API tools faq
paste
Advertisement
Guest User

my RouterOS configuration

a guest
Jul 10th, 2017
413
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.63 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add admin-mac={mac address} auto-mac=no comment=defconf disabled=yes name=bridge
  3. /interface ethernet
  4. set [ find default-name=ether8 ] name=WAN1
  5. set [ find default-name=ether9 ] name=WAN2
  6. set [ find default-name=ether2 ] name=ether2-master
  7. set [ find default-name=ether3 ] master-port=ether2-master
  8. set [ find default-name=ether4 ] master-port=ether2-master
  9. set [ find default-name=ether5 ] master-port=ether2-master
  10. set [ find default-name=ether6 ] name=ether6-master
  11. /ip neighbor discovery
  12. set bridge comment=defconf
  13. /interface ethernet
  14. set [ find default-name=ether1 ] master-port=ether2-master
  15. /ip neighbor discovery
  16. set ether1 discover=no
  17. /interface list
  18. add name=WAN-List
  19. /ip pool
  20. add name=default-dhcp ranges=10.1.5.10-10.1.5.254
  21. /ip dhcp-server
  22. add address-pool=default-dhcp disabled=no interface=ether2-master name=defconf
  23. /interface bridge port
  24. add bridge=bridge comment=defconf interface=ether2-master
  25. add bridge=bridge comment=defconf interface=ether6-master
  26. add bridge=bridge comment=defconf interface=sfp1
  27. /interface list member
  28. add interface=WAN1 list=WAN-List
  29. add interface=WAN2 list=WAN-List
  30. /ip address
  31. add address=10.1.4.1/24 comment=Servers interface=ether2-master network=10.1.4.0
  32. add address=10.1.5.1/24 comment=Computers interface=ether2-master network=10.1.5.0
  33. add address=192.168.1.174/28 comment="WAN Connected" interface=WAN1 network=192.168.1.160
  34. add address=192.168.2.78/28 comment="WAN Netia" interface=WAN2 network=192.168.2.64
  35. add address=10.1.3.1/24 comment=Routers interface=ether2-master network=10.1.3.0
  36. /ip dhcp-client
  37. add comment=defconf dhcp-options=hostname,clientid disabled=yes interface=WAN1
  38. /ip dhcp-server network
  39. add address=10.1.5.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=10.1.5.1
  40. /ip dns
  41. set allow-remote-requests=no servers=8.8.8.8,8.8.4.4
  42. /ip dns static
  43. add address=192.168.88.1 name=router
  44. /ip firewall filter
  45. add action=drop chain=input comment="Limit access to WINBOX from the internet" in-interface-list=WAN-List port=8291 protocol=tcp
  46. add action=drop chain=input in-interface-list=WAN-List port=8291 protocol=udp
  47. add action=drop chain=input comment="Limit access to DNS from the internet" disabled=yes in-interface-list=WAN-List port=53 protocol=tcp
  48. add action=drop chain=input disabled=yes in-interface-list=WAN-List port=53 protocol=udp
  49. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  50. add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related,new
  51. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=WAN1
  52. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=WAN2
  53. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
  54. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related,new
  55. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  56. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=WAN1
  57. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" in-interface=WAN2
  58. /ip firewall mangle
  59. add action=passthrough chain=forward disabled=yes in-interface=WAN1 out-interface=ether1
  60. add action=passthrough chain=forward disabled=yes in-interface=WAN2 out-interface=ether1
  61. add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=ether2-master
  62. add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=ether2-master
  63. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1_conn
  64. add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2_conn
  65. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether2-master new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
  66. add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether2-master new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
  67. add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
  68. add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
  69. add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
  70. add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
  71. /ip firewall nat
  72. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether2-master
  73. add action=masquerade chain=srcnat out-interface=WAN1
  74. add action=masquerade chain=srcnat out-interface=WAN2
  75. /ip route
  76. add check-gateway=ping distance=1 gateway=192.168.1.161 routing-mark=to_WAN1
  77. add check-gateway=ping distance=1 gateway=192.168.2.65 routing-mark=to_WAN2
  78. add check-gateway=ping distance=1 gateway=192.168.1.161
  79. add check-gateway=ping distance=2 gateway=192.168.2.65
  80. /ip service
  81. set telnet disabled=yes
  82. set ftp disabled=yes
  83. set www disabled=yes
  84. set ssh disabled=yes
  85. set api disabled=yes
  86. set api-ssl disabled=yes
  87. /system clock
  88. set time-zone-name=Europe/Warsaw
  89. /system ntp client
  90. set enabled=yes primary-ntp=95.158.95.123 secondary-ntp=91.232.160.1
  91. /system routerboard settings
  92. set protected-routerboot=disabled
  93. /tool mac-server
  94. set [ find default=yes ] disabled=yes
  95. add interface=bridge
  96. /tool mac-server mac-winbox
  97. set [ find default=yes ] disabled=yes
  98. add interface=bridge
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!