Generic setup for a MikroTik

1. ################################################################################
2. # A generic setup for a MikroTik running RouterOS v6+
3. #
4. # First you need to connect to the default MikroTik with the user "admin" and
5. # password is blank "". The IP for port 2 (from left) is 192.168.88.1.
6. # If you have an LCD on the front the pin is "1234".
7. # After applying these settings change the password from "System / Password" menu
8. #
9. # Notes:
10. # We are not using a "bridge" interface. If you intend to use port 2+ as a
11. # switch, then substitue ether-LAN with ether-bridge, or whatever you name it.
12. ################################################################################
13.  
14. # Setup
15.  
16. # Name the interfaces, the far left port (0) will be ether-WAN, and 1 will be ether-LAN
17. # The others are left to defaults
18. /interface ethernet
19. set 0 name=ether-WAN
20. set 1 name=ether-LAN
21.  
22. # TODO: Setup or disable bridge
23. # / interface bridge
24. # add name="bridge1"
25. # / interface bridge port
26. # add interface=ether-LAN bridge=bridge1
27. # add interface=ether3 bridge=bridge1
28. # add interface=ether4 bridge=bridge1
29. # etc ...
30. # / interface bridge settings
31. # set use-ip-firewall=yes
32.  
33. # Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
34. /ip address
35. add address=192.168.0.1/24 interface=ether-LAN
36. add address=2.2.2.2/24 interface=ether-WAN
37.  
38. # Set the default route. Use Check Gateway for failover. The higher "distance" won't get used by default.
39. /ip route
40. add gateway=2.2.2.1 distance=1 comment="default route"
41.  
42. # Enable masquerading to hide internal LAN
43. /ip firewall nat
44. add chain=srcnat action=masquerade out-interface=ether-WAN comment="default masquerade"
45.  
46. # Enter DNS servers and allow LAN to use the router as a caching DNS.
47. /ip dns
48. set servers=3.3.3.3,4.4.4.4 allow-remote-requests=yes
49.  
50. # Add router's name to the DNS static host table
51. /ip dns static
52. add address=192.168.0.1 name=firewall
53.  
54. # Set the host name for the router
55. /system identity
56. set name=firewall
57.  
58. # Setup DHCP server. We've added it here to the LAN interface. You may need to
59. # disable bridging from "Interfaces" menu or assign it to the bridge interface.
60. /ip pool
61. add name=dhcp_pool1 ranges=192.168.0.50-192.168.0.100
62. /ip dhcp-server
63. add name=dhcp1 address-pool=dhcp_pool1 interface=ether-LAN
64. /ip dhcp-server network
65. add address=192.168.0.0/24 dns-server=192.168.0.1 domain=localdomain gateway=192.168.0.1
66.  
67. # Open ports to remote control the router
68. /ip service
69. set www address=192.168.0.0/24
70. set winbox address=192.168.0.0/24
71. set ssh address=192.168.0.0/24
72. set telnet disabled=yes
73. set ftp disabled=yes
74. set api disabled=yes
75. set api-ssl disabled=yes
76.  
77. # Setup automatic (NTP) time
78. /system clock
79. set time-zone-name=America/Chicago
80. /system clock manual
81. set dst-end="nov/03/2013 00:00:00" dst-start="mar/10/2013 00:00:00"
82. /system ntp client
83. set enabled=yes mode=unicast primary-ntp=5.5.5.5 secondary-ntp=6.6.6.6
84.  
85. # Features you probably don't need
86.  
87. # Unless otherwise needed disable neighbor interfaces. The Winbox uses this to "find" routers.
88. /ip neighbor discovery
89. set ether-WAN discover=no
90. set ether-LAN discover=no
91. set ether3 discover=no
92. set ether4 discover=no
93. set ether5 discover=no
94. set ether6 discover=no
95. set ether7 discover=no
96. set ether8 discover=no
97. set ether9 discover=no
98. set ether10 discover=no
99. set sfp1 discover=no
100.  
101. # These are nat helpers, turn them on if you have problems with these ports
102. /ip firewall service-port
103. set ftp disabled=yes
104. set tftp disabled=yes
105. set irc disabled=yes
106. set h323 disabled=yes
107. set sip disabled=yes
108. set pptp disabled=yes
109.  
110. # This is the BTest server
111. /tool bandwidth-server
112. set enabled=no