Код: Выделить всё
# feb/20/2019 22:42:53 by RouterOS 6.42.12
# software id = JP6D-HYDU
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 90600876A924
/interface bridge
add name=br1-lan
/interface ethernet
set [ find default-name=ether1 ] name=eth1-wan
set [ find default-name=ether2 ] name=eth2-lan
set [ find default-name=ether3 ] name=eth3-lan
set [ find default-name=ether4 ] name=eth4-lan
set [ find default-name=ether5 ] name=eth5-lan
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=wpa2-protect \
supplicant-identity="" wpa-pre-shared-key=wifi4gar wpa2-pre-shared-key=\
wifi4gar
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp-pc ranges=192.168.10.100-192.168.10.200
/ip dhcp-server
add address-pool=dhcp-pc authoritative=after-2sec-delay disabled=no \
interface=br1-lan lease-time=8h name=dhcp-pc
/interface bridge port
add bridge=br1-lan interface=eth2-lan
add bridge=br1-lan interface=eth3-lan
add bridge=br1-lan interface=eth4-lan
add bridge=br1-lan interface=eth5-lan
add bridge=br1-lan interface=wlan1
add bridge=br1-lan interface=wlan2
/ip address
add address=192.168.10.1/24 interface=br1-lan network=192.168.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1-wan
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 \
netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.10.1 name=MikroTik
/ip firewall filter
add chain=input protocol=icmp
add chain=input connection-state=new dst-port=80,8291,22 in-interface=br1-lan \
protocol=tcp src-address=192.168.10.0/24
add chain=input connection-mark=allow_in connection-state=new dst-port=80 \
in-interface=eth1-wan protocol=tcp
add chain=input connection-state=new dst-port=53,123 protocol=udp \
src-address=192.168.10.0/24
add chain=input connection-state=established,related
add chain=output connection-state=!invalid
add chain=forward connection-state=established,new in-interface=br1-lan \
out-interface=eth1-wan src-address=192.168.10.0/24
add chain=forward connection-state=established,related in-interface=eth1-wan \
out-interface=br1-lan
add action=drop chain=input
add action=drop chain=output
add action=drop chain=forward
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=\
9999 new-connection-mark=allow_in protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=eth1-wan src-address=\
192.168.10.0/24
add action=redirect chain=dstnat dst-port=9999 protocol=tcp to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp interfaces
add interface=eth1-wan type=external
add interface=br1-lan type=internal
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=48.8.40.31 secondary-ntp=91.206.16.4
P.S.
Отредактировал сообщение, выделил конфиг тегами.
Vlad-2