# dec/17/2020 13:44:48 by RouterOS 6.47.8# software id = ## model = CCR103

1. # dec/17/2020 13:44:48 by RouterOS 6.47.8
2. # software id =
3. #
4. # model = CCR1036-12G-4S
5. # serial number = ************
6. /interface bridge
7. add comment=LAN name=bridge1-LAN
8. /interface ethernet
9. set [ find default-name=ether1 ] comment=INET-MEG-REZERV
10. set [ find default-name=ether2 ] comment=INET-TTK
11. /interface list
12. add name=LAN
13. add name=WAN
14. /interface wireless security-profiles
15. set [ find default=yes ] supplicant-identity=MikroTik
16. /ip pool
17. add name=dhcp_pool0 ranges=172.115.0.2-172.115.255.254
18. /ip dhcp-server
19. add address-pool=dhcp_pool0 disabled=no interface=bridge1-LAN name=dhcp1
20. /interface bridge port
21. add bridge=bridge1-LAN interface=ether5
22. add bridge=bridge1-LAN interface=ether6
23. add bridge=bridge1-LAN interface=ether7
24. add bridge=bridge1-LAN interface=ether8
25. /interface list member
26. add interface=ether1 list=WAN
27. add interface=bridge1-LAN list=LAN
28. add interface=ether2 list=WAN
29. /ip address
30. add address=172.115.0.1/16 comment=LAN interface=bridge1-LAN network=\
31. 172.115.0.0
32. add address=188.170.**7.158/30 comment=INET-MEG-REZERV interface=ether1 \
33. network=188.170.**7.156
34. add address=80.92.*5.26/24 comment=INET-TTK interface=ether2 network=80.92.*5.0
35. /ip dhcp-server network
36. add address=172.115.0.0/16 gateway=172.115.0.1
37. /ip dns
38. set servers=8.8.8.8
39. /ip firewall filter
40. add action=accept chain=input comment=\
41. "defconf: accept established,related,untracked" connection-state=\
42. established,related,untracked
43. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
44. invalid
45. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
46. add action=accept chain=input comment="defconf: accept L2TP/IPSec" dst-port=\
47. 500,4500,1701 protocol=udp
48. add action=accept chain=input comment="defconf: accept IPSec-ESP" protocol=\
49. ipsec-esp
50. add action=accept chain=input comment=\
51. "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
52. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
53. in-interface-list=!LAN
54. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
55. ipsec-policy=in,ipsec
56. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
57. ipsec-policy=out,ipsec
58. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
59. connection-state=established,related disabled=yes
60. add action=accept chain=forward comment=\
61. "defconf: accept established,related, untracked" connection-state=\
62. established,related,untracked
63. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
64. invalid
65. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
66. connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
67. /ip firewall mangle
68. add action=mark-packet chain=forward comment="mark http/s" new-packet-mark=\
69. http/s passthrough=yes port=80,443 protocol=tcp
70. add action=mark-routing chain=prerouting comment="mark isp1" in-interface-list=\
71. LAN new-routing-mark=isp1 passthrough=yes per-connection-classifier=\
72. both-addresses-and-ports:3/0
73. add action=mark-routing chain=prerouting comment="mark isp2" in-interface-list=\
74. LAN new-routing-mark=isp2 passthrough=yes per-connection-classifier=\
75. both-addresses-and-ports:3/1
76. add action=mark-routing chain=prerouting comment="mark isp3" in-interface-list=\
77. LAN new-routing-mark=isp3 passthrough=yes per-connection-classifier=\
78. both-addresses-and-ports:3/2
79. add action=mark-routing chain=output new-routing-mark=isp2 passthrough=yes
80. /ip firewall nat
81. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
82. out,none out-interface-list=WAN
83. add action=dst-nat chain=dstnat dst-address=80.92.*5.26 dst-port=80,8080,443 \
84. protocol=tcp to-addresses=172.115.255.253
85. add action=masquerade chain=srcnat dst-address=172.115.255.253 dst-port=\
86. 80,8080,443 protocol=tcp src-address=172.115.0.0/16
87. /ip route
88. add check-gateway=ping distance=1 gateway=77.88.8.1 routing-mark=isp1
89. add check-gateway=ping distance=2 gateway=77.88.8.2 routing-mark=isp1
90. add check-gateway=ping distance=3 gateway=77.88.8.3 routing-mark=isp1
91. add check-gateway=ping distance=1 gateway=77.88.8.2 routing-mark=isp2
92. add check-gateway=ping distance=2 gateway=77.88.8.1 routing-mark=isp2
93. add check-gateway=ping distance=3 gateway=77.88.8.3 routing-mark=isp2
94. add distance=1 dst-address=172.115.0.0/16 gateway=bridge1-LAN pref-src=\
95. 172.115.0.1 routing-mark=isp2 scope=10
96. add check-gateway=ping disabled=yes distance=1 gateway=77.88.8.3 routing-mark=\
97. isp3
98. add check-gateway=ping disabled=yes distance=2 gateway=77.88.8.2 routing-mark=\
99. isp3
100. add check-gateway=ping disabled=yes distance=3 gateway=77.88.8.1 routing-mark=\
101. isp3
102. add check-gateway=ping distance=1 gateway=188.170.**7.157
103. add distance=1 gateway=bridge1-LAN
104. add check-gateway=ping distance=1 gateway=80.92.*5.1
105. add check-gateway=ping distance=1 dst-address=77.88.8.1/32 gateway=\
106. 188.170.**7.157 scope=9
107. add check-gateway=ping distance=1 dst-address=77.88.8.2/32 gateway=80.92.*5.1 \
108. scope=9
109. add check-gateway=ping disabled=yes distance=1 dst-address=77.88.8.3/32 \
110. gateway=10.0.3.1 scope=9
111. /system clock
112. set time-zone-name=Europe/Moscow
113. /system identity
114. set name=*****
115. /system ntp client
116. set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.235