thank you ..
Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 7.6 (c) 1999-2022 https://www.mikrotik.com/
Press F1 for help
[admin@MikroTik] > export
# nov/14/2022 19:08:14 by RouterOS 7.6
# software id = 7XHG-9DN7
#
# model = RB760iGS
# serial number = E1F20DBE9019
/interface bridge
add admin-mac=08:55:31:FE:65:6C auto-mac=no comment=defconf ingress-filtering=\
no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=200 vlan-id=200
add interface=bridge name=Test23 vlan-id=23
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool2 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool3 ranges=192.168.200.10-192.168.200.254
add name=dhcp_pool4 ranges=192.168.23.10-192.168.23.250
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
add address-pool=dhcp_pool3 interface=200 name=dhcp1
add address-pool=dhcp_pool4 interface=Test23 name=dhcp2
/port
set 0 name=serial0
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
add bridge=bridge ingress-filtering=no interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=bridge,ether4 vlan-ids=200
add bridge=bridge tagged=bridge,ether5 vlan-ids=23
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.200.1/24 interface=200 network=192.168.200.0
add address=192.168.23.1/24 interface=Test23 network=192.168.23.0
/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1
add add-default-route=no interface=ether2
/ip dhcp-server network
add address=192.168.23.0/24 dns-server=8.8.8.8 gateway=192.168.23.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.200.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark \
connection-state=new new-connection-mark=ISP1_conn out-interface=ether1 \
passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 out-interface=ether1
add action=mark-connection chain=output connection-mark=ISP2_conn \
connection-state=new new-connection-mark=ISP2_conn out-interface=ether2 \
passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn \
new-routing-mark=to_ISP2 out-interface=ether2
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add comment="Monitor Internet 1" disabled=no distance=1 dst-address=1.0.0.1/32 \
gateway=192.168.2.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="Monitor Internet 2" disabled=no distance=2 dst-address=4.2.2.2/32 \
gateway=172.25.1.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Default Route" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="BackUp Route" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes
/system ntp client servers
add address=40.119.6.228
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
[admin@MikroTik] >