API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 11th, 2016
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.30 KB | None | 0 0
raw download clone embed print report
  1. # Mikrotik has internet via PPPoE tagged on VLAN10
  2. # LAN A 192.168.3.0/24 is primary LAN
  3. # LAN B 192.168.2.0/24 is another LAN with a printer at IP 192.168.2.152
  4. # LAN B's switch is connected with a patch cable to ethernet port 3 on Mikrotik
  5. # The goal is to allow workstations on LAN A to use the printer on LAN B
  6. #
  7. /interface ethernet
  8. set [ find default-name=ether2 ] comment="ether2 LAN" name=LAN
  9. set [ find default-name=ether1 ] comment="ether1 WAN port" name=WAN
  10. set [ find default-name=ether3 ] comment="printer on LAN B"
  11. set [ find default-name=ether4 ] arp=disabled comment=spare master-port=LAN
  12. set [ find default-name=ether5 ] arp=disabled comment=spare master-port=LAN
  13. /ip neighbor discovery
  14. set LAN comment="ether2 LAN A"
  15. set WAN comment="ether1 WAN port internet"
  16. set ether3 comment="printer LAN B"
  17. set ether4 comment=spare
  18. set ether5 comment=spare
  19. /interface vlan
  20. add interface=WAN name=VLAN10 vlan-id=10
  21. /interface pppoe-client
  22. add add-default-route=yes comment="ISP PPPoE client WAN" disabled=no
  23. interface=VLAN10 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1
  24. password=xxxxxxxxxx use-peer-dns=yes user=yyy@zzz
  25. /ip neighbor discovery
  26. set pppoe-out1 comment="ISP PPPoE client WAN"
  27. /interface wireless security-profiles
  28. set [ find default=yes ] supplicant-identity=MikroTik
  29. /ip pool
  30. add name=dhcp ranges=192.168.3.50-192.168.3.150 comment="DHCP pool for LAN A"
  31. /ip dhcp-server
  32. add address-pool=dhcp disabled=no interface=LAN lease-time=1d name=dhcp1
  33. /ip neighbor discovery settings
  34. set default=no
  35. /ip address
  36. add address=192.168.3.254/24 comment="LAN A" interface=LAN network=
  37. 192.168.3.0
  38. add address=192.168.2.250/24 comment=
  39. "Mikrotik's ethernet#3 port has 192.168.2.250 IP on LAN B" interface=ether3
  40. network=192.168.2.0
  41. /ip dhcp-client
  42. add dhcp-options=hostname,clientid disabled=no interface=WAN
  43. /ip dhcp-server network
  44. add address=192.168.3.0/24 comment="DHCP to LAN" gateway=192.168.3.254
  45. /ip dns
  46. set allow-remote-requests=yes
  47. /ip firewall address-list
  48. add address=xx.xx.xx.xx comment="management IP" list="Allowed IPs"
  49. add address=192.168.3.0/24 comment="allow management from LAN A" list="Allowed IPs"
  50. add address= xx.xx.xx.xx comment="management IP" list="Allowed IPs"
  51. /ip firewall filter
  52. add action=accept chain=input comment="allow ping from LAN B" disabled=
  53. yes dst-address=192.168.2.250 protocol=icmp src-address=192.168.2.0/24
  54. add action=accept chain=forward comment=
  55. "allow traffic from LAN A 192.168.3.0 to printer IP 192.168.2.152 on LAN B" dst-address=
  56. 192.168.2.152 src-address=192.168.3.0/24
  57. add action=accept chain=forward comment=
  58. "allow traffic from LAN B printer IP 192.168.2.152 to LAN A" dst-address=
  59. 192.168.3.0/24 src-address=192.168.2.152
  60. add action=drop chain=forward comment=
  61. "drop all other traffic from LAN B 192.168.2.0/24" dst-address=
  62. 192.168.3.0/24 src-address=192.168.2.0/24
  63. add action=accept chain=input comment="winbox admin from WAN" dst-port=8291
  64. protocol=tcp
  65. add action=accept chain=input comment=
  66. "Accept connections TO router from allowed IPs" src-address-list=
  67. "Allowed IPs"
  68. add action=drop chain=forward comment="Drop invalid packets THROUGH router"
  69. connection-state=invalid
  70. add action=accept chain=forward comment="Accept new connections from LAN"
  71. connection-state=new in-interface=pppoe-out1
  72. add action=accept chain=forward comment="Allow related connections"
  73. connection-state=related
  74. add action=accept chain=forward comment="Allow established connections"
  75. connection-state=established
  76. add action=drop chain=forward comment=
  77. "Drop all other traffic THROUGH the router" disabled=yes
  78. add action=accept chain=input comment=
  79. "Allow etablished connections to the router" connection-state=established
  80. add action=accept chain=input comment=
  81. "Allow related connections to the router" connection-state=related
  82. add action=drop chain=input comment="Drop all other traffic TO the router"
  83. add action=drop chain=forward comment="Drop invalid packets TO router"
  84. connection-state=invalid
  85. /ip firewall nat
  86. add action=masquerade chain=srcnat comment="Allow outgoing traffic"
  87. dst-address=0.0.0.0/0 out-interface=pppoe-out1
  88. /ip service
  89. set telnet disabled=yes
  90. set www-ssl disabled=no
  91. set api disabled=yes
  92. set api-ssl disabled=yes
  93.  
  94. /system identity
  95. set name="MikroTik"
  96. /system note
  97. set note=
  98. "Authorised administrators only. Access to this device is monitored."
  99. /system ntp client
  100. set enabled=yes server-dns-names=us.pool.ntp.org,pool.ntp.org
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!