Код: Выделить всё
/interface bridge
add comment="Bridge of LAN" fast-forward=no name=bridge1-LAN
add comment="Bridge of IPTV" fast-forward=no name=bridge2-IPTV
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-b/g/n basic-rates-b="" channel-width=20/40mhz-eC country=russia3 \
disabled=no distance=indoors frequency=auto frequency-mode=superchannel \
hw-protection-mode=rts-cts hw-retries=5 mode=ap-bridge ssid=MikroTik \
supported-rates-b="" tx-power=13 tx-power-mode=all-rates-fixed \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] comment="WAN (input cable of ISP)" mtu=1400 \
name=ether1-master
set [ find default-name=ether2 ] comment="LAN port" mtu=1400
set [ find default-name=ether4 ] comment="port for IPTV box"
/interface vlan
add comment="vlan for INET" interface=ether1-master mtu=1400 name=\
vlan1-INET-id3016 vlan-id=3016
add comment="vlan for IPTV service" interface=ether1-master name=\
vlan2-IPTV-id-1502 vlan-id=1502
/interface pppoe-client
add add-default-route=yes comment="PPPoE profile for connect to ISP" disabled=\
no interface=vlan1-INET-id3016 keepalive-timeout=60 name=pppoe-out1-RosTel \
password=pass use-peer-dns=yes user=user
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=key \
wpa2-pre-shared-key=key
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1-LAN name=dhcp1
/ppp profile
set *0 change-tcp-mss=no
set *FFFFFFFE change-tcp-mss=no
/interface bridge port
add bridge=bridge2-IPTV hw=no interface=ether4
add bridge=bridge2-IPTV hw=no interface=vlan2-IPTV-id-1502
add bridge=bridge1-LAN interface=wlan1
add bridge=bridge1-LAN interface=ether2
/interface list member
add list=WAN
add interface=bridge2-IPTV list=LAN
/ip address
add address=192.168.88.1/8 interface=ether2 network=192.0.0.0
add address=192.168.88.1/24 interface=bridge1-LAN network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established in-interface=\
pppoe-out1-RosTel
add action=accept chain=input connection-state=related in-interface=\
pppoe-out1-RosTel
add action=drop chain=input in-interface=pppoe-out1-RosTel
add action=jump chain=forward in-interface=pppoe-out1-RosTel jump-target=\
customer
add action=accept chain=customer connection-state=established
add action=accept chain=customer connection-state=related
add action=drop chain=customer
/ip firewall mangle
add action=change-mss chain=postrouting new-mss=1360 passthrough=yes protocol=
tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn \
tcp-mss=1453-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1-RosTel
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow