# mar/13/2019 11:47:13 by RouterOS 6.44
# software id = ABY1-BL9J
#
# model = 2011UiAS-2HnD
# serial number = 91E10A817B74
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=IPNX name=ether1-WAN1 speed=100Mbps
set [ find default-name=ether2 ] comment="OTHER NETWORK" name=ether2-WAN2 \
speed=100Mbps
set [ find default-name=ether3 ] comment=LAN speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity="" \
wpa-pre-shared-key=aril01forall wpa2-pre-shared-key=aril01forall
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
mode=ap-bridge security-profile=profile1 ssid=ARIL wireless-protocol=\
802.11
/ip firewall layer7-protocol
add name=Facebook regexp=
www.facebook.com
add name="facebook mobile" regexp=fb.com
add name="facebook mobile2" regexp=m.facebook.com
add name=instagram regexp=
www.instagram.com
add name="All blocked sites" regexp="^.+(thepiratebay.org|xpau.se|
www.facebook\
.com|www.lindaikejisblog.com|www.instagram.com|www.irokotv.com|www.ibakatv\
.com|www.stelladimokokorkus.com|123movieswww.|thepiratebay.pet).*\$"
add name=torrentsites regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scr\
ape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /da\
ta\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]\r\
\n"
add name=Youtube regexp=\
"^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=movie regexp=\
"^.+(104.31.18.30|xpau.se|www.tfp.is|www.o2tvseries.com).*\$"
add name="IDM Block" regexp="get /.*(user-agent: mozilla/4.0|range: bytes=)"
add name="All Video files" regexp="^.*get.+\\\\.(webm|mkv|flv|flv|vob|ogv|ogg|\
dr\\c|gifv|mng|avi|mov|qt|wmv|yuv|rm|rmvb|asf|amv|mp4|m4p|m4v|mpg|mp2|mpeg\
|mpe\\|mpv|mpg|mpeg|m2v|m4v|svi|3gp|3g2|mxf|roq|nsv|flv|f4v|f4p|f4a|f4b).*\
\\\$\""
/ip pool
add name=dhcp_pool0 ranges=192.168.8.2-192.168.8.160
add name=dhcp_pool1 ranges=192.168.8.2-192.168.8.160
add name=dhcp_pool2 ranges=192.168.8.160-192.168.8.254
add name=dhcp ranges=192.168.8.81-192.168.8.254
add name=dhcp_pool4 ranges=192.168.8.161-192.168.8.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=bridge lease-time=1m name=\
dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue tree
add max-limit=125k name="Youtube Download (Lower)" packet-mark=\
"youtube_dw_pk(lower)" parent=global queue=pcq-download-default
add max-limit=125k name="Youtube Upload (lower)" packet-mark=\
"youtube_up_pk(lower)" parent=global queue=pcq-upload-default
add max-limit=1k name="Torrent Download (lower)" packet-mark=\
"torrent_dw_pk(lower)" parent=global queue=pcq-download-default
add max-limit=1k name="Torrent Upload (lower)" packet-mark=\
"torrent_up_pk(lower)" parent=global queue=pcq-upload-default
/interface bridge port
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=wlan1
/interface detect-internet
set detect-interface-list=WAN
/interface l2tp-server server
set ipsec-secret=test use-ipsec=yes
/interface list member
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp1 list=LAN
add interface=ether1-WAN1 list=WAN
add interface=bridge list=LAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.8.1/24 interface=bridge network=192.168.8.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether2-WAN2 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.8.6 client-id=1:18:60:24:ff:c2:6f mac-address=\
18:60:24:FF:C2:6F server=dhcp1
add address=192.168.8.5 client-id=1:b4:b5:2f:5f:73:5c mac-address=\
B4:B5:2F:5F:73:5C server=dhcp1
add address=192.168.8.71 client-id=1:10:f0:5:a0:e8:8a mac-address=\
10:F0:05:A0:E8:8A server=dhcp1
add address=192.168.8.70 client-id=1:88:78:73:f7:14:f3 mac-address=\
88:78:73:F7:14:F3 server=dhcp1
add address=192.168.8.7 client-id=1:bc:91:b5:70:b3:2d mac-address=\
BC:91:B5:70:B3:2D server=dhcp1
add address=192.168.8.18 client-id=1:14:2d:27:9b:7f:eb mac-address=\
14:2D:27:9B:7F:EB server=dhcp1
add address=192.168.8.73 client-id=1:a0:af:bd:17:7f:af mac-address=\
A0:AF:BD:17:7F:AF server=dhcp1
add address=192.168.8.8 client-id=1:90:61:ae:2e:f5:9a mac-address=\
90:61:AE:2E:F5:9A server=dhcp1
add address=192.168.8.9 client-id=1:ac:b5:7d:dd:54:4d mac-address=\
AC:B5:7D:DD:54:4D server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=8.8.8.8 gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=41.222.70.179,208.67.222.123,8.8.8.8
/ip firewall address-list
add address=192.168.8.2-192.168.8.254 list="All User"
add address=192.168.8.11-192.168.8.20 list=Top
add address=192.168.8.21-192.168.8.30 list=Mid
add address=192.168.8.31-192.168.8.80 list=Low
add address=192.168.8.81-192.168.8.254 list=Lower
/ip firewall filter
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=22,80,443 in-interface=ether2-WAN2 \
protocol=tcp
add action=reject chain=forward layer7-protocol="All blocked sites" log=yes \
reject-with=icmp-port-unreachable
add action=reject chain=forward layer7-protocol=torrentsites reject-with=\
icmp-admin-prohibited
add action=drop chain=forward layer7-protocol=Facebook
add action=drop chain=forward layer7-protocol="facebook mobile"
add action=drop chain=forward layer7-protocol="facebook mobile2"
add action=drop chain=forward layer7-protocol=instagram
add action=add-src-to-address-list address-list=Torrent_users \
address-list-timeout=1m chain=forward layer7-protocol=torrentsites
add action=add-src-to-address-list address-list=Youtube_Users \
address-list-timeout=1m chain=forward layer7-protocol=Youtube
add action=drop chain=input comment="PPTP VPN BLOCK" disabled=yes dst-port=\
1723 protocol=tcp
add action=drop chain=input comment="L2TP VPN BLOCK" disabled=yes dst-port=\
1701 protocol=udp
add action=drop chain=input comment="IPSec ESP Block" disabled=yes protocol=\
ipsec-esp
add action=drop chain=input comment="IPSec AH block" disabled=yes protocol=\
ipsec-ah
add action=drop chain=input comment="IKE block" disabled=yes dst-port=500 \
protocol=udp
add action=drop chain=input comment="NAT-T BLOCK" disabled=yes dst-port=4500 \
protocol=udp
add action=drop chain=input comment="PROXY TRAFFIC BLOCK" disabled=yes \
protocol=ipencap
add action=drop chain=input comment="BLOCK TUNNELING P" disabled=yes \
protocol=gre
add action=drop chain=input comment="BLOCK DEFAULT OPENVPN TCP" disabled=yes \
dst-port=1194 protocol=tcp
add action=drop chain=input comment="BLOCK DOVPN UDP" disabled=yes dst-port=\
1194 protocol=udp
add action=drop chain=forward layer7-protocol=movie
add action=drop chain=forward connection-limit=2,32 layer7-protocol=\
"IDM Block" src-address-list=Lower
add action=drop chain=forward layer7-protocol="All Video files" \
src-address-list="All User"
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
bridge
add action=accept chain=prerouting dst-address=x.x.x.0/24 in-interface=\
bridge
add action=mark-connection chain=prerouting in-interface=ether1-WAN1 \
new-connection-mark=ipnx_conn passthrough=yes
add action=mark-connection chain=prerouting in-interface=ether2-WAN2 \
new-connection-mark=swift_conn passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=ipnx_conn passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=swift_conn passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ipnx_conn \
in-interface=bridge new-routing-mark=to_ipnx passthrough=yes
add action=mark-routing chain=prerouting connection-mark=swift_conn \
in-interface=bridge new-routing-mark=to-swift passthrough=yes
add action=mark-routing chain=output connection-mark=ipnx_conn \
new-routing-mark=to_ipnx passthrough=yes
add action=mark-connection chain=output connection-mark=swift_conn \
new-connection-mark=to_swift passthrough=yes
add action=mark-connection chain=forward comment="torrent_dw_conn(lower)" \
in-interface=bridge layer7-protocol=torrentsites new-connection-mark=\
"torrent_dw_conn(lower)" passthrough=yes src-address-list=Lower
add action=mark-packet chain=forward comment="torrent_dw_pk(lower)" \
connection-mark="torrent_dw_conn(lower)" new-packet-mark=\
"torrent_dw_pk(lower)" passthrough=no
add action=mark-connection chain=prerouting comment="torrent_up_conn(lower)" \
in-interface=bridge layer7-protocol=torrentsites new-connection-mark=\
"torrent_up_conn(lower)" passthrough=yes src-address-list=Lower
add action=mark-packet chain=forward comment="torrent_up_pk(lower)" \
connection-mark="torrent_up_conn(lower)" new-packet-mark=\
"torrent_up_pk(lower)" passthrough=no
add action=mark-connection chain=forward comment="youtube_dw_conn(lower)" \
in-interface=bridge layer7-protocol=Youtube new-connection-mark=\
"youtube_dw_conn(lower)" passthrough=yes src-address-list=Lower
add action=mark-packet chain=forward comment="youtube_dw_pk(lower)" \
connection-mark="youtube_dw_conn(lower)" new-packet-mark=\
"youtube_dw_pk(lower)" passthrough=no
add action=mark-connection chain=prerouting comment="youtube_up_conn(lower)" \
in-interface=bridge layer7-protocol=Youtube new-connection-mark=\
"youtube_up_conn(lower)" passthrough=yes src-address-list=Lower
add action=mark-packet chain=forward comment="youtube_up_pk(lower)" \
connection-mark="youtube_up_conn(lower)" new-packet-mark=\
"youtube_up_pk(lower)" passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat log=yes out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
add action=dst-nat chain=dstnat comment="Server Port Forwarding rule" \
dst-port=3389 in-interface=ether2-WAN2 protocol=tcp to-addresses=\
192.168.8.5 to-ports=3389
/ip proxy access
add action=deny dst-address=0.0.0.0 dst-host=
www.facebook.com src-address=\
192.168.1.139
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_ipnx
add check-gateway=ping distance=2 gateway=ether2-WAN2 routing-mark=to-swift
add check-gateway=ping distance=2 gateway=ether2-WAN2
/ip ssh
set allow-none-crypto=yes
/lcd
set time-interval=hour
/ppp secret
add name=vpn password=test
/system clock
set time-zone-name=Africa/Lagos
/tool traffic-monitor
add interface=ether1-WAN1 name=tmon1 threshold=0
add interface=ether3 name=tmon2 threshold=0 traffic=received
add interface=ether2-WAN2 name=tmon3 threshold=0 traffic=received
that's my config.
What i have tried:
proxy was enabled, so when i disabled it, i was able to access my router from winbox from an outside network for that day.
But some devices connect to the bridge couldn't access the internet while some could. Then the day after that i could no longer access the router from an outside network.
How do i get devices on the bridge to access the internet through WAN1 alone and only request to the router and the port forwarding ip use the WAN2.