# sep/11/2019 08:59:18 by RouterOS 6.45.5# software id = ###/inter

1. # sep/11/2019 08:59:18 by RouterOS 6.45.5
2. # software id =
3. #
4. #
5. #
6.  
7.  
8. /interface bridge
9. add name=LanBridge
10.  
11.  
12. /interface ethernet
13. set [ find default-name=ether1 ] comment="Port For ISP1"
14. set [ find default-name=ether2 ] comment="Port For ISP2"
15.  
16.  
17. /interface pppoe-client
18. add add-default-route=yes comment=ISP2-PPPoE-Client default-route-distance=10 \
19. disabled=no interface=ether1 name=ISP1 password=123456Ss user=user2
20. add comment="ISP1-PPPoE Client" disabled=no interface=ether2 name=ISP2 \
21. password=123456Aa user=user1
22.  
23.  
24. /interface list
25. add comment="For Internet" name=WAN
26. add comment="For Local Area" name=LAN
27.  
28.  
29. /interface wireless security-profiles
30. set [ find default=yes ] supplicant-identity=MikroTik
31.  
32.  
33. /ip pool
34. add name=dhcp_pool0 ranges=192.168.12.10-192.168.12.199
35.  
36.  
37. /ip dhcp-server
38. add address-pool=dhcp_pool0 disabled=no interface=LanBridge name=dhcp1
39.  
40.  
41. /interface bridge port
42. add bridge=LanBridge interface=ether3
43. add bridge=LanBridge interface=ether4
44.  
45.  
46. /ip neighbor discovery-settings
47. set discover-interface-list=WAN
48.  
49.  
50. /interface list member
51. add interface=ISP2 list=WAN
52. add interface=ISP1 list=WAN
53.  
54.  
55. /ip address
56. add address=192.168.12.200/24 interface=LanBridge network=192.168.12.0
57.  
58.  
59. /ip dhcp-server lease
60. add address=192.168.12.199 mac-address=50:00:00:03:00:00 server=dhcp1
61.  
62.  
63. /ip dhcp-server network
64. add address=192.168.12.0/24 dns-server=192.168.12.200 gateway=192.168.12.200
65.  
66.  
67. /ip dns
68. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
69.  
70.  
71. /ip firewall address-list
72. add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
73. add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
74. add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=\
75. BOGONS
76. add address=127.0.0.0/8 comment=Loopback list=BOGONS
77. add address=169.254.0.0/16 comment="Link Local" list=BOGONS
78. add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
79. add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
80. add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
81. add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
82. add address=198.18.0.0/15 comment=\
83. "Network Interconnect Device Benchmark Testing" list=BOGONS
84. add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
85. add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
86. add address=224.0.0.0/4 comment=Multicast list=BOGONS
87. add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
88. add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
89. add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
90.  
91.  
92. /ip firewall filter
93. add action=accept chain=input comment="Related Established Untracked Allow" \
94. connection-state=established,related,untracked
95. add action=accept chain=input comment="ICMP from ALL" protocol=icmp
96. add action=drop chain=input comment="All other WAN Drop" in-interface-list=\
97. WAN
98. add action=accept chain=forward comment=\
99. "Established, Related, Untracked allow" connection-state=\
100. established,related,untracked
101. add action=drop chain=forward comment="Invalid drop" connection-state=invalid
102. add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
103. connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
104.  
105.  
106.  
107.  
108.  
109. /ip firewall mangle
110. # Метим соединения от каждого их провайдеров
111.  
112. #Метим соединения от провайдера 1
113. add action=mark-connection chain=prerouting connection-mark=no-mark \
114. connection-state=new in-interface=ISP1 new-connection-mark=\
115. isp1-Connection passthrough=no
116.  
117. #Метим соединения от провайдера 2
118. add action=mark-connection chain=prerouting connection-mark=no-mark \
119. connection-state=new in-interface=ISP2 new-connection-mark=\
120. isp2-Connection passthrough=no
121.  
122.  
123.  
124. #Добавляем роут-метки, отправляя тем самым все с соотвествующую таблицу маршрутизации
125.  
126. #роут метка для провайдера 1
127. add action=mark-routing chain=prerouting connection-mark=isp1-Connection \
128. dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=main \
129. passthrough=no
130.  
131.  
132. #роут метка для провайдера 2
133. add action=mark-routing chain=prerouting connection-mark=isp2-Connection \
134. dst-address-list=!BOGONS in-interface-list=!WAN new-routing-mark=ISP-2 \
135. passthrough=no
136.  
137.  
138. #роут метка для провайдера 1 для трафика самого микрота
139. add action=mark-routing chain=output connection-mark=isp1-Connection \
140. new-routing-mark=main passthrough=yes
141. #роут метка для провайдера 2 для трафика самого микрота
142. add action=mark-routing chain=output connection-mark=isp2-Connection \
143. new-routing-mark=ISP-2 passthrough=yes
144.  
145.  
146. /ip firewall nat
147. add action=masquerade chain=srcnat out-interface=ISP1
148. add action=masquerade chain=srcnat out-interface=ISP2
149.  
150. #дст нат, корректно работающий через любого из провайдеров
151. add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
152. tcp to-addresses=192.168.12.199
153.  
154.  
155. /ip route
156. add comment="Atlant Route Table With Mark" distance=20 gateway=ISP2 \
157. routing-mark=ISP-2
158. add distance=20 gateway=ISP2
159.  
160.  
161. /system identity
162. set name=Office
163. /tool mac-server
164. set allowed-interface-list=LAN
165. /tool mac-server mac-winbox
166. set allowed-interface-list=LAN
167. /tool romon
168. set enabled=yes