Skip to content

Instantly share code, notes, and snippets.

@mark99i

mark99i/gist:59649813a455a2d2cdb2b84ccf214592

Last active August 18, 2020 18:35
Show Gist options
  • Save mark99i/59649813a455a2d2cdb2b84ccf214592 to your computer and use it in GitHub Desktop.
Save mark99i/59649813a455a2d2cdb2b84ccf214592 to your computer and use it in GitHub Desktop.
Download ZIP
fasttrack issue
Raw
gistfile1.txt
# aug/02/2020 20:44:33 by RouterOS 6.47.1
# software id = Х
#
# model = 751G-2HnD
# serial number = Х
/interface bridge
add name=LAN-vSw protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-XX \
country=russia disabled=no frequency=2432 installation=indoor mode=\
ap-bridge ssid=WiFi station-roaming=enabled wmm-support=enabled
/interface ethernet
set [ find default-name=ether1 ] comment=ISP l2mtu=1500
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=password
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128
/ip pool
add name=pool1 ranges=192.168.20.10-192.168.20.250
/ip dhcp-server
add address-pool=pool1 bootp-support=dynamic disabled=no interface=LAN-vSw \
lease-time=30m name=server1
/queue interface
set wlan1 queue=only-hardware-queue
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=LAN-vSw interface=wlan1
add bridge=LAN-vSw interface=ether2
add bridge=LAN-vSw interface=ether3
add bridge=LAN-vSw interface=ether4
add bridge=LAN-vSw interface=ether5
/ip settings
set tcp-syncookies=yes
/interface detect-internet
set detect-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=LAN-vSw list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.20.1/24 interface=LAN-vSw network=192.168.20.0
/ip dhcp-client
add disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.20.32 client-id=1:c8:60:0:99:1:41 mac-address=\
C8:60:00:99:01:41 server=server1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 \
netmask=24 ntp-server=216.239.35.12
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related \
disabled=yes
add action=accept chain=input protocol=icmp
add action=accept chain=input in-interface=ether1 src-address=<MY EXTERNAL IP FOR MANAGEMENT>
add action=drop chain=input connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-address=<EXT IP THIS ROUTER> dst-port=222 \
protocol=tcp to-addresses=192.168.20.32 to-ports=3389
add action=dst-nat chain=dstnat dst-address=<EXT IP THIS ROUTER> dst-port=\
21,4000-5000 protocol=tcp to-addresses=192.168.20.32
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=both
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes server-dns-names="time.google.com,0.pool.ntp.org,1.pool.ntp.or\
g,2.pool.ntp.org,3.pool.ntp.org"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment