Code: Select all
# mar/17/2023 09:57:26 by RouterOS 6.48
# software id = 6E25-ABKL
#
# model = RB750Gr3
# serial number = CC210CB189D0
/interface bridge add name=bridge-lan
/interface bridge add name=bridge-pppoe
/interface ethernet set [ find default-name=ether1 ] comment=LAN name=ether1-LAN
/interface ethernet set [ find default-name=ether2 ] comment=PC name=ether2-LAN
/interface ethernet set [ find default-name=ether3 ] comment=PPPoE name=ether3-PPPoE
/interface ethernet set [ find default-name=ether4 ] arp=proxy-arp comment="ISP2"
/interface ethernet set [ find default-name=ether5 ] comment="ISP1"
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add comment=LAN name=dhcp ranges=192.168.88.2-192.168.88.254
/ip pool add name=vpn-pool ranges=192.168.12.2-192.168.12.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=dhcp1
/interface bridge port add bridge=bridge-pppoe interface=ether3-PPPoE
/interface bridge port add bridge=bridge-lan interface=ether2-LAN
/interface bridge port add bridge=bridge-lan interface=ether1-LAN multicast-router=disabled
/interface bridge settings set use-ip-firewall-for-pppoe=yes
/ip neighbor discovery-settings set discover-interface-list=LAN protocol=lldp,mndp
/ip settings set accept-redirects=yes
/interface l2tp-server server set default-profile=default
/interface list member add interface=bridge-lan list=LAN
/interface list member add interface=ether5 list=WAN
/interface list member add interface=ether4 list=WAN
/interface ovpn-server server set auth=sha1 certificate=server cipher=aes128,aes192,aes256 default-profile=vpn-profile
/interface pppoe-server server add authentication=pap disabled=no interface=bridge-pppoe max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PPPoE-Server
/interface sstp-server server set enabled=yes force-aes=yes pfs=yes
/ip address add address=27.110.165.72/8 comment=igate interface=ether4 network=27.0.0.0
/ip address add address=192.168.88.1/24 interface=bridge-lan network=192.168.88.0
/ip arp add address=192.168.88.248 interface=bridge-lan mac-address=FC:AA:14:BD:2B:A5
/ip arp add address=192.168.88.239 interface=bridge-lan mac-address=88:D7:F6:C6:ED:53
/ip arp add address=192.168.88.122 interface=bridge-lan mac-address=1C:3B:F3:45:22:61
/ip arp add address=192.168.88.222 interface=bridge-lan mac-address=1C:3B:F3:45:22:61
/ip cloud set update-time=no
/ip dhcp-client add add-default-route=no disabled=no interface=ether5
/ip dhcp-server lease add address=192.168.88.226 client-id=1:30:9c:23:d:e2:47 mac-address=30:9C:23:0D:E2:47 server=dhcp1
/ip dhcp-server lease add address=192.168.88.222 client-id=1:1c:3b:f3:45:22:61 mac-address=1C:3B:F3:45:22:61 server=dhcp1
/ip dhcp-server network add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
/ppp profile add local-address=192.168.12.1 name=vpn-profile remote-address=vpn-pool
/ip dns set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list add address=192.168.77.0/24 list=block-ip
/ip firewall address-list add address=192.168.77.2 disabled=yes list=block-ip
/ip firewall filter add action=accept chain=input in-interface=ether4
/ip firewall filter add action=accept chain=input dst-port=443 in-interface=ether4 protocol=tcp
/ip firewall filter add action=accept chain=input in-interface=ether4 protocol=gre
/ip firewall filter add action=accept chain=output disabled=yes
/ip firewall filter add action=accept chain=forward disabled=yes
/ip firewall mangle add action=accept chain=prerouting connection-state=established,related
/ip firewall mangle add action=accept chain=prerouting connection-state=established,related in-interface=ether4
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new in-interface=ether4 new-connection-mark=C_WAN1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=C_WAN1 new-routing-mark=to-igate passthrough=yes
/ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat add action=masquerade chain=srcnat comment=ISP out-interface-list=WAN
/ip route add check-gateway=ping distance=2 gateway=27.110.169.50 routing-mark=to-igate
/ip route add distance=1 gateway=192.168.1.1
/ip route add check-gateway=ping distance=2 gateway=27.110.169.50
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes port=8000
/ip service set ssh disabled=yes port=65535
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ppp secret add name=sstptest profile=vpn-profile service=sstp
/routing filter add chain=dynamic-in disabled=yes set-routing-mark=to-igate
/system clock set time-zone-name=Asia/Manila
/system identity set name=NashISP
/system ntp client set enabled=yes primary-ntp=129.6.15.29 secondary-ntp=202.90.132.242
/system package update set channel=testing