配置 nat 拨号上网
查看设备接口信息
[admin@MikroTik] > /interface print
设置接口ip地址
内网口设定
[admin@MikroTik] > /ip address
[admin@MikroTik] /ip address> export
# oct/30/2012 15:46:10 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip address
add address=192.168.0.254/24 comment="default configuration" disabled=no \
interface=ether1 network=192.168.0.0
adsl拨号,并添加默认路由
[admin@MikroTik] > /interface pppoe-client
[admin@MikroTik] /interface pppoe-client> export
# oct/30/2012 15:48:56 by RouterOS 5.21
# software id = UZTS-9HAV
#
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether2 max-mru=1480 max-mtu=1480 \
mrru=disabled name=adsl202 password=AJDKMXYT profile=default \
service-name="" use-peer-dns=no user=075504537544@163.gd
设置 NAT
[admin@MikroTik] > /ip firewall nat
[admin@MikroTik] /ip firewall nat> export
# oct/30/2012 15:50:00 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=adsl202
ok 到此客户端网关指向服务器器即可上网。
配置 dhcp 服务器
设置地址池
[admin@MikroTik] > /ip pool
[admin@MikroTik] /ip pool> export
# oct/30/2012 15:51:30 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip pool
add name=landhcppool ranges=192.168.0.50-192.168.0.180
设置dhcp 服务器
[admin@MikroTik] > ip dhcp-server
[admin@MikroTik] /ip dhcp-server> export
# oct/30/2012 15:52:28 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip dhcp-server
add address-pool=landhcppool authoritative=after-2sec-delay disabled=no \
interface=ether1 lease-time=3d name=lan-dhcpserver
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option="" dns-server=202.96.134.133 gateway=\
192.168.0.254 netmask=24 ntp-server="" wins-server=""
配置流量控制
为adsl入站流量,分类打tag
[admin@MikroTik] > ip firewall mangle
[admin@MikroTik] /ip firewall mangle> export
# oct/30/2012 15:55:12 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall mangle
add action=mark-packet chain=forward disabled=no dst-address-list=vip \
in-interface=adsl202 new-packet-mark=vip passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=20
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=udp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=587
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=other passthrough=no
为内网出站流量,分类打tag
add action=mark-packet chain=prerouting disabled=no dst-address=\
!192.168.10.0/24 in-interface=ether1 new-packet-mark=lanout passthrough=\
Yes
添加自定义 queue type
[admin@MikroTik] > /queue type
[admin@MikroTik] /queue type> export
# oct/30/2012 16:09:08 by RouterOS 5.21
# software id = UZTS-9HAV
#
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=dstpcq pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=srcpcq pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
在内网口附加下载的流控规则
[admin@MikroTik] > /queue tree
[admin@MikroTik] /queue tree> export
# oct/30/2012 16:06:21 by RouterOS 5.21
# software id = UZTS-9HAV
#
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=20M name=adslin packet-mark="" parent=ether1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M \
max-limit=20M name=vip packet-mark=vip parent=adslin priority=2 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M \
max-limit=10M name=www packet-mark=www parent=adslin priority=3 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
max-limit=10M name=mail packet-mark=mail parent=adslin priority=4 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M \
max-limit=10M name=other packet-mark=other parent=adslin priority=5 \
queue=dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=p2p packet-mark=p2p parent=adslin priority=8 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=adslout packet-mark="" parent=adsl202 priority=8
在口附加上传的流控规则
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=lanout packet-mark=lanout parent=adslout priority=8 \
queue=srcpcq
配置多 WAN 端口映射到内部服务器
设置WAN口ip地址 和 出站nat
[admin@MikroTik] > ip address export
# oct/30/2012 16:21:18 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip address
add address=192.168.0.254/24 comment="default configuration" disabled=no \
interface=ether1 network=192.168.0.0
add address=220.112.204.99/24 disabled=no interface=ether4 network=\
220.112.204.0
add address=116.204.103.99/29 disabled=no interface=ether3 network=\
116.204.103.216
[admin@MikroTik] > /ip firewall nat export
# oct/30/2012 16:21:41 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=adsl202
add action=masquerade chain=srcnat disabled=no out-interface=ether3
add action=masquerade chain=srcnat disabled=no out-interface=ether4
映射WAN端口到内部服务器
[admin@MikroTik] > /ip firewall nat
[admin@MikroTik] /ip firewall nat> export
# oct/30/2012 16:13:29 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=adsl202
add action=masquerade chain=srcnat disabled=no out-interface=ether3
add action=masquerade chain=srcnat disabled=no out-interface=ether4
add action=dst-nat chain=dstnat comment=mail_dianxin disabled=no dst-port=25 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_dianxin disabled=no dst-port=8002 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250 to-ports=80
add action=dst-nat chain=dstnat comment=pop_dianxin disabled=no dst-port=110 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mail_wangtong disabled=no dst-port=25 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=pop_wangtong disabled=no dst-port=110 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_wangtong disabled=no dst-port=\
