# model: RB2011UiAS # serial-number: 763107F491E1 # firmware-type: ar9344 # current-firmware: 6.46.8 # installed-version: 7.20.1 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U nat rule removed oleksiit write 2026-03-16 09:38:19 # U nat rule removed oleksiit write 2026-03-16 09:38:19 # U nat rule added oleksiit write 2026-03-16 09:34:22 # U nat rule added oleksiit write 2026-03-16 09:33:24 # # 2026-03-26 10:51:53 by RouterOS 7.20.1 # software id = IEVT-4TLJ # # model = RB2011UiAS # serial number = 763107F491E1 /interface bridge add name=bridge1 port-cost-mode=short /interface ethernet set [ find default-name=sfp1 ] advertise="10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" /interface eoip add keepalive=3s,3 local-address=213.174.0.14 mac-address=02:26:8B:BF:DC:34 name=eoip-tunnel-G remote-address=95.47.136.14 tunnel-id=22 /interface vlan add interface=ether1 name=30-mgnt vlan-id=30 add interface=ether2 name=30-mgnt-eth2 vlan-id=30 add interface=ether1 name=34-serv vlan-id=34 add interface=ether1 name=35-WAN vlan-id=35 add interface=ether1 name=38-rad vlan-id=38 add interface=ether1 name=726-via_astr vlan-id=726 add interface=ether1 name=736-tnsp.astra vlan-id=736 add interface=ether1 name=3669-kopernyka62 vlan-id=3669 add interface=ether1 name=3776-trnsp-UARNET-str vlan-id=3776 add interface=ether1 name=3926-TRNSP-UarNET vlan-id=3926 /interface list add name=macwinbox /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=10.35.1.50 /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes dns-server=213.174.0.3,213.174.0.11 local-address=213.174.0.14 name=profile-PPPoE only-one=yes use-compression=no use-encryption=no use-mpls=no use-upnp=no /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /snmp community add addresses=::/0 name=snmpR1 /interface bridge port add bridge=bridge1 ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=30-mgnt internal-path-cost=10 path-cost=10 add bridge=bridge1 ingress-filtering=no interface=30-mgnt-eth2 internal-path-cost=10 path-cost=10 add bridge=bridge1 interface=ether10 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=macwinbox /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface list member add interface=34-serv list=macwinbox add interface=30-mgnt list=macwinbox add interface=ether2 list=macwinbox add interface=ether10 list=macwinbox /interface ovpn-server server add auth=sha1,md5 mac-address=FE:57:90:0C:8D:D4 name=ovpn-server1 /interface pppoe-server server # Service is on a slave interface add authentication=mschap1,mschap2 default-profile=profile-PPPoE disabled=no interface=30-mgnt max-mru=1500 max-mtu=1500 mrru=1600 one-session-per-host=yes service-name=service1 /ip address add address=213.174.0.14/28 comment=WAN interface=35-WAN network=213.174.0.0 add address=10.35.1.1/24 comment=mgnt interface=bridge1 network=10.35.1.0 add address=10.36.100.1/24 comment=serv interface=34-serv network=10.36.100.0 add address=10.38.1.1/29 comment=rad interface=38-rad network=10.38.1.0 add address=192.168.5.6/30 comment=eoip-tunnel-G interface=eoip-tunnel-G network=192.168.5.4 add address=10.37.1.25/30 comment="\FC\EB\B39" disabled=yes interface=726-via_astr network=10.37.1.24 add address=10.37.1.1/30 interface=3926-TRNSP-UarNET network=10.37.1.0 add address=10.37.1.9/29 interface=3669-kopernyka62 network=10.37.1.8 add address=10.37.1.17/29 interface=3776-trnsp-UARNET-str network=10.37.1.16 add address=10.37.1.1 comment=OLT_via_ASTRA interface=736-tnsp.astra network=10.37.1.192 add address=192.168.88.2/24 interface=ether2 network=192.168.88.0 add address=10.37.1.1 comment=OLT_via_ASTRA interface=736-tnsp.astra network=10.37.1.193 /ip dhcp-server add address-pool=dhcp_pool0 interface=bridge1 lease-time=10m name=dhcp1 /ip dhcp-server network add address=10.35.1.0/24 gateway=10.35.1.1 /ip dns set servers=8.8.8.8 /ip firewall address-list add address=231.174.0.5 list=adm add address=95.47.136.14 list=adm add address=95.47.136.9 list=adm add address=213.174.0.13 list=adm add address=95.46.108.0/24 list=adm add address=home.2funoff.com list=adm /ip firewall filter add action=accept chain=input comment=ICMP protocol=icmp add action=accept chain=forward comment=DIC connection-state=established add action=accept chain=forward connection-state=related connection-type="" add action=accept chain=input connection-state=established add action=accept chain=input connection-state=related add action=drop chain=forward connection-state=invalid disabled=yes add action=drop chain=input connection-state=invalid add action=accept chain=input comment=NTP dst-port=123 protocol=udp src-address=10.35.1.0/24 add action=accept chain=input comment=NTP dst-port=123 protocol=udp src-address=10.37.1.0/24 add action=accept chain=input comment=adm src-address-list=adm add action=drop chain=input /ip firewall nat add action=dst-nat chain=dstnat comment=QNAP dst-port=8888 protocol=tcp src-address-list=adm to-addresses=10.36.100.20 to-ports=443 add action=masquerade chain=srcnat dst-address=10.36.100.20 add action=masquerade chain=srcnat out-interface=35-WAN src-address=10.38.1.0/24 add action=masquerade chain=srcnat out-interface=35-WAN src-address=10.36.100.0/24 add action=masquerade chain=srcnat out-interface=35-WAN src-address=10.35.1.0/24 /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=213.174.0.1 add disabled=no dst-address=10.20.1.0/24 gateway=192.168.5.5 add disabled=no dst-address=172.16.25.0/24 gateway=192.168.5.5 add disabled=no dst-address=192.168.10.0/24 gateway=192.168.5.5 /ip service set ftp disabled=yes set telnet disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/pub /ppp aaa set interim-update=30s use-radius=yes /radius add address=213.174.0.13 require-message-auth=no secret=hardpass5 service=ppp src-address=213.174.0.14 timeout=300ms /radius incoming set accept=yes /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=hostmaster enabled=yes /system clock set time-zone-name=Europe/Kyiv /system identity set name="AB #mgnt" /system ntp client set enabled=yes /system ntp server set broadcast=yes enabled=yes manycast=yes multicast=yes /system ntp client servers add address=ntp.time.in.ua /tool mac-server set allowed-interface-list=macwinbox /tool mac-server mac-winbox set allowed-interface-list=macwinbox /tool mac-server ping set enabled=no