[admin@MikroTik] > /export compact
# mar/01/2021 19:57:15 by RouterOS 6.48.1
# software id = Y37I-VGRS
#
# model = RB952Ui-5ac2nD
# serial number = BEE40BEFB90E
/interface bridge
add admin-mac=C4:AD:34:A1:2D:C8 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-onlyn channel-width=20/40mhz-eC country=ukraine disabled=no distance=indoors \
frequency=2437 frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid="\F0\9F\8C\BD KARAMBA" station-roaming=\
enabled wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=ukraine disabled=no distance=\
indoors frequency=5260 frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid="\F0\9F\8C\BD KARAMBA-5G" \
wireless-protocol=802.11 wmm-support=enabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" group-key-update=1d mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=
add name=profile supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
add name=ftp_user policy=\
ftp,read,write,!local,!telnet,!ssh,!reboot,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp
add name=ftp_anonim policy=\
ftp,read,!local,!telnet,!ssh,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes ipsec-secret= use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/interface wireless access-list
add comment=MIBOX interface=wlan2 mac-address=3C:BD:3E:74:23:11
add comment="Xiaomi redmi 5plus" interface=wlan2 mac-address=00:0A:F5:5F:72:5C
add comment=Samsung interface=wlan1 mac-address=2C:AE:2B:70:9A:DB
add comment="POCO X3" interface=wlan2 mac-address=34:1C:F0:3C:98:A4
add comment=dell-laptop interface=wlan1 mac-address=C0:18:85:BF:B7:0F
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=94.140.14.14,94.140.15.15,2a10:50c0::ad1:ff,2a10:50c0::ad2:ff
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="Dostup wibox wan" dst-port=8291 protocol=tcp
add action=accept chain=input comment="dostup k routeru po wan" disabled=yes dst-port=80 protocol=tcp
add action=accept chain=input comment="wan to ftp" disabled=yes dst-port=21 in-interface=all-ethernet protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface-list=WAN
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=dst-nat chain=dstnat comment="add dnsconf" dst-port=53 protocol=tcp to-addresses=192.168.88.1 to-ports=53
add action=dst-nat chain=dstnat comment=adddnsconf dst-port=53 protocol=udp to-addresses=192.168.88.1 to-ports=53
add action=dst-nat chain=dstnat comment="MineCraft Server " dst-port=25565 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.88.251 to-ports=25565
add action=dst-nat chain=dstnat comment=WEB-Server disabled=yes dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.88.251 to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ip smb
set domain=WORKGROUP
/ip smb shares
set [ find default=yes ] disabled=yes
add comment=flashka directory=/DATA/ name=DATA
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 address
add address=::c6ad:34ff:fea1:2dc8 comment="my add" eui-64=yes from-pool=ipv6-pool interface=bridge
/ipv6 dhcp-client
add add-default-route=yes comment="my add" interface=ether1 pool-name=ipv6-pool request=address,prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input connection-state=established,related in-interface=ether1
add action=accept chain=forward connection-state=established,related in-interface=ether1 out-interface=bridge
add action=accept chain=input protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=input dst-port=546 in-interface=ether1 protocol=udp
add action=accept chain=forward in-interface=bridge out-interface=ether1
add action=drop chain=input connection-state=invalid
add action=drop chain=input
add action=drop chain=forward
/ppp secret
add name=vpn password=
profile=default-encryption
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system leds
set 0 interface=ether1
set 1 interface=ether2
set 2 interface=ether3
set 3 interface=ether4
set 4 interface=ether5
/system ntp client
set enabled=yes server-dns-names=time.cloudflare.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >
