# jan/15/1970 16:53:12 by RouterOS 6.7# software id = IARM-1MHS#/interface

1. # jan/15/1970 16:53:12 by RouterOS 6.7
2. # software id = IARM-1MHS
3. #
4. /interface bridge
5. add l2mtu=1598 name=LAN-bridge
6. add l2mtu=1598 name=LAN2-bridge
7. add l2mtu=1598 name=LAN3-bridge
8. /interface ethernet
9. set [ find default-name=ether1 ] name=ether1-UPLINK
10. set [ find default-name=ether2 ] name=ether2-LAN
11. set [ find default-name=ether3 ] name=ether3-LAN2
12. set [ find default-name=ether4 ] name=ether4-LAN3
13. set [ find default-name=ether5 ] disabled=yes name=ether5-slave-local
14. /interface wireless
15. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
16. 20/40mhz-ht-above distance=indoors l2mtu=2290 mode=ap-bridge ssid=\
17. MikroTik-5C1F85
18. /ip neighbor discovery
19. set ether1-UPLINK discover=no
20. /ip hotspot user profile
21. set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
22. mac-cookie-timeout=3d
23. /ip pool
24. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
25. add name=lan ranges=192.168.10.2-192.168.10.254
26. add name=lan2 ranges=192.168.2.10-192.168.2.254
27. add name=lan3 ranges=192.168.3.10-192.168.3.254
28. /ip dhcp-server
29. add address-pool=default-dhcp disabled=no lease-time=10m name=default
30. add address-pool=lan disabled=no interface=LAN-bridge lease-time=1w name=LAN
31. add address-pool=lan2 disabled=no interface=LAN2-bridge lease-time=1w name=\
32. LAN2
33. add address-pool=lan3 disabled=no interface=LAN3-bridge lease-time=1w name=\
34. LAN3
35. /interface bridge port
36. add bridge=LAN-bridge interface=ether2-LAN
37. add bridge=LAN-bridge interface=wlan1
38. add bridge=LAN2-bridge interface=ether3-LAN2
39. add bridge=LAN3-bridge interface=ether4-LAN3
40. /interface bridge settings
41. set use-ip-firewall=yes
42. /ip address
43. add address=192.168.88.1/24 comment="default configuration" disabled=yes \
44. network=192.168.88.0
45. add address=192.168.10.1/24 interface=LAN-bridge network=192.168.10.0
46. add address=192.168.2.1/24 interface=LAN2-bridge network=192.168.2.0
47. add address=192.168.3.1/24 interface=LAN3-bridge network=192.168.3.0
48. /ip dhcp-client
49. add comment="default configuration" dhcp-options=hostname,clientid disabled=\
50. no interface=ether1-UPLINK
51. /ip dhcp-server network
52. add address=192.168.2.0/24 comment=lan2 dns-server=8.8.8.8 gateway=\
53. 192.168.2.1 netmask=24
54. add address=192.168.3.0/24 comment=lan3 dns-server=8.8.8.8 gateway=\
55. 192.168.3.1 netmask=24
56. add address=192.168.10.0/24 comment=lan dns-server=8.8.8.8 gateway=\
57. 192.168.10.1 netmask=24
58. add address=192.168.88.0/24 comment="default configuration" dns-server=\
59. 192.168.88.1 gateway=192.168.88.1
60. /ip dns
61. set allow-remote-requests=yes
62. /ip dns static
63. add address=192.168.88.1 name=router
64. /ip firewall address-list
65. add address=xxxxxx list=SAFE
66. add address=xxxxxx list=SAFE
67. /ip firewall filter
68. add chain=input comment="Mtik access" dst-port=8291 protocol=tcp \
69. src-address-type=""
70. add chain=input comment="Allow Ping" protocol=icmp
71. add chain=input comment="default configuration" connection-state=established \
72. disabled=yes
73. add chain=input comment="default configuration" connection-state=related \
74. disabled=yes
75. add chain=forward comment="default configuration" connection-state=related \
76. disabled=yes
77. add chain=forward comment="default configuration" connection-state=\
78. established disabled=yes
79. add action=drop chain=forward comment="default configuration" \
80. connection-state=invalid
81. add action=drop chain=input comment="default configuration" in-interface=\
82. ether1-UPLINK
83. /ip firewall nat
84. add action=dst-nat chain=dstnat disabled=yes dst-address=xxxxxx \
85. dst-port=8291 protocol=tcp to-addresses=192.168.10.1 to-ports=8291
86. add action=masquerade chain=srcnat out-interface=ether1-UPLINK src-address=\
87. 192.168.10.0/24
88. add action=masquerade chain=srcnat comment="default configuration" disabled=\
89. yes out-interface=ether1-UPLINK
90. add action=masquerade chain=srcnat src-address=192.168.2.0/24
91. add action=masquerade chain=srcnat src-address=192.168.3.0/24 to-addresses=\
92. 0.0.0.0
93. /ip service
94. set winbox address=0.0.0.0/0
95. /system leds
96. set 0 interface=wlan1
97. /tool mac-server
98. set [ find default=yes ] disabled=yes
99. add interface=ether2-LAN
100. add interface=ether3-LAN2
101. add interface=ether4-LAN3
102. add interface=ether5-slave-local
103. add interface=wlan1
104. add
105. /tool mac-server mac-winbox
106. set [ find default=yes ] disabled=yes
107. add interface=ether2-LAN
108. add interface=ether3-LAN2
109. add interface=ether4-LAN3
110. add interface=ether5-slave-local
111. add interface=wlan1
112. add
113. /tool sniffer
114. set filter-interface=ether1-UPLINK
115.