API tools faq
paste
unps

Mikrotik Hotspot

unps
Aug 5th, 2020
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.88 KB | None | 0 0
raw download clone embed print report
  1. # aug/05/2020 10:52:36 by RouterOS 6.47.1
  2. # software id = 8KPE-WSPG
  3. #
  4. # model = RB1100x4
  5. /ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
  6. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
  7. /ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
  8. /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  9. /ip firewall filter add action=accept chain=input comment="accept Winbox" dst-port=8291 log=yes log-prefix=Winbox_accept protocol=tcp src-address-list=Trust_IP
  10. /ip firewall filter add action=accept chain=input comment="accept ssh" dst-port=22 log=yes log-prefix=Winbox_accept protocol=tcp src-address-list=Trust_IP
  11. /ip firewall filter add action=accept chain=input dst-port=1701,500,4500 in-interface-list=WAN log-prefix=Input_VPN protocol=udp
  12. /ip firewall filter add action=accept chain=input in-interface-list=WAN log-prefix=Input_VPN protocol=ipsec-esp
  13. /ip firewall filter add action=accept chain=input dst-port=53 log-prefix=DNS_req protocol=udp src-address=172.30.0.0/24
  14. /ip firewall filter add action=accept chain=input dst-port=161 log-prefix=DNS_req protocol=udp src-address=172.30.0.0/24
  15. /ip firewall filter add action=drop chain=input in-interface-list=!LAN log-prefix=Drop_inpit
  16. /ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  17. /ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  18. /ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
  19. /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
  20. /ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  21. /ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  22.  
  23. /ip hotspot profile set [ find default=yes ] login-by=http-pap
  24. /ip hotspot profile add hotspot-address=10.50.56.1 login-by=http-pap,mac-cookie name=glhsprof use-radius=yes
  25. /ip hotspot profile add hotspot-address=10.50.50.1 html-directory=HS_Hostel login-by=http-pap name=hsprof1-10.50.50.1-hostel radius-location-id=PL174207_3472 use-radius=yes
  26. /ip hotspot add address-pool=hs-pool-3 addresses-per-mac=10 disabled=no interface=vlan31-br-main name=glhotspot profile=glhsprof
  27. /ip hotspot add address-pool=hs-pool-Hostel addresses-per-mac=10 disabled=no interface=vlan32-br-main name=hs-HS_bridge_Hostel profile=hsprof1-10.50.50.1-hostel
  28. /ip hotspot user profile set [ find default=yes ] keepalive-timeout=4d shared-users=3
  29. /ip hotspot user profile add address-pool=hs-pool-3 !idle-timeout keepalive-timeout=4d name=uprof1 shared-users=3
  30. /ip hotspot user profile add address-pool=hs-pool-Hostel !idle-timeout keepalive-timeout=4d name=uprof2-hostel shared-users=3
  31. /ip hotspot user add disabled=yes name=admin
  32. /ip hotspot user add name=user1 profile=uprof1 server=glhotspot
  33. /ip hotspot user add name=user2-hostel profile=uprof2-hostel server=hs-HS_bridge_Hostel
  34. /ip hotspot walled-garden add comment="place hotspot rules here" disabled=yes
  35. /ip hotspot walled-garden add dst-host=*.global-hotspot.ru
  36. /ip hotspot walled-garden add dst-host=v8.global-hotspot.ru
  37. /ip hotspot walled-garden add dst-host=*.glhs.ru
  38. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=5.101.126.175
  39. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=91.230.211.75
  40. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=46.229.213.165
  41. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=188.225.18.2
  42. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=188.225.73.64
  43. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=87.236.23.242
  44. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=8.8.4.4 !dst-address-list !dst-port !protocol !src-address !src-address-list
  45. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=8.8.8.8 !dst-address-list !dst-port !protocol !src-address !src-address-list
  46. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=77.88.8.7 !dst-address-list !dst-port !protocol !src-address !src-address-list
  47. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=77.88.8.3 !dst-address-list !dst-port !protocol !src-address !src-address-list
  48. /ip hotspot walled-garden ip add action=accept disabled=no dst-address=10.50.56.1
  49.  
  50. /ip firewall mangle add action=mark-connection chain=input in-interface=pppoe-out-Rostelecom new-connection-mark=cin_ISP1
  51. /ip firewall mangle add action=mark-connection chain=input in-interface=pppoe-out-Rostelecom2 new-connection-mark=cin_ISP2
  52. /ip firewall mangle add action=mark-routing chain=output connection-mark=cin_ISP1 new-routing-mark=rout_ISP1 passthrough=no
  53. /ip firewall mangle add action=mark-routing chain=output connection-mark=cin_ISP2 new-routing-mark=rout_ISP2 passthrough=no
  54. /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=lan_out_ISP2 passthrough=no protocol=tcp src-address=10.50.50.0/24
  55.  
  56. /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
  57. /ip firewall nat add action=src-nat chain=srcnat ipsec-policy=out,none out-interface=pppoe-out-Rostelecom src-address=10.50.56.0/21 to-addresses=xxx.xxx.xxx.xxx
  58. /ip firewall nat add action=masquerade chain=srcnat comment="masquerade hotspot network Hostel" src-address=10.50.50.0/24
  59. /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!