Code: Select all
# sep/05/2021 14:56:04 by RouterOS 6.48.4
/interface ethernet
set [ find default-name=ether1 ] comment="Nayatel WAN" l2mtu=1596 \
mac-address=48:8F:5A:A3:EA:2F
set [ find default-name=ether2 ] comment=LAN l2mtu=1596 mac-address=\
48:8F:5A:A3:EA:30
set [ find default-name=ether3 ] comment="Nayatel CIR" l2mtu=1596 \
mac-address=48:8F:5A:A3:EA:31
set [ find default-name=ether4 ] l2mtu=1596 mac-address=48:8F:5A:A3:EA:32
set [ find default-name=ether5 ] l2mtu=1596 mac-address=48:8F:5A:A3:EA:33
set [ find default-name=ether6 ] comment="NEXLINK DATA LINK HO"
set [ find default-name=ether7 ] comment="NEXLINK DATA LINK FIEDMIC"
set [ find default-name=ether8 ] comment="Wireless Air Fiber"
set [ find default-name=ether10 ] comment="FIEDMIC TOWER"
/interface vlan
add interface=ether8 name="GATWALA Data Link" vlan-id=90
add interface=ether6 name="Headoffice to Server Room Nexlink" vlan-id=50
add interface=ether8 name="OILMILL Data Link" vlan-id=80
add interface=ether7 name="SERVER ROOM TO FIEDMIC" vlan-id=40
add interface=ether8 name="SERVER ROOM TO HO" vlan-id=30
/interface ethernet switch port
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
set 12 default-vlan-id=0
set 14 default-vlan-id=0
set 15 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
add name=test
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/system logging action
set 1 disk-file-name=flash/log
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=WAN
/ip address
add address=103.55.X.X comment="NAYATEL CIR" interface=ether3 network=\
103.55.X.X
add address=203.X.X.X comment="SERVER ROOM PC" interface=ether3 \
network=203.X.X.X
add address=203.X.X.X interface=ether3 network=203.99.X.X
add address=203.X.X.X interface=ether3 network=203.99.X.X
add address=192.169.10.10/30 comment="FIEDMIC WIRELESS LINK" interface=\
ether10 network=192.169.10.8
add address=192.169.10.13/30 comment="WIRELESS LINK HEADOFFICE" interface=\
"SERVER ROOM TO HO" network=192.169.10.12
add address=203.X.X.X/29 comment="MIKROTIK ACCESS" interface=ether3 \
network=203.X.X.X
add address=172.13.1.1/16 comment="SERVER ROOM LAN" interface=ether2 network=\
172.13.0.0
add address=192.167.10.10/30 comment="data link nexlink to fiedmic" \
interface="SERVER ROOM TO FIEDMIC" network=192.167.10.8
add address=192.166.10.13/30 comment="Gatwala Data Link" interface=\
"GATWALA Data Link" network=192.166.10.12
add address=192.161.10.13/30 comment="Oil Mill Data Link" interface=\
"OILMILL Data Link" network=192.161.10.12
add address=192.167.10.13/30 comment="DATA LINK NEXLINK TO HO" interface=\
"Headoffice to Server Room Nexlink" network=192.167.10.12
add address=172.30.1.10/30 interface=ether1 network=172.30.1.8
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.13.22.11 list="Shared Users"
add address=172.13.3.1 list="Shared Users"
add address=172.13.3.4 list=CIR-Users
add address=172.13.3.2 list=CIR-Users
add address=172.13.3.5 list=CIR-Users
add address=172.13.4.1 list=CIR-Users
add address=172.13.4.2 list="Shared Users"
add address=172.13.2.4 list="Shared Users"
add address=172.13.2.1 list="Shared Users"
add address=172.13.2.2 list="Shared Users"
add address=172.13.2.3 list="Shared Users"
add address=172.13.2.5 list="Shared Users"
/ip firewall filter
add action=accept chain=input dst-port=8219 in-interface=ether3 protocol=tcp
add action=accept chain=input dst-port=81 in-interface=ether3 port="" \
protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting dst-address=172.12.0.0/16
add action=accept chain=prerouting dst-address=172.13.0.0/16
add action=accept chain=prerouting dst-address=172.14.0.0/16
add action=accept chain=prerouting dst-address=172.15.0.0/16
add action=accept chain=prerouting dst-address=172.16.0.0/16
add action=mark-connection chain=input in-interface=ether1 \
new-connection-mark=Shared-Nayatel passthrough=yes
add action=mark-connection chain=input in-interface=ether3 \
new-connection-mark=CIR-Nayatel passthrough=yes
add action=mark-routing chain=prerouting connection-mark=CIR-Nayatel \
in-interface=ether2 new-routing-mark=TO_CIR-Nayatel passthrough=yes \
src-address-list=CIR-Users
add action=mark-routing chain=prerouting connection-mark=Shared-Nayatel \
in-interface=ether2 new-routing-mark=TO_Shared-Nayatel passthrough=yes \
src-address-list="Shared Users"
add action=mark-routing chain=output connection-mark=CIR-Nayatel \
new-routing-mark=TO_CIR-Nayatel passthrough=yes
add action=mark-routing chain=output connection-mark=Shared-Nayatel \
new-routing-mark=TO_Shared-Nayatel passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.13.0.0/16
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether3
add action=src-nat chain=srcnat disabled=yes src-address=172.13.3.2 \
to-addresses=203.X.X.X
add action=src-nat chain=srcnat disabled=yes src-address=172.13.3.12 \
to-addresses=203.X.X.X
add action=src-nat chain=srcnat disabled=yes log=yes src-address=172.13.4.1 \
to-addresses=203.X.X.X
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=3389 \
protocol=tcp to-addresses=172.13.3.2 to-ports=3389
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=8100 \
protocol=tcp to-addresses=172.13.3.2 to-ports=8100
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=1433 \
protocol=tcp to-addresses=172.13.3.2 to-ports=1433
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=44503 \
protocol=tcp to-addresses=172.13.3.2 to-ports=44053
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=3389 \
protocol=tcp to-addresses=172.13.3.12 to-ports=3389
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=3389 \
protocol=tcp to-addresses=172.13.4.1 to-ports=3389
add action=dst-nat chain=dstnat dst-address=203.X.X.X dst-port=40000 \
protocol=tcp to-addresses=172.13.3.2 to-ports=40000
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes ports=5060,5061,1720,2493
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=103.X.X.X routing-mark=TO_CIR-Nayatel
add distance=1 gateway=172.30.1.9 routing-mark=TO_Shared-Nayatel
add check-gateway=ping distance=1 gateway=103.X.X.X
add check-gateway=ping distance=2 gateway=172.30.1.9
add comment=Fiedmic distance=30 dst-address=172.12.0.0/16 gateway=\
192.169.10.9
add comment="Fiedmic PC" disabled=yes distance=30 dst-address=172.12.2.0/24 \
gateway=192.169.10.9
add comment="Fiedmic IP Phones" disabled=yes distance=30 dst-address=\
172.12.5.0/24 gateway=192.169.10.9
add comment="Fiedmic Camera " disabled=yes distance=30 dst-address=\
172.12.6.0/24 gateway=192.169.10.9
add comment="FIEDMIC Attedence Machine" disabled=yes distance=30 dst-address=\
172.12.9.0/24 gateway=192.169.10.9
add distance=30 dst-address=172.14.1.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.2.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.4.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.5.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.6.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.9.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.14.10.0/24 gateway=192.169.10.14
add distance=30 dst-address=172.15.0.0/16 gateway=192.169.10.14
add check-gateway=ping distance=30 dst-address=172.16.0.0/16 gateway=\
192.166.10.14
add distance=30 dst-address=192.161.10.12/30 gateway="OILMILL Data Link" \
scope=10
add distance=30 dst-address=192.167.10.8/30 gateway="SERVER ROOM TO FIEDMIC" \
scope=10
add distance=30 dst-address=192.167.10.12/30 gateway=\
"Headoffice to Server Room Nexlink" scope=10
add distance=30 dst-address=192.169.10.8/30 gateway=ether10 scope=10
add distance=30 dst-address=192.169.10.12/30 gateway="SERVER ROOM TO HO" \
scope=10
/ip route rule
add action=lookup-only-in-table dst-address=172.12.0.0/16 table=main
add action=lookup-only-in-table dst-address=172.15.0.0/16 table=main
add action=lookup-only-in-table dst-address=172.16.0.0/16 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=81
set ssh disabled=yes
set api disabled=yes
set winbox port=8219
set api-ssl disabled=yes
/ip traffic-flow
set cache-entries=64k enabled=yes
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name="Server ROOM Internet "
