Thu Oct 28, 2010 4:46 am
Here are the export details
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255
interface=ether2-local-master actual-interface=ether2-local-master
1 address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255
interface=ether5-local-slave actual-interface=bridgeHS
2 D address=10.1.1.2/16 network=10.1.0.0 broadcast=10.1.255.255
interface=ether1-gateway actual-interface=ether1-gateway
3 address=192.168.88.10/24 network=192.168.88.0 broadcast=192.168.88.255
interface=VLAN20 actual-interface=VLAN20
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=10.1.1.1
gateway-status=10.1.1.1 reachable ether1-gateway distance=1 scope=30
target-scope=10
1 ADC dst-address=10.1.0.0/16 pref-src=10.1.1.2 gateway=ether1-gateway
gateway-status=ether1-gateway reachable distance=0 scope=10
2 ADC dst-address=192.168.5.0/24 pref-src=192.168.5.1 gateway=bridgeHS
gateway-status=bridgeHS reachable distance=0 scope=10
3 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
gateway=ether2-local-master,VLAN20
gateway-status=ether2-local-master reachable,VLAN20 reachable
distance=0 scope=10
[admin@MikroTik] > /ip firewall export
# oct/28/2010 11:45:36 by RouterOS 4.9
# software id = WC5W-UVQQ
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=hs-input comment="To deny DHCP request" disabled=no \
protocol=udp time=10h-10h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.5.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] >