discoveros
Junior Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
/interface bridge add admin-mac=74:4D:28:EF:9B:C6 auto-mac=no comment=defconf name=bridge
/interface ethernet set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=30 name=pppoe-out1 use-peer-dns=yes user=username
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
/ip pool add name=dhcp ranges=192.168.0.10-192.168.0.99
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge lease-time=23h59m name=defconf
/interface bridge port add bridge=bridge comment=defconf interface=ether2
/interface bridge port add bridge=bridge comment=defconf interface=ether3
/interface bridge port add bridge=bridge comment=defconf interface=ether4
/interface bridge port add bridge=bridge comment=defconf interface=ether5
/interface bridge port add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/interface list member add interface=pppoe-out1 list=WAN
/ip address add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
/ip dhcp-client add comment=defconf interface=ether1
/ip dhcp-server network add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,77.88.8.8
/ip dns static add address=192.168.1.11 comment=defconf name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter
# no interface
add action=accept chain=forward connection-state=new dst-address=192.168.0.110 dst-port=3389 in-interface=pppoe-out1 protocol=tcp
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-int
erface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall nat
# no interface
add action=dst-nat chain=dstnat comment=RDP dst-port=55577 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.110 to-ports=3389
/ip firewall service-port set ftp disabled=yes
/ip firewall service-port set tftp disabled=yes
/ip firewall service-port set irc disabled=yes
/ip firewall service-port set sip disabled=yes
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ip upnp set enabled=yes
/ip upnp interfaces add interface=pppoe-out1 type=external
/ip upnp interfaces add interface=bridge type=internal
/system identity set name="MikroTik"
/tool bandwidth-server set enabled=no
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
|
Всего записей: 77 | Зарегистр. 09-09-2008 | Отправлено: 22:13 08-01-2020 | Исправлено: discoveros, 22:22 08-01-2020 |
|
