# 2026-03-10 22:40:31 by RouterOS 7.19.2 # software id = CIAZ-SUFT # # model = RB5009UG+S+ # serial number = HEE08K82CQV /interface bridge add name=local port-cost-mode=short /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254 add name=dhcp_pool1 ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp_pool1 interface=local lease-time=10m name=dhcp2 /ip smb users add name=cjones add name=chris /ip smb set enabled=yes /interface bridge port add bridge=local interface=ether2 internal-path-cost=10 path-cost=10 add bridge=local interface=ether3 internal-path-cost=10 path-cost=10 add bridge=local interface=ether4 internal-path-cost=10 path-cost=10 add bridge=local interface=ether5 internal-path-cost=10 path-cost=10 add bridge=local interface=ether6 internal-path-cost=10 path-cost=10 add bridge=local interface=ether7 internal-path-cost=10 path-cost=10 add bridge=local interface=ether8 internal-path-cost=10 path-cost=10 add bridge=local interface=ether1 internal-path-cost=10 path-cost=10 /ip firewall connection tracking set udp-timeout=10s /interface ovpn-server server add mac-address=FE:73:F4:5A:2B:60 name=ovpn-server1 /ip address add address=192.168.88.1/24 interface=local network=192.168.88.0 /ip dhcp-client add interface=sfp-sfpplus1 /ip dhcp-server lease add address=192.168.88.239 client-id=1:0:11:32:28:2:98 mac-address=\ 00:11:32:28:02:98 server=dhcp2 add address=192.168.88.47 client-id=1:48:a9:8a:c0:95:a mac-address=\ 48:A9:8A:C0:95:0A server=dhcp2 add address=192.168.88.232 client-id=1:dc:a6:32:67:1:16 mac-address=\ DC:A6:32:67:01:16 server=dhcp2 add address=192.168.88.231 client-id=1:a8:a1:59:ae:a0:3e mac-address=\ A8:A1:59:AE:A0:3E server=dhcp2 add address=192.168.88.15 client-id=1:dc:cd:2f:b:aa:b1 mac-address=\ DC:CD:2F:0B:AA:B1 server=dhcp2 add address=192.168.88.87 client-id=1:5c:f9:dd:e5:41:eb mac-address=\ 5C:F9:DD:E5:41:EB server=dhcp2 add address=192.168.88.26 client-id=1:c8:b2:9b:db:b0:23 mac-address=\ C8:B2:9B:DB:B0:23 server=dhcp2 add address=192.168.88.250 client-id=1:e0:2b:e9:cf:dc:d5 mac-address=\ E0:2B:E9:CF:DC:D5 server=dhcp2 add address=192.168.88.20 client-id=1:dc:21:5c:84:3a:a5 mac-address=\ DC:21:5C:84:3A:A5 server=dhcp2 add address=192.168.88.144 comment="Static IP for Clinitek engine" \ mac-address=3E:BE:90:50:0E:47 add address=192.168.88.138 client-id=\ ff:f8:ce:1b:a1:0:2:0:0:ab:11:6f:15:1:e4:34:20:3c:8c mac-address=\ A2:53:3A:64:F4:DE server=dhcp2 add address=192.168.88.25 client-id=1:bc:f8:7e:8f:32:ea mac-address=\ BC:F8:7E:8F:32:EA server=dhcp2 add address=192.168.88.40 client-id=\ ff:e4:96:b0:28:0:2:0:0:ab:11:a:d3:57:3f:cd:69:67:6c mac-address=\ DC:A6:32:67:01:17 server=dhcp2 /ip dhcp-server network add add address=192.168.88.0/24 dns-server=192.168.88.231,192.168.88.40 gateway=\ 192.168.88.1 wins-server=0.0.0.0 /ip dns set allow-remote-requests=yes servers=8.8.8.8 /ip firewall filter add action=accept chain=input comment="accept established,related" \ connection-state=established,related add action=drop chain=input connection-state=invalid add action=accept chain=input comment="allow ICMP" in-interface=sfp-sfpplus1 \ protocol=icmp add action=accept chain=input comment="allow Winbox" in-interface=\ sfp-sfpplus1 port=8291 protocol=tcp add action=accept chain=input comment="allow SSH" in-interface=sfp-sfpplus1 \ port=22 protocol=tcp add action=drop chain=input comment="block everything else" in-interface=\ sfp-sfpplus1 /ip firewall nat add action=masquerade chain=srcnat out-interface=sfp-sfpplus1 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=80 \ protocol=tcp to-addresses=192.168.88.231 to-ports=80 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8080 \ protocol=tcp to-addresses=192.168.88.231 to-ports=8080 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \ protocol=tcp to-addresses=192.168.88.231 to-ports=443 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8070 \ protocol=tcp to-addresses=192.168.88.231 to-ports=8070 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=52199 \ protocol=tcp to-addresses=192.168.88.231 to-ports=52199 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=3389 \ protocol=tcp to-addresses=192.168.88.250 to-ports=3389 add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \ protocol=tcp to-addresses=192.168.88.231 to-ports=443 /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip smb shares set [ find default=yes ] directory=/pub disabled=no add directory=demoshare name=demoshare /system clock set time-zone-name=America/New_York /system identity set name=RB5009