MikroTik

Posted: **Wed Apr 03, 2019 1:28 am**

Need to configure a mikrotik to reflect the following:

What is needed is one port as a WAN uplink thru which one can assign a static public to the Mikrotik, and a second port that is also "connected" to the circuit to which will connect to a switch to be used to connect devices that will use a static public IP address. The other ports are all LAN ports with private DHCP assignments.

Is there anything I can look at to accomplish this or is there a simple configuration that can get me by for the time being?

Posted: **Wed Apr 03, 2019 8:51 am**

Do you forsee use of firewall on CCR to defend other devices with public IPs?

Posted: **Wed Apr 03, 2019 2:48 pm**

Currently, yes.

Posted: **Wed Apr 03, 2019 7:06 pm**

This is my current configuration.

# apr/03/2019 11:49:21 by RouterOS 6.44.1
# software id = IF8Y-2BLH
#
# model = CCR1036-8G-2S+
# serial number = 6AAE05716373
/interface bridge
add name=bridge1
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.89.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=1d10m name=\
    dhcp1
add address-pool=dhcp disabled=no name=dhcp2
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add disabled=yes interface=sfp-sfpplus1
add bridge=bridge1 interface=ether1
/interface list member
add interface=sfp-sfpplus1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=bridge1 list=LAN
add list=LAN
/ip address
add address=192.168.88.1/23 comment=defconf interface=bridge1 network=\
    192.168.88.0
add address=192.168.88.1/23 interface=ether1 network=192.168.88.0
add address=74.218.160.34/27 interface=sfp-sfpplus1 network=74.218.160.32
/ip dhcp-client
add dhcp-options=hostname,clientid interface=sfp-sfpplus1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
add address=192.168.88.0/23 gateway=192.168.88.1 netmask=23
/ip dns
set servers=4.2.2.4,8.8.4.4,24.25.5.61
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp \
    src-address-list=allow_list
add action=accept chain=input src-address-list=allow_list
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway=74.218.160.32
/system clock
set time-zone-name=America/New_York
/system identity
set name="MikroTik Lab"

MikroTik

CCR MikroTik Bridge Configuration Question

CCR MikroTik Bridge Configuration Question [SOLVED]

Re: CCR MikroTik Bridge Configuration Question

Re: CCR MikroTik Bridge Configuration Question

Re: CCR MikroTik Bridge Configuration Question