[admin@MikroTik] > /export compact
# feb/16/2014 12:03:07 by RouterOS 6.10
# software id = XXXXXXXX
#
/interface bridge
add l2mtu=1598 name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above disabled=no frequency=2417 l2mtu=2290 mode=ap-bridge \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment=WAN l2mtu=1480 mtu=1480
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=XXXXXXXXXX wpa2-pre-shared-key=XXXXXXXXXX
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1 name=dhcp1
/interface pppoe-client
add ac-name="" add-default-route=yes allow=chap default-route-distance=1 \
dial-on-demand=no disabled=no interface=ether1 keepalive-timeout=disabled \
max-mru=1480 max-mtu=1480 mrru=disabled name=ivlan password=XXXXXXXXXX \
profile=default service-name="" use-peer-dns=yes user=XXXXXXXXXX
/interface bridge nat
add chain=dstnat
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=forward dst-port=80 protocol=tcp
add chain=forward dst-port=53 protocol=udp
add chain=forward dst-port=21 protocol=tcp
add chain=forward dst-port=25 protocol=tcp
add chain=forward dst-port=22 protocol=tcp
add chain=forward dst-port=110 protocol=tcp
add chain=forward dst-port=3334 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=80 \
protocol=tcp to-addresses=192.168.1.110
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=53 \
protocol=udp to-addresses=192.168.1.110 to-ports=53
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=21 \
protocol=tcp to-addresses=192.168.1.110 to-ports=21
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=22 \
protocol=tcp to-addresses=192.168.1.110 to-ports=22
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=25 \
protocol=tcp to-addresses=192.168.1.110 to-ports=25
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=110 \
protocol=tcp to-addresses=192.168.1.110 to-ports=110
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=3334 \
protocol=tcp to-addresses=192.168.1.110 to-ports=3334
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=65.55.56.206 secondary-ntp=\
198.60.73.8
[admin@MikroTik] >
# feb/16/2014 12:03:07 by RouterOS 6.10
# software id = XXXXXXXX
#
/interface bridge
add l2mtu=1598 name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above disabled=no frequency=2417 l2mtu=2290 mode=ap-bridge \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment=WAN l2mtu=1480 mtu=1480
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=XXXXXXXXXX wpa2-pre-shared-key=XXXXXXXXXX
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1 name=dhcp1
/interface pppoe-client
add ac-name="" add-default-route=yes allow=chap default-route-distance=1 \
dial-on-demand=no disabled=no interface=ether1 keepalive-timeout=disabled \
max-mru=1480 max-mtu=1480 mrru=disabled name=ivlan password=XXXXXXXXXX \
profile=default service-name="" use-peer-dns=yes user=XXXXXXXXXX
/interface bridge nat
add chain=dstnat
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=forward dst-port=80 protocol=tcp
add chain=forward dst-port=53 protocol=udp
add chain=forward dst-port=21 protocol=tcp
add chain=forward dst-port=25 protocol=tcp
add chain=forward dst-port=22 protocol=tcp
add chain=forward dst-port=110 protocol=tcp
add chain=forward dst-port=3334 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=80 \
protocol=tcp to-addresses=192.168.1.110
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=53 \
protocol=udp to-addresses=192.168.1.110 to-ports=53
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=21 \
protocol=tcp to-addresses=192.168.1.110 to-ports=21
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=22 \
protocol=tcp to-addresses=192.168.1.110 to-ports=22
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=25 \
protocol=tcp to-addresses=192.168.1.110 to-ports=25
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=110 \
protocol=tcp to-addresses=192.168.1.110 to-ports=110
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=3334 \
protocol=tcp to-addresses=192.168.1.110 to-ports=3334
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=65.55.56.206 secondary-ntp=\
198.60.73.8
[admin@MikroTik] >