8002 in-interface=ether4 protocol=tcp to-addresses=192.168.0.250 \
to-ports=80
add action=dst-nat chain=dstnat comment=web_dianxin disabled=no dst-port=80 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=crm_dianxin disabled=no dst-port=8001 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=crm_wangtong disabled=no dst-port=\
8001 in-interface=ether4 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=web_wangtong disabled=no dst-port=80 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=rdp_wangtong disabled=no dst-port=\
33 in-interface=ether4 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp_dianxin disabled=no dst-port=33 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp2_dianxin disabled=no dst-port=\
3390 in-interface=ether3 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat comment=rpd2_wangtong disabled=no dst-port=\
3390 in-interface=ether4 protocol=tcp to-addresses=192.168.0.29
标记 WAN口进来的映射连接
[admin@MikroTik] > /ip firewall mangle
[admin@MikroTik] /ip firewall mangle> export
# oct/30/2012 16:24:55 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=wan4 disabled=no \
in-interface=ether1 new-routing-mark=wangtong passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3 disabled=no \
in-interface=ether1 new-routing-mark=dianxin passthrough=yes
add action=mark-connection chain=prerouting disabled=no in-interface=ether3 \
new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting disabled=no in-interface=ether4 \
new-connection-mark=wan4 passthrough=yes
add action=mark-packet chain=forward disabled=no dst-address-list=vip \
in-interface=adsl202 new-packet-mark=vip passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=20
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=udp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=587
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=other passthrough=no
add action=mark-packet chain=prerouting disabled=no dst-address=\
!192.168.10.0/24 in-interface=ether1 new-packet-mark=lanout passthrough=\
yes
设置映射连接的回流路由
[admin@MikroTik] > ip route export
# oct/30/2012 16:26:09 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
116.204.103.222 routing-mark=dianxin scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
220.112.204.62 routing-mark=wangtong scope=30 target-scope=10
配置端口回流,内网客户端使用公网ip访问内网服务器。
DST NAT
[admin@MikroTik] > /ip firewall nat export
# oct/30/2012 16:33:12 by RouterOS 5.21
# software id = UZTS-9HAV
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=adsl202
add action=masquerade chain=srcnat disabled=no out-interface=ether3
add action=masquerade chain=srcnat disabled=no out-interface=ether4
add action=dst-nat chain=dstnat comment=mail_dianxin disabled=no dst-port=25 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_dianxin disabled=no dst-port=8002 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250 to-ports=80
add action=dst-nat chain=dstnat comment=pop_dianxin disabled=no dst-port=110 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mail_wangtong disabled=no dst-port=25 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=pop_wangtong disabled=no dst-port=110 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_wangtong disabled=no dst-port=\
8002 in-interface=ether4 protocol=tcp to-addresses=192.168.0.250 \
to-ports=80
add action=dst-nat chain=dstnat comment=web_dianxin disabled=no dst-port=80 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=crm_dianxin disabled=no dst-port=8001 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=crm_wangtong disabled=no dst-port=\
8001 in-interface=ether4 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=web_wangtong disabled=no dst-port=80 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=rdp_wangtong disabled=no dst-port=\
33 in-interface=ether4 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp_dianxin disabled=no dst-port=33 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp2_dianxin disabled=no dst-port=\
3390 in-interface=ether3 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat comment=rpd2_wangtong disabled=no dst-port=\
3390 in-interface=ether4 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=8001 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=8001 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=110 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=110 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=8002 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=8002 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=33 in-interface=ether1 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=33 in-interface=ether1 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=3390 in-interface=ether1 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=3390 in-interface=ether1 protocol=tcp to-addresses=192.168.0.29
add action=masquerade chain=srcnat disabled=no out-interface=ether1 \
src-address=192.168.0.0/24
端口回流
add action=masquerade chain=srcnat disabled=no out-interface=ether1 \
src-address=192.168.0.0/24
附录:
1.routeros 所有配置及说明
[admin@MikroTik] > export
