Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add fast-forward=no name=bridge-local
- /interface wireless
- set [ find default-name=wlan1 ] ssid=MikroTik
- /interface ethernet
- set [ find default-name=ether1 ] comment="WAN Stat.ip"
- set [ find default-name=ether4 ] master-port=ether3
- /interface pppoe-client
- add add-default-route=yes comment="WAN MTS" disabled=no interface=ether2 keepalive-timeout=60 name=MTS password=xxxxxxx user=yyyyyyyyy
- /ip neighbor discovery
- set MTS discover=no
- /interface list
- add name=WAN-List
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /interface bridge port
- add bridge=bridge-local interface=ether3
- /interface list member
- add interface=MTS list=WAN-List
- /ip address
- add address=192.168.10.1/24 interface=bridge-local network=192.168.10.0
- add address=192.168.1.13/24 interface=ether1 network=192.168.1.0
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8
- /ip firewall filter
- add action=accept chain=input connection-state=established,related
- add action=drop chain=input connection-state=invalid
- add action=accept chain=input dst-port=53 in-interface-list=!WAN-List protocol=udp
- add action=accept chain=input protocol=icmp
- add action=accept chain=input dst-port=8291 protocol=tcp
- add action=drop chain=input in-interface=!bridge-local
- add action=accept chain=forward connection-state=established,related
- add action=drop chain=forward connection-state=invalid
- add action=drop chain=forward connection-nat-state=!dstnat in-interface-list=WAN-List
- /ip firewall mangle
- add action=mark-routing chain=prerouting in-interface=bridge-local new-routing-mark=1c passthrough=yes src-address=192.168.10.200
- /ip firewall nat
- add action=src-nat chain=srcnat out-interface=MTS to-addresses=1.2.3.4 (WAN MTS)
- add action=masquerade chain=srcnat out-interface=ether1 to-addresses=192.168.1.1
- /ip route
- add distance=1 gateway=ether1 routing-mark=1c
- /ip route rule
- add dst-address=0.0.0.0/0 interface=ether1 src-address=192.168.10.200/32 table=1c
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- /system clock
- set time-zone-name=Europe/Moscow
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge-local
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement