Home Mikrotik
# jan/06/2015 13:40:25 by RouterOS 4.3
# software id = 72YI-U7G2
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5B:E5:98 \
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5B:E5:99 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5B:E5:9A \
master-port=ether2 mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5B:E5:9B \
master-port=ether2 mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5B:E5:9C \
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
switch-all-ports=yes
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
3 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=hs-pool-3 ranges=10.5.50.2-10.5.50.254
add name=dhcp_pool1 ranges=10.2.0.1-10.2.2.0
add name=ovpn-pool ranges=10.15.32.34-10.15.32.38
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2 lease-time=30m name=dhcp2
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=default comment="" local-address=10.15.32.33 name=cc \
only-one=default remote-address=ovpn-pool use-compression=default \
use-encryption=required use-vj-compression=default
add change-tcp-mss=default comment="" local-address=10.15.32.5 name=office \
only-one=default remote-address=10.15.32.6 use-compression=default \
use-encryption=required use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/interface ovpn-client
add add-default-route=no auth=sha1 certificate=none cipher=aes256 comment="" \
connect-to=public.30 disabled=no mac-address=00:00:00:00:00:01 max-mtu=\
1500 mode=ip name=ovpn-out1 password=**lctn port=1194 profile=default \
user=raymond5
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=voip packet-mark=VOIP parent=ether2 priority=2 queue=\
default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
backbone type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
,test,winbox,password,web,sniff,sensitive"
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=cert2 cipher=blowfish128,aes128,aes256 \
default-profile=default enabled=yes keepalive-timeout=60 mac-address=\
FE:0F:14:83:55:7D max-mtu=1500 mode=ip netmask=29 port=1194 \
require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.2.2.1/16 broadcast=10.2.255.255 comment="" disabled=no \
interface=ether2 network=10.2.0.0
add address=public.26/30 broadcast=public.27 comment="" disabled=no \
interface=ether1 network=public.24
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=10.2.0.12 comment="" disabled=no mac-address=F0:A2:25:99:B6:48 \
server=dhcp2
/ip dhcp-server network
add address=10.2.0.0/16 comment="" dns-server=10.2.2.1 gateway=10.2.2.1 \
netmask=16
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=97.64.168.12 secondary-dns=\
97.64.183.165
/ip dns static
add address=97.64.168.10 disabled=no name=DNS1 ttl=1d
add address=97.64.183.163 disabled=no name=DNS2 ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no dst-port=1900 \
in-interface=ether3 protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=3306 \
in-interface=ether3 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=20561 \
in-interface=ether3 protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=20561 \
out-interface=ether2 protocol=udp
add action=accept chain=forward comment="" disabled=no out-interface=ether2 \
protocol=udp src-port=20561
add action=accept chain=forward comment="" disabled=yes in-interface=ether2 \
out-interface=ether3 port=0-60400 protocol=udp
add action=accept chain=forward comment="" disabled=yes in-interface=ether2 \
out-interface=ether3 port=0-60400 protocol=tcp
add action=accept chain=forward comment="" disabled=yes in-interface=ether3 \
out-interface=ether2 port=0-60400 protocol=tcp
add action=accept chain=forward comment="" disabled=yes in-interface=ether3 \
out-interface=ether2 port=0-60400 protocol=udp
add action=drop chain=forward comment="" disabled=yes out-interface=ether1 \
protocol=tcp src-mac-address=00:0E:08:1A:72:E9
add action=drop chain=forward comment="" disabled=yes out-interface=ether1 \
protocol=udp src-address=10.2.0.14
add action=drop chain=forward comment="" disabled=yes out-interface=ether1 \
protocol=tcp src-address=10.2.0.6-10.2.0.10
add action=drop chain=forward comment="" disabled=yes out-interface=ether1 \
protocol=udp src-address=10.2.0.6-10.2.0.10
add action=accept chain=input comment=OpenVPN disabled=yes dst-port=1194 \
protocol=tcp
add action=accept chain=input comment=OpenVPN disabled=yes dst-port=1194 \
protocol=tcp
add action=accept chain=input comment="" disabled=yes dst-port=22 protocol=\
tcp src-address=public.0/24
add action=accept chain=forward comment="" disabled=yes dst-address=\
97.64.138.82 dst-port=22 protocol=tcp
add action=accept chain=forward comment="" disabled=yes protocol=icmp
/ip firewall mangle
add action=change-mss chain=forward comment="" disabled=yes new-mss=1310 \
protocol=tcp tcp-flags=syn tcp-mss=!0-1448
add action=mark-routing chain=prerouting comment="" disabled=yes \
new-routing-mark=lctn passthrough=yes protocol=tcp src-address=10.2.0.18
add action=mark-routing chain=prerouting comment="" disabled=yes \
new-routing-mark=Squid passthrough=yes protocol=tcp src-address=10.2.0.5
add action=mark-routing chain=prerouting comment="" disabled=yes dst-port=80 \
new-routing-mark=Squid passthrough=yes protocol=tcp src-address=10.2.0.20
add action=mark-routing chain=prerouting comment="" disabled=yes dst-port=443 \
new-routing-mark=Squid passthrough=yes protocol=tcp src-address=10.2.0.20
add action=mark-routing chain=prerouting comment="" disabled=yes dst-port=80 \
new-routing-mark=Squid passthrough=yes protocol=tcp src-address=10.2.0.13
add action=mark-routing chain=prerouting comment="" disabled=yes dst-port=443 \
new-routing-mark=Squid passthrough=yes protocol=tcp src-address=10.2.0.13
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=src-nat chain=srcnat comment="" disabled=yes dst-port=80 protocol=\
tcp src-address=10.2.0.5 to-addresses=public.5 to-ports=80
add action=src-nat chain=srcnat comment="" disabled=no out-interface=ether1 \
src-address=10.2.0.0/16 to-addresses=public.26
add action=src-nat chain=srcnat comment="masquerade hotspot network" \
disabled=no out-interface=ether1 src-address=10.5.50.0/24 to-addresses=\
public.26
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=8898 protocol=tcp to-addresses=10.2.2.70 \
to-ports=80
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=5060-5082 protocol=udp to-addresses=10.2.2.70 \
to-ports=5060-5082
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=10000-20000 protocol=udp to-addresses=10.2.2.70 \
to-ports=10000-20000
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=8088 protocol=tcp to-addresses=10.2.0.3 to-ports=\
8088
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=4569 protocol=udp to-addresses=10.2.2.70 \
to-ports=4569
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=3389 protocol=tcp to-addresses=10.2.0.11 \
to-ports=3389
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=80 protocol=tcp to-addresses=10.2.0.15 to-ports=\
80
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=8181 protocol=tcp to-addresses=10.2.0.32 \
to-ports=8181
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=8001 protocol=tcp to-addresses=10.2.0.17 \
to-ports=8001
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=631 protocol=tcp to-addresses=10.2.2.25 to-ports=\
631
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=5900 protocol=tcp src-address=public.0/24 \
to-addresses=10.2.0.11 to-ports=5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=515 protocol=tcp to-addresses=10.2.2.25 to-ports=\
515
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=9100 protocol=tcp to-addresses=10.2.2.25 \
to-ports=9100
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=22 protocol=tcp to-addresses=10.2.0.11 to-ports=\
22
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=80 protocol=tcp src-address=64.8.170.117 \
to-addresses=10.2.0.11 to-ports=80
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=32400 protocol=tcp to-addresses=10.2.0.11 \
to-ports=32400
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
public.26 dst-port=8000 protocol=tcp src-address=public.0/24 \
to-addresses=10.2.0.11 to-ports=80
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=**lctn profile=default
add comment="" disabled=no name=tami password=**lctn profile=default
add comment="" disabled=no name=tim password=**lctn profile=default
add comment="" disabled=no name=gavin password=**lctn profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set ovpn-out1 discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add comment="added by setup" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=public.25 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=10.10.0.0/16 gateway=\
10.51.50.101 scope=30 target-scope=10
/ip service
set telnet address=public.0/24 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=yes port=80
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=no port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ether1 type=external
add disabled=no interface=ether2 type=internal
add disabled=no interface=ether3 type=external
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=tamray password=tamray1245 profile=office routes="" service=any
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set ovpn-out1 queue=default
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=America/Chicago
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=commando
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=173.255.230.140 secondary-ntp=\
0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=ether2 memory-limit=1000 memory-scroll=no only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
Work Mikrotik
# jan/06/2015 13:40:41 by RouterOS 6.24
# software id = XDXY-4IRN
#
/interface bridge
add mtu=1500 name=105 protocol-mode=none
add mtu=1500 name=bridge1 protocol-mode=none
add mtu=1500 name=bridge2 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1590 mac-address=00:0C:42:BD:DC:1C
set [ find default-name=ether2 ] l2mtu=1590 mac-address=00:0C:42:BD:DC:1D
set [ find default-name=ether3 ] l2mtu=1590 mac-address=00:0C:42:BD:DC:1E
set [ find default-name=ether4 ] l2mtu=1590
set [ find default-name=ether5 ] l2mtu=1590 mac-address=00:0C:42:55:1C:A3
set [ find default-name=ether6 ] l2mtu=1590
set [ find default-name=ether7 ] disabled=yes l2mtu=1590
set [ find default-name=ether8 ] l2mtu=1590 mac-address=00:50:04:62:28:76
set [ find default-name=ether9 ] disabled=yes l2mtu=1590 mac-address=\
00:0B:DB:2E:86:AD
set [ find default-name=ether10 ] l2mtu=1590
set [ find default-name=ether11 ] l2mtu=1590
set [ find default-name=ether12 ] disabled=yes l2mtu=1590
set [ find default-name=sfp1 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp2 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp3 ] auto-negotiation=no l2mtu=1590
set [ find default-name=sfp4 ] auto-negotiation=no l2mtu=1590
/interface eoip
add clamp-tcp-mss=no mac-address=02:AA:7C:C5:BB:BE mtu=1500 name=Hutch-sc \
remote-address=10.50.50.146 tunnel-id=32
add clamp-tcp-mss=no mac-address=02:56:1A:EA:1C:50 mtu=1500 name=Maccray-HD \
remote-address=10.50.50.58 tunnel-id=13
add clamp-tcp-mss=no mac-address=02:FA:24:39:98:10 mtu=1500 name=Roamer-2 \
remote-address=10.50.50.10 tunnel-id=2
add clamp-tcp-mss=no mac-address=02:A2:63:12:F8:A1 mtu=1500 name=Roamer-3 \
remote-address=10.50.50.14 tunnel-id=3
add clamp-tcp-mss=no mac-address=02:AB:6D:08:DC:31 mtu=1500 name=Roamer-4 \
remote-address=10.50.50.18 tunnel-id=4
add clamp-tcp-mss=no mac-address=02:02:D2:F2:44:89 mtu=1500 name=Roamer-5 \
remote-address=10.50.50.22 tunnel-id=5
add clamp-tcp-mss=no mac-address=02:97:B4:7A:8F:5B mtu=1500 name=Roamer-6 \
remote-address=10.50.50.26 tunnel-id=6
add clamp-tcp-mss=no mac-address=02:8D:88:71:02:5F mtu=1500 name=Roamer-7 \
remote-address=10.50.50.34 tunnel-id=7
add clamp-tcp-mss=no mac-address=02:EC:1C:D6:3F:6A mtu=1500 name=Roamer-8 \
remote-address=10.50.50.38 tunnel-id=8
add clamp-tcp-mss=no mac-address=02:EA:C3:34:95:D7 mtu=1500 name=Roamer-9 \
remote-address=10.50.50.42 tunnel-id=9
add clamp-tcp-mss=no mac-address=02:18:D7:E1:1C:4A mtu=1500 name=Roamer-10 \
remote-address=10.50.50.46 tunnel-id=10
add clamp-tcp-mss=no mac-address=02:2B:4D:E2:96:7A mtu=1500 name=Roamer-11 \
remote-address=10.50.50.50 tunnel-id=11
add clamp-tcp-mss=no mac-address=02:93:8E:94:87:53 mtu=1500 name=Roamer-12 \
remote-address=10.50.50.55 tunnel-id=12
add clamp-tcp-mss=no mac-address=02:44:6A:58:3F:7F mtu=1500 name=Roamer-14 \
remote-address=10.50.50.62 tunnel-id=14
add clamp-tcp-mss=no mac-address=02:3F:E5:86:AE:4C mtu=1500 name=Roamer-15 \
remote-address=10.50.50.74 tunnel-id=15
add clamp-tcp-mss=no mac-address=02:04:C2:C4:6B:C7 mtu=1500 name=Roamer-16 \
remote-address=10.50.50.78 tunnel-id=16
add clamp-tcp-mss=no mac-address=02:BF:9C:A8:2B:8C mtu=1500 name=Roamer-17 \
remote-address=10.50.50.82 tunnel-id=17
add clamp-tcp-mss=no mac-address=02:83:38:13:BE:18 mtu=1500 name=Roamer-18 \
remote-address=10.50.50.86 tunnel-id=18
add clamp-tcp-mss=no mac-address=02:72:C7:D5:A6:5B mtu=1500 name=Roamer-19 \
remote-address=10.50.50.90 tunnel-id=19
add clamp-tcp-mss=no mac-address=02:BE:69:AC:06:4F mtu=1500 name=Roamer-20 \
remote-address=10.50.50.94 tunnel-id=20
add clamp-tcp-mss=no mac-address=02:AA:CA:D4:FF:A0 mtu=1500 name=Roamer-21 \
remote-address=10.50.50.98 tunnel-id=21
add clamp-tcp-mss=no mac-address=02:68:61:FF:FD:A5 mtu=1500 name=Roamer-22 \
remote-address=10.50.50.102 tunnel-id=22
add clamp-tcp-mss=no mac-address=02:DD:EB:45:2A:9C mtu=1500 name=Roamer-23 \
remote-address=10.50.50.106 tunnel-id=23
add clamp-tcp-mss=no mac-address=02:56:02:31:AC:B4 mtu=1500 name=Roamer-24 \
remote-address=10.50.50.110 tunnel-id=24
add clamp-tcp-mss=no mac-address=02:15:CD:80:66:76 mtu=1500 name=Roamer-25 \
remote-address=10.50.50.114 tunnel-id=25
add clamp-tcp-mss=no mac-address=02:37:FF:77:49:AB mtu=1500 name=Roamer-26 \
remote-address=10.50.50.118 tunnel-id=26
add clamp-tcp-mss=no mac-address=02:DA:33:A1:B5:74 mtu=1500 name=Roamer-27 \
remote-address=10.50.50.122 tunnel-id=27
add clamp-tcp-mss=no mac-address=02:C3:04:EA:6C:45 mtu=1500 name=Roamer-29 \
remote-address=10.50.50.130 tunnel-id=29
add clamp-tcp-mss=no mac-address=02:21:46:65:B1:54 mtu=1500 name=Roamer-30 \
remote-address=10.50.50.134 tunnel-id=30
add clamp-tcp-mss=no mac-address=02:FD:38:D8:8E:94 mtu=1500 name=Roamer-31 \
remote-address=10.50.50.138 tunnel-id=31
add mac-address=02:56:BE:98:36:3F mtu=1500 name=Roamer-32 remote-address=\
10.51.50.42 tunnel-id=5141
add clamp-tcp-mss=no mac-address=02:7F:87:1F:72:21 mtu=1500 name=acgc-elem \
remote-address=10.50.50.170 tunnel-id=169
add clamp-tcp-mss=no mac-address=02:E7:B3:38:05:B9 mtu=1500 name=acgc-hd \
remote-address=10.50.50.158 tunnel-id=36
add clamp-tcp-mss=no mac-address=02:B5:DB:F7:E0:33 mtu=1500 name=acgc-sc \
remote-address=10.50.50.222 tunnel-id=221
add clamp-tcp-mss=no mac-address=02:3C:D1:1A:E2:F7 mtu=1500 name=bbe-elem \
remote-address=10.50.50.174 tunnel-id=173
add clamp-tcp-mss=no mac-address=02:5D:B7:F1:8F:E8 mtu=1500 name=bbe-sc \
remote-address=10.50.50.154 tunnel-id=34
add clamp-tcp-mss=no mac-address=02:34:02:0C:8D:B7 mtu=1500 name=blh-elem \
remote-address=10.50.50.182 tunnel-id=181
add mac-address=02:8C:90:CA:16:6C mtu=1500 name=blh-hd remote-address=\
10.50.50.82 tunnel-id=81
add clamp-tcp-mss=no mac-address=02:6A:9A:BF:03:32 mtu=1500 name=bold-elem \
remote-address=10.50.50.178 tunnel-id=177
add clamp-tcp-mss=no mac-address=02:22:99:C2:10:FF mtu=1500 name=bold-sc \
remote-address=10.51.50.14 tunnel-id=5113
add clamp-tcp-mss=no mac-address=00:00:5E:80:00:01 mtu=1500 name=eoip-tunnel1 \
remote-address=10.50.50.6 tunnel-id=1
add clamp-tcp-mss=no mac-address=02:4E:B8:50:BB:50 mtu=1500 name=gsl-elem \
remote-address=10.50.50.186 tunnel-id=185
add clamp-tcp-mss=no mac-address=02:BC:39:EB:8B:75 mtu=1500 name=gsl-sc \
remote-address=10.50.50.166 tunnel-id=165
add clamp-tcp-mss=no mac-address=02:CD:66:F8:A9:5E mtu=1500 name=hutch-ms \
remote-address=10.50.50.194 tunnel-id=193
add clamp-tcp-mss=no mac-address=02:C8:65:50:29:A0 mtu=1500 name=hutch-park \
remote-address=10.50.50.242 tunnel-id=241
add clamp-tcp-mss=no mac-address=02:43:CE:FA:A5:C6 mtu=1500 name=kennedy \
remote-address=10.51.50.2 tunnel-id=5112
add clamp-tcp-mss=no mac-address=02:6A:97:07:3E:4A mtu=1500 name=kennedy2 \
remote-address=10.51.50.22 tunnel-id=5121
add clamp-tcp-mss=no mac-address=02:24:C8:97:01:9B mtu=1500 name=\
lakeview-elem remote-address=10.50.50.206 tunnel-id=205
add clamp-tcp-mss=no mac-address=02:7C:8A:94:58:64 mtu=1500 name=lester-hd \
remote-address=10.50.50.126 tunnel-id=28
add clamp-tcp-mss=no mac-address=02:75:94:07:7A:95 mtu=1500 name=lp-elem \
remote-address=10.50.50.202 tunnel-id=201
add clamp-tcp-mss=no mac-address=02:9F:40:8F:91:AE mtu=1500 name=maynard \
remote-address=10.50.50.198 tunnel-id=197
add clamp-tcp-mss=no mac-address=02:AC:36:CF:93:92 mtu=1500 name=monte-elem \
remote-address=10.50.50.218 tunnel-id=217
add mac-address=02:C6:A5:86:27:BC mtu=1500 name=monte-sup remote-address=\
10.50.50.214 tunnel-id=213
add clamp-tcp-mss=no mac-address=02:7C:03:66:27:3B mtu=1500 name=mrved-sc \
remote-address=10.50.50.150 tunnel-id=33
add clamp-tcp-mss=no mac-address=02:EB:78:15:74:2A mtu=1500 name=murdock \
remote-address=10.50.50.230 tunnel-id=229
add clamp-tcp-mss=no mac-address=02:F0:2E:C2:C0:27 mtu=1500 name=nls-elem \
remote-address=10.50.50.234 tunnel-id=233
add clamp-tcp-mss=no mac-address=02:2D:83:EC:4E:35 mtu=1500 name=ort-hd \
remote-address=10.51.50.10 tunnel-id=519
add clamp-tcp-mss=no mac-address=02:26:38:6D:F3:3B mtu=1500 name=yme-elem \
remote-address=10.50.50.210 tunnel-id=209
/interface gre
add clamp-tcp-mss=no dscp=0 local-address=public.30 mtu=1476 name=verizon1 \
remote-address=66.174.192.198
add clamp-tcp-mss=no dscp=0 local-address=public.30 mtu=1476 name=verizon2 \
remote-address=66.174.200.11
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=150 name=O150 value=0x4A74D2A3
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
add auth-algorithms=md5 enc-algorithms=aes-256-cbc lifetime=1d name=VZW \
pfs-group=none
add auth-algorithms=md5 enc-algorithms=aes-256-cbc lifetime=1d name=VZW2 \
pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=10.10.20.1-10.10.20.254
add name=dhcp_pool2 ranges=10.10.1.50-10.10.255.254
add name=dhcp_pool3 ranges=public.245-public.252
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether2 lease-time=3d name=\
dhcp1
add address-pool=dhcp_pool3 disabled=no interface=ether4 lease-time=3d name=\
dhcp2
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set 0 local-address=10.50.50.5 remote-address=10.50.50.6 use-encryption=\
required
add local-address=10.50.50.9 name=roamer-2 remote-address=10.50.50.10 \
use-encryption=required
add local-address=10.50.50.13 name=roamer-3 remote-address=10.50.50.14 \
use-encryption=required
add local-address=10.50.50.17 name=roamer-4 remote-address=10.50.50.18 \
use-encryption=required
add local-address=10.50.50.21 name=lqpv-hd remote-address=10.50.50.22 \
use-encryption=required
add local-address=10.50.50.25 name=roamer-6 remote-address=10.50.50.26 \
use-encryption=required
add local-address=10.50.50.29 name=lctn-xp remote-address=10.50.50.30 \
use-encryption=required
add local-address=10.50.50.33 name=roamer-7 remote-address=10.50.50.34 \
use-encryption=required
add local-address=10.50.50.37 name=roamer-8 remote-address=10.50.50.38 \
use-encryption=required
add local-address=10.50.50.41 name=roamer-9 remote-address=10.50.50.42 \
use-encryption=required
add local-address=10.50.50.45 name=roamer-10 remote-address=10.50.50.46 \
use-encryption=required
add local-address=10.50.50.49 name=roamer-11 remote-address=10.50.50.50 \
use-encryption=required
add local-address=10.50.50.53 name=roamer-12 remote-address=10.50.50.54 \
use-encryption=required
add local-address=10.50.50.57 name=maccray-hd remote-address=10.50.50.58 \
use-encryption=required
add local-address=10.50.50.61 name=roamer-14 remote-address=10.50.50.62 \
use-encryption=required
add local-address=10.50.50.73 name=roamer-15 remote-address=10.50.50.74 \
use-encryption=required
add local-address=10.50.50.77 name=roamer-16 remote-address=10.50.50.78 \
use-encryption=required
add local-address=10.50.50.81 name=blh-hd remote-address=10.50.50.82 \
use-encryption=required
add local-address=10.50.50.85 name=roamer-18 remote-address=10.50.50.86 \
use-encryption=required
add local-address=10.50.50.89 name=bbe-hd remote-address=10.50.50.90 \
use-encryption=required
add local-address=10.50.50.93 name=roamer-20 remote-address=10.50.50.94 \
use-encryption=required
add local-address=10.50.50.97 name=roamer-21 remote-address=10.50.50.98 \
use-encryption=required
add local-address=10.50.50.101 name=Roamer-22 remote-address=10.50.50.102 \
use-encryption=required
add local-address=10.50.50.105 name=roamer-23 remote-address=10.50.50.106 \
use-encryption=required
add local-address=10.50.50.109 name=roamer-24 remote-address=10.50.50.110 \
use-encryption=required
add local-address=10.50.50.113 name=roamer-25 remote-address=10.50.50.114 \
use-encryption=required
add local-address=10.50.50.117 name=roamer-26 remote-address=10.50.50.118 \
use-encryption=required
add local-address=10.50.50.121 name=roamer-27 remote-address=10.50.50.122 \
use-encryption=required
add local-address=10.50.50.125 name=lester-hd remote-address=10.50.50.126 \
use-encryption=required
add local-address=10.50.50.129 name=roamer-29 remote-address=10.50.50.130 \
use-encryption=required
add local-address=10.50.50.133 name=blh-sc remote-address=10.50.50.134 \
use-encryption=required
add local-address=10.50.50.137 name=acgc remote-address=10.50.50.138 \
use-encryption=required
add local-address=10.50.50.141 name=roamer-31 remote-address=10.50.50.142 \
use-encryption=required
add local-address=10.50.50.145 name=Hutch-sc remote-address=10.50.50.146 \
use-encryption=required
add local-address=10.50.50.149 name=mrved-sc remote-address=10.50.50.150 \
use-encryption=required
add local-address=10.50.50.153 name=bbe-sc remote-address=10.50.50.154 \
use-encryption=required
add local-address=10.50.50.157 name=acgc-hd remote-address=10.50.50.158 \
use-encryption=required
add local-address=10.50.50.161 name=mrved-internet remote-address=\
10.50.50.162 use-encryption=required
add local-address=10.50.50.233 name=nls-elem remote-address=10.50.50.234
add local-address=10.50.50.197 name=maynard remote-address=10.50.50.198
add local-address=10.50.50.209 name=yme-elem remote-address=10.50.50.210
add local-address=10.50.50.169 name=acgc-elem remote-address=10.50.50.170
add local-address=10.50.50.221 name=acgc-sc remote-address=10.50.50.222
add local-address=10.51.50.9 name=ort-hd remote-address=10.51.50.10
add local-address=10.50.50.181 name=blh-elem remote-address=10.50.50.182
add local-address=10.50.50.205 name=lakeview-elem remote-address=10.50.50.206
add local-address=10.50.50.217 name=monte-elem remote-address=10.50.50.218
add local-address=10.50.50.185 name=gsl-elem remote-address=10.50.50.186
add local-address=10.50.50.165 name=gsl-sc remote-address=10.50.50.166
add local-address=10.51.50.13 name=bold-sc remote-address=10.51.50.14
add local-address=10.50.50.193 name=hutch-ms remote-address=10.50.50.194
add local-address=10.51.50.1 name=kennedy remote-address=10.51.50.2
add local-address=10.50.50.201 name=lp-elem remote-address=10.50.50.202
add local-address=10.50.50.241 name=hutch-park remote-address=10.50.50.242
add local-address=10.51.50.17 name=temp remote-address=10.51.50.18
add local-address=10.50.50.173 name=bbe-elem remote-address=10.50.50.174
add local-address=10.50.50.229 name=murdock remote-address=10.50.50.230
add local-address=10.51.50.21 name=kennedy2 remote-address=10.51.50.22
add local-address=10.50.50.177 name=bold-elem remote-address=10.50.50.178 \
use-encryption=no
add local-address=10.51.50.29 name=raymond2 remote-address=10.51.50.30
add local-address=10.51.50.33 name=raymond remote-address=10.51.50.34
add local-address=10.51.50.37 name=Neil remote-address=10.51.50.38 \
use-encryption=required
add local-address=10.51.50.101 name=raymond5 remote-address=10.51.50.102 \
use-encryption=required
add local-address=10.50.50.213 name=monte-sup remote-address=10.50.50.214 \
use-encryption=required
add local-address=10.51.50.41 name=Roamer-32 remote-address=10.51.50.42
/routing bgp instance
set default router-id=10.98.0.2
/system logging action
set 0 memory-lines=10000
set 1 disk-lines-per-file=100
set 3 src-address=0.0.0.0
/interface bridge port
add bridge=bridge1 interface=eoip-tunnel1
add bridge=bridge1 interface=Roamer-2
add bridge=bridge1 interface=acgc-hd
add bridge=bridge1 interface=Roamer-4
add bridge=bridge1 interface=Roamer-5
add bridge=bridge1 interface=Roamer-6
add bridge=bridge1 interface=Roamer-7
add bridge=bridge1 interface=Roamer-11
add bridge=bridge1 interface=Roamer-10
add bridge=bridge1 interface=Roamer-9
add bridge=bridge1 interface=Roamer-8
add bridge=bridge1 interface=Maccray-HD
add bridge=bridge1 interface=Roamer-14
add bridge=bridge1 interface=Roamer-15
add bridge=bridge1 interface=Roamer-16
add bridge=bridge1 interface=Roamer-17
add bridge=bridge1 interface=Roamer-18
add bridge=bridge1 interface=Roamer-20
add bridge=bridge1 interface=Roamer-21
add bridge=bridge1 interface=Roamer-22
add bridge=bridge1 interface=Roamer-23
add bridge=bridge1 interface=Roamer-24
add bridge=bridge1 interface=Roamer-25
add bridge=bridge1 interface=Roamer-26
add bridge=bridge1 interface=Roamer-27
add bridge=bridge1 interface=lester-hd
add bridge=bridge1 interface=Roamer-29
add bridge=bridge1 interface=Roamer-30
add bridge=bridge1 interface=Roamer-12
add bridge=bridge1 interface=Roamer-3
add bridge=bridge1 interface=Roamer-19
add bridge=bridge1 interface=Roamer-31
add bridge=bridge1 interface=Hutch-sc
add bridge=bridge1 interface=mrved-sc
add bridge=bridge1 interface=bbe-sc
add bridge=bridge1 interface=nls-elem
add bridge=bridge1 interface=maynard
add bridge=bridge1 interface=yme-elem
add bridge=bridge1 interface=acgc-elem
add bridge=bridge1 interface=acgc-sc
add bridge=bridge1 interface=ort-hd
add bridge=bridge1 interface=blh-elem
add bridge=bridge1 interface=lakeview-elem
add bridge=bridge1 interface=monte-elem
add bridge=bridge1 interface=gsl-elem
add bridge=bridge1 interface=gsl-sc
add bridge=bridge1 interface=bold-sc
add bridge=bridge1 interface=hutch-ms
add bridge=bridge1 interface=kennedy
add bridge=bridge1 interface=lp-elem
add bridge=bridge1 interface=hutch-park
add bridge=bridge1 interface=murdock
add bridge=bridge1 interface=kennedy2
add bridge=bridge1 interface=bbe-elem
add bridge=bridge1 interface=bold-elem
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=blh-hd
add bridge=bridge1 interface=monte-sup
add bridge=bridge1 interface=Roamer-32
/interface ovpn-server server
set auth=sha1 certificate=cert_1 cipher=blowfish128,aes128,aes192,aes256 \
enabled=yes keepalive-timeout=disabled netmask=30
/ip address
add address=public.30/27 interface=ether5 network=public.0
add address=public.4/27 interface=ether1 network=public.0
add address=public.3/27 interface=ether1 network=public.0
add address=public.10/27 interface=ether1 network=public.0
add address=public.11/27 interface=ether1 network=public.0
add address=public.12/27 interface=ether1 network=public.0
add address=public.24/27 interface=ether1 network=public.0
add address=public.17/27 interface=ether1 network=public.0
add address=public.18/27 interface=ether1 network=public.0
add address=public.22/27 interface=ether1 network=public.0
add address=public.13/27 interface=ether1 network=public.0
add address=public.7/27 interface=ether1 network=public.0
add address=public.28/27 interface=ether1 network=public.0
add address=10.10.1.1/16 interface=ether2 network=10.10.0.0
add address=public.14/27 interface=ether1 network=public.0
add address=public.15/27 interface=ether1 network=public.0
add address=public.5/27 interface=ether1 network=public.0
add address=public.65/28 interface=ether8 network=public.64
add address=public.2/27 interface=ether1 network=public.0
add address=public.254/24 interface=ether4 network=public.0
add address=10.98.0.2/30 interface=verizon1 network=10.98.0.0
add address=public.29/27 interface=ether1 network=public.0
add address=10.98.0.6/30 interface=verizon2 network=10.98.0.4
add address=10.199.1.1/24 interface=ether3 network=10.199.1.0
add address=public.6/27 interface=ether5 network=public.0
/ip dhcp-server lease
add address=10.10.8.110 client-id=00:50:56:BC:03:35 mac-address=\
00:50:56:BC:03:35 server=dhcp1
add address=10.10.1.15 mac-address=BC:AE:C5:92:07:C3 server=dhcp1
add address=10.10.1.23 client-id=1:0:50:56:bc:3:20 mac-address=\
00:50:56:BC:03:20 server=dhcp1
add address=10.10.1.58 client-id=1:d4:85:64:76:9f:90 mac-address=\
D4:85:64:76:9F:90 server=dhcp1
add address=10.10.1.43 client-id=1:5c:d9:98:b:ed:31 mac-address=\
5C:D9:98:0B:ED:31 server=dhcp1
add address=10.10.1.19 mac-address=00:50:56:BC:03:17
add address=10.10.1.73 mac-address=00:1A:4B:77:9E:5C server=dhcp1
add address=10.10.1.53 mac-address=00:30:48:72:53:A0 server=dhcp1
add address=10.10.1.99 client-id=1:0:11:32:25:1:1 mac-address=\
00:11:32:25:01:01 server=dhcp1
