Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- :global Identity "UgorMagazinprodukt";
- :global SSIDName "Kuzmino";
- :global SSIDpass "14062017";
- :global RadioName "UgorMagazinprodukt";
- :global ClientFttx "fttx2416";
- :global FttxPass "87071934";
- /interface bridge add name=bridge1
- /interface bridge port add bridge=bridge1 interface=wlan1
- /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n channel-width=20/40mhz-Ce country=russia disabled=no frequency-mode=regulatory-domain guard-interval=long hw-protection-mode=rts-cts mode=station-wds multicast-helper=full nv2-preshared-key=$SSIDpass nv2-security=enabled radio-name=$RadioName rate-set=configured scan-list=4900-6000 ssid=$SSIDName wds-default-bridge=bridge1 wds-mode=dynamic wireless-protocol=nv2-nstreme-802.11 wmm-support=enabled
- /interface wireless nstreme set wlan1 enable-nstreme=yes
- /interface pppoe-client add add-default-route=yes allow=chap disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=$FttxPass use-peer-dns=yes user=$ClientFttx
- /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=$SSIDpass wpa2-pre-shared-key=$SSIDpass
- /ip neighbor discovery set pppoe-out1 discover=no
- /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc
- /ip address add address=192.168.77.1/24 interface=ether1 network=192.168.77.0
- /ip pool add name=dhcp_pool1 ranges=192.168.77.2-192.168.77.254
- /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=ether1 lease-time=3d name=dhcp1
- /snmp community set [ find default=yes ] name=monitor
- /user group add name=engineer policy="local,telnet,ssh,ftp,reboot,read,write,test,winbox,web,sniff,sensitive,romon,dude,tikapp,!policy,!password,!api"
- /ip dhcp-server network add address=192.168.77.0/24 dns-server=192.168.77.1,8.8.8.8 gateway=192.168.77.1 ntp-server=66.187.233.4,128.138.141.172
- /ip dns set allow-remote-requests=yes cache-size=4096KiB servers=77.88.8.8,8.8.8.8
- /ip firewall filter add action=drop chain=input connection-state=invalid
- /ip firewall filter add chain=input protocol=icmp
- /ip firewall filter add action=accept chain=input connection-state=new dst-port=80,8291,22 in-interface=pppoe-out1 protocol=tcp src-address=192.168.0.0/16
- /ip firewall filter add chain=input connection-state=established,related
- /ip firewall filter add action=accept chain=forward connection-state=established,related
- /ip firewall filter add chain=output connection-state=!invalid
- /ip firewall filter add chain=forward connection-state=established,new in-interface=ether1 out-interface=pppoe-out1 src-address=192.168.77.0/24
- /ip firewall filter add chain=forward connection-state=established,related in-interface=pppoe-out1 out-interface=ether1
- /ip firewall filter add action=drop chain=input in-interface=pppoe-out1
- /ip firewall filter add action=drop chain=forward
- /ip firewall nat add action=masquerade chain=srcnat
- /ip service set telnet address=192.168.10.0/24
- /ip service set ftp address=192.168.10.0/24
- /ip service set www address=192.168.0.0/16
- /ip service set ssh address=192.168.10.0/24
- /ip service set api disabled=yes
- /ip service set winbox address=192.168.0.0/16
- /ip service set api-ssl disabled=yes
- /ip upnp set allow-disable-external-interface=yes enabled=yes
- /ip upnp interfaces add interface=ether1 type=internal
- /ip upnp interfaces add interface=pppoe-out1 type=external
- /snmp set enabled=yes trap-version=2
- /system clock set time-zone-autodetect=no time-zone-name=Etc/GMT-3
- /system identity set name=$Identity
- /system ntp client set enabled=yes primary-ntp=192.168.10.1 secondary-ntp=66.187.233.4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement