2. Гуглил, пытался колдовать со свойством ROUTES в PPP SERCETS
Задача, как сделать так, чтобы траффик по pptp соедению, шел лишь для доступа в локальную сеть.
3.
/interface bridge
add admin-mac=D4:CA:6D:D7:D7:EB auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above \
disabled=no distance=indoors frequency=2417 l2mtu=2290 mode=ap-bridge ssid=\
Lucky_Burger wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=1234554321 wpa2-pre-shared-key=1234554321
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.89.40-192.168.89.245
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=1h name=\
default
/interface pptp-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=10.10.1.8 \
default-route-distance=1 dial-on-demand=no disabled=no keepalive-timeout=60 \
max-mru=1450 max-mtu=1450 mrru=1600 name=pptp-out1 password=blaugrana \
profile=default-encryption user=010201306
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=10.1.222.100 \
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=\
1450 mrru=1600 name=to_server password=oktybr profile=default-encryption \
user=oktybr
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.89.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.89.0
add address=10.124.14.44/24 interface=ether1-gateway network=10.124.14.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=192.168.89.0/24 comment="default configuration" dns-server=\
192.168.89.1 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes servers=10.10.1.3,91.205.128.3
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=7443 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
7443
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=7080 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
7080
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=1935 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
1935
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=843 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=843
/ip route
add disabled=yes distance=1 gateway=ether1-gateway
add disabled=yes distance=1 gateway=10.124.14.1
add distance=1 dst-address=10.0.0.0/8 gateway=10.124.14.1
add comment="route to server in korkmasova" distance=1 dst-address=\
192.168.88.0/24 gateway=192.168.80.1
/ip service
set www disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add local-address=192.168.83.1 name=admin password=admin remote-address=\
192.168.83.2 service=pptp
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
add admin-mac=D4:CA:6D:D7:D7:EB auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above \
disabled=no distance=indoors frequency=2417 l2mtu=2290 mode=ap-bridge ssid=\
Lucky_Burger wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=1234554321 wpa2-pre-shared-key=1234554321
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.89.40-192.168.89.245
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=1h name=\
default
/interface pptp-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=10.10.1.8 \
default-route-distance=1 dial-on-demand=no disabled=no keepalive-timeout=60 \
max-mru=1450 max-mtu=1450 mrru=1600 name=pptp-out1 password=blaugrana \
profile=default-encryption user=010201306
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=10.1.222.100 \
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=\
1450 mrru=1600 name=to_server password=oktybr profile=default-encryption \
user=oktybr
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.89.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.89.0
add address=10.124.14.44/24 interface=ether1-gateway network=10.124.14.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=192.168.89.0/24 comment="default configuration" dns-server=\
192.168.89.1 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes servers=10.10.1.3,91.205.128.3
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=7443 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
7443
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=7080 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
7080
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=1935 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=\
1935
add action=dst-nat chain=dstnat dst-address=91.205.129.128 dst-port=843 \
in-interface=pptp-out1 protocol=tcp to-addresses=192.168.89.30 to-ports=843
/ip route
add disabled=yes distance=1 gateway=ether1-gateway
add disabled=yes distance=1 gateway=10.124.14.1
add distance=1 dst-address=10.0.0.0/8 gateway=10.124.14.1
add comment="route to server in korkmasova" distance=1 dst-address=\
192.168.88.0/24 gateway=192.168.80.1
/ip service
set www disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add local-address=192.168.83.1 name=admin password=admin remote-address=\
192.168.83.2 service=pptp
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
4.Да, ознакомлен, но ответа не нашел.