Script de configuración por defecto en los RouterBOARD

En las últimas versiones de los RouterBOARD el sistema operativo ya viene preconfigurado con una configuración SOHO para que el mismo salga funcionando con solo conectarle los cables.

Como viene configurado es con la ether1 como la wan, allí toma dhcp cliente y deshabilita la boca para administración y le coloca un firewall de protección.

Las bocas restantes se convierten en la red local (se hace un bridge) y se crea un dhcp server con un pool para repartir conectividad en esas bocas. Tiene una regla de nat que hace el masquerade para la red local contra la wan.

El script es el siguiente:

#| ether1 is renamed ether1-gateway, rest of interfaces are switched
#| IP address 192.168.88.1/24 is on switch
#| DHCP client is on ether1-gateway
#| DHCP server is on switch, with address pool 192.168.88.10-192.168.88.254
#| masquerade on ether1-gateway
:global action

# these commands are executed after installation or configuration reset
:if ($action = "apply") do={
    /interface set ether1 name=ether1-gateway
    /interface set ether2 name=ether2-local-master
    /interface set ether3 name=ether3-local-slave
    /interface set ether4 name=ether4-local-slave
    /interface set ether5 name=ether5-local-slave

    /interface ethernet set ether3-local-slave master-port=ether2-local-master
    /interface ethernet set ether4-local-slave master-port=ether2-local-master
    /interface ethernet set ether5-local-slave master-port=ether2-local-master

    /ip address add address=192.168.88.1/24 interface=ether2-local-master comment="default configuration"

    :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
        /ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
        /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254;
        /ip dhcp-server add name=default address-pool=default-dhcp interface=ether2-local-master disabled=no;
        /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
    }

    /ip firewall {
    	filter add chain=input action=accept protocol=icmp comment="default configuration"
	filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration"
	filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration"
	filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
        nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
    }

    /ip dns {
    	set allow-remote-requests=yes
    	static add name=router address=192.168.88.1
    }

    /tool mac-server remove [find]
    /tool mac-server add interface=ether2-local-master disabled=no
    /tool mac-server add interface=ether3-local-slave disabled=no
    /tool mac-server add interface=ether4-local-slave disabled=no
    /tool mac-server add interface=ether5-local-slave disabled=no

    /tool mac-server mac-winbox disable [find]
    /tool mac-server mac-winbox add interface=ether2-local-master disabled=no
    /tool mac-server mac-winbox add interface=ether3-local-slave disabled=no
    /tool mac-server mac-winbox add interface=ether4-local-slave disabled=no
    /tool mac-server mac-winbox add interface=ether5-local-slave disabled=no

    /ip neighbor discovery set [find name=ether1-gateway] discover=no
}

# these commands are executed if user requests to remove default configuration
:if ($action = "revert") do={
    /ip firewall {
        :local o [nat find comment="default configuration"]
        :if ([:len $o] != 0) do={ nat remove $o }

        :local o [filter find comment="default configuration"]
        :if ([:len $o] != 0) do={ filter remove $o }
    }

    :if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
        :local o [/ip dhcp-server network find comment="default configuration"]
        :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }

        :local o [/ip dhcp-server find name="default" address-pool="default-dhcp" interface=ether2-local-master !disabled]
        :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }

        /ip pool {
            :local o [find name=default-dhcp ranges=192.168.88.10-192.168.88.254]
            :if ([:len $o] != 0) do={ remove $o }
        }

        :local o [/ip dhcp-client find comment="default configuration"]
        :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
    }

    /ip dns {
    	set allow-remote-requests=no
        :local o [static find name=router address=192.168.88.1]
        :if ([:len $o] != 0) do={ static remove $o }
    }

    /ip address {
        :local o [find comment="default configuration"]
        :if ([:len $o] != 0) do={ remove $o }
    }

    /tool mac-server remove [find]
    /tool mac-server add interface=all disabled=no

    /tool mac-server mac-winbox remove [find interface!=all]
    /tool mac-server mac-winbox set [find] disabled=no 

    /ip neighbor discovery set [find name=ether1-gateway] discover=yes

    /interface ethernet set ether3-local-slave master-port=none
    /interface ethernet set ether4-local-slave master-port=none
    /interface ethernet set ether5-local-slave master-port=none

    /interface set ether1-gateway name=ether1
    /interface set ether2-local-master name=ether2
    /interface set ether3-local-slave name=ether3
    /interface set ether4-local-slave name=ether4
    /interface set ether5-local-slave name=ether5