/interface bridge add name=bridge_hotspot /interface bridge port add bridge=bridge_hotspot interface=wlan1 /interface bridge port add bridge=bridge_hotspot interface=ether2 /ip hotspot profile set [ find default=yes ] login-by=cookie,http-chap,https add dns-name=hotspot.faster.net.br hotspot-address=187.45.10.94 \ http-cookie-lifetime=1d2h name=hsprof1 use-radius=yes /ip hotspot add disabled=no idle-timeout=none interface=bridge_hotspot name=hotspot1 \ profile=hsprof1 /ip pool add name=pool1 ranges=192.168.123.2-192.168.123.62 add name=pooldhcp1 ranges=10.10.0.2-10.10.15.254 /ip dhcp-server add address-pool= pooldhcp1 always-broadcast=yes disabled=no interface=bridge_hotspot name=server1 /ip hotspot user profile set [ find default=yes ] address-pool=pool1 idle-timeout=2m \ keepalive-timeout=30m mac-cookie-timeout=3d rate-limit=\ "64k/128k 100k/256k 50k/256k 32/8 8 64k/64k" session-timeout=10m \ shared-users=2 add address-pool=pool1 idle-timeout=5m keepalive-timeout=5m \ name=visitante on-logout=":local LogOffUser [/ip hot\ spot active find where user=\$user]; \r\ \n:log info \"Usuario \$user (\$LogOffUser) logout\";\r\ \n##### para remover\r\ \n\r\ \n/ip hotspot cookie remove \$user\r\ \n\r\ \n####" rate-limit="256k/512k 300k/1024k 200k/1024k 32/8 8 256k/256k" \ session-timeout=15m add address-pool=pool1 idle-timeout=1h keepalive-timeout=10m \ name=cliente rate-limit=\ "1024k/2048k 1200k/4096k 600k/4096k 32/8 8 1024k/1024k" shared-users=2 /ip address add address=172.24.12.178/30 interface=ether1 network=172.24.12.176 add address=187.45.10.94/30 interface=ether1 network=187.45.10.92 add address=192.168.123.1/26 interface=bridge_hotspot network=\ 192.168.123.0 add address=10.10.0.1/20 interface=bridge_hotspot network=\ 192.168.122.0 /ip dhcp-server network add address=10.10.0.0/20 comment="hotspot network" dns-server=\ 200.187.80.5,200.187.80.6 gateway=10.10.0.1 /ip dns set max-udp-packet-size=512 servers=200.187.80.5,200.187.80.6 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=\ 10.10.0.0/20 add action=src-nat chain=srcnat out-interface=ether1 protocol=tcp \ src-address=192.168.123.2 to-addresses=187.45.10.94 to-ports=1001-2000 add action=src-nat chain=srcnat out-interface=ether1 protocol=udp \ src-address=192.168.123.2 to-addresses=187.45.10.94 to-ports=1001-2000 add action=src-nat chain=srcnat out-interface=ether1 protocol=tcp \ src-address=192.168.123.3 to-addresses=187.45.10.94 to-ports=2001-3000 add action=src-nat chain=srcnat out-interface=ether1 protocol=udp \ src-address=192.168.123.3 to-addresses=187.45.10.94 to-ports=2001-3000 add action=src-nat chain=srcnat out-interface=ether1 protocol=tcp \ src-address=192.168.123.4 to-addresses=187.45.10.94 to-ports=3001-4000 add action=src-nat chain=srcnat out-interface=ether1 protocol=udp \ src-address=192.168.123.4 to-addresses=187.45.10.94 to-ports=3001-4000 add action=src-nat chain=srcnat out-interface=ether1 protocol=tcp \ src-address=192.168.123.60 to-addresses=187.45.10.94 to-ports=59001-60000 add action=src-nat chain=srcnat out-interface=ether1 protocol=udp \ src-address=192.168.123.61 to-addresses=187.45.10.94 to-ports=60001-61000 add action=src-nat chain=srcnat out-interface=ether1 protocol=tcp \ src-address=192.168.123.62 to-addresses=187.45.10.94 to-ports=61001-62000 add action=src-nat chain=srcnat out-interface=ether1 protocol=udp \ src-address=192.168.123.62 to-addresses=187.45.10.94 to-ports=61001-62000 /ip hotspot walled-garden add comment="place hotspot rules here" disabled=yes /ip hotspot walled-garden ip add action=accept disabled=no dst-address=200.187.80.44 add action=accept disabled=no src-address=200.187.80.44 /ip route add distance=1 gateway=172.24.12.177 add distance=1 gateway=187.45.10.93 /ip service set telnet disabled=yes set ssh disabled=yes set www-ssl disabled=no set api disabled=yes /radius add address=200.187.80.69 secret=lnfogkrl service=hotspot /system clock set time-zone-name=America/Sao_Paulo /system identity set name=HotSpotFasterNet /system ntp client set enabled=yes primary-ntp=200.187.80.5 secondary-ntp=200.189.40.8 /system scheduler add interval=2w1d name=BackupMail on-event=backup-email policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \ start-date=jan/01/1970 start-time=00:00:00 /system script add name=backup-email policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \ source="/system backup save name=backup ; :delay 10s ; /export file=expor\ t ; :delay 10s ; /tool e-mail send to=fasternetbackups@gmail.com password=\ fstbkps subject=([/system identity get name] . \" Mikrotik Config Backup\"\ ) from=mikrotik@fasternet.com.br file=backup server=200.187.80.12 tls=yes \ port=587 ; /tool e-mail send to=fasternetbackups@gmail.com password=fstbkp\ s subject=([/system identity get name] . \" Mikrotik Export Backup\") from\ = mikrotik@fasternet.com.br file=export server=200.187.80.12 tls=yes port=\ 587" /tool e-mail set address=200.187.80.12 from=mikrotik@fasternet.com.br password=fstbkps \ port=587 user=mikrotik /ipv6 dhcp-server add address-pool=pool1 disabled=no interface=bridge_hotspot name=server1 /ipv6 pool add name=pool1 prefix=2804:90:faaa::/48 prefix-length=64 /ipv6 address add address=2804:90::10:0:0:0:2 advertise=no interface=ether1 add address=2804:90:faaa:: interface=bridge_hotspot /ipv6 firewall address-list add address=2804:90:faaa::7d7e:485b:f388:2f32/128 comment=\ "04:F1:3E:6C:CF:F1 15991186359" list=hotspot-auth /ipv6 firewall filter add chain=forward dst-address=2804:90::aaaa:200:187:80:44/128 add chain=forward src-address=2804:90::aaaa:200:187:80:44/128 add chain=forward comment=\ "Accept local to local connections on link-local or public address range" \ in-interface=bridge_hotspot out-interface=bridge_hotspot add chain=forward comment="Allow outbound traffic from any IPv6 address on the\ \_\"hotspot-auth\" list" in-interface=bridge_hotspot \ src-address-list=hotspot-auth add action=reject chain=forward comment=\ "Reject traffic not in \"active-hosts\" list" in-interface=\ bridge_hotspot /ipv6 route add distance=1 gateway=2804:90::10:0:0:0:1 /system script add name=ipv6-auth-check policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \ source="#IPv6 authentication script for RouterOS\r\ \n#Tested on v4.10\r\ \n#Last updated: 15/06/2010\r\ \n \r\ \n:local line\r\ \n:local linecomment\r\ \n:local maccheck\r\ \n:local mac\r\ \n:local username\r\ \n:local ipv6\r\ \n:local mapping\r\ \n:local localcheck\r\ \n \r\ \n#Loop through each ipv6 address line in the hotspot-auth list\r\ \n# Set linecomment variable to the comment of the current line\r\ \n# Set maccheck variable by grabbing only the mac address from the comme\ nt\r\ \n# If an active hotspot listing doesnt exist for this mac address:\r\ \n# Remove the address-list line\r\ \n# End of if segement\r\ \n#End of foreach segment\r\ \n \r\ \n:foreach line in=[/ipv6 firewall address-list find list=\"hotspot-auth\"\ ] do={\r\ \n :set linecomment [/ipv6 firewall address-list get \$line comment]\r\ \n :set maccheck [:pick \$linecomment 0 17]\r\ \n :if ([/ip hotspot active find mac-address=\$maccheck] =\"\") do={\r\ \n /ipv6 firewall address-list remove \$line\r\ \n }\r\ \n}\r\ \n \r\ \n#Loop through active hotspot user lines\r\ \n# Set username variable to match currently selecte lines user value\r\ \n# Set mac varible to match currently selected lines mac-address value\r\ \n# For each listing in neighbour discovery table with the same mac addre\ ss\r\ \n# Set ipv6 variable to match currently selected lines address value\r\ \n# Set localcheck variable to first 4 digits of the current IPv6 addre\ ss\r\ \n# If localcheck doesnt = \"fe80\" then do the following\r\ \n# If no listing exists in the \"hotspot-auth\" list with the same i\ p address:\r\ \n# Create a new \"hotspot-auth\" address list entry with the ipv6 \ address variable and comment set to the mac address and username\r\ \n# End of if segment\r\ \n# End of if segment\r\ \n# End of foreach segment\r\ \n#End of foreach segment\r\ \n \r\ \n:foreach line in=[/ip hotspot active find] do={\r\ \n :set username [/ip hotspot active get \$line user]\r\ \n :set mac [/ip hotspot active get \$line mac-address]\r\ \n :foreach mapping in=[/ipv6 neighbor find mac-address=\$mac] do={\r\ \n :set ipv6 [/ipv6 neighbor get \$mapping address]\r\ \n :set localcheck [:pick \$ipv6 0 4]\r\ \n if (\$localcheck != \"fe80\") do={\r\ \n if ([/ipv6 firewall address-list find list=\"hotspot-auth\" addres\ s=\"\$ipv6/128\"]= \"\") do={\r\ \n /ipv6 firewall address-list add address=\$ipv6 list=hotspot-auth\ \_comment=\"\$mac \$username\"\r\ \n }\r\ \n }\r\ \n }\r\ \n}" /system scheduler add interval=30s name=run-ipv6-auth-check on-event=\ "/system script run ipv6-auth-check" policy=read,write start-date=\ jan/01/1970 start-time=00:00:00