Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # may/19/2024 22:13:23 by RouterOS 7.8
- # software id = 1LQN-EFTV
- #
- # model = RB5009UG+S+
- /interface bridge
- add ingress-filtering=no name=bridge1 vlan-filtering=yes
- /interface ethernet
- set [ find default-name=ether1 ] name="ether1[2.5G LAN]"
- set [ find default-name=ether2 ] name="ether2[MGM]"
- set [ find default-name=ether3 ] name="ether3[temp WAN]"
- set [ find default-name=ether4 ] name="ether4[IPCAM]"
- set [ find default-name=ether5 ] name="ether5[WIFI]"
- set [ find default-name=ether6 ] name="ether6[TV]"
- set [ find default-name=ether7 ] name="ether7[PRINTERS]"
- set [ find default-name=ether8 ] name="ether8[WAN]"
- /interface vlan
- add interface=bridge1 name=GUEST vlan-id=900
- add interface=bridge1 name=IPCAM vlan-id=40
- add interface=bridge1 name=LAN vlan-id=10
- add interface=bridge1 name=MANAGEMENT vlan-id=90
- add interface="ether8[WAN]" name=O2 vlan-id=848
- add interface=bridge1 name=PRINTERS vlan-id=30
- add interface=bridge1 name=SERVERS vlan-id=20
- add interface=bridge1 name=TV vlan-id=50
- /interface pppoe-client
- add add-default-route=yes disabled=no interface=O2 max-mru=1492 max-mtu=1492 \
- name=pppoe-out1 user=cetin
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=dhcp_pool10 ranges=192.168.10.100-192.168.10.254
- add name=dhcp_pool11 ranges=192.168.20.100-192.168.20.254
- add name=dhcp_pool12 ranges=192.168.30.100-192.168.30.254
- add name=dhcp_pool13 ranges=192.168.90.100-192.168.90.254
- add name=dhcp_pool14 ranges=192.168.10.100-192.168.10.254
- add name=dhcp_pool15 ranges=192.168.40.100-192.168.40.254
- add name=dhcp_pool16 ranges=192.168.50.100-192.168.50.254
- add name=dhcp_pool17 ranges=192.168.20.100-192.168.20.254
- add name=dhcp_pool18 ranges=10.0.1.2-10.0.1.254
- /ip dhcp-server
- add address-pool=dhcp_pool12 interface=PRINTERS lease-time=2h name=dhcp3
- add address-pool=dhcp_pool13 interface=MANAGEMENT lease-time=2h name=dhcp4
- add address-pool=dhcp_pool14 interface=LAN lease-time=2h name=dhcp1
- add address-pool=dhcp_pool15 interface=IPCAM lease-time=2h name=dhcp2
- add address-pool=dhcp_pool16 interface=TV lease-time=2h name=dhcp5
- add address-pool=dhcp_pool17 interface=SERVERS lease-time=2h name=dhcp6
- add address-pool=dhcp_pool18 interface=GUEST lease-time=2h name=dhcp7
- /interface bridge port
- add bridge=bridge1 interface="ether2[MGM]" pvid=90
- add bridge=bridge1 interface="ether4[IPCAM]" pvid=40
- add bridge=bridge1 interface="ether5[WIFI]" pvid=10
- add bridge=bridge1 interface="ether6[TV]" pvid=20
- add bridge=bridge1 interface="ether7[PRINTERS]" pvid=30
- add bridge=bridge1 interface=sfp-sfpplus1 pvid=10
- add bridge=bridge1 interface="ether1[2.5G LAN]" pvid=10
- /ip neighbor discovery-settings
- set discover-interface-list=!dynamic
- /ipv6 settings
- set disable-ipv6=yes
- /interface bridge vlan
- add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=20
- add bridge=bridge1 tagged="sfp-sfpplus1,bridge1,ether5[WIFI]" untagged=\
- "ether1[2.5G LAN]" vlan-ids=10
- add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 untagged="ether7[PRINTERS]" \
- vlan-ids=30
- add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 untagged="ether4[IPCAM]" \
- vlan-ids=40
- add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 untagged="ether6[TV]" vlan-ids=\
- 50
- add bridge=bridge1 tagged="sfp-sfpplus1,bridge1,ether5[WIFI]" untagged=\
- "ether2[MGM]" vlan-ids=90
- add bridge=bridge1 tagged="sfp-sfpplus1,ether5[WIFI],bridge1" vlan-ids=900
- /ip address
- add address=192.168.90.1/24 interface=MANAGEMENT network=192.168.90.0
- add address=192.168.10.1/24 interface=LAN network=192.168.10.0
- add address=192.168.20.1/24 interface=SERVERS network=192.168.20.0
- add address=192.168.30.1/24 interface=PRINTERS network=192.168.30.0
- add address=192.168.40.1/24 interface=IPCAM network=192.168.40.0
- add address=192.168.50.1/24 interface=TV network=192.168.50.0
- add address=10.0.1.1/24 interface=GUEST network=10.0.1.0
- /ip dhcp-client
- add interface="ether3[temp WAN]"
- /ip dhcp-server lease
- add address=192.168.10.10 mac-address=E8:9C:25:C3:52:0F server=dhcp1
- /ip dhcp-server network
- add address=10.0.1.0/24 dns-server=10.0.1.1 gateway=10.0.1.1
- add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
- add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
- add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1
- add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1
- add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
- add address=192.168.90.0/24 dns-server=192.168.90.1 gateway=192.168.90.1
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8
- /ip firewall address-list
- add address=0.0.0.0/8 list=no_forward_ipv4
- add address=169.254.0.0/16 list=no_forward_ipv4
- add address=224.0.0.0/4 list=no_forward_ipv4
- add address=255.255.255.255 list=no_forward_ipv4
- add address=192.168.10.0/24 list=allowed_to_router
- add address=192.168.20.0/24 list=allowed_to_router
- add address=192.168.30.0/24 list=allowed_to_router
- add address=192.168.40.0/24 list=allowed_to_router
- add address=192.168.50.0/24 list=allowed_to_router
- add address=192.168.90.0/24 list=allowed_to_router
- add address=10.0.1.0/24 list=allowed_to_router
- /ip firewall filter
- add action=accept chain=input comment="default configuration" connection-state=\
- established,related
- add action=drop chain=input connection-state=invalid
- add action=accept chain=input protocol=icmp
- add action=accept chain=input dst-address=127.0.0.1
- add action=accept chain=input src-address-list=allowed_to_router
- add action=drop chain=input
- add action=fasttrack-connection chain=forward comment=fasttrack \
- connection-state=established,related hw-offload=yes
- add action=accept chain=forward comment="accept established,related, untracked" \
- connection-state=established,related,untracked
- add action=drop chain=forward comment="drop invalid" connection-state=invalid
- # pppoe-out1 not ready
- add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
- connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1
- add action=drop chain=forward comment="drop bad forward IPs" src-address-list=\
- no_forward_ipv4
- add action=drop chain=forward comment="drop bad forward IPs" dst-address-list=\
- no_forward_ipv4
- add action=accept chain=forward dst-address=192.168.20.10 dst-port=80 protocol=\
- tcp src-address=192.168.10.0/24
- add action=accept chain=forward dst-address=192.168.20.10 dst-port=443 \
- protocol=tcp src-address=192.168.10.0/24
- add action=accept chain=forward dst-address=192.168.20.0/24 src-address=\
- 192.168.10.10
- add action=accept chain=forward dst-address=192.168.90.0/24 src-address=\
- 192.168.10.10
- add action=drop chain=forward out-interface="!ether3[temp WAN]"
- /ip firewall nat
- # pppoe-out1 not ready
- add action=masquerade chain=srcnat out-interface=pppoe-out1
- add action=masquerade chain=srcnat out-interface="ether3[temp WAN]"
- add action=dst-nat chain=dstnat comment=HTTP dst-port=80 in-interface=\
- "ether3[temp WAN]" protocol=tcp to-addresses=192.168.20.20 to-ports=80
- add action=dst-nat chain=dstnat comment=HTTPS dst-port=443 in-interface=\
- "ether3[temp WAN]" protocol=tcp to-addresses=192.168.20.20 to-ports=443
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh address=192.168.90.0/24
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=Europe/Prague
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
