/interface bridge add name=LAN add name=TV add name=VOD /interface ethernet set [ find default-name=ether1 ] comment="Internet ETH1 - Orange" name=ORANGE set [ find default-name=ether2 ] comment="Internet ETH2 - UPC" name=UPC set [ find default-name=ether3 ] comment="Interface TV Orange" name=ether3-tv set [ find default-name=ether4 ] comment="Interface WAN#3" set [ find default-name=ether5 ] comment="Interface LAN" /interface wireless set [ find default-name=wlan1 ] ssid=MikroTik set [ find default-name=wlan2 ] ssid=MikroTik /interface vlan add interface=ORANGE mtu=1492 name=vlan-orange vlan-id=35 add interface=ORANGE name=vlan-tv vlan-id=839 add interface=ORANGE name=vlan-vod vlan-id=838 /interface pppoe-client add add-default-route=yes comment="Interface Diall Out PPPOE" disabled=no \ interface=vlan-orange keepalive-timeout=disabled name=pppoe-orange \ password=xxxx use-peer-dns=yes user=\ bez_ochrony-xxxxx /interface list add name=**** add name=internet /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip dhcp-client option add code=60 name=vendor-class-identifier value="'sagemcom'" add code=61 name=dhcp-client-identifier value=0x01xxxxxxxx add code=77 name=user-class value="0x2646535644534c5f66756e626f78322e4d4c54562e7\ 36f66746174686f6d652e46756e626f7832" /ip pool add name=pool-net ranges=192.168.1.10-192.168.1.199 add name=pool-**** ranges=192.168.2.10-192.168.2.20 /ip dhcp-server add address-pool=pool-net disabled=no interface=LAN lease-time=3d name=dhcp-net add address-pool=pool-**** disabled=no interface=ether3-tv lease-time=3d name=\ dhcp-**** /queue tree add name=out-queue parent=ORANGE queue=default add name=in-queue parent=ether3-tv queue=default add name=in-queue-**** packet-mark=**** parent=in-queue queue=default add name=out-queue-**** packet-mark=**** parent=out-queue queue=default /interface bridge filter add action=mark-packet chain=input comment="Mark packets ****" in-interface=\ vlan-vod new-packet-mark=**** add action=mark-packet chain=input in-interface=vlan-tv new-packet-mark=**** add action=set-priority chain=output comment="Set 802.1p for **** out packets" \ new-priority=4 out-interface=vlan-vod passthrough=yes add action=set-priority chain=output new-priority=5 out-interface=vlan-tv \ passthrough=yes /interface bridge port add bridge=TV interface=vlan-tv add bridge=VOD interface=vlan-vod add bridge=LAN interface=ether5 add bridge=LAN interface=ether4 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-vlan=yes /interface list member add interface=VOD list=**** add interface=TV list=**** add interface=ether3-tv list=**** add interface=UPC list=internet add interface=pppoe-orange list=internet /ip address add address=192.168.1.1/24 comment=LAN interface=LAN network=192.168.1.0 add address=192.168.2.1/24 interface=ether3-tv network=192.168.2.0 add address=192.168.3.1/24 interface=TV network=192.168.3.0 /ip dhcp-client add default-route-distance=210 dhcp-options=\ vendor-class-identifier,dhcp-client-identifier,user-class,hostname \ disabled=no interface=VOD /ip dhcp-server lease add address=192.168.1.100 comment=Serwer mac-address=AA:BB:CC:DD:EE:FF server=\ dhcp-net /ip dhcp-server network add address=192.168.1.0/24 dns-server=194.204.159.1,194.204.152.34 gateway=\ 192.168.1.1 netmask=24 add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 /ip firewall filter add action=drop chain=input comment="Drop Invalid Connections" \ connection-state=invalid add action=drop chain=forward comment="Drop Invalid Connections" \ connection-state=invalid add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=input comment="Accept **** packets" in-interface-list=\ **** add action=accept chain=forward in-interface=ether3-tv out-interface=\ pppoe-orange add action=accept chain=forward in-interface=ether3-tv out-interface=VOD add action=accept chain=forward in-interface=TV out-interface=ether3-tv add action=accept chain=forward connection-state=established,related \ in-interface=VOD add action=drop chain=forward comment="Drop all other **** packets" \ in-interface-list=**** add action=accept chain=input comment=\ "Accept Related or Established Connections" connection-state=\ established,related add action=accept chain=forward comment="Accept New Connections" \ connection-state=new add action=accept chain=forward comment=\ "Accept Related or Established Connections" connection-state=\ established,related add action=accept chain=input comment="Forwarded Ports TCP/UDP" dst-port=80 \ protocol=tcp add action=accept chain=input dst-port=1194 protocol=udp add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=internet /ip firewall nat add action=masquerade chain=srcnat add action=masquerade chain=srcnat out-interface=VOD add action=dst-nat chain=dstnat comment="Port forwarding to serwer host" \ dst-port=80 in-interface-list=internet protocol=tcp to-addresses=\ 192.168.1.100 to-ports=80 add action=dst-nat chain=dstnat dst-port=1194 in-interface-list=internet \ protocol=udp to-addresses=192.168.1.100 to-ports=1194 /ip service set telnet disabled=yes set ssh disabled=yes set www-ssl disabled=no set api disabled=yes set api-ssl disabled=yes /routing igmp-proxy set quick-leave=yes /routing igmp-proxy interface add alternative-subnets=0.0.0.0/0 interface=TV upstream=yes add alternative-subnets=0.0.0.0/0 interface=ether3-tv /system clock set time-zone-name=Europe/Warsaw /system ntp client set enabled=yes primary-ntp=80.50.231.226 secondary-ntp=194.146.251.100 /tool graphing interface add interface=LAN add interface=ORANGE add interface=VOD add interface=TV add interface=UPC