Set Name of MikroTik:
System > Identiry
Set Users password:
System > users
Turn off superfluous:
ip > Services
leave only:
+ssh+winboxBridge > + >
+Name: BridgeLanBridge > Ports
+Interfaces+Bridge*Add all ports what you need.
IP > Addresses > +
+Address: 192.18.0.240/16+Interface: ether1IP > Addresses > +
+Address: 192.168.80.1/24+Interface: BridgeLanMake default route
IP > Routes > +
Gateway: ip_from_ISPIP > DNS
Servers: ip_from_ISPServers: 8.8.8.8+Allow Remote RequestsIP > DHCP Server > DHCP Setup
DHCP Server Interface: BridgeLanDHCP Address Space: 192.168.80.0/24Gateway for DHCP Network: 192.168.80.1Addresses to Give Out:DNS Servers
Leases Time: 1d 00:00:00IP > Firewall > NAT > +
General
+Chain: srcnat+Out. Interface: ether1Action
+Action: src-nat+To Addresses: 192.18.0.240Firewall > NAT > +
General
Chain: dstnatProtokol: tcpDst.Port: 80In.Interface: ether1Action
Action: dst natTo Addresses: 192.168.80.80To Ports:80System > Clock
System > SNTP Client
+EnableServer DNS Names: ua.pool.ntp.orgWireless > Security Profiles
Name: SecProfileAuthentication Type: WPA2 PSK (only)WPA2 Pre-Shared Key: passwordWireless > WiFi Interfaces > wlan1 > Wireless > Advanced Mode
Mode: ap bridgeBand: only-N (2GHz) or only-AC(5GHz)Channel Width: 20/40MHz XXFrequency: autoSSID: Netvwork_nameWireless Protocol: 802.11Security Profile: SecProfileWPS Mode: disableFrequency Mode: regulatory-domainCountry: Your_countryWireless > WiFi Interfaces > wlan1 > Advanced
Distance: indoorsHw. Protection Mode: rts ctsLogic
Input from Internet
Allow ICMPAllow WinBox & SSH from specific ipDisallow everything elseInput from local network
Allow allForward from Internet
Allow port forwardingDisallow everything elseForward from local network
Allow allOptions
Input
IP > Firewall > Filter Rules > +
General
Chain: inputConnection state: established, relatedAction
Action: acceptcomment: accept established & relatedIP > Firewall > Filter Rules > +
General
Chain: inputConnection state: invalidAction
Action: dropcomment: drop invalidIP > Firewall > Filter Rules > +
General
Chain: inputProtocol: icmpcomment: accept icmpIP > Firewall > Address List
Name: trustedAddress: trusted_ipIP > Firewall > Filter Rules > +
General
Chain: inputProtocol: tcpDst Port: 22, 8291comment: accept icmpAdvanced
Src.Address List: trustedcomment: accept SSH, WinBox from trusted ipIP > Firewall > Filter Rules > +
General
Chain: inputIn. Interface : ether1Action: dropcomment: drop all from WANForward
IP > Firewall > Filter Rules > +
General
Chain: forwardConnection state: established, relatedcomment: accept established & relatedIP > Firewall > Filter Rules > +
General
Chain: forwardConnection state: invalidAction
Action: dropcomment: drop invalidIP > Firewall > Filter Rules > +
General
Chain: forwardIn Interface: ether1Connection NAT State: !+dstnatAction
Action: dropcomment: drop all excluding port forwardingQueues >
General
Target: bridge1Max Limit: 100M 100MAdvanced
Queue Type: pcq-upload-default pcq-download-default