Created
March 24, 2014 20:44
-
-
Save welbymcroberts/9748758 to your computer and use it in GitHub Desktop.
Mikrotik for Virgin Media
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/interface bridge | |
add l2mtu=1598 name=LAN | |
/interface ethernet | |
set 2 master-port=ether2 | |
set 3 master-port=ether2 | |
set 4 master-port=ether2 | |
/interface wireless security-profiles | |
add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=149 supplicant-identity="" wpa2-pre-shared-key=149149149149 | |
/interface wireless | |
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2427 security-profile=149 ssid=149 | |
/ip pool | |
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.200 | |
/ip dhcp-server | |
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1 | |
only-one=yes use-ipv6=no | |
/interface bridge port | |
add bridge=LAN interface=ether2 | |
add bridge=LAN interface=wlan1 | |
/ip address | |
add address=192.168.0.1/24 interface=LAN | |
/ip dhcp-server network | |
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 | |
/ip dns | |
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 | |
/ip firewall filter | |
add action=jump chain=input jump-target=ppp | |
add action=jump chain=forward jump-target=ppp | |
add action=jump chain=VIRGIN_IN comment="Jump to Common Input rules" jump-target=input_common | |
add chain=VIRGIN_IN comment="SSH to Bastion (NAT)" connection-state=new dst-address=10.255.102.3 dst-port=22 protocol=tcp | |
add action=jump chain=VIRGIN_IN comment="Jump to Drop_and_log" jump-target=DROP_AND_LOG | |
add chain=input_common comment="Accept established connections" connection-state=established | |
add chain=input_common comment="Accept related connections" connection-state=related | |
add action=log chain=input_common comment="Drop invalid connections" connection-state=invalid log-prefix=INVALID | |
add action=drop chain=input_common comment="Drop invalid connections" connection-state=invalid | |
add chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 limit=1/1m,0 protocol=icmp | |
add action=drop chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 protocol=icmp | |
add action=log chain=DROP_AND_LOG comment="Log everything else" | |
add action=drop chain=DROP_AND_LOG comment="Drop everything else" | |
/ip firewall nat | |
add action=jump chain=srcnat comment="Jumpt to SourceNats" jump-target=SourceNats | |
add action=masquerade chain=SourceNats comment="Masquerade everything leaving on the VIRGIN Interface" out-interface=ether1 | |
add action=jump chain=dstnat comment="Jumpt to Portforwards" jump-target=PortForwards | |
add action=dst-nat chain=PortForwards comment="SSHd on BTPPPoE to Bastion" dst-port=22 in-interface=ether1 protocol=tcp to-addresses=10.255.102.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment