From d1612796815516e213bf9adc27fdbe54e045020f Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Tue, 10 Mar 2026 22:51:46 -0400 Subject: [PATCH] "Add current RouterOS configuration on RB5009" --- devices/RB5009/RB5009Config.rsc | 107 ++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 devices/RB5009/RB5009Config.rsc diff --git a/devices/RB5009/RB5009Config.rsc b/devices/RB5009/RB5009Config.rsc new file mode 100644 index 0000000..2b5017d --- /dev/null +++ b/devices/RB5009/RB5009Config.rsc @@ -0,0 +1,107 @@ +# 2026-03-10 22:40:31 by RouterOS 7.19.2 +# software id = CIAZ-SUFT +# +# model = RB5009UG+S+ +# serial number = HEE08K82CQV +/interface bridge +add name=local port-cost-mode=short +/interface wireless security-profiles +set [ find default=yes ] supplicant-identity=MikroTik +/ip pool +add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254 +add name=dhcp_pool1 ranges=192.168.88.10-192.168.88.254 +/ip dhcp-server +add address-pool=dhcp_pool1 interface=local lease-time=10m name=dhcp2 +/ip smb users +add name=cjones +add name=chris +/ip smb +set enabled=yes +/interface bridge port +add bridge=local interface=ether2 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether3 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether4 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether5 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether6 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether7 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether8 internal-path-cost=10 path-cost=10 +add bridge=local interface=ether1 internal-path-cost=10 path-cost=10 +/ip firewall connection tracking +set udp-timeout=10s +/interface ovpn-server server +add mac-address=FE:73:F4:5A:2B:60 name=ovpn-server1 +/ip address +add address=192.168.88.1/24 interface=local network=192.168.88.0 +/ip dhcp-client +add interface=sfp-sfpplus1 +/ip dhcp-server lease +add address=192.168.88.239 client-id=1:0:11:32:28:2:98 mac-address=\ + 00:11:32:28:02:98 server=dhcp2 +add address=192.168.88.47 client-id=1:48:a9:8a:c0:95:a mac-address=\ + 48:A9:8A:C0:95:0A server=dhcp2 +add address=192.168.88.232 client-id=1:dc:a6:32:67:1:16 mac-address=\ + DC:A6:32:67:01:16 server=dhcp2 +add address=192.168.88.231 client-id=1:a8:a1:59:ae:a0:3e mac-address=\ + A8:A1:59:AE:A0:3E server=dhcp2 +add address=192.168.88.15 client-id=1:dc:cd:2f:b:aa:b1 mac-address=\ + DC:CD:2F:0B:AA:B1 server=dhcp2 +add address=192.168.88.87 client-id=1:5c:f9:dd:e5:41:eb mac-address=\ + 5C:F9:DD:E5:41:EB server=dhcp2 +add address=192.168.88.26 client-id=1:c8:b2:9b:db:b0:23 mac-address=\ + C8:B2:9B:DB:B0:23 server=dhcp2 +add address=192.168.88.250 client-id=1:e0:2b:e9:cf:dc:d5 mac-address=\ + E0:2B:E9:CF:DC:D5 server=dhcp2 +add address=192.168.88.20 client-id=1:dc:21:5c:84:3a:a5 mac-address=\ + DC:21:5C:84:3A:A5 server=dhcp2 +add address=192.168.88.144 comment="Static IP for Clinitek engine" \ + mac-address=3E:BE:90:50:0E:47 +add address=192.168.88.138 client-id=\ + ff:f8:ce:1b:a1:0:2:0:0:ab:11:6f:15:1:e4:34:20:3c:8c mac-address=\ + A2:53:3A:64:F4:DE server=dhcp2 +add address=192.168.88.25 client-id=1:bc:f8:7e:8f:32:ea mac-address=\ + BC:F8:7E:8F:32:EA server=dhcp2 +add address=192.168.88.40 client-id=\ + ff:e4:96:b0:28:0:2:0:0:ab:11:a:d3:57:3f:cd:69:67:6c mac-address=\ + DC:A6:32:67:01:17 server=dhcp2 +/ip dhcp-server network +add +add address=192.168.88.0/24 dns-server=192.168.88.231 gateway=192.168.88.1 +/ip dns +set allow-remote-requests=yes servers=8.8.8.8 +/ip firewall filter +add action=accept chain=input comment="accept established,related" \ + connection-state=established,related +add action=drop chain=input connection-state=invalid +add action=accept chain=input comment="allow ICMP" in-interface=sfp-sfpplus1 \ + protocol=icmp +add action=accept chain=input comment="allow Winbox" in-interface=\ + sfp-sfpplus1 port=8291 protocol=tcp +add action=accept chain=input comment="allow SSH" in-interface=sfp-sfpplus1 \ + port=22 protocol=tcp +add action=drop chain=input comment="block everything else" in-interface=\ + sfp-sfpplus1 +/ip firewall nat +add action=masquerade chain=srcnat out-interface=sfp-sfpplus1 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=80 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=80 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8080 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=8080 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=443 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8070 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=8070 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=52199 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=52199 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=3389 \ + protocol=tcp to-addresses=192.168.88.250 to-ports=3389 +add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \ + protocol=tcp to-addresses=192.168.88.231 to-ports=443 +/ip ipsec profile +set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 +/ip smb shares +set [ find default=yes ] directory=/pub disabled=no +add directory=demoshare name=demoshare +/system clock +set time-zone-name=America/New_York +/system identity +set name=RB5009