# may/20/2017 14:33:01 by RouterOS 6.39.1
# software id = 0QH3-DBP7
#
/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce name=channel1
/interface bridge
add fast-forward=no name=bridge_lan
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp name=lan
set [ find default-name=ether1 ] name=wan
/ip neighbor discovery
set wan discover=no
/caps-man datapath
add bridge=bridge_lan client-to-client-forwarding=yes local-forwarding=no \
name=datapath1
/interface ethernet
set [ find default-name=ether3 ] master-port=lan name=ether3-slave-local
set [ find default-name=ether4 ] master-port=lan name=ether4-slave-local
set [ find default-name=ether5 ] master-port=lan name=ether5-slave-local
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm name=security1 passphrase=
/caps-man configuration
add channel=channel1 datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2 \
security=security1 ssid=m12 tx-chains=0,1,2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge_lan name=lan1
/system logging action
set 1 disk-file-name=log
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cfg1
/interface bridge port
add bridge=bridge_lan interface=lan
/interface l2tp-server server
set caller-id-type=ip-address
/interface pptp-server server
set default-profile=pptp_profile enabled=yes
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=lan \
network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=wan
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" gateway=\
192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.192.3,192.168.192.4
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=accept chain=forward comment=iptv dst-port=1234 protocol=udp
add action=drop chain=input comment=iptv dst-port=53 in-interface=wan \
protocol=udp
add action=accept chain=input comment=iptv protocol=igmp
add action=accept chain=input comment="dostup iz vne" disabled=yes \
dst-address=83.234.222.222 in-interface=wan protocol=tcp src-port=80
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input comment=vpn dst-address=83.234.222.222 dst-port=\
1723 in-interface=wan protocol=tcp
add action=accept chain=input comment=vpn protocol=gre
add action=drop chain=input comment="default configuration" in-interface=wan
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=wan
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=wan
add action=netmap chain=dstnat comment="dostup iz vne -> nas (smb) " \
in-interface=wan port=445 protocol=tcp to-addresses=192.168.1.245 \
to-ports=445
add action=netmap chain=dstnat comment="dostup iz vne -> nas (afp)" \
in-interface=wan port=548 protocol=tcp to-addresses=192.168.1.245 \
to-ports=548
add action=netmap chain=dstnat comment="dostup iz vne -> nas (afp)" \
in-interface=wan port=427 protocol=tcp to-addresses=192.168.1.245 \
to-ports=427
add action=netmap chain=dstnat comment="dostup iz vne -> mjd" dst-port=7070 \
in-interface=wan protocol=tcp to-addresses=192.168.1.70 to-ports=80
add action=netmap chain=dstnat comment="dostup iz vne for nas adminka" \
dst-port=443 in-interface=wan protocol=tcp to-addresses=192.168.1.245
/ip route
add disabled=yes distance=1 gateway=83.234.222.1
/ip service
set www address=192.168.1.0/24,0.0.0.0/0
/ip smb shares
set [ find default=yes ] directory=/pub
/ppp profile
add change-tcp-mss=yes local-address=192.168.1.1 name=pptp_profile \
remote-address=*2
/ppp secret
add local-address=192.168.1.1 name=yunin password=yunindenis remote-address=\
192.168.1.20 service=pptp
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=wan upstream=yes
add interface=lan
/system clock
set time-zone-name=Asia/Irkutsk
/system identity
set name=hex_lite
/system ntp client
set enabled=yes primary-ntp=89.109.251.21
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=lan
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=lan
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local

# may/20/2017 14:13:34 by RouterOS 6.39.1
# software id = 9841-NIEC
#
/interface bridge
add fast-forward=no name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-Ce/gn(30dBm), SSID: m12, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-89CC38 \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.200-192.168.1.220
/interface bridge port
add bridge=bridge1 interface=ether2-master
/interface l2tp-server server
set caller-id-type=ip-address
/interface wireless cap
#
set bridge=bridge1 caps-man-addresses=192.168.1.1 enabled=yes interfaces=\
wlan1
/ip address
add address=192.168.1.10/24 comment=defconf interface=ether2-master network=\
192.168.1.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether2-master
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.10 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Irkutsk
/system identity
set name=hap_lite_1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge1
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge1