This is our configuration:
Code: Select all
/interface bridge
add admin-mac=DC:2C:6E:21:E4:3C arp=proxy-arp auto-mac=no comment=defconf name=bridgeLocal
/interface vlan
add interface=ether1 name=vlan6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan6 keepalive-timeout=60 name=pppoe-out1 password=password use-peer-dns=yes user=user@xs4all.nl
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vpn_pool ranges=10.0.0.120-10.0.0.129
add name=dhcp_pool ranges=10.0.0.20-10.0.0.99
/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=bridgeLocal name=dhcp-lan
/ppp profile
set *0 bridge=bridgeLocal dns-server=10.0.0.101,10.0.0.139 local-address=vpn_pool remote-address=vpn_pool use-encryption=yes
set *FFFFFFFE bridge=bridgeLocal local-address=vpn_pool remote-address=vpn_pool
/interface bridge port
add bridge=bridgeLocal comment=defconf disabled=yes interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=ether6
add bridge=bridgeLocal comment=defconf interface=ether7
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether9
add bridge=bridgeLocal comment=defconf interface=ether10
/interface l2tp-server server
set enabled=yes ipsec-secret=l222vp use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridgeLocal list=LAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set default-profile=default enabled=yes
/ip address
add address=10.0.0.139/24 interface=bridgeLocal network=10.0.0.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.101,10.0.0.139 gateway=10.0.0.139
/ip dns
set allow-remote-requests=yes servers=10.0.0.139
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN src-address=10.0.0.0/24
add action=src-nat chain=srcnat disabled=yes dst-address=77.173.46.204 dst-port=443 protocol=tcp src-address=10.0.0.0/24 to-addresses=10.0.0.102 to-ports=443
add action=dst-nat chain=dstnat comment=smtp dst-port=25 in-interface-list=WAN protocol=tcp to-addresses=10.0.0.102 to-ports=25
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=10.0.0.102 to-ports=443
add action=dst-nat chain=dstnat comment=sip disabled=yes dst-port=5060 in-interface-list=WAN protocol=tcp to-addresses=10.0.0.145 to-ports=5060
add action=dst-nat chain=dstnat comment=sip dst-port=5060 in-interface-list=WAN protocol=udp src-address=213.171.68.200 to-addresses=10.0.0.145 to-ports=5060
add action=dst-nat chain=dstnat comment=sip disabled=yes dst-port=5061 in-interface-list=WAN protocol=tcp to-addresses=10.0.0.145 to-ports=5061
add action=dst-nat chain=dstnat comment=sip dst-port=5061 in-interface-list=WAN protocol=udp src-address=213.171.68.200 to-addresses=10.0.0.145 to-ports=5061
add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface-list=WAN protocol=udp src-address=213.171.68.200 to-addresses=10.0.0.145 to-ports=10000-20000
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes sip-direct-media=no
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet address=10.0.0.0/24
set ftp disabled=yes
set www address=10.0.0.0/24
set ssh address=10.0.0.0/24
set api address=10.0.0.0/24
set winbox address=10.0.0.0/24
set api-ssl address=10.0.0.0/24
/ppp secret
add name=XXXXXXX password=XXXXXXXX service=l2tp
/system clock
set time-zone-name=Europe/Amsterdam
/system logging
add disabled=yes topics=dhcp