# oct/30/2012 16:42:30 by RouterOS 5.21
# software id = UZTS-9HAV
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment=lan \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=9014 \
mac-address=00:A1:E0:11:24:A9 mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment=\
adsl:up20M:down:2M disable-running-check=yes disabled=no full-duplex=yes \
l2mtu=9014 mac-address=00:A1:E0:11:24:AA mtu=1500 name=ether2 speed=\
100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=9014 \
mac-address=00:A1:E0:11:24:AD mtu=1500 name=ether5 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment=\
GQ_dianxin:up10M:down10M disable-running-check=yes disabled=no \
full-duplex=yes l2mtu=9014 mac-address=00:A1:E0:11:24:AB mtu=1500 name=\
ether3 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes cable-settings=default comment=\
GQ_liantong:up10M:down10M disable-running-check=yes disabled=no \
full-duplex=yes l2mtu=9014 mac-address=00:A1:E0:11:24:AC mtu=1500 name=\
ether4 speed=100Mbps
set 5 arp=enabled auto-negotiation=yes cable-settings=default \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=9014 \
mac-address=00:A1:E0:11:24:AE mtu=1500 name=ether6 speed=100Mbps
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" eap-methods=passthrough \
group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
management-protection=disabled management-protection-key="" mode=none \
name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
"" wpa2-pre-shared-key=""
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=landhcppool ranges=192.168.0.50-192.168.0.180
/ip dhcp-server
add address-pool=landhcppool authoritative=after-2sec-delay disabled=no \
interface=ether1 lease-time=3d name=lan-dhcpserver
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
set 1 baud-rate=9600 data-bits=8 flow-control=none name=serial1 parity=none \
stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default \
remote-ipv6-prefix-pool=none use-compression=default use-encryption=\
default use-ipv6=yes use-mpls=default use-vj-compression=default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
remote-ipv6-prefix-pool=none use-compression=default use-encryption=yes \
use-ipv6=yes use-mpls=default use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether2 max-mru=1480 max-mtu=1480 \
mrru=disabled name=adsl202 password=AJDKMXYT profile=default \
service-name="" use-peer-dns=no user=075504537544@163.gd
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=20M name=adslin packet-mark="" parent=ether1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=adslout packet-mark="" parent=adsl202 priority=8
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=dstpcq pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=srcpcq pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M \
max-limit=20M name=vip packet-mark=vip parent=adslin priority=2 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M \
max-limit=10M name=www packet-mark=www parent=adslin priority=3 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
max-limit=10M name=mail packet-mark=mail parent=adslin priority=4 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M \
max-limit=10M name=other packet-mark=other parent=adslin priority=5 \
queue=dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=p2p packet-mark=p2p parent=adslin priority=8 queue=\
dstpcq
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=lanout packet-mark=lanout parent=adslout priority=8 \
queue=srcpcq
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/routing ospf-v3 instance
set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto \
metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing ospf-v3 area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=:: remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface o-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:22:25:24:98:25 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=yes threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.254/24 comment="default configuration" disabled=no \
interface=ether1 network=192.168.0.0
add address=220.112.204.99/24 disabled=no interface=ether4 network=\
220.112.204.0
add address=116.204.103.99/29 disabled=no interface=ether3 network=\
116.204.103.216
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option="" dns-server=202.96.134.133 gateway=\
192.168.0.254 netmask=24 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=202.96.134.133
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall address-list
add address=0.0.0.0 disabled=no list=vip
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=wan4 disabled=no \
in-interface=ether1 new-routing-mark=wangtong passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3 disabled=no \
in-interface=ether1 new-routing-mark=dianxin passthrough=yes
add action=mark-connection chain=prerouting disabled=no in-interface=ether3 \
new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting disabled=no in-interface=ether4 \
new-connection-mark=wan4 passthrough=yes
add action=mark-packet chain=forward disabled=no dst-address-list=vip \
in-interface=adsl202 new-packet-mark=vip passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=www passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=20
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=ftp passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=dns passthrough=no protocol=udp src-port=53
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=mail passthrough=no protocol=tcp src-port=587
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=prerouting disabled=no in-interface=adsl202 \
new-packet-mark=other passthrough=no
add action=mark-packet chain=prerouting disabled=no dst-address=\
!192.168.10.0/24 in-interface=ether1 new-packet-mark=lanout passthrough=\
yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=adsl202
add action=masquerade chain=srcnat disabled=no out-interface=ether3
add action=masquerade chain=srcnat disabled=no out-interface=ether4
add action=dst-nat chain=dstnat comment=mail_dianxin disabled=no dst-port=25 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_dianxin disabled=no dst-port=8002 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250 to-ports=80
add action=dst-nat chain=dstnat comment=pop_dianxin disabled=no dst-port=110 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mail_wangtong disabled=no dst-port=25 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=pop_wangtong disabled=no dst-port=110 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat comment=mis_wangtong disabled=no dst-port=\
8002 in-interface=ether4 protocol=tcp to-addresses=192.168.0.250 \
to-ports=80
add action=dst-nat chain=dstnat comment=web_dianxin disabled=no dst-port=80 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=crm_dianxin disabled=no dst-port=8001 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=crm_wangtong disabled=no dst-port=\
8001 in-interface=ether4 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat comment=web_wangtong disabled=no dst-port=80 \
in-interface=ether4 protocol=tcp to-addresses=192.168.0.252 to-ports=80
add action=dst-nat chain=dstnat comment=rdp_wangtong disabled=no dst-port=\
33 in-interface=ether4 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp_dianxin disabled=no dst-port=33 \
in-interface=ether3 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat comment=rdp2_dianxin disabled=no dst-port=\
3390 in-interface=ether3 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat comment=rpd2_wangtong disabled=no dst-port=\
3390 in-interface=ether4 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=8001 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=8001 in-interface=ether1 protocol=tcp to-addresses=192.168.0.252
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=110 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=110 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=25 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=8002 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=8002 in-interface=ether1 protocol=tcp to-addresses=192.168.0.250
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=33 in-interface=ether1 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=33 in-interface=ether1 protocol=tcp to-addresses=192.168.0.28
add action=dst-nat chain=dstnat disabled=no dst-address=220.112.204.99 \
dst-port=3390 in-interface=ether1 protocol=tcp to-addresses=192.168.0.29
add action=dst-nat chain=dstnat disabled=no dst-address=116.204.103.99 \
dst-port=3390 in-interface=ether1 protocol=tcp to-addresses=192.168.0.29
add action=masquerade chain=srcnat disabled=no out-interface=ether1 \
src-address=192.168.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether5 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether6 disabled=no
set adsl202 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
116.204.103.222 routing-mark=dianxin scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
220.112.204.62 routing-mark=wangtong scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=\
no hop-limit=unspecified interface=all managed-address-configuration=no \
mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether5 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether6 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
set [ find vcno=1 ] channel=0 disabled=no term=linux
set [ find vcno=2 ] channel=0 disabled=no term=linux
set [ find vcno=3 ] channel=0 disabled=no term=linux
set [ find vcno=4 ] channel=0 disabled=no term=linux
set [ find vcno=5 ] channel=0 disabled=no term=linux
set [ find vcno=6 ] channel=0 disabled=no term=linux
set [ find vcno=7 ] channel=0 disabled=no term=linux
set [ find vcno=8 ] channel=0 disabled=no term=linux
/system console screen
set blank-interval=10min line-count=25
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no broadcast-addresses="" enabled=no manycast=yes multicast=no
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
set 13 cpu=auto
set 14 cpu=auto
set 15 cpu=auto
set 16 cpu=auto
/system resource irq rps
set ether1 disabled=no
set ether2 disabled=no
set ether5 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether6 disabled=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
"" filter-mac-address="" filter-mac-protocol="" filter-port="" \
filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no下载本文
