Hope its not too must script to go through:
# jun/26/2015 18:14:09 by RouterOS 6.29.1
# software id = K9L3-THMQ
#
/interface bridge
add arp=proxy-arp name=LAN/BRIDGE
/interface ethernet
set [ find default-name=ether2 ] name=LAN/ETH2
set [ find default-name=ether3 ] arp=proxy-arp master-port=LAN/ETH2 name=\
LAN/ETH3
set [ find default-name=ether4 ] arp=proxy-arp master-port=LAN/ETH2 name=\
LAN/ETH4
set [ find default-name=ether5 ] arp=proxy-arp master-port=LAN/ETH2 name=\
LAN/ETH5
set [ find default-name=ether6 ] name=LAN/ETH6
set [ find default-name=ether7 ] arp=proxy-arp master-port=LAN/ETH6 name=\
LAN/ETH7
set [ find default-name=ether8 ] arp=proxy-arp master-port=LAN/ETH6 name=\
LAN/ETH8
set [ find default-name=ether9 ] arp=proxy-arp master-port=LAN/ETH6 name=\
LAN/ETH9
set [ find default-name=ether10 ] arp=proxy-arp master-port=LAN/ETH6 name=\
LAN/ETH10
set [ find default-name=sfp1 ] name=NONE/SFP
set [ find default-name=ether1 ] name=WAN/ETH1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm mode=dynamic-keys name=WIFI/SECURITY supplicant-identity="" \
unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above country=bulgaria disabled=no frequency=auto l2mtu=2290 \
mode=ap-bridge name=WIFI/WLAN security-profile=WIFI/SECURITY ssid=\
Brolin-WIFI wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.168.30-192.168.168.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN/BRIDGE name=DHCP/SERVER
/port
set 0 name=serial0
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption
/interface bridge port
add bridge=LAN/BRIDGE interface=LAN/ETH2
add bridge=LAN/BRIDGE interface=LAN/ETH6
add bridge=LAN/BRIDGE interface=WIFI/WLAN
/ip address
add address=192.168.168.1/24 comment=LAN interface=LAN/BRIDGE network=\
192.168.168.0
add address=96.86.191.125/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.124/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.116/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.119/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.121/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.122/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.123/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.120/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.115/28 comment="One-To-One NETMAP" interface=WAN/ETH1 \
network=96.86.191.112
add address=96.86.191.114/28 comment="DHCP Preffered" interface=WAN/ETH1 \
network=96.86.191.112
add address=96.86.191.117/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.118/28 interface=WAN/ETH1 network=96.86.191.112
add address=96.86.191.126/28 interface=WAN/ETH1 network=96.86.191.112
/ip dhcp-server network
add address=192.168.168.0/24 dns-server=95.87.194.4,95.87.255.194 gateway=\
192.168.168.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=95.87.194.4,95.87.255.194
/ip firewall filter
add action=drop chain=input comment="Disallow weird packets" \
connection-state=invalid
add chain=input comment="Allow LAN access to the router itself" \
connection-state=new in-interface=LAN/BRIDGE
add chain=input comment=" ^^ that originated from LAN" connection-state=\
established
add chain=input comment=" ^^ that originated from LAN" connection-state=\
related
add chain=input comment="Allow ping ICMP from anywhere" protocol=icmp
add chain=input comment="Allow Winbox" dst-address=96.86.191.114 dst-port=\
8291 in-interface=WAN/ETH1 protocol=tcp
add chain=input comment="Allow Ports to WEBSERVER" dst-address=96.86.191.115 \
dst-port=80,443,3389 in-interface=WAN/ETH1 protocol=tcp
add chain=input comment="Allow Ports to DEVSERVER" dst-address=96.86.191.120 \
dst-port=3306,3389,8443 in-interface=WAN/ETH1 protocol=tcp
add chain=input comment="Allow Ports to SVETLOZAR-PC" dst-address=\
96.86.191.118 dst-port=80,443,3389,8080,8443 in-interface=WAN/ETH1 \
protocol=tcp
add chain=input comment="Allow Ports to CHORO-LP" dst-address=96.86.191.123 \
dst-port=80,443,3389 in-interface=WAN/ETH1 protocol=tcp
add action=drop chain=input comment=\
"Disallow anything from anywhere on any interface"
add action=drop chain=forward comment="Disallow weird packets" \
connection-state=invalid disabled=yes
add chain=forward comment="Allow LAN access to move through the router" \
connection-state=new disabled=yes in-interface=LAN/BRIDGE
add chain=forward comment=" ^^ that originated from LAN" connection-state=\
established disabled=yes
add chain=forward comment=" ^^ that originated from LAN" connection-state=\
related disabled=yes
add action=drop chain=forward comment=\
"Disallow anything from anywhere on any interface" disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="One-To-One NETMAP" dst-address=\
96.86.191.115 dst-port=80,443,3389 in-interface=WAN/ETH1 protocol=tcp \
to-addresses=192.168.168.15
add action=dst-nat chain=dstnat dst-address=96.86.191.116 in-interface=\
WAN/ETH1 to-addresses=192.168.168.16
add action=dst-nat chain=dstnat dst-address=96.86.191.117 in-interface=\
WAN/ETH1 to-addresses=192.168.168.17
add action=dst-nat chain=dstnat dst-address=96.86.191.118 dst-port=\
80,443,3389,8080,8443 in-interface=WAN/ETH1 protocol=tcp to-addresses=\
192.168.168.18
add action=dst-nat chain=dstnat dst-address=96.86.191.119 in-interface=\
WAN/ETH1 to-addresses=192.168.168.19
add action=dst-nat chain=dstnat dst-address=96.86.191.120 dst-port=\
3306,3389,8443 in-interface=WAN/ETH1 protocol=tcp to-addresses=\
192.168.168.20
add action=dst-nat chain=dstnat dst-address=96.86.191.121 in-interface=\
WAN/ETH1 to-addresses=192.168.168.21
add action=dst-nat chain=dstnat dst-address=96.86.191.122 in-interface=\
WAN/ETH1 to-addresses=192.168.168.22
add action=dst-nat chain=dstnat dst-address=96.86.191.123 dst-port=\
80,443,3389 in-interface=WAN/ETH1 protocol=tcp to-addresses=\
192.168.168.23
add action=dst-nat chain=dstnat dst-address=96.86.191.124 in-interface=\
WAN/ETH1 to-addresses=192.168.168.24
add action=dst-nat chain=dstnat dst-address=96.86.191.125 in-interface=\
WAN/ETH1 to-addresses=192.168.168.25
add action=dst-nat chain=dstnat dst-address=96.86.191.126 in-interface=\
WAN/ETH1 to-addresses=192.168.168.26
add action=src-nat chain=srcnat src-address=192.168.168.15 to-addresses=\
96.86.191.115
add action=src-nat chain=srcnat src-address=192.168.168.16 to-addresses=\
96.86.191.116
add action=src-nat chain=srcnat src-address=192.168.168.17 to-addresses=\
96.86.191.117
add action=src-nat chain=srcnat src-address=192.168.168.18 to-addresses=\
96.86.191.118
add action=src-nat chain=srcnat src-address=192.168.168.19 to-addresses=\
96.86.191.119
add action=src-nat chain=srcnat src-address=192.168.168.20 to-addresses=\
96.86.191.120
add action=src-nat chain=srcnat src-address=192.168.168.21 to-addresses=\
96.86.191.121
add action=src-nat chain=srcnat src-address=192.168.168.22 to-addresses=\
96.86.191.122
add action=src-nat chain=srcnat src-address=192.168.168.23 to-addresses=\
96.86.191.123
add action=src-nat chain=srcnat src-address=192.168.168.24 to-addresses=\
96.86.191.124
add action=src-nat chain=srcnat src-address=192.168.168.25 to-addresses=\
96.86.191.125
add action=src-nat chain=srcnat src-address=192.168.168.26 to-addresses=\
96.86.191.126
add action=masquerade chain=srcnat comment="Default Masquerade Rule for LAN" \
out-interface=WAN/ETH1 src-address=192.168.168.2-192.168.168.255
add action=dst-nat chain=dstnat comment="Redirect Ports to WEBSERVER" \
dst-address=96.86.191.115 dst-address-type=local dst-port=80,443,3389 \
protocol=tcp to-addresses=192.168.168.15
add action=dst-nat chain=dstnat comment="Redirect Ports to DEVSERVER" \
dst-address=96.86.191.120 dst-address-type=local dst-port=3306,3389,8443 \
protocol=tcp to-addresses=192.168.168.20
add action=dst-nat chain=dstnat comment="Redirect Ports to SVETLOZAR-PC" \
dst-address=96.86.191.118 dst-address-type=local dst-port=\
80,443,3389,8080,8443 protocol=tcp to-addresses=192.168.168.18
add action=dst-nat chain=dstnat comment="Redirect Ports to CHORO-LP" \
dst-address=96.86.191.123 dst-address-type=local dst-port=80,443,3389 \
protocol=tcp to-addresses=192.168.168.23
add action=masquerade chain=srcnat comment=\
"Masquerade Traffic going to WAN IP of mikrotik from local LAN users" \
dst-port=80,443,3306,3389,8080,8443 out-interface=LAN/BRIDGE protocol=tcp \
src-address=192.168.168.0/24
/ip route
add distance=1 gateway=96.86.191.113
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set enabled=no
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=Brolin-FW
/tool romon port
add disabled=no