Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add arp=proxy-arp name=FullBridge
- /interface list
- add name=WAN
- add name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- add authentication-types=wpa2-psk eap-methods="" group-key-update=3m mode=dynamic-keys name=password1 supplicant-identity=""
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-eC country="czech republic" disabled=no frequency=auto \
- installation=indoor mode=ap-bridge security-profile=password1 ssid=Tomsik_2G wps-mode=disabled
- set [ find default-name=wlan2 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee country="czech republic" disabled=no frequency=\
- auto installation=indoor mode=ap-bridge security-profile=password1 ssid=Tomsik_5G wps-mode=disabled
- /ip pool
- add name=vpnpool ranges=10.0.1.201-10.0.1.239
- add name=dhcp2 ranges=10.0.1.60-10.0.1.180
- add name=dhcp next-pool=dhcp2 ranges=10.0.1.20-10.0.1.50
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=FullBridge lease-time=5m name=dhcp1
- /ppp profile
- add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1,10.10.10.10 interface-list=LAN local-address=10.0.1.253 name=\
- my-l2tp-profile remote-address=vpnpool
- add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1,10.10.10.10 interface-list=LAN local-address=10.0.1.253 name=\
- vpn-static remote-address=10.0.1.240
- /interface bridge port
- add bridge=FullBridge interface=ether2
- add bridge=FullBridge interface=ether3
- add bridge=FullBridge interface=ether4
- add bridge=FullBridge disabled=yes interface=ether5
- add bridge=FullBridge interface=wlan1
- add bridge=FullBridge interface=wlan2
- add bridge=FullBridge interface=ether5
- /ip neighbor discovery-settings
- set discover-interface-list=!dynamic
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=my-l2tp-profile enabled=yes keepalive-timeout=60 use-ipsec=yes
- /interface list member
- add interface=ether1 list=WAN
- add interface=FullBridge list=LAN
- /interface sstp-server server
- set default-profile=default-encryption
- /ip address
- add address=100.70.76.176/24 interface=ether1 network=100.70.76.0
- add address=10.0.1.1/24 interface=FullBridge network=10.0.1.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add interface=wlan2
- /ip dhcp-server lease
- [OMMITED]
- /ip dhcp-server network
- add address=10.0.1.0/24 dns-server=10.0.1.1,10.100.0.100,10.10.10.10,1.1.1.1 gateway=10.0.1.1 netmask=24
- add address=100.71.22.0/24 gateway=100.71.22.3 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=10.0.1.1,10.100.0.100,10.10.10.10,1.1.1.1,8.8.8.8
- /ip firewall filter
- add action=accept chain=forward disabled=yes dst-port=32400 log=yes log-prefix=_plex protocol=tcp
- add action=accept chain=input comment="VPN: allow IKE" dst-port=500 in-interface=ether1 protocol=udp
- add action=accept chain=input comment="VPN: allow L2TP" dst-port=1701 in-interface=ether1 protocol=udp
- add action=accept chain=input comment="VPN: allow IPsec NAT-T" dst-port=4500 in-interface=ether1 protocol=udp
- add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
- add action=accept chain=input in-interface=ether1 protocol=ipsec-ah
- add action=accept chain=input comment="DNS Resolver TCP" dst-port=53 in-interface-list=WAN protocol=tcp
- add action=accept chain=input comment="DNS Resolver UDP" dst-port=53 in-interface-list=WAN protocol=udp
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface-list=WAN
- # no interface
- add action=masquerade chain=srcnat dst-address=10.0.2.0/24 out-interface=*F00006
- add action=dst-nat chain=dstnat disabled=yes dst-port=32400 in-interface=ether1 protocol=tcp to-addresses=10.0.0.20 to-ports=\
- 32400
- add action=dst-nat chain=dstnat disabled=yes dst-port=5000 in-interface=ether1 protocol=tcp to-addresses=10.0.1.31 to-ports=5000
- add action=dst-nat chain=dstnat disabled=yes dst-port=14316 in-interface=ether1 protocol=tcp to-addresses=10.0.1.20 to-ports=\
- 32400
- add action=dst-nat chain=dstnat comment="Port forward for Proxmox Services VM - HTTP" dst-port=80 in-interface=ether1 protocol=\
- tcp to-addresses=10.0.1.42 to-ports=80
- add action=dst-nat chain=dstnat comment="Port forward for Proxmox Services VM - HTTPS" dst-port=443 in-interface=ether1 \
- protocol=tcp to-addresses=10.0.1.42 to-ports=443
- add action=dst-nat chain=dstnat comment="Port forward for Proxmox Host - HTTP" dst-port=80 in-interface=ether1 protocol=tcp \
- to-addresses=10.0.1.40 to-ports=80
- add action=dst-nat chain=dstnat comment="Port forward for Proxmox Host - HTTPS" dst-port=443 in-interface=ether1 protocol=tcp \
- to-addresses=10.0.1.40 to-ports=443
- /ip route
- add distance=1 gateway=100.[REST REDACTED, INTERNAL IP OF ISP]
- add distance=1 dst-address=10.0.2.0/24 gateway=10.0.1.240
- add disabled=yes distance=1 dst-address=10.0.2.0/24 gateway=10.0.1.238
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ppp profile
- set *FFFFFFFE local-address=192.168.89.1 remote-address=*5
- /ppp secret
- add disabled=yes name=vpn
- add name=tomsikr profile=my-l2tp-profile service=l2tp
- /system clock
- set time-zone-name=Europe/Prague
- /system identity
- set name=TomsikrMT
- /system logging
- add prefix="L2TP_LOG ===> " topics=l2tp
- add prefix="IPSEC_LOG ===> " topics=ipsec
- /system routerboard settings
- set auto-upgrade=yes
- /tool graphing interface
- add interface=FullBridge
- [tomsikr@TomsikrMT] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement