Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > export
- # mar/22/2018 18:51:42 by RouterOS 6.39.2
- # software id =
- #
- /interface list
- add name=LAN
- /interface list member
- add interface=ether3 list=LAN
- add interface=ether4 list=LAN
- /ip address
- add address=10.0.0.1/24 interface=ether2 network=10.0.0.0
- add address=192.168.3.1/24 interface=ether3 network=192.168.3.0
- add address=192.168.4.1/24 interface=ether4 network=192.168.4.0
- /ip dhcp-client
- add dhcp-options=hostname,clientid disabled=no interface=ether1
- /ip dns
- set allow-remote-requests=yes
- /ip firewall address-list
- add address=192.168.3.2 list=proxed
- add address=192.168.3.3 list=proxed
- add address=192.168.4.2-192.168.4.254 list=proxed
- /ip firewall filter
- add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
- add action=accept chain=forward disabled=yes dst-port=53 protocol=udp
- add action=drop chain=forward comment="Drop direct WEB access" connection-state=new in-interface-list=LAN log=yes out-interface=ether1
- /ip firewall mangle
- add action=route chain=prerouting dst-port=80 in-interface-list=LAN passthrough=yes protocol=tcp route-dst=10.0.0.5 src-address-list=proxed
- add action=route chain=prerouting dst-port=443 in-interface-list=LAN passthrough=yes protocol=tcp route-dst=10.0.0.5 src-address-list=proxed
- /ip firewall nat
- add action=masquerade chain=srcnat comment="Default rule" ipsec-policy=out,none out-interface=ether1
- add action=src-nat chain=srcnat comment="Hide wireless users" out-interface=ether2 src-address=192.168.4.0/24 to-addresses=192.168.4.1
- add action=redirect chain=dstnat comment="Redirect DNS" dst-port=53 in-interface-list=LAN protocol=udp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
