/interface ethernet
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=Range1 ranges=10.5.50.2-10.5.50.254
add name=Lanhouse ranges=192.168.254.10-192.168.254.254
/ip dhcp-server
add address-pool=Range1 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=saida lease-time=3d name=Mdnet
/ip hotspot
add address-pool=Range1 disabled=no idle-timeout=none interface=saida \
keepalive-timeout=none name=Mdnet profile=hsprof2
/ip hotspot user profile
add address-pool=Range1 advertise=yes advertise-interval=1s \
advertise-timeout=never advertise-url=bloqueio.html idle-timeout=none \
incoming-filter=hs-unauth keepalive-timeout=2m name=bloqueio \
open-status-page=always outgoing-filter=hs-unauth-to session-timeout=5m \
shared-users=1 status-autorefresh=1m transparent-proxy=yes
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=yes comment="" dns-server=10.5.50.1 local-address=Lanhouse \
name=SERVER-PPPoE only-one=default remote-address=Range1 use-compression=\
no use-encryption=no use-vj-compression=no
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
"" dial-on-demand=no disabled=no interface=ether1 max-mru=1480 max-mtu=\
1480 mrru=disabled name=Velox password=XXXXXXXXXX profile=default \
service-name="" use-peer-dns=no [EMAIL="[email protected]"][email protected][/EMAIL]
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=cache pcq-classifier=dst-address pcq-limit=50 pcq-rate=\
2000000 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=saida-pppoe \
limit-at=0/0 max-limit=256k/2M name=LANHOUSE parent=none priority=8 \
queue=default-small/default-small total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=ThunderCache3 packet-mark=thunder3-packs parent=\
global-out priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=CACHE-FULL packet-mark=Cache-Packet parent=global-out \
priority=8 queue=cache
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=MKAUTHWEB packet-mark=mkauth-packs parent=global-out \
priority=8 queue=default
/ip address
add address=10.5.50.1/24 broadcast=10.5.50.255 comment="" disabled=no \
interface=saida network=10.5.50.0
add address=192.168.254.2/24 broadcast=192.168.254.255 comment="" disabled=no \
interface=ether1 network=192.168.254.0
add address=172.31.255.1/30 broadcast=172.31.255.3 comment="" disabled=no \
interface=thunder network=172.31.255.0
add address=192.168.254.3/24 broadcast=192.168.254.255 comment="" disabled=no \
interface=modem2 network=192.168.254.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=Lanhouse comment="" disabled=no mac-address=00:21:97:DA:EE:A3
/ip dhcp-server network
add address=10.5.50.0/24 comment="DHCP Rede" dns-server=\
10.5.50.1,200.165.132.155 gateway=10.5.50.1 netmask=24
add address=192.168.254.0/24 comment="" dns-server=\
192.168.254.1,200.165.132.155 gateway=192.168.254.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=192.168.254.254,200.165.132.155
/ip firewall address-list
add address=172.31.255.0/24 comment=ip_do_thunder disabled=no list=NO_CACHE
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no src-address=\
128.0.0.0/2
/ip firewall mangle
add action=mark-connection chain=forward comment="MK-AUTH FULL" content=\
"MKAUTH: FILES" disabled=no new-connection-mark=mkauth-connection \
passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=\
mkauth-connection disabled=no new-packet-mark=mkauth-packs passthrough=\
yes protocol=tcp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="NAT para clientes" disabled=no \
src-address=10.5.50.0/24
add action=dst-nat chain=dstnat comment="AVISO MANUNTENO" disabled=yes \
protocol=tcp src-address-list=0.0.0.0/0 src-port=80 to-addresses=\
172.31.255.2 to-ports=89
add action=dst-nat chain=pre-hotspot comment=Web-proxy disabled=no dst-port=\
80 hotspot=auth in-interface=ether1 protocol=tcp src-address=10.5.50.0/24 \
to-addresses=172.31.255.2 to-ports=3128
add action=redirect chain=pre-hotspot comment="Paginas de status do hotspot" \
disabled=no dst-address=10.5.50.1 dst-port=80 hotspot=auth protocol=tcp \
to-ports=64873
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot ip-binding
add comment="" disabled=no mac-address=20:CF:30:E0:77:2E type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=teste password=teste profile=300Kbps server=\
Mdnet
add comment="dia 05" disabled=no name=clei password=clei profile=300Kbps \
server=Mdnet
/ip hotspot walled-garden
add action=allow comment="" disabled=yes server=Mdnet src-address=192.168.1.1
add action=allow comment="" disabled=yes dst-host=172.31.255.2 dst-port=80
add action=allow comment="" disabled=yes dst-host=172.31.255.2 dst-port=85
/ip neighbor discovery
set ether1 discover=no
set saida discover=yes
set modem2 discover=yes
set thunder discover=yes
set saida-pppoe discover=yes
set Velox discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=lanhouse password=123 profile=SERVER-PPPoE routes="" service=pppoe
/queue interface
set ether1 queue=ethernet-default
set saida queue=ethernet-default
set modem2 queue=ethernet-default
set thunder queue=ethernet-default
set saida-pppoe queue=ethernet-default
set Velox queue=default
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=-03:00
/system identity
set name=MikroTik
/system ntp client
set enabled=yes mode=unicast primary-ntp=209.81.9.7 secondary-ntp=\
143.107.255.15
/tool mac-server
add disabled=no interface=saida
add disabled=no interface=modem2
add disabled=no interface=thunder
add disabled=no interface=saida-pppoe
/tool mac-server ping
set enabled=yes