Here is my config:
Code:Select all
# 3月/ 17/2023 12:47:13 Roul雷竞技terOS 6.49.6 # software id = W0T5-PBGI # # model = RouterBOARD 750 r2 # serial number = 67D306B9A00A /interface bridge add admin-mac=6C:3B:6B:C6:43:18 auto-mac=no comment=defconf name=bridge /interface pppoe-client /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp ranges=192.168.0.10-192.168.3.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN add interface=pppoe-out1 list=WAN /ip address add address=192.168.0.1/22 comment=defconf interface=bridge network=\ 192.168.0.0 /ip cloud set ddns-enabled=yes /ip dhcp-client add comment=defconf interface=ether1 /ip dhcp-server lease /ip dhcp-server network add address=192.168.0.0/22 comment=defconf dns-server=192.168.0.5,192.168.0.3 \ gateway=192.168.0.1 netmask=22 /ip dns set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220 /ip dns static add address=192.168.0.1 comment=defconf name=router.lan /ip firewall address-list /ip firewall filter add action=drop chain=input comment="Block IP cameras from WAN access" \ src-address=192.168.1.121 add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\ 192.168.0.0/22 out-interface=bridge src-address=192.168.0.0/22 add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=dst-nat chain=dstnat comment="openvpn port forward" \ dst-address-list=WAN-IP dst-port=19847 protocol=udp to-addresses=\ 192.168.0.161 to-ports=19847 /ip route add disabled=yes distance=1 gateway=192.168.10.1 add check-gateway=ping distance=1 dst-address=192.168.229.0/24 gateway=\ 192.168.0.161 pref-src=192.168.0.161 /system clock set time-zone-name=America/Toronto /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
