/interface bridge
add name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing table
add disabled=no name=to_ether1
add disabled=no name=to_ether2
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
add bridge=bridge1 interface=ether14
add bridge=bridge1 interface=ether15
add bridge=bridge1 interface=ether16
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus2
/ip address
add address=192.168.10.1/24 interface=bridge1 network=192.168.10.0
add address=192.168.1.254/24 interface=ether1 network=192.168.1.0
add address=192.168.0.254/24 interface=ether2 network=192.168.0.0
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \
servers=8.8.8.8
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 \
new-connection-mark=ether1_conn
add action=mark-connection chain=input in-interface=ether2 \
new-connection-mark=ether2_conn
add action=mark-routing chain=output connection-mark=ether1_conn passthrough=\
yes
add action=mark-routing chain=output connection-mark=ether2_conn passthrough=\
yes
add action=accept chain=prerouting dst-address=192.168.40.0/24 in-interface=\
bridge1
add action=accept chain=prerouting dst-address=10.4.1.0/24 in-interface=\
bridge1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge1 new-connection-mark=ether1_conn
passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge1 new-connection-mark=ether2_conn
passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ether1_conn \
in-interface=bridge1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
in-interface=bridge1 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.40.1 \
routing-table=to_ether1 suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=10.4.1.1 \
routing-table=to_ether2 suppress-hw-offload=no
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=192.168.40.1
add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=10.4.1.1
0 comments:
Post a Comment