Scribd
Upload
186 views26 pages

Script Miktotik Full Jos Pokoknya

The document contains configuration settings for network interfaces, wireless security profiles, IP addresses, routing protocols, and queue management on a Mikrotik router. It configures four Ethernet ports, a PPTP server, wireless interface, IP addresses, hotspot profiles, routing protocols like OSPF and BGP, and queue trees with packet classifiers to prioritize different types of traffic.

Uploaded by

Dtodo fco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
186 views26 pages

Script Miktotik Full Jos Pokoknya

The document contains configuration settings for network interfaces, wireless security profiles, IP addresses, routing protocols, and queue management on a Mikrotik router. It configures four Ethernet ports, a PPTP server, wireless interface, IP addresses, hotspot profiles, routing protocols like OSPF and BGP, and queue trees with packet classifiers to prioritize different types of traffic.

Uploaded by

Dtodo fco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 26

SCRIPT MIKTOTIK FULL JOS POKOKNYA

/interface ethernet

set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \

    mac-address=00:0C:42:7D:90:75 mtu=1500 name=ether1-PUBLIK speed=100Mbps

set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \

    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:76 \

    master-port=none mtu=1500 name=ether2-LAN speed=100Mbps

set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \

    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:77 \

    master-port=none mtu=1500 name=ether3-PROXY speed=100Mbps

set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \

    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:78 \

    master-port=none mtu=1500 name=HOTSPOT speed=100Mbps

set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \

    disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:90:79 \

    master-port=none mtu=1500 name=ether5-aco speed=100Mbps

/interface pptp-server

add disabled=no name=pptp-in1 user=""

/interface ethernet switch

set switch1 mirror-source=none mirror-target=none name=switch1

/interface wireless security-profiles

set default authentication-types="" eap-methods=passthrough group-ciphers="" \


    group-key-update=5m interim-update=0s management-protection=disabled \

    management-protection-key="" mode=none name=default \

    radius-eap-accounting=no radius-mac-accounting=no \

    radius-mac-authentication=no radius-mac-caching=disabled \

    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \

    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\

    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \

    static-sta-private-algo=none static-sta-private-key="" \

    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\

    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \

    wpa2-pre-shared-key=""

/ip firewall layer7-protocol

add name="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~\

    ]*(x-cache: hit)" regexp=""

/ip hotspot profile

set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \

    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \

    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \

    use-radius=no

add dns-name=www.smarteducation.net hotspot-address=192.168.4.1 \

    html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,http-pap \

    name=hsprof1 nas-port-type=wireless-802.11 radius-accounting=yes \

    radius-default-domain="" radius-interim-update=received \

    radius-location-id="" radius-location-name="" radius-mac-format=\


    XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \

    use-radius=yes

/ip ipsec proposal

set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \

    name=default pfs-group=modp1024

/ip pool

add name=hs-pool-4 ranges=192.168.4.2-192.168.4.254

add name=vpn-smart ranges=192.168.1.10-192.168.1.30

/ip dhcp-server

add address-pool=hs-pool-4 address-pool6="" authoritative=after-2sec-delay \

    bootp-support=static disabled=no interface=HOTSPOT lease-time=1h name=\

    dhcp1

/ip hotspot

add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m \

    interface=HOTSPOT keepalive-timeout=none name=hotspot1 profile=hsprof1

/ip hotspot user profile

set MahasiswaD3 address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m \

    name=MahasiswaD3 shared-users=1 status-autorefresh=1m transparent-proxy=\

    no

add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\

    MahasiswaD1 shared-users=1 status-autorefresh=1m transparent-proxy=no


add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\

    PELANGGAN shared-users=1 status-autorefresh=1m transparent-proxy=no

add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=DOSEN \

    shared-users=1 status-autorefresh=1m transparent-proxy=no

add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=STAFF \

    shared-users=1 status-autorefresh=1m transparent-proxy=no

add address-pool=hs-pool-4 idle-timeout=none keepalive-timeout=2m name=\

    FRIENDS shared-users=1 status-autorefresh=1m transparent-proxy=no

/ppp profile

set default change-tcp-mss=yes name=default only-one=default \

    remote-ipv6-prefix-pool=none use-compression=default use-encryption=\

    default use-ipv6=yes use-mpls=default use-vj-compression=default

add change-tcp-mss=default local-address=192.168.1.1 name=VPS-SMART only-one=\

    default remote-address=vpn-smart remote-ipv6-prefix-pool=none \

    use-compression=default use-encryption=default use-ipv6=yes use-mpls=\

    default use-vj-compression=default

set default-encryption change-tcp-mss=yes name=default-encryption only-one=\

    default remote-ipv6-prefix-pool=none use-compression=default \

    use-encryption=yes use-ipv6=yes use-mpls=default use-vj-compression=\

    default

/interface pppoe-client

add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \

    dial-on-demand=no disabled=no interface=ether1-PUBLIK max-mru=1480 \


    max-mtu=1480 mrru=disabled name=pppoe-out1 password=xxxxxxxxxxxxxxxxxxxxxx
profile=\

    default service-name="" use-peer-dns=no


[email protected]

/queue tree

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=1M name="down and browsing lokal" parent=ether2-LAN priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=1M name="down and browsing hotspot" parent=HOTSPOT priority=8

/queue type

set default kind=pfifo name=default pfifo-limit=50

set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50

set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \

    sfq-perturb=5

set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \

    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10

set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\

    5

add kind=pcq name=pcq-browsing pcq-burst-rate=0 pcq-burst-threshold=0 \

    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \

    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=400k \

    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=200

add kind=pcq name="PCQ download hotspot" pcq-burst-rate=0 \

    pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \

    pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=\


    250k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=\

    2000

add kind=pcq name="PCQ download lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \

    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \

    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=250k \

    pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000

add kind=pcq name="pcq-upload hotspot" pcq-burst-rate=0 pcq-burst-threshold=0 \

    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \

    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\

    32 pcq-src-address6-mask=128 pcq-total-limit=2000

add kind=pcq name="pcq-upload lokal" pcq-burst-rate=0 pcq-burst-threshold=0 \

    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \

    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=64k pcq-src-address-mask=\

    32 pcq-src-address6-mask=128 pcq-total-limit=2000

set only-hardware-queue kind=none name=only-hardware-queue

set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\

    multi-queue-ethernet-default

set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=1M name=browsing packet-mark=browsing-packet parent=\

    "down and browsing lokal" priority=8 queue=pcq-browsing

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=512k name=download packet-mark=download-packet parent=\

    "down and browsing lokal" priority=8 queue="PCQ download lokal"


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=0 name=PB+POKER packet-mark="PB + Poker" parent=global-total \

    priority=1 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=0 name=facebook packet-mark=facebook parent=global-total \

    priority=2 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=0 name=Squid-hit-HTTP packet-mark=hit_pkt parent=global-out \

    priority=1 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=128k name=Upload parent=global-out priority=8 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=1M name="browsing hotspot" packet-mark=\

    "browsing-packet hotspot" parent="down and browsing hotspot" priority=8 \

    queue=pcq-browsing

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=512k name="download hotspot" packet-mark=\

    "download-packet hotspot" parent="down and browsing hotspot" priority=8 \

    queue="PCQ download hotspot"

/routing bgp instance

set default as=65530 client-to-client-reflection=yes disabled=no \

    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\

    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \

    redistribute-static=no router-id=0.0.0.0 routing-table=""


/routing ospf instance

set default disabled=no distribute-default=never in-filter=ospf-in \

    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\

    auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \

    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \

    redistribute-rip=no redistribute-static=no router-id=0.0.0.0

/routing ospf area

set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\

    default

/routing ospf-v3 instance

set default disabled=no distribute-default=never metric-bgp=auto \

    metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \

    metric-static=20 name=default redistribute-bgp=no redistribute-connected=\

    no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \

    router-id=0.0.0.0

/routing ospf-v3 area

set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\

    default

/snmp

set contact="" enabled=no engine-id="" location="" trap-version=1

/snmp community
set public address=0.0.0.0/0 authentication-password="" \

    authentication-protocol=MD5 encryption-password="" encryption-protocol=\

    DES name=public read-access=yes security=none write-access=no

/system logging action

set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory

set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \

    disk-stop-on-full=no name=disk target=disk

set echo name=echo remember=yes target=echo

set remote bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 \

    src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=\

    remote

/system routerboard settings

set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\

    400MHz force-backup-booter=no silent-boot=no

set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\

    400MHz force-backup-booter=no silent-boot=no

/user group

set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\

    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default

set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\

    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default

set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\

    winbox,password,web,sniff,sensitive,api" skin=default


/interface bridge settings

set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\

    no

/interface ethernet switch port

set ether2-LAN vlan-header=leave-as-is vlan-mode=fallback

set ether3-PROXY vlan-header=leave-as-is vlan-mode=fallback

set HOTSPOT vlan-header=leave-as-is vlan-mode=fallback

set ether5-aco vlan-header=leave-as-is vlan-mode=fallback

set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback

/interface l2tp-server server

set authentication=pap,chap,mschap1,mschap2 default-profile=\

    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled

/interface ovpn-server server

set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\

    default enabled=no keepalive-timeout=60 mac-address=FE:98:26:35:02:C9 \

    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no

/interface pptp-server server

set authentication=pap,chap,mschap1,mschap2 default-profile=VPS-SMART \

    enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled

/interface sstp-server server


set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\

    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\

    disabled port=443 verify-client-certificate=no

/interface wireless align

set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\

    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \

    frames-per-second=25 receive-all=no ssid-all=no

/interface wireless sniffer

set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \

    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\

    no streaming-max-rate=0 streaming-server=0.0.0.0

/interface wireless snooper

set channel-time=200ms multiple-channels=yes receive-errors=no

/ip accounting

set account-local-traffic=no enabled=no threshold=256

/ip accounting web-access

set accessible-via-web=no address=0.0.0.0/0

/ip address

add address=192.168.10.1/24 disabled=no interface=ether1-PUBLIK network=\

    192.168.10.0
add address=192.168.1.1/24 disabled=no interface=ether2-LAN network=\

    192.168.1.0

add address=192.168.2.1/24 disabled=no interface=ether3-PROXY network=\

    192.168.2.0

add address=192.168.4.1/24 comment="hotspot network" disabled=no interface=\

    HOTSPOT network=192.168.4.0

add address=192.168.5.1/24 disabled=no network=192.168.5.0

/ip dhcp-server config

set store-leases-disk=5m

/ip dhcp-server network

add address=192.168.4.0/24 comment="hotspot network" gateway=192.168.4.1

/ip dns

set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \

    max-udp-packet-size=512 servers=125.160.2.162,202.134.1.10

/ip firewall connection tracking

set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \

    tcp-close-wait-timeout=10s tcp-established-timeout=1d \

    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \

    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \

    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall filter


add action=passthrough chain=unused-hs-chain comment=\

    "place hotspot rules here" disabled=yes

/ip firewall mangle

add action=mark-packet chain=postrouting comment=Proxy-hit disabled=no dscp=\

    12 new-packet-mark=hit_pkt passthrough=no

add action=mark-connection chain=prerouting comment="POKER + POINT BLANK" \

    disabled=no dst-address-list="Poker + PB" dst-port=49100 \

    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-address-list=\

    "Poker + PB" dst-port=39190 new-connection-mark="Trafik PB + POKER" \

    passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-address=\

    203.89.146.0/23 dst-address-list="Poker + PB" dst-port=40000-40010 \

    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=udp

add action=mark-connection chain=prerouting disabled=no dst-address-list=\

    "Poker + PB" dst-port=9339 new-connection-mark="Trafik PB + POKER" \

    passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-address-list=\

    "Poker + PB" dst-port=843 new-connection-mark="Trafik PB + POKER" \

    passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-address-list=\

    "Poker + PB" dst-port=80 new-connection-mark="Trafik PB + POKER" \

    passthrough=yes protocol=tcp

add action=mark-connection chain=prerouting comment="poker lan" content=\

    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=ether2-LAN \


    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \

    disabled=no new-packet-mark="PB + Poker" passthrough=no

add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \

    new-packet-mark=facebook passthrough=no

add action=mark-connection chain=prerouting comment="poker hotspot" content=\

    facebook.poker.zynga.com disabled=no dst-port=80 in-interface=HOTSPOT \

    new-connection-mark="Trafik PB + POKER" passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark="Trafik PB + POKER" \

    disabled=no new-packet-mark="PB + Poker" passthrough=no

add action=mark-connection chain=prerouting comment="facebook lan" content=\

    http://www.facebook.com disabled=no dst-port=80 in-interface=ether2-LAN \

    new-connection-mark=facebook passthrough=yes protocol=tcp

add action=mark-packet chain=prerouting connection-mark=facebook disabled=no \

    new-packet-mark=facebook passthrough=no

add action=mark-connection chain=prerouting comment="facebook hotspot" \

    content=facebook disabled=no dst-address=0.0.0.0 dst-port=80 \

    in-interface=HOTSPOT new-connection-mark=facebook passthrough=yes \

    protocol=tcp

add action=mark-packet chain=forward comment=\

    "koneksi Upload  ===========================" disabled=yes in-interface=\

    ether2-LAN new-packet-mark=paket-upload passthrough=no src-address=\

    192.168.1.0/24

add action=mark-connection chain=postrouting comment=\

    "koneksi download klien lokal" disabled=no new-connection-mark=\

    koneksi-klien out-interface=ether2-LAN passthrough=yes protocol=tcp


add action=mark-packet chain=postrouting comment=\

    "PACKET-BROWSING client lokal" connection-bytes=1-175000 connection-mark=\

    koneksi-klien disabled=no dscp=!12 new-packet-mark=browsing-packet \

    out-interface=ether2-LAN passthrough=no protocol=tcp

add action=mark-packet chain=postrouting comment=\

    "PACKET-DOWNLOAD client lokal" connection-bytes=175001-0 connection-mark=\

    koneksi-klien disabled=no dscp=!12 new-packet-mark=download-packet \

    out-interface=ether2-LAN packet-mark="!PB + Poker" passthrough=no \

    protocol=tcp

add action=mark-connection chain=postrouting comment="koneksi  klien hotspot" \

    disabled=no new-connection-mark="koneksi-klien hotspot" out-interface=\

    HOTSPOT passthrough=yes protocol=tcp

add action=mark-packet chain=postrouting comment="koneksi browsing hotspot" \

    connection-bytes=1-175000 connection-mark="koneksi-klien hotspot" \

    disabled=no dscp=!12 new-packet-mark="browsing-packet hotspot" \

    out-interface=HOTSPOT passthrough=no protocol=tcp

add action=mark-packet chain=postrouting comment="koneksi download hotspot" \

    connection-bytes=175001-0 connection-mark="koneksi-klien hotspot" \

    disabled=no dscp=!12 new-packet-mark="download-packet hotspot" \

    out-interface=HOTSPOT packet-mark="!PB + Poker" passthrough=no protocol=\

    tcp

/ip firewall nat

add action=passthrough chain=unused-hs-chain comment=\

    "place hotspot rules here" disabled=yes

add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1


add action=dst-nat chain=dstnat comment=TRANSPARENT-proxy disabled=yes \

    dst-address-list=!proxyNET dst-port=80,8080,3128 in-interface=ether2-LAN \

    protocol=tcp src-address=!192.168.2.2 to-addresses=192.168.2.2 to-ports=\

    3128

add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\

    ether2-LAN protocol=udp src-address=!192.168.2.2 to-ports=53

add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\

    ether2-LAN protocol=tcp src-address=!192.168.2.2 to-ports=53

add action=dst-nat chain=dstnat disabled=yes dst-port=80,81,8080,3128 \

    in-interface=HOTSPOT protocol=tcp src-address=!192.168.2.2 to-addresses=\

    192.168.2.2 to-ports=3128

add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \

    protocol=udp src-address=!192.168.2.2 to-ports=53

add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=HOTSPOT \

    protocol=tcp src-address=!192.168.2.2 to-ports=53

add action=redirect chain=dstnat comment="DNS RESOLVER LOKAL" disabled=no \

    dst-port=53 in-interface=ether2-LAN protocol=udp to-ports=53

add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=\

    ether2-LAN protocol=tcp to-ports=53

add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \

    protocol=udp to-ports=53

add action=redirect chain=dstnat disabled=no dst-port=53 in-interface=HOTSPOT \

    protocol=tcp to-ports=53

add action=masquerade chain=srcnat comment="masquerade hotspot network" \

    disabled=no src-address=192.168.4.0/24


/ip firewall service-port

set ftp disabled=yes ports=21

set tftp disabled=yes ports=69

set irc disabled=yes ports=6667

set h323 disabled=yes

set sip disabled=yes ports=5060,5061 sip-direct-media=yes

set pptp disabled=yes

/ip hotspot service-port

set ftp disabled=no ports=21

/ip hotspot user

add disabled=no mac-address=CC:AF:78:74:08:A2 name=anggi password=anggi \

    profile=MahasiswaD3 server=hotspot1

/ip neighbor discovery

set ether1-PUBLIK disabled=no

set ether2-LAN disabled=no

set ether3-PROXY disabled=no

set HOTSPOT disabled=no

set ether5-aco disabled=no

set pppoe-out1 disabled=yes

set pptp-in1 disabled=yes

/ip proxy

set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \

    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\


    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \

    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\

    0.0.0.0

/ip service

set telnet disabled=no port=23

set ftp disabled=no port=21

set www disabled=no port=80

set ssh disabled=no port=22

set www-ssl certificate=none disabled=yes port=443

set api disabled=yes port=8728

set winbox disabled=no port=8291

/ip socks

set connection-idle-timeout=2m enabled=no max-connections=200 port=1080

/ip ssh

set forwarding-enabled=no

/ip traffic-flow

set active-flow-timeout=30m cache-entries=4k enabled=no \

    inactive-flow-timeout=15s interfaces=all

/ip upnp

set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes


/ipv6 nd

add advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=\

    unspecified interface=all managed-address-configuration=no mtu=\

    unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \

    ra-lifetime=30m reachable-time=unspecified retransmit-interval=\

    unspecified

/ipv6 nd prefix default

set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

/mpls

set dynamic-label-range=16-1048575 propagate-ttl=yes

/mpls interface

add disabled=no interface=all mpls-mtu=1508

/mpls ldp

set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \

    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \

    use-explicit-null=no

/port firmware

set directory=firmware

/ppp aaa

set accounting=yes interim-update=0s use-radius=no


/ppp secret

add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=smart \

    password=fikri profile=VPS-SMART routes="" service=pptp

/queue interface

set ether1-PUBLIK queue=ethernet-default

set ether2-LAN queue=ethernet-default

set ether3-PROXY queue=ethernet-default

set HOTSPOT queue=ethernet-default

set ether5-aco queue=ethernet-default

/radius

add accounting-backup=no accounting-port=1813 address=172.0.0.1 \

    authentication-port=1812 called-id="" disabled=no domain="" realm="" \

    secret=12345 service=login,hotspot timeout=300ms

/radius incoming

set accept=no port=3799

/routing bfd interface

set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5

/routing igmp-proxy

set query-interval=2m5s query-response-interval=10s quick-leave=no


/routing mme

set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \

    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\

    0.0.0.0 timeout=1m ttl=50

/routing pim

set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s

/routing rip

set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \

    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \

    redistribute-connected=no redistribute-ospf=no redistribute-static=no \

    routing-table=main timeout-timer=3m update-timer=30s

/routing ripng

set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \

    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \

    redistribute-connected=no redistribute-ospf=no redistribute-static=no \

    timeout-timer=3m update-timer=30s

/store

add disabled=no disk=system name=user-manager1 type=user-manager

add disabled=no disk=system name=web-proxy1 type=web-proxy

/system clock

set time-zone-name=manual
/system clock manual

set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\

    "jan/01/1970 00:00:00" time-zone=+00:00

/system console

add disabled=no term=vt102

/system gps

set channel=0 enabled=no set-system-time=no

/system health

set

/system identity

set name="SMART Education"

/system lcd

set contrast=0 enabled=no port=parallel type=24x4

/system lcd page

set time disabled=yes display-time=5s

set resources disabled=yes display-time=5s

set uptime disabled=yes display-time=5s

set packets disabled=yes display-time=5s

set bits disabled=yes display-time=5s


set version disabled=yes display-time=5s

set identity disabled=yes display-time=5s

set pptp-in1 disabled=yes display-time=5s

set pppoe-out1 disabled=yes display-time=5s

set ether5-aco disabled=yes display-time=5s

set HOTSPOT disabled=yes display-time=5s

set ether3-PROXY disabled=yes display-time=5s

set ether2-LAN disabled=yes display-time=5s

set ether1-PUBLIK disabled=yes display-time=5s

/system logging

add action=memory disabled=no prefix="" topics=info

add action=memory disabled=no prefix="" topics=error

add action=memory disabled=no prefix="" topics=warning

add action=echo disabled=no prefix="" topics=critical

/system note

set note="" show-at-login=yes

/system ntp client

set enabled=yes mode=unicast primary-ntp=203.160.128.2 secondary-ntp=\

    120.88.47.10

/system ntp server

set broadcast=no enabled=no manycast=yes multicast=no


/system resource irq

set 0 cpu=auto

set 1 cpu=auto

/system upgrade mirror

set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\

    0.0.0.0 user=""

/system watchdog

set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\

    none watchdog-timer=yes

/tool bandwidth-server

set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\

    100

/tool e-mail

set address=0.0.0.0 from=<> password="" port=25 user=""

/tool graphing

set page-refresh=300 store-every=5min

/tool graphing interface

add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes

/tool mac-server
set (unknown) disabled=no interface=all

/tool mac-server ping

set enabled=yes

/tool sms

set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""

/tool sniffer

set file-limit=10KiB file-name="" filter-mac-protocol=!ip filter-stream=yes \

    interface=HOTSPOT memory-limit=10KiB memory-scroll=no only-headers=no \

    streaming-enabled=no streaming-server=0.0.0.0

/tool traffic-generator

set latency-distribution-scale=10 test-id=0

/tool user-manager customer

add backup-allowed=yes disabled=no login=XXXXXXX parent=MikroTik password=\

    fikri paypal-accept-pending=no paypal-allowed=no paypal-secure-response=\

    no permissions=owner signup-allowed=no time-zone=-00:00

/tool user-manager router

add coa-port=1700 customer=MikroTik disabled=no ip-address=192.168.4.1 log=\

    auth-fail name=router1 shared-secret=12345

/tool user-manager user


add customer=MikroTik disabled=no name=tes password=set shared-users=1 \

    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

/user aaa

set accounting=yes default-group=read interim-update=0s use-radius=no

You might also like