[root@MikroTik] > export
# aug/18/2017 14:08:13 by RouterOS 6.35.2
# software id = RYX8-AHQJ
#
/interface bridge
add arp=proxy-arp name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/ip pool
add name=dhcp_pool1 ranges=192.168.123.110-192.168.123.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/ppp profile
add bridge=bridge1 change-tcp-mss=yes local-address=192.168.123.1 name=main \
remote-address=dhcp_pool1 use-upnp=yes
/interface bridge port
add bridge=bridge1 interface=ether2
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=main
/interface pppoe-server server
add authentication=mschap1,mschap2 default-profile=main interface=ether1 \
one-session-per-host=yes service-name=service1
/interface pptp-server server
set default-profile=main enabled=yes
/ip address
add address=192.168.123.254/24 interface=bridge1 network=192.168.123.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server lease
add address=192.168.123.122 client-id=1:50:46:5d:a:47:77 mac-address=\
50:46:5D:0A:47:77 server=dhcp1
add address=192.168.123.112 mac-address=00:10:18:55:44:4B server=dhcp1
add address=192.168.123.125 client-id=1:0:24:1d:c8:64:8d mac-address=\
00:24:1D:C8:64:8D server=dhcp1
add address=192.168.123.120 client-id=1:20:cf:30:e8:b:a0 mac-address=\
20:CF:30:E8:0B:A0 server=dhcp1
add address=192.168.123.115 client-id=1:0:17:31:6c:5b:cc mac-address=\
00:17:31:6C:5B:CC server=dhcp1
add address=192.168.123.110 client-id=1:0:13:d4:8c:da:d2 mac-address=\
00:13:D4:8C:DA:D2 server=dhcp1
add address=192.168.123.113 always-broadcast=yes client-id=1:14:da:e9:9c:39:45 \
mac-address=14:DA:E9:9C:39:45 server=dhcp1
add address=192.168.123.111 always-broadcast=yes client-id=1:54:a0:50:7a:35:d7 \
mac-address=54:A0:50:7A:35:D7 server=dhcp1
add address=192.168.123.129 client-id=1:f4:6d:4:99:5:a5 mac-address=\
F4:6D:04:99:05:A5 server=dhcp1
add address=192.168.123.132 always-broadcast=yes client-id=1:0:30:5:e9:cf:65 \
mac-address=00:30:05:E9:CF:65 server=dhcp1
add address=192.168.123.118 client-id=1:0:30:5:b8:43:49 mac-address=\
00:30:05:B8:43:49 server=dhcp1
add address=192.168.123.126 client-id=1:0:1e:90:14:b:6f mac-address=\
00:1E:90:14:0B:6F server=dhcp1
add address=192.168.123.116 client-id=1:0:1e:90:14:5:d1 mac-address=\
00:1E:90:14:05:D1 server=dhcp1
add address=192.168.123.127 client-id=1:1c:6f:65:5e:3e:1a mac-address=\
1C:6F:65:5E:3E:1A server=dhcp1
add address=192.168.123.117 always-broadcast=yes client-id=1:8:60:6e:6d:6c:4 \
mac-address=08:60:6E:6D:6C:04 server=dhcp1
add address=192.168.123.128 client-id=1:0:30:5:e3:9b:ef mac-address=\
00:30:05:E3:9B:EF server=dhcp1
add address=192.168.123.151 always-broadcast=yes client-id=1:14:da:e9:9c:35:d4 \
mac-address=14:DA:E9:9C:35:D4 server=dhcp1
add address=192.168.123.121 client-id=1:0:30:5:e9:ca:7c mac-address=\
00:30:05:E9:CA:7C server=dhcp1
add address=192.168.123.124 client-id=1:d0:50:99:40:53:cd mac-address=\
D0:50:99:40:53:CD server=dhcp1
add address=192.168.123.152 client-id=1:1c:6f:65:96:a3:e1 mac-address=\
1C:6F:65:96:A3:E1 server=dhcp1
/ip dhcp-server network
add address=192.168.123.0/24 dns-server=192.168.123.1,172.16.1.3 gateway=\
192.168.123.254
/ip firewall filter
add chain=forward comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\F0\EE\F5\EE\E4\FF\F9\
\E8\E9 \F2\F0\E0\F4\F4\E8\EA"
add chain=input comment=\
"\D0\E0\E7\F0\E5\F8\E8\F2\FC \EE\F2\EA\EB\E8\EA \ED\E0 \EF\E8\ED\E3" \
protocol=icmp
add chain=input comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \E4\EE\F1\F2\F3\EF \E8\E7 \
\EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8" in-interface=bridge1
add chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment=\
"\CE\F2\EA\F0\FB\E2\E0\E5\EC \EF\EE\F0\F2\FB \E4\EB\FF PPTP VPN" \
in-interface=ether1 protocol=tcp src-address=*.*.*.* src-port=445
add chain=forward protocol=tcp src-port=445
add action=drop chain=input comment="\C1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E4\EE\F1\
\F2\F3\EF \EA \F0\EE\F3\F2\E5\F0\F3 \E8\E7 \E2\ED\E5\F8\ED\E5\E9 \F1\E5\F2\
\E8" in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat
add action=netmap chain=dstnat comment=\
"\CF\F0\EE\E1\F0\EE\F1 RDP \ED\E0 \F1\E5\F0\E2\E5\F0" dst-port=33389 \
in-interface=ether1 protocol=tcp to-addresses=192.168.123.1 to-ports=3389
add action=netmap chain=dstnat comment=\
"\CF\F0\EE\E1\F0\EE\F1 SMB \ED\E0 \F1\E5\F0\E2\E5\F0" dst-port=445 \
in-interface=ether1 protocol=tcp src-address=*.*.*.* to-addresses=\
192.168.123.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp aaa
set use-radius=yes
/ppp secret
add name=test password=test profile=main service=pptp
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set protected-routerboot=disabled
# aug/18/2017 14:08:13 by RouterOS 6.35.2
# software id = RYX8-AHQJ
#
/interface bridge
add arp=proxy-arp name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/ip pool
add name=dhcp_pool1 ranges=192.168.123.110-192.168.123.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/ppp profile
add bridge=bridge1 change-tcp-mss=yes local-address=192.168.123.1 name=main \
remote-address=dhcp_pool1 use-upnp=yes
/interface bridge port
add bridge=bridge1 interface=ether2
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=main
/interface pppoe-server server
add authentication=mschap1,mschap2 default-profile=main interface=ether1 \
one-session-per-host=yes service-name=service1
/interface pptp-server server
set default-profile=main enabled=yes
/ip address
add address=192.168.123.254/24 interface=bridge1 network=192.168.123.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server lease
add address=192.168.123.122 client-id=1:50:46:5d:a:47:77 mac-address=\
50:46:5D:0A:47:77 server=dhcp1
add address=192.168.123.112 mac-address=00:10:18:55:44:4B server=dhcp1
add address=192.168.123.125 client-id=1:0:24:1d:c8:64:8d mac-address=\
00:24:1D:C8:64:8D server=dhcp1
add address=192.168.123.120 client-id=1:20:cf:30:e8:b:a0 mac-address=\
20:CF:30:E8:0B:A0 server=dhcp1
add address=192.168.123.115 client-id=1:0:17:31:6c:5b:cc mac-address=\
00:17:31:6C:5B:CC server=dhcp1
add address=192.168.123.110 client-id=1:0:13:d4:8c:da:d2 mac-address=\
00:13:D4:8C:DA:D2 server=dhcp1
add address=192.168.123.113 always-broadcast=yes client-id=1:14:da:e9:9c:39:45 \
mac-address=14:DA:E9:9C:39:45 server=dhcp1
add address=192.168.123.111 always-broadcast=yes client-id=1:54:a0:50:7a:35:d7 \
mac-address=54:A0:50:7A:35:D7 server=dhcp1
add address=192.168.123.129 client-id=1:f4:6d:4:99:5:a5 mac-address=\
F4:6D:04:99:05:A5 server=dhcp1
add address=192.168.123.132 always-broadcast=yes client-id=1:0:30:5:e9:cf:65 \
mac-address=00:30:05:E9:CF:65 server=dhcp1
add address=192.168.123.118 client-id=1:0:30:5:b8:43:49 mac-address=\
00:30:05:B8:43:49 server=dhcp1
add address=192.168.123.126 client-id=1:0:1e:90:14:b:6f mac-address=\
00:1E:90:14:0B:6F server=dhcp1
add address=192.168.123.116 client-id=1:0:1e:90:14:5:d1 mac-address=\
00:1E:90:14:05:D1 server=dhcp1
add address=192.168.123.127 client-id=1:1c:6f:65:5e:3e:1a mac-address=\
1C:6F:65:5E:3E:1A server=dhcp1
add address=192.168.123.117 always-broadcast=yes client-id=1:8:60:6e:6d:6c:4 \
mac-address=08:60:6E:6D:6C:04 server=dhcp1
add address=192.168.123.128 client-id=1:0:30:5:e3:9b:ef mac-address=\
00:30:05:E3:9B:EF server=dhcp1
add address=192.168.123.151 always-broadcast=yes client-id=1:14:da:e9:9c:35:d4 \
mac-address=14:DA:E9:9C:35:D4 server=dhcp1
add address=192.168.123.121 client-id=1:0:30:5:e9:ca:7c mac-address=\
00:30:05:E9:CA:7C server=dhcp1
add address=192.168.123.124 client-id=1:d0:50:99:40:53:cd mac-address=\
D0:50:99:40:53:CD server=dhcp1
add address=192.168.123.152 client-id=1:1c:6f:65:96:a3:e1 mac-address=\
1C:6F:65:96:A3:E1 server=dhcp1
/ip dhcp-server network
add address=192.168.123.0/24 dns-server=192.168.123.1,172.16.1.3 gateway=\
192.168.123.254
/ip firewall filter
add chain=forward comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\F0\EE\F5\EE\E4\FF\F9\
\E8\E9 \F2\F0\E0\F4\F4\E8\EA"
add chain=input comment=\
"\D0\E0\E7\F0\E5\F8\E8\F2\FC \EE\F2\EA\EB\E8\EA \ED\E0 \EF\E8\ED\E3" \
protocol=icmp
add chain=input comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \E4\EE\F1\F2\F3\EF \E8\E7 \
\EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8" in-interface=bridge1
add chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment=\
"\CE\F2\EA\F0\FB\E2\E0\E5\EC \EF\EE\F0\F2\FB \E4\EB\FF PPTP VPN" \
in-interface=ether1 protocol=tcp src-address=*.*.*.* src-port=445
add chain=forward protocol=tcp src-port=445
add action=drop chain=input comment="\C1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E4\EE\F1\
\F2\F3\EF \EA \F0\EE\F3\F2\E5\F0\F3 \E8\E7 \E2\ED\E5\F8\ED\E5\E9 \F1\E5\F2\
\E8" in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat
add action=netmap chain=dstnat comment=\
"\CF\F0\EE\E1\F0\EE\F1 RDP \ED\E0 \F1\E5\F0\E2\E5\F0" dst-port=33389 \
in-interface=ether1 protocol=tcp to-addresses=192.168.123.1 to-ports=3389
add action=netmap chain=dstnat comment=\
"\CF\F0\EE\E1\F0\EE\F1 SMB \ED\E0 \F1\E5\F0\E2\E5\F0" dst-port=445 \
in-interface=ether1 protocol=tcp src-address=*.*.*.* to-addresses=\
192.168.123.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp aaa
set use-radius=yes
/ppp secret
add name=test password=test profile=main service=pptp
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set protected-routerboot=disabled