-connection-classifier=both-addresses:2/0 | |
| add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-phones new-connection-mark=mark-XFinity per-connection-classifier=both-addresses:2/0 | |
| add action=mark-routing chain=prerouting connection-mark=mark-ATT in-interface=bridge-users new-routing-mark=to-ATT | |
| add action=mark-routing chain=prerouting connection-mark=mark-ATT in-interface=bridge-storage new-routing-mark=to-ATT | |
| add action=mark-routing chain=prerouting connection-mark=mark-ATT in-interface=bridge-vms new-routing-mark=to-ATT | |
| add action=mark-routing chain=prerouting connection-mark=mark-ATT in-interface=bridge-media new-routing-mark=to-ATT | |
| add action=mark-routing chain=prerouting connection-mark=mark-XFinity in-interface=bridge-guests new-routing-mark=to-XFinity | |
| add action=mark-routing chain=prerouting connection-mark=mark-XFinity in-interface=bridge-phones new-routing-mark=to-XFinity | |
| add action=mark-routing chain=output connection-mark=mark-ATT new-routing-mark=to-ATT | |
| add action=mark-routing chain=output connection-mark=mark-XFinity new-routing-mark=to-XFinity | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat out-interface=XFinity src-address=192.168.0.0/29 | |
| add action=masquerade chain=srcnat out-interface=XFinity src-address=192.168.50.48/28 | |
| add action=masquerade chain=srcnat out-interface=ATT src-address=192.168.10.0/26 | |
| add action=masquerade chain=srcnat out-interface=ATT src-address=172.31.60.0/29 | |
| add action=masquerade chain=srcnat out-interface=ATT src-address=172.19.16.0/22 | |
| add action=masquerade chain=srcnat out-interface=ATT src-address=192.168.20.0/27 | |
| /ip route | |
| add check-gateway=ping distance=1 gateway=ATT routing-mark=to-ATT | |
| add check-gateway=ping distance=1 gateway=XFinity routing-mark=to-XFinity | |
| /system clock | |
| set time-zone-name=America/Los_Angeles | |
| /system routerboard settings | |
| set protected-routerboot=disabled |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment