RB750GL 1 WAN + 2 LAN install script review

RouterOS Beginner Basics
1

After hours and hours of work, I’ve made the following install script to be used in

/system reset-configuration skip-backup=yes no-defaults=yes run-after-reset=install.rsc

script:

/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk

/interface ethernet
set 0 name=ether1-wan
set 1 name=ether2-lan
set 2 name=ether3-guest
set 3 disabled=yes
set 4 disabled=yes

/ip pool
add name=lan ranges=192.168.0.100-192.168.0.199
add name=guest ranges=192.168.1.100-192.168.1.199

/ip dhcp-server
add address-pool=lan disabled=no interface=ether2-lan name=lan
add address-pool=guest disabled=no interface=ether3-guest name=guest

/ip address
add address=192.168.0.254/24 comment=lan interface=ether2-lan
add address=192.168.1.254/24 comment=guest interface=ether3-guest

/ip dhcp-client
add comment=wan disabled=no interface=ether1-wan

/ip dhcp-server network
add address=192.168.0.0/24 comment=lan dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.254
add address=192.168.1.0/24 comment=guest dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.254

/ip dns static
add address=192.168.0.254 name=router_lan
add address=192.168.1.254 name=router_guest

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-wan
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-wan

/ip neighbor discovery
set ether1-wan disabled=yes

/tool mac-server
set [ find default=yes ] disabled=yes interface=all

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes interface=all

/tool mac-server ping
set enabled=no

/system package
disable hotspot
disable mpls
disable wireless
disable ipv6
disable advanced-tools

/system ntp client
set enabled=yes mode=unicast primary-ntp=148.6.0.1
get

/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set ftp disabled=yes
set pptp disabled=yes

/ip service
set ftp disabled=yes
set winbox disabled=yes
set telnet disabled=yes

/tool graphing interface
add

/tool graphing resource
add

/system logging action
set 1 disk-file-count=20 disk-lines-per-file=1000

I’m trying to use it in a typical 1 WAN + 1 LAN - office, 1 LAN guest network environment.

I have the following questions:

  1. Could you review it if everything is OK?
  2. Are the two LAN networks separated this way?
  3. Why can I not ping to 192.168.1.254 from the guest network?

This is only for 5.26.