I have a routerboard that has been setup for me by a company, the technical guys that set it up has left the company, now i’m left with a setup that does not allow any connections through besides HTTP, and that too has to go via my Squid proxy server only.
How do i open up my MikroTik RouterBoard to allow all connections to go directly through my ADSL modem to the internet, without any restrictions. Afterwards i will address the security of this, since i know that opening up everything will be somewhat insecure, but i really NEED this temporarily even. My ADSL modem’s IP address is 10.0.0.2 and my RB ip is 10.0.0.50 and my squid proxy ip is 10.0.0.55
Here is my current config:
feb/11/2010 05:45:14 by RouterOS 3.24
software id = K57N-PTT
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
comment=“PPPoE Peak Time” disabled=no forward-delay=15s max-message-age=
20s mtu=1500 name=radius1 priority=0x8000 protocol-mode=rstp
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
comment=“HotSpot Peak Time” disabled=no forward-delay=15s
max-message-age=20s mtu=1500 name=radius2 priority=0x8000 protocol-mode=
rstp transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
comment=“PPPoE Off-Peak Time” disabled=no forward-delay=15s
max-message-age=20s mtu=1500 name=radius3 priority=0x8000 protocol-mode=
rstp transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
comment=“HotSpot Off-Peak Time” disabled=no forward-delay=15s
max-message-age=20s mtu=1500 name=radius4 priority=0x8000 protocol-mode=
none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mac-address=00:0C:42:25:ED:EF mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mac-address=00:0C:42:25:ED:F0 mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mac-address=00:0C:42:25:ED:F1 mtu=1500 name=ether3 speed=100Mbps
/interface wireless security-profiles
set default authentication-types=“” eap-methods=passthrough group-ciphers=“”
group-key-update=5m interim-update=0s mode=none name=default
radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-key-0=“” static-key-1=“” static-key-2=“” static-key-3=“”
static-sta-private-algo=none static-sta-private-key=“”
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=
none tls-mode=no-certificates unicast-ciphers=“” wpa-pre-shared-key=“”
wpa2-pre-shared-key=“”
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-a area=“” arp=enabled band=5ghz
basic-rates-a/g=6Mbps burst-time=disabled comment=“” compression=no
country=“united states” default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none
disable-running-check=no disabled=no disconnect-timeout=3s
frame-lifetime=0 frequency=5220 frequency-mode=manual-txpower hide-ssid=
no hw-retries=4 mac-address=00:0C:42:3A:0B:91 max-station-count=2007
mode=ap-bridge mtu=1500 name=“wlan1 (sector1)” noise-floor-threshold=
default on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both
proprietary-extensions=post-2.9.25 radio-name=000C423A0B91 rate-set=
default scan-list=default security-profile=default ssid=MikroTik
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps tx-power-mode=
default update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=
disabled wmm-support=disabled
set 1 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-a area=“” arp=enabled band=5ghz
basic-rates-a/g=6Mbps burst-time=disabled comment=“” compression=no
country=“united states” default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none
disable-running-check=no disabled=no disconnect-timeout=3s
frame-lifetime=0 frequency=5280 frequency-mode=manual-txpower hide-ssid=
no hw-retries=4 mac-address=00:0C:42:3A:0A:F2 max-station-count=2007
mode=ap-bridge mtu=1500 name=“wlan2 (sector2)” noise-floor-threshold=
default on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both
proprietary-extensions=post-2.9.25 radio-name=000C423A0AF2 rate-set=
default scan-list=default security-profile=default ssid=MikroTik
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps tx-power-mode=
default update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=
disabled wmm-support=disabled
set 2 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-a area=“” arp=enabled band=5ghz
basic-rates-a/g=6Mbps burst-time=disabled comment=“” compression=no
country=“united states” default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none
disable-running-check=no disabled=no disconnect-timeout=3s
frame-lifetime=0 frequency=5180 frequency-mode=manual-txpower hide-ssid=
no hw-retries=4 mac-address=00:0C:42:3A:1E:51 max-station-count=2007
mode=ap-bridge mtu=1500 name=“wlan3 (sector3)” noise-floor-threshold=
default on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both
proprietary-extensions=post-2.9.25 radio-name=000C423A1E51 rate-set=
default scan-list=default security-profile=default ssid=MikroTik
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps tx-power-mode=
default update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=
disabled wmm-support=disabled
set 3 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-a area=“” arp=enabled band=2.4ghz-b/g
basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment=“”
compression=no country=“south africa” default-ap-tx-limit=0
default-authentication=yes default-client-tx-limit=0 default-forwarding=
yes dfs-mode=none disable-running-check=no disabled=yes
disconnect-timeout=3s frame-lifetime=0 frequency=2412 frequency-mode=
manual-txpower hide-ssid=no hw-retries=4 mac-address=00:0C:42:3A:8B:84
max-station-count=2007 mode=ap-bridge mtu=1500 name=“wlan4 (omni)”
noise-floor-threshold=default on-fail-retry-time=100ms
periodic-calibration=default periodic-calibration-interval=60
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=
000C423A8B84 rate-set=default scan-list=default security-profile=default
ssid=zTelHotspot station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled
wmm-support=disabled
/interface wireless manual-tx-power-table
set “wlan1 (sector1)” comment=“” manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:1
7,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mb
ps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20
-7:0,HT20-8:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7
:0,HT40-8:0”
set “wlan2 (sector2)” comment=“” manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:1
7,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mb
ps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20
-7:0,HT20-8:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7
:0,HT40-8:0”
set “wlan3 (sector3)” comment=“” manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:1
7,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mb
ps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20
-7:0,HT20-8:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7
:0,HT40-8:0”
set “wlan4 (omni)” comment=“” manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:17,1
1Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:
17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:
0,HT20-8:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0,
HT40-8:0”
/interface wireless nstreme
set “wlan1 (sector1)” comment=“” disable-csma=no enable-nstreme=no
enable-polling=yes framer-limit=3200 framer-policy=none
set “wlan2 (sector2)” comment=“” disable-csma=no enable-nstreme=no
enable-polling=yes framer-limit=3200 framer-policy=none
set “wlan3 (sector3)” comment=“” disable-csma=no enable-nstreme=no
enable-polling=yes framer-limit=3200 framer-policy=none
set “wlan4 (omni)” comment=“” disable-csma=no enable-nstreme=no
enable-polling=yes framer-limit=3200 framer-policy=none
/ip firewall layer7-protocol
add comment=“” name=sip regexp=“^(invite|register|cancel|message|subscribe|not
ify) sip[\x09-\x0d -~]*sip/[0-2]\.[0-9]”
add comment=“” name=skypetoskype regexp=“^..\x02…”
add comment=“” name=h323 regexp=
“^\x03..?\x08…?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\x05”
/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=default rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
add dns-name=“” hotspot-address=192.168.19.1 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=hsprof1 nas-port-type=wireless-802.11 radius-accounting=yes
radius-default-domain=“” radius-interim-update=received
radius-location-id=“” radius-location-name=“” radius-mac-format=
XX:XX:XX:XX:XX:XX rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=yes
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=default pfs-group=modp1024
/ip pool
add name=pool1 ranges=192.168.16.2-192.168.16.254
add name=pool2 ranges=192.168.17.2-192.168.17.254
add name=pool3 ranges=192.168.18.2-192.168.18.254
add name=hs-pool-7 ranges=192.168.19.2-192.168.19.254
/ip dhcp-server
add address-pool=hs-pool-7 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=“wlan4 (omni)” lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-7 addresses-per-mac=2 disabled=no idle-timeout=5m
interface=“wlan4 (omni)” keepalive-timeout=none name=hotspot1 profile=
hsprof1
/port
set 0 baud-rate=115200 data-bits=8 flow-control=hardware name=serial0 parity=
none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment=“” name=default only-one=default
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=yes comment=“” local-address=192.168.16.1 name=default1
only-one=default remote-address=pool1 use-compression=default
use-encryption=default use-vj-compression=default
add change-tcp-mss=yes comment=“” local-address=192.168.17.1 name=default2
only-one=default remote-address=pool2 use-compression=default
use-encryption=default use-vj-compression=default
add change-tcp-mss=yes comment=“” local-address=192.168.18.1 name=default3
only-one=default remote-address=pool3 use-compression=default
use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment=“” name=default-encryption
only-one=default use-compression=default use-encryption=yes
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=
5
add kind=pcq name=PCQ_Upload pcq-classifier=src-address pcq-limit=50
pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=PCQ_Download pcq-classifier=dst-address pcq-limit=50
pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“”
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=
0/0 max-limit=0/0 name=“Equal Sharing Queue” parent=none priority=8
queue=PCQ_Upload/PCQ_Download target-addresses=192.168.16.0/22
total-queue=default
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“”
