Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################################################################################
- # A generic setup for a MikroTik running RouterOS v6+
- #
- # First you need to connect to the default MikroTik with the user "admin" and
- # password is blank "". The IP for port 2 (from left) is 192.168.88.1.
- # If you have an LCD on the front the pin is "1234".
- # After applying these settings change the password from "System / Password" menu
- #
- # Notes:
- # We are not using a "bridge" interface. If you intend to use port 2+ as a
- # switch, then substitue ether-LAN with ether-bridge, or whatever you name it.
- ################################################################################
- # Setup
- # Name the interfaces, the far left port (0) will be ether-WAN, and 1 will be ether-LAN
- # The others are left to defaults
- /interface ethernet
- set 0 name=ether-WAN
- set 1 name=ether-LAN
- # TODO: Setup or disable bridge
- # / interface bridge
- # add name="bridge1"
- # / interface bridge port
- # add interface=ether-LAN bridge=bridge1
- # add interface=ether3 bridge=bridge1
- # add interface=ether4 bridge=bridge1
- # etc ...
- # / interface bridge settings
- # set use-ip-firewall=yes
- # Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
- /ip address
- add address=192.168.0.1/24 interface=ether-LAN
- add address=2.2.2.2/24 interface=ether-WAN
- # Set the default route. Use Check Gateway for failover. The higher "distance" won't get used by default.
- /ip route
- add gateway=2.2.2.1 distance=1 comment="default route"
- # Enable masquerading to hide internal LAN
- /ip firewall nat
- add chain=srcnat action=masquerade out-interface=ether-WAN comment="default masquerade"
- # Enter DNS servers and allow LAN to use the router as a caching DNS.
- /ip dns
- set servers=3.3.3.3,4.4.4.4 allow-remote-requests=yes
- # Add router's name to the DNS static host table
- /ip dns static
- add address=192.168.0.1 name=firewall
- # Set the host name for the router
- /system identity
- set name=firewall
- # Setup DHCP server. We've added it here to the LAN interface. You may need to
- # disable bridging from "Interfaces" menu or assign it to the bridge interface.
- /ip pool
- add name=dhcp_pool1 ranges=192.168.0.50-192.168.0.100
- /ip dhcp-server
- add name=dhcp1 address-pool=dhcp_pool1 interface=ether-LAN
- /ip dhcp-server network
- add address=192.168.0.0/24 dns-server=192.168.0.1 domain=localdomain gateway=192.168.0.1
- # Open ports to remote control the router
- /ip service
- set www address=192.168.0.0/24
- set winbox address=192.168.0.0/24
- set ssh address=192.168.0.0/24
- set telnet disabled=yes
- set ftp disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- # Setup automatic (NTP) time
- /system clock
- set time-zone-name=America/Chicago
- /system clock manual
- set dst-end="nov/03/2013 00:00:00" dst-start="mar/10/2013 00:00:00"
- /system ntp client
- set enabled=yes mode=unicast primary-ntp=5.5.5.5 secondary-ntp=6.6.6.6
- # Features you probably don't need
- # Unless otherwise needed disable neighbor interfaces. The Winbox uses this to "find" routers.
- /ip neighbor discovery
- set ether-WAN discover=no
- set ether-LAN discover=no
- set ether3 discover=no
- set ether4 discover=no
- set ether5 discover=no
- set ether6 discover=no
- set ether7 discover=no
- set ether8 discover=no
- set ether9 discover=no
- set ether10 discover=no
- set sfp1 discover=no
- # These are nat helpers, turn them on if you have problems with these ports
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes
- set pptp disabled=yes
- # This is the BTest server
- /tool bandwidth-server
- set enabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement