Russian Users MikroTik | Форум пользователей MikroTik

gmx писал(а): ↑17 сен 2023, 09:09 Осталось настроить nat...

xvo писал(а): ↑17 сен 2023, 09:58 И возможно править ttl...

sdv301 писал(а): ↑17 сен 2023, 11:23

# 2023-09-17 17:41:46 by RouterOS 7.11.2
# software id = 9VY2-L05Q
#
# model = RB951G-2HnD
# serial number = 642E078B3745
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] mac-address=9C:6B:00:14:93:D2
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile1 supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] default-authentication=no disabled=no mode=ap-bridge security-profile=profile1 ssid=MikroTik wireless-protocol=802.11
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=3d name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=LAN
add action=accept chain=forward src-address=192.168.0.0/24
add action=accept chain=forward src-address=192.168.88.0/24
add action=accept chain=forward connection-state=established
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Illinory писал(а): ↑17 сен 2023, 17:22 Вкорячьте что-то типа такого для фиксы TTL до разбана:

/ip firewall mangle add action=change-ttl chain=postrouting new-ttl=increment:1 out-interface-list="WAN" passthrough=yes

Вообще, если хотите мимикрировать максимально, еще и hostname в DHCP Client Options смените, а то по умолчанию там имя роутера Микротик.