HI,NORMIS do you have time?
can you login my router see if my router setting was safe?
I'm headache with setting it up, if you can i send my login info to support.
thanks in advance.

Contact and hire MikroTik certified consultants,
http://www.mikrotik.com/consultants.html

or post your configurations here for evaluation (remove sensitive information first)

You can also post what type of router or service you want to provide?
Just put the configuration of you router H/W, ( must after install the MK and if you don't want to setup a hotspot or wireless service) and send me a SMS to my cell phone at +8801716488912. I will make myself in my virtual server for your service and send you a backup copy of it.

Rafiq...

You can also post what type of router or service you want to provide?
Just put the configuration of you router H/W, ( must after install the MK and if you don't want to setup a hotspot or wireless service) and send me a SMS to my cell phone at +8801716488912. I will make myself in my virtual server for your service and send you a backup copy of it.

Rafiq...

hi,I have rb532a r5, wireless card r52, 15db omni antenna .
I want configuration router as:
first two port for loading WAN (ECMP Routing )
third port for lan with 192.168.0.1/24
hotspot(i don't want hotspot user can access to my router anyway and cann't intercommunion with my local lan)
secure router protect customer
please send your backup copy to:
FTP: claol.com
user:temp@claol.com
password:123456
everyone want to help me is welcome.
thanks!!!

Dear channingzou,
I used a p-III with 3 lan card.

Please discurd IP address 192.168.2.10.. and replace all other IP address as you need.
I am not experience with HOTSPOT. Already a copy of this backup is sent to your ftp. This is for others.

I think It will help you.

Rafiq...

Probably backup file will not be restored correctly. It is better to use export file.

Probably backup file will not be restored correctly. It is better to use export file.

hi,sergejs will make export file upload to your website let everyone download?

Here is the export file ...

Rafiq...


####################################################################

# aug/07/2007 17:50:24 by RouterOS 2.9.27
# software id = 9EK0-FJT
#
/ interface ethernet
set Lan name="Lan" mtu=1500 mac-address=00:08:54:34:6A:96 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
set Wan1 name="Wan1" mtu=1500 mac-address=00:E0:4D:49:87:05 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
set Wan2 name="Wan2" mtu=1500 mac-address=00:10:4B:0E:E8:D2 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 \
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
keepalive-timeout=30 default-profile=default-encryption
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=0.0.0.0 secondary-dns=0.0.0.0 allow-remote-requests=no \
cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m \
inactive-flow-timeout=15s
/ ip address
add address=192.168.2.10/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=Lan comment="added by setup" disabled=no
add address=177.66.202.2/24 network=177.66.202.0 broadcast=177.66.202.255 \
interface=Wan1 comment="" disabled=no
add address=177.66.203.3/24 network=177.66.203.0 broadcast=177.66.203.255 \
interface=Wan2 comment="" disabled=no
add address=192.168.17.1/24 network=192.168.17.0 broadcast=192.168.17.255 \
interface=Lan comment="added by setup" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 \
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip neighbor discovery
set Lan discover=yes
set Wan1 discover=yes
set Wan2 discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \
comment="added by setup" disabled=no
add dst-address=0.0.0.0/0 gateway=177.66.202.1 check-gateway=ping scope=255 \
target-scope=10 routing-mark=wan1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=177.66.203.1 check-gateway=ping scope=255 \
target-scope=10 routing-mark=wan2 comment="" disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.17.0/24 action=mark-routing \
new-routing-mark=wan1 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.17.0/24 action=mark-routing \
new-routing-mark=wan2 passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat src-address=192.168.17.0/24 action=masquerade comment="" \
disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop Invalid \
connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow \
Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="Allow access \
to router from known network" disabled=no
add chain=input src-address=192.168.2.0/24 action=accept comment="Allow access \
to router from here " disabled=no
add chain=input src-address=192.168.17.0/24 action=accept comment="Allow \
access to router from here " disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop \
comment="drop invalid connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow \
already established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow \
related connections" disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" \
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" \
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" \
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC \
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC \
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" \
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" \
disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" \
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny \
NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" \
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny \
BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" \
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" \
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC \
portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC \
portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" \
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" \
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny \
BackOriffice" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop \
invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow \
established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow \
already established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow \
source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow \
echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow \
time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow \
parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname="proxy" \
transparent-proxy=no parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=4096KiB cache-drive=system \
max-cache-size=none max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
disabled=no
/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
check-interval=1d user=""
/ system clock dst
set dst-delta=+00:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970 \
00:00:00"
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes \
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add term="" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
/ system console screen
set line-count=25
/ system identity
set name="MikroTik"
/ system note
set show-at-login=yes note=""
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default \
use-encryption=default only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" use-compression=default \
use-vj-compression=default use-encryption=yes only-one=default \
change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name="default-small" kind=pfifo pfifo-limit=10
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" \
disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\
tp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 \
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes \
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no \
redistribute-static=no redistribute-rip=no redistribute-bgp=no \
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate \
authentication=none prefix-list-import="" prefix-list-export="" \
disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no \
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no \
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 \
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m


###########################################

I know it is too big .. but I cannot upload this file with various extension.

Dear channingzou,
I used a p-III with 3 lan card.

Please discurd IP address 192.168.2.10.. and replace all other IP address as you need.
I am not experience with HOTSPOT. Already a copy of this backup is sent to your ftp. This is for others.

I think It will help you.

Rafiq...

hi,Rafiq
I probably try backup file first ,if I need some more help do you have time login to my router to do it?
thanks a lot !!!!

Dear channingzou,
I used a p-III with 3 lan card.

Please discurd IP address 192.168.2.10.. and replace all other IP address as you need.
I am not experience with HOTSPOT. Already a copy of this backup is sent to your ftp. This is for others.

I think It will help you.

Rafiq...

hi,Rafiq
I probably try backup file first ,if I need some more help do you have time login to my router to do it?
thanks a lot !!!!

I have tried backup ,it doesn't work ,still in same was , I use rc1