direction=both disabled=yes dst-address=0.0.0.0/0 limit-at=64k/128k
max-limit=64k/128k name=mustafa1limit parent=none priority=8 queue=
default-small/default-small total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“”
direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=
20k/24k max-limit=20k/24k name=queue1 parent=none priority=8 queue=
default-small/default-small total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=main.queue.in packet-mark=“” parent=global-in priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=main.queue.out packet-mark=“” parent=global-out
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 1” packet-mark=L1-data parent=
main.queue.in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 2” packet-mark=L2-data parent=
main.queue.in priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 3” packet-mark=L3-data parent=
main.queue.in priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 4” packet-mark=L4-data parent=
main.queue.in priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 5” packet-mark=L5-data parent=
main.queue.in priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 6” packet-mark=L6-data parent=
main.queue.in priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 7” packet-mark=L7-data parent=
main.queue.in priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Incoming Priority Level 8” packet-mark=L8-data parent=
main.queue.in priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 1” packet-mark=L1-data parent=
main.queue.out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 2” packet-mark=L2-data parent=
main.queue.out priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 3” packet-mark=L3-data parent=
main.queue.out priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 4” packet-mark=L4-data parent=
main.queue.out priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 5” packet-mark=L4-data parent=
main.queue.out priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 6” packet-mark=L6-data parent=
main.queue.out priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 7” packet-mark=L7-data parent=
main.queue.out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=“Outgoing Priority Level 8” packet-mark=L8-data parent=
main.queue.out priority=8 queue=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment=“” disabled=no
ignore-as-path-len=no name=default out-filter=“” redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=backbone type=
default
/snmp
set contact=“” enabled=no engine-boots=0 engine-id=“” location=“”
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password=“”
authentication-protocol=MD5 encryption-password=“” encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/user group
add comment=“” name=read policy=“local,telnet,ssh,reboot,read,test,winbox,pass
word,web,sniff,!ftp,!write,!policy”
add comment=“” name=write policy=“local,telnet,ssh,reboot,read,write,test,winb
ox,password,web,sniff,!ftp,!policy”
add comment=“” name=full policy=“local,telnet,ssh,ftp,reboot,read,write,policy
,test,winbox,password,web,sniff”
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet mirror
set
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:03:72:A5:57:72
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default1
disabled=no interface=“wlan1 (sector1)” keepalive-timeout=10 max-mru=1480
max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=yes
service-name=service1
add authentication=pap,chap,mschap1,mschap2 default-profile=default2
disabled=no interface=“wlan2 (sector2)” keepalive-timeout=10 max-mru=1480
max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=yes
service-name=service2
add authentication=pap,chap,mschap1,mschap2 default-profile=default3
disabled=no interface=“wlan3 (sector3)” keepalive-timeout=10 max-mru=1480
max-mtu=1480 max-sessions=0 mrru=disabled one-session-per-host=yes
service-name=service3
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.0.50/24 broadcast=10.0.0.255 comment=“” disabled=no
interface=ether3 network=10.0.0.0
add address=192.168.19.1/24 broadcast=192.168.19.255 comment=
“hotspot network” disabled=no interface=“wlan4 (omni)” network=
192.168.19.0
add address=192.168.0.1/32 broadcast=192.168.0.1 comment=“” disabled=no
interface=radius1 network=192.168.0.1
add address=192.168.0.2/32 broadcast=192.168.0.2 comment=“” disabled=no
interface=radius2 network=192.168.0.2
add address=192.168.0.3/32 broadcast=192.168.0.3 comment=“” disabled=no
interface=radius3 network=192.168.0.3
add address=192.168.0.4/32 broadcast=192.168.0.4 comment=“” disabled=no
interface=radius4 network=192.168.0.4
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.5.50.0/24 comment=“hotspot network” gateway=10.5.50.1
add address=192.168.16.0/24 comment=“” gateway=192.168.16.1
add address=192.168.19.0/24 comment=“hotspot network” gateway=192.168.19.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB
max-udp-packet-size=512 primary-dns=10.240.12.7 secondary-dns=
196.34.27.137
/ip firewall address-list
add address=192.168.16.0/24 comment=“” disabled=no list=Sector
add address=192.168.17.0/24 comment=“” disabled=no list=Sector
add address=192.168.18.0/24 comment=“” disabled=no list=Sector
add address=10.0.0.0/24 comment=“” disabled=no list=Sector
add address=192.168.19.0/24 comment=“” disabled=no list=Sector
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward comment=“” disabled=yes out-interface=ether3
add action=accept chain=forward comment=“” disabled=yes out-interface=ether3
protocol=udp
add action=accept chain=forward comment=“” disabled=yes out-interface=ether3
protocol=tcp
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
/ip firewall mangle
add action=mark-connection chain=forward comment=“Winbox Connection Marking”
disabled=no dst-port=8291 new-connection-mark=L1-conn passthrough=yes
protocol=tcp
add action=mark-packet chain=forward comment=
“Priority Level 1 Packet Marking” connection-mark=L1-conn disabled=no
new-packet-mark=L1-data passthrough=no
add action=mark-connection chain=forward comment=“VoIP Connection Marking”
disabled=no layer7-protocol=sip new-connection-mark=L2-conn passthrough=
yes
add action=mark-connection chain=forward comment=“” disabled=no
layer7-protocol=skypetoskype new-connection-mark=L2-conn passthrough=yes
add action=mark-connection chain=forward comment=“” disabled=no
layer7-protocol=h323 new-connection-mark=L2-conn passthrough=yes
add action=mark-packet chain=forward comment=
“Priority Level 2 Packet Marking” connection-mark=L2-conn disabled=no
new-packet-mark=L2-data passthrough=no
add action=mark-packet chain=forward comment=
“Priority Level 3 Packet Marking” connection-mark=L3-conn disabled=no
new-packet-mark=L3-data passthrough=no
add action=mark-connection chain=forward comment=“Web Connection Marking”
disabled=no dst-port=80,443 new-connection-mark=L4-conn passthrough=yes
protocol=tcp
add action=mark-packet chain=forward comment=
“Priority Level 4 Packet Marking” connection-mark=L4-conn disabled=no
new-packet-mark=L4-data passthrough=no
add action=mark-packet chain=forward comment=
“Priority Level 5 Packet Marking” connection-mark=L4-conn disabled=no
new-packet-mark=L5-data passthrough=no
add action=mark-connection chain=forward comment=“Email Connection Marking”
disabled=no dst-port=25,110,143 new-connection-mark=L6-conn passthrough=
yes protocol=tcp
add action=mark-packet chain=forward comment=
“Priority Level 6 Packet Marking” connection-mark=L6-conn disabled=no
new-packet-mark=L6-data passthrough=no
add action=mark-connection chain=forward comment=“FTP Connection Marking”
disabled=no dst-port=21 new-connection-mark=L7-conn passthrough=yes
protocol=tcp
add action=mark-packet chain=forward comment=
“Priority Level 7 Packet Marking” connection-mark=L7-conn disabled=no
new-packet-mark=L7-data passthrough=no
add action=mark-connection chain=forward comment=
“Other Traffic Connection Marking” disabled=no new-connection-mark=
L8-conn passthrough=yes
add action=mark-packet chain=forward comment=
“Priority Level 8 Packet Marking” connection-mark=L8-conn disabled=no
new-packet-mark=L8-data passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether3
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
disabled=no src-address=192.168.19.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment=“” disabled=no name=admin password=admin profile=default
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set “wlan1 (sector1)” discover=no
set “wlan2 (sector2)” discover=no
set “wlan3 (sector3)” discover=no
set “wlan4 (omni)” discover=no
set radius1 discover=yes
set radius2 discover=yes
set radius3 discover=yes
set radius4 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.2
scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes
/ppp aaa
set accounting=yes interim-update=0s use-radius=yes
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set “wlan1 (sector1)” queue=wireless-default
set “wlan2 (sector2)” queue=wireless-default
set “wlan3 (sector3)” queue=wireless-default
set “wlan4 (omni)” queue=wireless-default
set radius1 queue=default
set radius2 queue=default
set radius3 queue=default
set radius4 queue=default
/radius
add accounting-backup=no accounting-port=1813 address=192.168.0.2
authentication-port=1812 called-id=“” comment=“” disabled=no domain=“”
realm=“” secret=123456 service=hotspot timeout=300ms
add accounting-backup=no accounting-port=1813 address=192.168.0.4
authentication-port=1812 called-id=“” comment=“” disabled=no domain=“”
realm=“” secret=654321 service=hotspot timeout=300ms
add accounting-backup=no accounting-port=1813 address=192.168.0.1
authentication-port=1812 called-id=“” comment=“” disabled=no domain=“”
realm=“” secret=123456 service=ppp timeout=300ms
add accounting-backup=no accounting-port=1813 address=192.168.0.3
authentication-port=1812 called-id=“” comment=“” disabled=no domain=“”
realm=“” secret=654321 service=“” timeout=300ms
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20
metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified
mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=
no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/store
add comment=“” disabled=no disk=system name=user-manager1 type=user-manager
add comment=“” disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Africa/Johannesburg
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=
“jan/01/1970 00:00:00” time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set fan-mode=auto use-fan=main
/system identity
set name=“zTel Internet”
/system logging
add action=memory disabled=no prefix=“” topics=info
add action=memory disabled=no prefix=“” topics=error
add action=memory disabled=no prefix=“” topics=warning
add action=echo disabled=no prefix=“” topics=critical
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=196.4.160.4 secondary-ntp=196.26.5.8
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet
boot-protocol=bootp enable-jumper-reset=yes enter-setup-on=any-key
force-backup-booter=no
/system scheduler
add comment=“” disabled=no interval=1w name=“Peak Time (monday)” on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/20/2009
start-time=08:00:00
add comment=“” disabled=no interval=1w name=“Peak Time (tuesday)” on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/21/2009
start-time=08:00:00
add comment=“” disabled=no interval=1w name=“Peak Time (wednesday)” on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/22/2009
start-time=08:00:00
add comment=“” disabled=no interval=1w name=“Peak Time (thursday)” on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/23/2009
start-time=08:00:00
add comment=“” disabled=no interval=1w name=“Peak Time (friday)” on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/24/2009
start-time=08:00:00
add comment=“” disabled=no interval=1w name=“Off Peak Time (monday)”
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/20/2009
start-time=20:00:00
add comment=“” disabled=no interval=1w name=“Off Peak Time (tuesday)”
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/21/2009
start-time=20:00:00
add comment=“” disabled=no interval=1w name=“Off Peak Time (wednesday)”
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/22/2009
start-time=20:00:00
add comment=“” disabled=no interval=1w name=“Off Peak Time (thursday)”
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/23/2009
start-time=20:00:00
add comment=“” disabled=no interval=1w name=“Off Peak Time (friday)”
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jul/24/2009
start-time=20:00:00
add comment=“Peak script run” disabled=yes interval=1d name=Peak on-event=
“/system script run peak” policy=
reboot,read,write,policy,test,password,sniff start-date=jan/01/1970
start-time=08:00:00
add comment=“Offpeak script run” disabled=yes interval=1d name=Offpeak
on-event=“/system script run offpeak” policy=
reboot,read,write,policy,test,password,sniff start-date=jan/01/1970
start-time=20:00:00
/system script
add name=peak policy=ftp,reboot,read,write,policy,test,winbox,password,sniff
source=“/ip hotspot\r
\ndisable hotspot1\r
\nenable hotspot1\r
\n\r
\n/interface pppoe-server server\r
\ndisable 0,1,2\r
\nenable 0,1,2\r
\n\r
\n/tool user-manager router\r
\nset [find subscriber="Night"] disabled=yes\r
\nset [find subscriber="Day"] disabled=no\r
\nset [find subscriber="HSNight"] disabled=yes\r
\nset [find subscriber="HSDay"] disabled=no\r
\n”
add name=offpeak policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“/ip hotspo
t\r
\ndisable hotspot1\r
\nenable hotspot1\r
\n\r
\n/interface pppoe-server server\r
\ndisable 0,1,2\r
\nenable 0,1,2\r
\n\r
\n/tool user-manager router\r
\nset [find subscriber="Day"] disabled=yes\r
\nset [find subscriber="Night"] disabled=no\r
\nset [find subscriber="HSDay"] disabled=yes\r
\nset [find subscriber="HSNight"] disabled=no\r
\n”
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=<> password=“” server=0.0.0.0:25 username=“”
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” keep-max-sms=0 reader-running=no secret=“”
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=
yes interface=all memory-limit=10 only-headers=no streaming-enabled=no
streaming-server=0.0.0.0
/tool user-manager customer
add comment=“” disabled=no login=admin parent=admin password=“”
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
add comment=“” disabled=no login=Day parent=Day password=qwerty
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=Day time-zone=+00:00
add comment=“” disabled=no login=Night parent=Night password=qwerty
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=Night time-zone=+00:00
add comment=“” disabled=no login=HSDay parent=HSDay password=qwerty
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=HSDay time-zone=+00:00
add comment=“” disabled=no login=HSNight parent=HSNight password=qwerty
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=HSNight time-zone=+00:00
/tool user-manager router
add comment=“” disabled=yes ip-address=192.168.0.1 log=
auth-ok,auth-fail,acct-fail name=router1 shared-secret=123456 subscriber=
Day
add comment=“” disabled=no ip-address=192.168.0.3 log=
auth-ok,auth-fail,acct-fail name=router1 shared-secret=654321 subscriber=
Night
add comment=“” disabled=yes ip-address=192.168.0.2 log=
auth-ok,auth-fail,acct-fail name=router1 shared-secret=123456 subscriber=
HSDay
add comment=“” disabled=no ip-address=192.168.0.4 log=
auth-ok,auth-fail,acct-fail name=router1 shared-secret=654321 subscriber=
HSNight
/tool user-manager user----User data was here—
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no