Created
September 5, 2013 15:50
-
-
Save welbymcroberts/6452046 to your computer and use it in GitHub Desktop.
Mikrotik basic config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/interface bridge | |
add l2mtu=1598 name=LAN | |
/interface ethernet | |
set 2 master-port=ether2 | |
set 3 master-port=ether2 | |
set 4 master-port=ether2 | |
/interface wireless security-profiles | |
add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=149 supplicant-identity="" wpa2-pre-shared-key=149149149149 | |
/interface wireless | |
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2427 security-profile=149 ssid=149 | |
/ip pool | |
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.200 | |
/ip dhcp-server | |
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1 | |
/ppp profile | |
add change-tcp-mss=yes incoming-filter=BTPPPOE_IN name=BTPPPOE | |
only-one=yes use-ipv6=no | |
/interface pppoe-client | |
add add-default-route=yes disabled=no interface=ether1 name=BTPPPoE password=password profile=BTPPPOE user=bthomehub@btbroadband.com | |
/interface bridge port | |
add bridge=LAN interface=ether2 | |
add bridge=LAN interface=wlan1 | |
/ip address | |
add address=192.168.0.1/24 interface=LAN | |
/ip dhcp-server network | |
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 | |
/ip dns | |
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 | |
/ip firewall filter | |
add action=jump chain=input jump-target=ppp | |
add action=jump chain=forward jump-target=ppp | |
add action=jump chain=BTPPPOE_IN comment="Jump to Common Input rules" jump-target=input_common | |
add action=drop chain=BTPPPOE_IN comment="Drop the BT Vision stuff" dst-address=224.0.0.0/24 protocol=igmp | |
add chain=BTPPPOE_IN comment="SSH to Bastion (NAT)" connection-state=new dst-address=10.255.102.3 dst-port=22 protocol=tcp | |
add action=jump chain=BTPPPOE_IN comment="Jump to Drop_and_log" jump-target=DROP_AND_LOG | |
add chain=input_common comment="Accept established connections" connection-state=established | |
add chain=input_common comment="Accept related connections" connection-state=related | |
add action=log chain=input_common comment="Drop invalid connections" connection-state=invalid log-prefix=INVALID | |
add action=drop chain=input_common comment="Drop invalid connections" connection-state=invalid | |
add chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 limit=1/1m,0 protocol=icmp | |
add action=drop chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 protocol=icmp | |
add action=log chain=DROP_AND_LOG comment="Log everything else" | |
add action=drop chain=DROP_AND_LOG comment="Drop everything else" | |
/ip firewall nat | |
add action=jump chain=srcnat comment="Jumpt to SourceNats" jump-target=SourceNats | |
add action=masquerade chain=SourceNats comment="Masquerade everything leaving on the BTPPPoE Interface" out-interface=BTPPPoE | |
add action=jump chain=dstnat comment="Jumpt to Portforwards" jump-target=PortForwards | |
add action=dst-nat chain=PortForwards comment="SSHd on BTPPPoE to Bastion" dst-port=22 in-interface=BTPPPoE protocol=tcp to-addresses=10.255.102.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment