/interface bridgeadd arp=proxy-arp name=FullBridge/interface listadd name=

1. /interface bridge
2. add arp=proxy-arp name=FullBridge
3. /interface list
4. add name=WAN
5. add name=LAN
6. /interface wireless security-profiles
7. set [ find default=yes ] supplicant-identity=MikroTik
8. add authentication-types=wpa2-psk eap-methods="" group-key-update=3m mode=dynamic-keys name=password1 supplicant-identity=""
9. /interface wireless
10. set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-eC country="czech republic" disabled=no frequency=auto \
11. installation=indoor mode=ap-bridge security-profile=password1 ssid=Tomsik_2G wps-mode=disabled
12. set [ find default-name=wlan2 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee country="czech republic" disabled=no frequency=\
13. auto installation=indoor mode=ap-bridge security-profile=password1 ssid=Tomsik_5G wps-mode=disabled
14. /ip pool
15. add name=vpnpool ranges=10.0.1.201-10.0.1.239
16. add name=dhcp2 ranges=10.0.1.60-10.0.1.180
17. add name=dhcp next-pool=dhcp2 ranges=10.0.1.20-10.0.1.50
18. /ip dhcp-server
19. add address-pool=dhcp disabled=no interface=FullBridge lease-time=5m name=dhcp1
20. /ppp profile
21. add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1,10.10.10.10 interface-list=LAN local-address=10.0.1.253 name=\
22. my-l2tp-profile remote-address=vpnpool
23. add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1,10.10.10.10 interface-list=LAN local-address=10.0.1.253 name=\
24. vpn-static remote-address=10.0.1.240
25. /interface bridge port
26. add bridge=FullBridge interface=ether2
27. add bridge=FullBridge interface=ether3
28. add bridge=FullBridge interface=ether4
29. add bridge=FullBridge disabled=yes interface=ether5
30. add bridge=FullBridge interface=wlan1
31. add bridge=FullBridge interface=wlan2
32. add bridge=FullBridge interface=ether5
33. /ip neighbor discovery-settings
34. set discover-interface-list=!dynamic
35. /interface l2tp-server server
36. set authentication=mschap1,mschap2 default-profile=my-l2tp-profile enabled=yes keepalive-timeout=60 use-ipsec=yes
37. /interface list member
38. add interface=ether1 list=WAN
39. add interface=FullBridge list=LAN
40. /interface sstp-server server
41. set default-profile=default-encryption
42. /ip address
43. add address=100.70.76.176/24 interface=ether1 network=100.70.76.0
44. add address=10.0.1.1/24 interface=FullBridge network=10.0.1.0
45. /ip cloud
46. set ddns-enabled=yes
47. /ip dhcp-client
48. add interface=wlan2
49. /ip dhcp-server lease
50. [OMMITED]
51. /ip dhcp-server network
52. add address=10.0.1.0/24 dns-server=10.0.1.1,10.100.0.100,10.10.10.10,1.1.1.1 gateway=10.0.1.1 netmask=24
53. add address=100.71.22.0/24 gateway=100.71.22.3 netmask=24
54. /ip dns
55. set allow-remote-requests=yes servers=10.0.1.1,10.100.0.100,10.10.10.10,1.1.1.1,8.8.8.8
56. /ip firewall filter
57. add action=accept chain=forward disabled=yes dst-port=32400 log=yes log-prefix=_plex protocol=tcp
58. add action=accept chain=input comment="VPN: allow IKE" dst-port=500 in-interface=ether1 protocol=udp
59. add action=accept chain=input comment="VPN: allow L2TP" dst-port=1701 in-interface=ether1 protocol=udp
60. add action=accept chain=input comment="VPN: allow IPsec NAT-T" dst-port=4500 in-interface=ether1 protocol=udp
61. add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
62. add action=accept chain=input in-interface=ether1 protocol=ipsec-ah
63. add action=accept chain=input comment="DNS Resolver TCP" dst-port=53 in-interface-list=WAN protocol=tcp
64. add action=accept chain=input comment="DNS Resolver UDP" dst-port=53 in-interface-list=WAN protocol=udp
65. /ip firewall nat
66. add action=masquerade chain=srcnat out-interface-list=WAN
67. # no interface
68. add action=masquerade chain=srcnat dst-address=10.0.2.0/24 out-interface=*F00006
69. add action=dst-nat chain=dstnat disabled=yes dst-port=32400 in-interface=ether1 protocol=tcp to-addresses=10.0.0.20 to-ports=\
70. 32400
71. add action=dst-nat chain=dstnat disabled=yes dst-port=5000 in-interface=ether1 protocol=tcp to-addresses=10.0.1.31 to-ports=5000
72. add action=dst-nat chain=dstnat disabled=yes dst-port=14316 in-interface=ether1 protocol=tcp to-addresses=10.0.1.20 to-ports=\
73. 32400
74. add action=dst-nat chain=dstnat comment="Port forward for Proxmox Services VM - HTTP" dst-port=80 in-interface=ether1 protocol=\
75. tcp to-addresses=10.0.1.42 to-ports=80
76. add action=dst-nat chain=dstnat comment="Port forward for Proxmox Services VM - HTTPS" dst-port=443 in-interface=ether1 \
77. protocol=tcp to-addresses=10.0.1.42 to-ports=443
78. add action=dst-nat chain=dstnat comment="Port forward for Proxmox Host - HTTP" dst-port=80 in-interface=ether1 protocol=tcp \
79. to-addresses=10.0.1.40 to-ports=80
80. add action=dst-nat chain=dstnat comment="Port forward for Proxmox Host - HTTPS" dst-port=443 in-interface=ether1 protocol=tcp \
81. to-addresses=10.0.1.40 to-ports=443
82. /ip route
83. add distance=1 gateway=100.[REST REDACTED, INTERNAL IP OF ISP]
84. add distance=1 dst-address=10.0.2.0/24 gateway=10.0.1.240
85. add disabled=yes distance=1 dst-address=10.0.2.0/24 gateway=10.0.1.238
86. /ip service
87. set telnet disabled=yes
88. set ftp disabled=yes
89. set www disabled=yes
90. set ssh disabled=yes
91. set api disabled=yes
92. set api-ssl disabled=yes
93. /ppp profile
94. set *FFFFFFFE local-address=192.168.89.1 remote-address=*5
95. /ppp secret
96. add disabled=yes name=vpn
97. add name=tomsikr profile=my-l2tp-profile service=l2tp
98. /system clock
99. set time-zone-name=Europe/Prague
100. /system identity
101. set name=TomsikrMT
102. /system logging
103. add prefix="L2TP_LOG ===> " topics=l2tp
104. add prefix="IPSEC_LOG ===> " topics=ipsec
105. /system routerboard settings
106. set auto-upgrade=yes
107. /tool graphing interface
108. add interface=FullBridge
109. [tomsikr@TomsikrMT] >
110.