RB751G-2HnD
export compact file=conf
# feb/09/2015 22:56:09 by RouterOS 6.26
#
/interface
bridge
add mtu=1500 name=bridge1
/interface
pppoe-client
add add-default-route=yes disabled=no interface=ether5 mrru=1600 name=mts \
password=password user=user
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=\
profile1 supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=F12Bz32H wpa2-pre-shared-key=F12Bz32H
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2437 \
ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mc\
s-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" l2mtu=2290
mode=ap-bridge \
security-profile=profile1 ssid=hawaii50-2 tx-power-mode=card-rates
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:29:53:B3 master-interface=\
wlan1 name=wlan2 security-profile=profile1 ssid=hophay wds-cost-range=0 \
wds-default-cost=0
/ip pool
add name=dhcp_pool1 ranges=192.168.151.2-192.168.151.254
add name=dhcp_pool2 ranges=192.168.133.2-192.168.133.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=\
dhcp1
add address-pool=dhcp_pool2 disabled=no interface=wlan2 lease-time=3d name=\
dhcp2
/system logging action
set 1 disk-file-name=""
/interface
bridge port
add
bridge=bridge1 interface=ether2
add
bridge=bridge1 interface=ether3
add
bridge=bridge1 interface=ether4
add
bridge=bridge1 interface=wlan1
/ip address
add address=192.168.151.1/24 interface=bridge1 network=192.168.151.0
add address=192.168.133.1/24 interface=wlan2 network=192.168.133.0
/ip dhcp-server network
add address=192.168.133.0/24 gateway=192.168.133.1
add address=192.168.151.0/24 dns-server=77.88.8.7,77.88.8.3 gateway=\
192.168.151.1
/ip dns
set servers=77.88.8.7,77.88.8.3
/ip firewall filter
add action=drop chain=input comment="drop brute forcers" src-address-list=\
blacklist
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=1w chain=input connection-state=new dst-port=\
21,22,23,8291 in-interface=mts protocol=tcp src-address-list=\
blacklist_stage2
add action=add-src-to-address-list address-list=blacklist_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=\
21,22,23,8291 in-interface=mts protocol=tcp src-address-list=\
blacklist_stage1
add action=add-src-to-address-list address-list=blacklist_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=\
21,22,23,8291 in-interface=mts protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=mts src-address=\
192.168.151.0/24
add action=masquerade chain=srcnat out-interface=mts src-address=\
192.168.133.0/24
/system clock
set time-zone-name=Europe/Volgograd
/system leds
set 0 interface=wlan1