Code: Select all
/ip dns static
Code: Select all
# dec/27/2021 15:06:46 by RouterOS 6.49.2
# software id = FIEP-NH1Q
#
# model = 2011UiAS-2HnD
# serial number = 814407CF4483
/interface bridge
add name=bridj
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=latvia disabled=no \
frequency=auto mode=ap-bridge ssid=WhyTest
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap \
mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=lan_pool ranges=192.168.2.3-192.168.2.254
/ip dhcp-server
add address-pool=lan_pool disabled=no interface=bridj name=lan_dhcp
/interface bridge port
add bridge=bridj interface=ether2
add bridge=bridj interface=ether3
add bridge=bridj interface=ether4
add bridge=bridj interface=ether5
add bridge=bridj interface=ether6
add bridge=bridj interface=ether7
add bridge=bridj interface=ether8
add bridge=bridj interface=ether9
add bridge=bridj interface=ether10
add bridge=bridj interface=wlan1
/interface list member
add interface=bridj list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.2.2/24 interface=bridj network=192.168.2.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.2.42 client-id=1:bc:5f:f4:77:1a:ad mac-address=\
BC:5F:F4:77:1A:AD server=lan_dhcp
add address=192.168.2.3 client-id=1:14:da:e9:a6:81:ed mac-address=\
14:DA:E9:A6:81:ED server=lan_dhcp
/ip dhcp-server network
add address=192.168.2.0/24 boot-file-name=extscript.kpxe domain=lan gateway=\
192.168.2.2 next-server=192.168.2.3
/ip dns
set servers=1.0.0.1
/ip dns static
add address=192.168.2.3 name=FF-Server
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
/lcd
set time-interval=hour
/lcd pin
set pin-number=4705
/system clock
set time-zone-name=Europe/Riga
/system identity
set name=StarryNight
/system ntp client
set enabled=yes server-dns-names=lv.pool.ntp.org
/system package update
set channel=upgrade
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN