109 lines
4.9 KiB
Plaintext
109 lines
4.9 KiB
Plaintext
# 2026-03-10 22:40:31 by RouterOS 7.19.2
|
|
# software id = CIAZ-SUFT
|
|
#
|
|
# model = RB5009UG+S+
|
|
# serial number = HEE08K82CQV
|
|
/interface bridge
|
|
add name=local port-cost-mode=short
|
|
/interface wireless security-profiles
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
/ip pool
|
|
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
|
|
add name=dhcp_pool1 ranges=192.168.88.10-192.168.88.254
|
|
/ip dhcp-server
|
|
add address-pool=dhcp_pool1 interface=local lease-time=10m name=dhcp2
|
|
/ip smb users
|
|
add name=cjones
|
|
add name=chris
|
|
/ip smb
|
|
set enabled=yes
|
|
/interface bridge port
|
|
add bridge=local interface=ether2 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether3 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether4 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether5 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether6 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether7 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether8 internal-path-cost=10 path-cost=10
|
|
add bridge=local interface=ether1 internal-path-cost=10 path-cost=10
|
|
/ip firewall connection tracking
|
|
set udp-timeout=10s
|
|
/interface ovpn-server server
|
|
add mac-address=FE:73:F4:5A:2B:60 name=ovpn-server1
|
|
/ip address
|
|
add address=192.168.88.1/24 interface=local network=192.168.88.0
|
|
/ip dhcp-client
|
|
add interface=sfp-sfpplus1
|
|
/ip dhcp-server lease
|
|
add address=192.168.88.239 client-id=1:0:11:32:28:2:98 mac-address=\
|
|
00:11:32:28:02:98 server=dhcp2
|
|
add address=192.168.88.47 client-id=1:48:a9:8a:c0:95:a mac-address=\
|
|
48:A9:8A:C0:95:0A server=dhcp2
|
|
add address=192.168.88.232 client-id=1:dc:a6:32:67:1:16 mac-address=\
|
|
DC:A6:32:67:01:16 server=dhcp2
|
|
add address=192.168.88.231 client-id=1:a8:a1:59:ae:a0:3e mac-address=\
|
|
A8:A1:59:AE:A0:3E server=dhcp2
|
|
add address=192.168.88.15 client-id=1:dc:cd:2f:b:aa:b1 mac-address=\
|
|
DC:CD:2F:0B:AA:B1 server=dhcp2
|
|
add address=192.168.88.87 client-id=1:5c:f9:dd:e5:41:eb mac-address=\
|
|
5C:F9:DD:E5:41:EB server=dhcp2
|
|
add address=192.168.88.26 client-id=1:c8:b2:9b:db:b0:23 mac-address=\
|
|
C8:B2:9B:DB:B0:23 server=dhcp2
|
|
add address=192.168.88.250 client-id=1:e0:2b:e9:cf:dc:d5 mac-address=\
|
|
E0:2B:E9:CF:DC:D5 server=dhcp2
|
|
add address=192.168.88.20 client-id=1:dc:21:5c:84:3a:a5 mac-address=\
|
|
DC:21:5C:84:3A:A5 server=dhcp2
|
|
add address=192.168.88.144 comment="Static IP for Clinitek engine" \
|
|
mac-address=3E:BE:90:50:0E:47
|
|
add address=192.168.88.138 client-id=\
|
|
ff:f8:ce:1b:a1:0:2:0:0:ab:11:6f:15:1:e4:34:20:3c:8c mac-address=\
|
|
A2:53:3A:64:F4:DE server=dhcp2
|
|
add address=192.168.88.25 client-id=1:bc:f8:7e:8f:32:ea mac-address=\
|
|
BC:F8:7E:8F:32:EA server=dhcp2
|
|
add address=192.168.88.40 client-id=\
|
|
ff:e4:96:b0:28:0:2:0:0:ab:11:a:d3:57:3f:cd:69:67:6c mac-address=\
|
|
DC:A6:32:67:01:17 server=dhcp2
|
|
/ip dhcp-server network
|
|
add
|
|
add address=192.168.88.0/24 dns-server=192.168.88.231,192.168.88.40 gateway=\
|
|
192.168.88.1 wins-server=0.0.0.0
|
|
/ip dns
|
|
set allow-remote-requests=yes servers=8.8.8.8
|
|
/ip firewall filter
|
|
add action=accept chain=input comment="accept established,related" \
|
|
connection-state=established,related
|
|
add action=drop chain=input connection-state=invalid
|
|
add action=accept chain=input comment="allow ICMP" in-interface=sfp-sfpplus1 \
|
|
protocol=icmp
|
|
add action=accept chain=input comment="allow Winbox" in-interface=\
|
|
sfp-sfpplus1 port=8291 protocol=tcp
|
|
add action=accept chain=input comment="allow SSH" in-interface=sfp-sfpplus1 \
|
|
port=22 protocol=tcp
|
|
add action=drop chain=input comment="block everything else" in-interface=\
|
|
sfp-sfpplus1
|
|
/ip firewall nat
|
|
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=80 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=80
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8080 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=8080
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=443
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=8070 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=8070
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=52199 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=52199
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=3389 \
|
|
protocol=tcp to-addresses=192.168.88.250 to-ports=3389
|
|
add action=dst-nat chain=dstnat dst-address=173.48.126.187 dst-port=443 \
|
|
protocol=tcp to-addresses=192.168.88.231 to-ports=443
|
|
/ip ipsec profile
|
|
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
|
|
/ip smb shares
|
|
set [ find default=yes ] directory=/pub disabled=no
|
|
add directory=demoshare name=demoshare
|
|
/system clock
|
|
set time-zone-name=America/New_York
|
|
/system identity
|
|
set name=RB5009
|