My config.
Code: Select all
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether2 ] name=MGL
/interface pppoe-client
add disabled=no interface=ether3 name=RST user=fz5
/interface bonding
add mode=802.3ad name=bonding1 slaves=ether4,ether5 transmit-hash-policy=\
layer-2-and-3
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge1 lease-time=1d10m name=dhcp1
/ppp profile
set *0 remote-address=10.253.252.251
/routing table
add disabled=no fib name=to_WAN1
add disabled=no fib name=to_WAN2
/interface bridge port
add bridge=bridge1 interface=ether1 trusted=yes
add bridge=bridge1 interface=ether6 trusted=yes
add bridge=bridge1 interface=ether7 trusted=yes
add bridge=bridge1 interface=ether8 trusted=yes
add bridge=bridge1 interface=sfp-sfpplus1 trusted=yes
add bridge=bridge1 interface=bonding1 trusted=yes
/interface list member
add interface=MGL list=WAN
add interface=RST list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
add address=95.174.109.112/20 interface=MGL network=95.174.96.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=\
8.8.8.8,8.8.4.4,95.174.97.43,95.174.96.2
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes protocol=udp
add action=accept chain=forward comment="FastTrack Connection" \
connection-state=established,related
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=input protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=drop chain=input dst-port=53 in-interface=MGL packet-mark="" \
protocol=udp
add action=drop chain=input dst-port=53 in-interface=RST protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=MGL new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=RST new-connection-mark=WAN2_conn passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge1 new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge1 new-routing-mark=to_WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=MGL
add action=masquerade chain=srcnat out-interface=RST
/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=10.253.252.251 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=95.174.97.43 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
Code: Select all
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=95.174.97.43 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=95.174.97.43 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.253.252.251 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10