add address=10.10.4.14 mac-address=00:11:32:28:71:09
add address=public.36 client-id=E4C722668179 mac-address=E4:C7:22:66:81:79
add address=public.28 client-id=E4C722666A88 mac-address=E4:C7:22:66:6A:88
add address=public.116 client-id=E4C722667744 mac-address=E4:C7:22:66:77:44
add address=public.52 client-id=E4C722667890 mac-address=E4:C7:22:66:78:90
add address=public.92 client-id=E4C72266785A mac-address=E4:C7:22:66:78:5A
add address=public.60 mac-address=E4:C7:22:66:75:DA server=dhcp2
add address=public.167 client-id=E4C7226675CA mac-address=E4:C7:22:66:75:CA
add address=public.156 client-id=E4C72266784C mac-address=E4:C7:22:66:78:4C
add address=public.100 client-id=E4C722667862 mac-address=E4:C7:22:66:78:62
add address=public.44 client-id=E4C722666A67 mac-address=E4:C7:22:66:6A:67
add address=public.84 client-id=E4C72266786B mac-address=E4:C7:22:66:78:6B
add address=public.76 client-id=E4C7226675DB mac-address=E4:C7:22:66:75:DB
add address=public.132 client-id=E4C7226675D8 mac-address=E4:C7:22:66:75:D8
add address=public.133 client-id=E4C722667858 mac-address=E4:C7:22:66:78:58
add address=public.20 client-id=E4C722666B89 mac-address=E4:C7:22:66:6B:89
add address=public.68 client-id=E4C7226675CF mac-address=E4:C7:22:66:75:CF
add address=public.140 client-id=E4C7226675C5 mac-address=E4:C7:22:66:75:C5
add address=public.13 always-broadcast=yes client-id=E4C7226675C6 \
mac-address=E4:C7:22:66:75:C6
add address=public.150 client-id=E4:C7:22:66:75:EC mac-address=\
E4:C7:22:66:75:EC server=dhcp2
add address=public.201 always-broadcast=yes client-id=1:2:e9:48:c7:8e:ac \
mac-address=02:E9:48:C7:8E:AC server=dhcp2
add address=public.108 client-id=E4C72266760A mac-address=E4:C7:22:66:76:0A
add address=10.10.4.23 mac-address=00:0C:29:08:21:CC server=dhcp1
add client-id=1:d4:ca:6d:e4:13:2b mac-address=D4:CA:6D:E4:13:2B server=dhcp2
/ip dhcp-server network
add address=10.10.0.0/16 dns-server=10.10.4.21 gateway=10.10.1.1
add address=public.0/24 dhcp-option=O150 dns-server=\
10.250.4.200,10.250.4.201 domain=lctn.private.network gateway=public.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=192.168.88.1
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp
add chain=input connection-state=new dst-port=22 protocol=tcp \
src-address-list=public.0/27
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add chain=input comment="default configuration" protocol=icmp
add chain=forward dst-address=10.199.1.0/24 protocol=icmp src-address=\
10.10.0.0/16
add action=log chain=input comment="ZeroAccess Log" dst-port=16471 protocol=\
udp
add action=drop chain=input comment="ZeroAccess botnet" dst-port=16471 \
protocol=udp
add action=drop chain=output comment="ZeroAccess Outbound" dst-port=16471 \
protocol=udp
add chain=input log=yes src-address=66.174.192.198
add chain=input dst-port=500 log=yes protocol=udp
add chain=input dst-port=500 log=yes protocol=tcp
add chain=input protocol=ipsec-esp
add action=drop chain=forward dst-address=public.64/29 dst-port=5060 log=\
yes protocol=udp
add action=drop chain=input log=yes src-address=175.117.145.48
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=80 new-routing-mark=\
verizon80 passthrough=no protocol=tcp src-address=10.99.0.0/16
add action=mark-routing chain=prerouting dst-port=443 new-routing-mark=\
verizon443 passthrough=no protocol=tcp src-address=10.99.0.0/16
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether5 src-address=10.10.4.25 \
to-addresses=public.22
add action=src-nat chain=srcnat out-interface=ether5 src-address=10.10.4.13 \
to-addresses=public.3
add action=src-nat chain=srcnat out-interface=ether5 src-address=10.10.4.8 \
to-addresses=public.2
add action=src-nat chain=srcnat src-address=10.10.1.15 to-addresses=\
public.3
add chain=srcnat dst-address=10.98.0.0/24 out-interface=ether5 src-address=\
10.10.0.0/16
add action=src-nat chain=srcnat src-address=10.199.1.0/24 to-addresses=\
public.3
add action=src-nat chain=srcnat out-interface=ether2 src-address=public.3 \
to-addresses=10.10.1.15
add action=src-nat chain=srcnat src-address=10.10.0.0/16 to-addresses=\
public.3
add action=masquerade chain=srcnat src-address=10.99.0.0/16 to-addresses=\
public.3
add action=dst-nat chain=dstnat dst-address=public.2 in-interface=ether5 \
to-addresses=10.10.4.8
add action=dst-nat chain=dstnat dst-address=public.24 dst-port=25 protocol=\
tcp to-addresses=10.10.4.23 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.11 dst-port=25 protocol=\
tcp to-addresses=10.10.4.23 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.17 dst-port=25 protocol=\
tcp to-addresses=10.10.4.23 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.18 dst-port=25 protocol=\
tcp to-addresses=10.10.4.23 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=25 protocol=\
tcp to-addresses=10.10.4.13 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=25 protocol=\
tcp to-addresses=10.10.4.23 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=80 protocol=\
tcp to-addresses=10.10.4.1 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=143 protocol=\
tcp to-addresses=10.10.4.13 to-ports=143
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=443 protocol=\
tcp to-addresses=10.10.4.13 to-ports=443
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=993 protocol=\
tcp to-addresses=10.10.4.13 to-ports=993
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=465 protocol=\
tcp to-addresses=10.10.4.13 to-ports=465
add action=dst-nat chain=dstnat dst-address=public.22 dst-port=80 protocol=\
tcp to-addresses=10.10.4.27 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.7 dst-port=3389 \
protocol=tcp to-addresses=10.10.1.23 to-ports=3389
add action=dst-nat chain=dstnat dst-address=public.13 dst-port=80 protocol=\
tcp to-addresses=10.10.1.83 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.13 dst-port=3389 \
protocol=tcp to-addresses=10.10.4.39 to-ports=3389
add action=dst-nat chain=dstnat dst-address=public.24 dst-port=80 protocol=\
tcp to-addresses=10.10.4.15 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.11 dst-port=80 protocol=\
tcp to-addresses=10.10.4.10 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.18 dst-port=80 protocol=\
tcp to-addresses=10.10.4.23 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=32400 \
protocol=tcp to-addresses=10.10.1.15 to-ports=32400
add action=dst-nat chain=dstnat dst-address=public.7 dst-port=5901 \
protocol=tcp to-addresses=10.10.1.23 to-ports=5901
add action=dst-nat chain=dstnat dst-address=public.7 dst-port=443 protocol=\
tcp to-addresses=10.10.1.23 to-ports=443
add action=dst-nat chain=dstnat dst-address=public.12 dst-port=80 protocol=\
tcp to-addresses=10.10.4.9 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.10 dst-port=80 protocol=\
tcp to-addresses=10.10.4.60 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.10 dst-port=1935 \
protocol=tcp to-addresses=10.10.4.60 to-ports=1935
add action=dst-nat chain=dstnat dst-address=public.10 dst-port=443 \
protocol=tcp to-addresses=10.10.4.60 to-ports=443
add action=dst-nat chain=dstnat dst-address=public.10 dst-port=8000 \
protocol=tcp to-addresses=10.10.4.60 to-ports=8000
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=21 protocol=\
tcp to-addresses=10.10.4.21 to-ports=21
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=22 protocol=\
tcp src-address=public.26 to-addresses=10.10.1.15 to-ports=22
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=80 protocol=\
tcp to-addresses=10.10.1.5 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=443 \
protocol=tcp to-addresses=10.10.1.5 to-ports=443
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=8800 \
protocol=tcp to-addresses=10.10.1.5 to-ports=8800
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=123 \
protocol=tcp to-addresses=10.10.1.5 to-ports=123
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=53 protocol=\
tcp to-addresses=10.10.1.5 to-ports=53
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=53 protocol=\
udp to-addresses=10.10.1.5 to-ports=53
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=35060 \
protocol=tcp to-addresses=10.10.1.5 to-ports=35060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=35060 \
protocol=udp to-addresses=10.10.1.5 to-ports=35060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=10000-16000 \
protocol=tcp to-addresses=10.10.1.5 to-ports=10000-16000
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=10000-16000 \
protocol=udp to-addresses=10.10.1.5 to-ports=10000-16000
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=5060 \
protocol=tcp to-addresses=10.10.1.5 to-ports=5060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=5060 \
protocol=udp to-addresses=10.10.1.5 to-ports=5060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=1720 \
protocol=tcp to-addresses=10.10.1.5 to-ports=1720
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=1719 \
protocol=udp to-addresses=10.10.1.5 to-ports=1719
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=50000 \
protocol=tcp to-addresses=10.10.1.5 to-ports=50000
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=55060 \
protocol=tcp to-addresses=10.10.1.5 to-ports=55060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=55060 \
protocol=udp to-addresses=10.10.1.5 to-ports=55060
add action=dst-nat chain=dstnat dst-address=public.14 dst-port=50000-55000 \
protocol=udp to-addresses=10.10.1.5 to-ports=50000-55000
add action=dst-nat chain=dstnat dst-address=public.15 dst-port=80 protocol=\
tcp to-addresses=10.10.1.19 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.15 dst-port=25 protocol=\
tcp to-addresses=10.10.1.19 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.7 dst-port=80 protocol=\
tcp to-addresses=10.10.1.76 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=69 protocol=\
udp to-addresses=10.10.1.15 to-ports=69
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=3389 \
protocol=tcp to-addresses=10.10.1.15 to-ports=3389
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=8080 \
protocol=tcp to-addresses=10.10.1.83 to-ports=8080
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=8181 \
protocol=tcp to-addresses=10.10.1.83 to-ports=8181
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=80 protocol=\
tcp to-addresses=10.10.1.83 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.5 dst-port=80 protocol=\
tcp to-addresses=10.10.1.15 to-ports=80
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=9101 \
protocol=tcp to-addresses=10.10.4.2 to-ports=9101
add action=dst-nat chain=dstnat dst-address=public.10 dst-port=8008 \
protocol=tcp to-addresses=10.10.4.60 to-ports=8008
add action=dst-nat chain=dstnat dst-address=public.24 dst-port=8000 \
protocol=tcp to-addresses=10.10.4.5 to-ports=8000
add action=dst-nat chain=dstnat dst-address=public.24 dst-port=554 \
protocol=tcp to-addresses=10.10.4.15 to-ports=554
add action=dst-nat chain=dstnat dst-address=public.4 dst-port=6544 \
protocol=tcp to-addresses=10.10.1.83 to-ports=6544
add action=dst-nat chain=dstnat dst-address=public.3 dst-port=32400 \
protocol=tcp to-addresses=10.10.1.15 to-ports=32400
add action=dst-nat chain=dstnat dst-address=public.2 dst-port=143 protocol=\
tcp to-addresses=10.10.4.8 to-ports=143
add action=dst-nat chain=dstnat dst-address=public.2 dst-port=993 protocol=\
tcp to-addresses=10.10.4.8 to-ports=993
add action=dst-nat chain=dstnat disabled=yes dst-address=public.2 dst-port=\
25 protocol=tcp to-addresses=10.10.4.8 to-ports=25
add action=dst-nat chain=dstnat dst-address=public.2 dst-port=587 protocol=\
tcp to-addresses=10.10.4.8 to-ports=587
add action=dst-nat chain=dstnat dst-address=public.2 dst-port=465 protocol=\
tcp to-addresses=10.10.4.8 to-ports=465
add action=dst-nat chain=dstnat disabled=yes dst-address=public.2 dst-port=\
22 protocol=tcp to-addresses=10.10.4.8 to-ports=22
add action=dst-nat chain=dstnat disabled=yes dst-port=80 protocol=tcp \
src-address=10.10.1.15 to-addresses=10.10.1.76 to-ports=3129
add action=dst-nat chain=dstnat disabled=yes dst-port=443 protocol=tcp \
src-address=10.10.1.15 to-addresses=10.10.1.76 to-ports=3127
add action=dst-nat chain=dstnat dst-address=public.6 dst-port=80 protocol=\
tcp to-addresses=10.10.4.26 to-ports=80
add action=src-nat chain=srcnat src-address=5.5.5.0/24 to-addresses=\
public.3
/ip ipsec peer
add address=66.174.192.198/32 dpd-interval=15s enc-algorithm=aes-256 \
nat-traversal=no secret=VzWmPn01686 send-initial-contact=no
add address=66.174.200.11/32 dpd-interval=15s enc-algorithm=aes-256 \
nat-traversal=no secret=VzWmPn01686 send-initial-contact=no
/ip ipsec policy
set 0 disabled=yes
add dst-address=66.174.192.198/32 proposal=VZW sa-dst-address=66.174.192.198 \
sa-src-address=public.30 src-address=public.30/32
add dst-address=66.174.200.11/32 proposal=VZW2 sa-dst-address=66.174.200.11 \
sa-src-address=public.30 src-address=public.30/32
/ip proxy
set cache-path=web-proxy1
/ip proxy access
add dst-port=80 src-address=10.10.1.73
/ip route
add distance=1 gateway=10.10.1.76 routing-mark=verizon80
add distance=1 gateway=10.10.1.76 routing-mark=verizon443
add distance=1 gateway=public.1
add distance=1 dst-address=5.5.5.0/24 gateway=10.10.1.64
add distance=1 dst-address=10.2.0.0/16 gateway=10.51.50.102
add distance=1 dst-address=10.198.0.0/20 gateway=10.10.2.18
add distance=1 dst-address=10.198.80.0/20 gateway=10.10.2.6
add distance=1 dst-address=10.198.96.0/28 gateway=10.10.2.5
/ip service
set ftp address=10.10.0.0/16,10.2.0.0/16,public.26/32
set www address=10.10.0.0/16,public.0/27,public.26/32 disabled=yes
set ssh address=10.10.0.0/16
set api disabled=yes
set winbox address=10.10.0.0/16,public.0/27,public.26/32
/ip traffic-flow
set cache-entries=4k
/ppp secret
add name=weac password=
add name=roamer-2 password=roamer-2 profile=roamer-2 service=ovpn
add name=roamer-3 password= profile=roamer-3
add name=monte-ipc password=monte-ipc profile=roamer-4
add name=monte-hs-mrved password=monte-hs-mrved profile=lqpv-hd
add name=roamer-5 password= profile=lqpv-hd
add name=roamer-4 password= profile=roamer-4
add name=roamer-6 password= profile=roamer-6
add name=roamer-7 password= profile=roamer-7
add name=roamer-8 password= profile=roamer-8
add name=roamer-9 password= profile=roamer-9
add name=roamer-10 password= profile=roamer-10
add name=roamer-11 password= profile=roamer-11
add name=roamer-12 password= profile=roamer-12
add name=roamer-13 password= profile=maccray-hd
add name=roamer-14 password= profile=roamer-14
add name=roamer-15 password= profile=roamer-15
add name=roamer-16 password= profile=roamer-16
add name=blh-hd password= profile=blh-hd
add name=roamer-18 password= profile=roamer-18
add name=roamer-19 password= profile=bbe-hd
add name=roamer-20 password= profile=roamer-20
add name=roamer-21 password= profile=roamer-21
add name=roamer-22 password= profile=Roamer-22
add name=roamer-23 password= profile=roamer-23
add name=roamer-24 password= profile=roamer-24
add name=roamer-25 password= profile=roamer-25
add name=roamer-26 password= profile=roamer-26
add name=roamer-27 password= profile=roamer-27
add name=roamer-29 password= profile=roamer-29
add name=roamer-30 password= profile=blh-sc
add name=acgc password= profile=acgc
add name=roamer-31 password= profile=roamer-31
add name=Hutch-sc password= profile=Hutch-sc
add name=mrved-sc password= profile=mrved-sc
add name=bbe-sc password= profile=bbe-sc
add name=acgc-hd password= profile=acgc-hd
add name=mrved-internet password= profile=mrved-internet
add name=lester-hd password= profile=lester-hd
add name=nls-elem password= profile=nls-elem
add name=maynard password= profile=maynard
add name=yme-elem password= profile=yme-elem
add name=acgc-elem password= profile=acgc-elem
add name=acgc-sc password= profile=acgc-sc
add name=ort-hd password= profile=ort-hd
add name=blh-elem password= profile=blh-elem
add name=lakeview-elem password= profile=lakeview-elem
add name=monte-elem password= profile=monte-elem
add name=gsl-elem password= profile=gsl-elem
add name=gsl-sc password= profile=gsl-sc
add name=bold-sc password= profile=bold-sc
add name=bbe-hd password= profile=bbe-hd
add name=hutch-ms password= profile=hutch-ms
add name=bold-elem password= profile=bold-elem
add name=kennedy password= profile=kennedy
add name=lp-elem password= profile=lp-elem
add name=hutch-park password= profile=hutch-park
add name=bbe-elem password= profile=bbe-elem
add name=murdock password= profile=murdock
add name=kennedy2 password= profile=kennedy2
add name=neil password=neilbold1314* profile=Neil
add name=raymond password= profile=raymond
add name=raymond2 password= profile=raymond2
add name=raymond5 password= profile=raymond5
add name=monte-sup password= profile=monte-sup
add name=roamer-32 password= profile=Roamer-32
/routing bgp peer
add default-originate=always name=T1 remote-address=10.98.0.1 remote-as=6167 \
ttl=default
add default-originate=always name=T2 remote-address=10.98.0.5 remote-as=6167 \
ttl=default
/system clock
set time-zone-name=America/Chicago
/system identity
set name=LCTN-FW
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add disabled=yes topics=firewall
add disabled=yes topics=bgp
add topics=ipsec
add disabled=yes topics=bgp
add disabled=yes topics=ovpn
/system ntp client
set enabled=yes primary-ntp=65.19.178.219 secondary-ntp=198.60.22.240
/system ntp server
set broadcast=yes broadcast-addresses=10.10.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
/system scheduler
/tool graphing interface
add allow-address=10.10.0.0/16 interface=ether1