Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/23/2021 20:43:28 by RouterOS 6.49.1
- # software id = 7KG8-9573
- #
- # model = RB760iGS
- # serial number = D4500F0CA973
- /interface bridge
- add admin-mac=DC:2C:6E:0B:34:89 auto-mac=no comment=defconf name=bridge
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=dhcp_pool1 ranges=10.0.0.50-10.0.0.250
- add name=l2tp_pool ranges=10.0.1.100-10.0.1.150
- /ip dhcp-server
- add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
- /ppp profile
- add dns-server=1.1.1.1,1.0.0.1 local-address=10.0.0.1 name=L2TP-Profile remote-address=l2tp_pool
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2
- add bridge=bridge comment=defconf interface=ether3
- add bridge=bridge comment=defconf interface=ether4
- add bridge=bridge comment=defconf interface=ether5
- add bridge=bridge comment=defconf interface=sfp1
- /ip neighbor discovery-settings
- set discover-interface-list=LAN
- /interface l2tp-server server
- set enabled=yes one-session-per-host=yes use-ipsec=required
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- /ip address
- add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
- /ip dhcp-client
- add comment=defconf disabled=no interface=ether1
- /ip dhcp-server lease
- add address=10.0.0.20 client-id=1:10:7b:44:93:bd:8f mac-address=10:7B:44:93:BD:8F server=dhcp1
- add address=10.0.0.6 client-id=1:8:0:27:f5:4f:f3 mac-address=08:00:27:F5:4F:F3 server=dhcp1
- add address=10.0.0.10 client-id=1:0:8:9b:d6:1:c7 mac-address=00:08:9B:D6:01:C7 server=dhcp1
- add address=10.0.0.25 client-id=ff:27:6c:48:dd:0:1:0:1:29:2d:15:34:8:0:27:6c:48:dd mac-address=08:00:27:6C:48:DD \
- server=dhcp1
- /ip dhcp-server network
- add address=10.0.0.0/24 comment=defconf dns-server=1.1.1.1,1.0.0.1 gateway=10.0.0.1 netmask=24
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=10.0.0.1 comment=defconf name=router.lan
- /ip firewall filter
- add action=accept chain=input comment="Tillat VPN connections" dst-port=500,1701,4500 in-interface=ether1 protocol=\
- udp
- add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
- add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
- add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
- add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=443
- add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=80
- add action=dst-nat chain=dstnat dst-port=22 in-interface=ether1 protocol=tcp to-addresses=10.0.0.25 to-ports=22
- add action=masquerade chain=srcnat dst-address=10.0.0.25 out-interface=all-ethernet protocol=tcp src-address=\
- 10.0.0.0/24
- /ppp secret
- add name=asd profile=L2TP-Profile service=l2tp
- /system clock
- set time-zone-name=Europe/Oslo
- /system identity
- set name=MikroTik-hEX-S
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement