I have a script I use to run on my routerboard 951ui-2hnd ver 6.40.2 which works great.
But since we got newer ver. routerboards we have been unable to load the script.
Can anyone assist with this script on why it does not work with the newer version?
See code below:
Code: Select all
:delay 15s
/interface bridge
add name=bridge-local protocol-mode=rstp
/interface ethernet
set 0 name=ether1-master-local
set 1 name=ether2-slave-local
set 2 name=ether3-slave-local
set 3 name=ether4-slave-local
set 4 name=ether5-gateway
/ip pool
add name=pool-2-89 ranges=10.2.89.220-10.2.89.250
/ip dhcp-server
add address-pool=pool-2-89 authoritative=yes disabled=no interface=bridge-local lease-time=1h name=dhcp-2-89
/ppp profile
add change-tcp-mss=yes name=remote-router use-encryption=required
/interface pptp-client
add allow=mschap2 connect-to="xxx" disabled=no name=pptp-fiber password=xxx profile=remote-router user=o3-2-89
/interface sstp-client
add authentication=mschap2 connect-to="xxx" disabled=no name=sstp-fiber password=xxx profile=remote-router user=o3-2-89 verify-server-address-from-certificate=no
/interface bridge port
add bridge=bridge-local interface=ether1-master-local
add bridge=bridge-local interface=ether2-slave-local
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=wlan1
/ip address
add address=10.216.49.5/255.255.255.0 interface=ether5-gateway
add address=10.2.89.1/24 interface=bridge-local network=10.2.89.0
/ip dhcp-client
add disabled=yes interface=ether5-gateway
/ip dhcp-server network
add address=10.2.89.0/24 dns-server=10.2.89.1 gateway=10.2.89.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=drop chain=input comment="Drop all invalid packets." \
connection-state=invalid
add chain=input comment="Accept established." connection-state=established
add chain=input comment="Accept related." connection-state=related
add action=jump chain=input comment="Jump to Public Internet chain." \
in-interface=ether5-gateway jump-target=public
add chain=input comment="Accept everything else."
add chain=public comment="Allow incoming ICMP packets." protocol=icmp
add chain=public comment="Allow Broadcast Traffic" dst-address-type=broadcast
add chain=public comment="Allow NTP Unicast Traffic" dst-port=123 protocol=\
udp
add action=accept chain=public comment="modbusTCP port forward 502" disabled=yes port=502 protocol=tcp
add action=log chain=public comment="Log packet from public internet." \
log-prefix=PUBLIC
add action=drop chain=public comment="Default Public Internet action."
/ip firewall nat
add chain=srcnat dst-address=10.0.0.0/24 src-address=10.2.89.0/24
add action=src-nat chain=srcnat to-addresses=10.216.49.1 disabled=yes \
src-address=10.2.89.0/24 dst-address=0.0.0.0/0
add chain=srcnat action=masquerade
add action=dst-nat chain=dstnat comment="modbusTCP port forward 502 (10.x.x.20)" disabled=yes dst-port=502 protocol=tcp to-addresses=10.2.89.20
add action=dst-nat chain=dstnat comment="modbusTCP port forward 502 (10.x.x.10)" disabled=yes dst-port=502 protocol=tcp to-addresses=10.2.89.10
/ip route
add dst-address=0.0.0.0/0 gateway=10.216.49.1
add dst-address=10.0.0.0/24 gateway=10.0.0.1
/ip service
set [find] disabled=yes
set ssh,www address=10.0.0.0/24,10.2.89.0/24 disabled=no
/system clock
set time-zone-name=PST8PDT
/system ntp client
set enabled=yes primary-ntp=10.0.0.1
/user set admin password="ozone"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge ssid=o3service wireless-protocol=802.11 hide-ssid=yes
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key="i owe engineering a beer" wpa2-pre-shared-key="i owe engineering a beer"
/ip ssh
set always-allow-password-login=yes forwarding-enabled=yes strong-crypto=yes
/system identity
set name=router-o3-2-89