Вы находитесь на странице: 1из 2

/interface ethernet

set [ find default-name=ether5 ] name=LAN


set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] name=WAN3
set [ find default-name=ether4 ] disabled=yes

/ip hotspot profile


add dns-name=abhsek.com hotspot-address=192.168.0.1 name=hsprof1

/ip pool
add name=hs-pool-5 ranges=192.168.0.2-192.168.0.254

/ip dhcp-server
add address-pool=hs-pool-5 disabled=no interface=LAN lease-time=23h59m59s \
name=dhcp1

/ip hotspot
add address-pool=hs-pool-5 interface=LAN name=hotspot1 profile=hsprof1

/ip address
add address=192.168.0.1/24 interface=LAN network=192.168.0.0
add address=192.168.1.4/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.4/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.4/24 interface=WAN3 network=192.168.3.0

/ip dhcp-server network


add address=192.168.0.0/24 comment="hotspot network" gateway=192.168.0.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall filter


add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes

/ip firewall mangle


add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=\
WAN3_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
LAN
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=\
LAN
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=\
LAN
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=LAN new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
in-interface=LAN new-routing-mark=to_WAN3 passthrough=yes

/ip firewall nat


add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat out-interface=WAN3
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24

/ip hotspot user


add name=admin password=admin

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.1.1 scope=255
add check-gateway=ping distance=2 gateway=192.168.2.1 scope=255
add check-gateway=ping distance=3 gateway=192.168.3.1 scope=255