• HHunty

    • Messaggio #1
    • Modificato

    Ciao, ultimamente sto riscontrando diversi problemi con i miei telefoni android collegati alla wifi del mio hap ac2 collegato ad openfiber (postemobile) tramite ONT.
    Riscontro diversi problemi ad esempio con i video su facebook ed instagram e spesso e volentieri il telefono usa la rete cellulare perchè riporta che la rete wifi non ha accesso ad internet.
    La cosa che mi risulta strana è che se il client pppoe lo attacco alla ether1 che è collegata all'ONT non ho problemi a navigare, ma se la attacco alla vlan che è collegata alla ether1 il client non riesce a collegarsi al pppoe server.

    Vi posto la mia config del mikrotik e spero mi possiate dare una mano.

    # 2025-03-15 06:40:30 by RouterOS 7.18.1
# software id = ZNKV-4BZ0
#
# model = RBD52G-5HacD2HnD
# serial number =
/interface bridge
add name=bridge1 port-cost-mode=short
/interface wireless
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac country=\
    no_country_set disabled=no frequency=auto frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan5G ssid=Tiscalli5G wireless-protocol=802.11
/interface vlan
add interface=ether1 mtu=1492 name=vlan1 vlan-id=835
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=100 \
    max-mru=1492 max-mtu=1492 name=pppoe-out1 use-peer-dns=yes user=openfiber
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
    group-encryption=aes-ccm name=security
/caps-man configuration
add channel.band=2ghz-b/g .control-channel-width=20mhz .extension-channel=XX \
    country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
    yes name=cfg-2ghz security=security ssid=Tiscalli
add channel.band=5ghz-a/n/ac .control-channel-width=20mhz .extension-channel=\
    XXXX country=etsi datapath.client-to-client-forwarding=yes \
    .local-forwarding=yes name=cfg-5ghz-ac security=security ssid=Tiscalli
add channel.band=5ghz-a/n .control-channel-width=20mhz .extension-channel=XX \
    country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
    yes name=cfg-5ghz-an security=security ssid=Tiscalli
/interface list
add name=WAN
add name=LAN
/interface wifi channel
add band=2ghz-ax frequency=2412,2437,2462 name=2ghz-1_6_11 skip-dfs-channels=\
    disabled width=20mhz
add band=5ghz-ax frequency=5500,5520,5540,5560 name=5ghz-no_dfs \
    skip-dfs-channels=disabled width=20/40/80mhz
/interface wifi security
add authentication-types=wpa-psk,wpa2-psk disabled=no encryption="" name=\
    security wps=disable
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=ch1_6_11 name=ch1 width=20
add band=2ghz-b/g/n frequency=2437 list=ch1_6_11 name=ch6 width=20
add band=2ghz-b/g/n frequency=2462 list=ch1_6_11 name=ch11 width=20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
    no_country_set disabled=no frequency=ch11 frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan2.4 scan-list=ch1_6_11 ssid=Tiscalli \
    wireless-protocol=802.11 wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.200
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/ipv6 dhcp-server
add interface=bridge1 name=server1 prefix-pool=pool1
/ipv6 pool
add name=pool1 prefix=2000::1/64 prefix-length=64
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg-2ghz name-format=prefix-identity name-prefix=2ghz
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    cfg-5ghz-ac name-format=prefix-identity name-prefix=5ghz-ac
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
    cfg-5ghz-an name-format=prefix-identity name-prefix=5ghz-an
/interface bridge port
add bridge=bridge1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wlan5G
add bridge=bridge1 interface=wlan2.4
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=vlan1 list=WAN
add interface=pppoe-out1 list=WAN
/interface ovpn-server server
add mac-address=FE:AE:24:F7:7C:F7 name=ovpn-server1
/interface wireless cap
set interfaces=wlan5G,wlan2.4
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=vlan1
/ip dhcp-server lease
add address=192.168.1.7 mac-address=60:01:94:D8:E3:F5 server=dhcp1
add address=192.168.1.9 client-id=1:48:0:33:ae:66:37 comment=skipper \
    mac-address=48:00:33:AE:66:37 server=dhcp1
add address=192.168.1.251 mac-address=40:9F:38:D0:C5:0D server=dhcp1
add address=192.168.1.252 mac-address=40:9F:38:D0:F3:CC server=dhcp1
add address=192.168.1.250 mac-address=40:9F:38:D0:FA:E6 server=dhcp1
add address=192.168.1.253 mac-address=40:9F:38:D0:D6:C7 server=dhcp1
add address=192.168.1.254 mac-address=40:9F:38:D1:07:06 server=dhcp1
add address=192.168.1.6 mac-address=24:0A:C4:10:5A:EC server=dhcp1
add address=192.168.1.15 mac-address=70:EE:50:1F:05:0C server=dhcp1
add address=192.168.1.5 client-id=1:78:24:af:41:bc:3d mac-address=\
    78:24:AF:41:BC:3D server=dhcp1
add address=192.168.1.3 client-id=1:78:f2:9e:90:86:da mac-address=\
    78:F2:9E:90:86:DA server=dhcp1
add address=192.168.1.53 client-id=1:e4:2a:ac:c3:ee:7a mac-address=\
    E4:2A:AC:C3:EE:7A server=dhcp1
add address=192.168.1.57 client-id=1:3c:2a:f4:a6:c4:c0 comment=Stampante \
    mac-address=3C:2A:F4:A6:C4:C0 server=dhcp1
add address=192.168.1.68 client-id=1:d8:ce:3a:89:92:7 comment=mi9se \
    mac-address=D8:CE:3A:89:92:07 server=dhcp1
add address=192.168.1.4 client-id=1:4a:bd:13:4:bc:e1 mac-address=\
    4A:BD:13:04:BC:E1 server=dhcp1
add address=192.168.1.196 comment=echo mac-address=DC:54:D7:BF:12:F3 server=\
    dhcp1
add address=192.168.1.17 client-id=1:5c:62:8b:a0:e1:b0 mac-address=\
    5C:62:8B:A0:E1:B0 server=dhcp1
add address=192.168.1.20 client-id=1:9c:eb:e8:ef:25:63 mac-address=\
    9C:EB:E8:EF:25:63 server=dhcp1
add address=192.168.1.19 client-id=1:3c:6:30:14:c0:90 mac-address=\
    3C:06:30:14:C0:90 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=drop chain=input in-interface-list=WAN
add action=drop chain=input connection-state=invalid log=yes log-prefix=\
    DROP_INVALID
add action=add-src-to-address-list address-list=BruteForce_SSH \
    address-list-timeout=1h chain=input dst-port=22 log=yes log-prefix=\
    SSH_ATTACK protocol=tcp src-address-list=!trusted
add action=drop chain=input dst-port=22 protocol=tcp src-address-list=\
    BruteForce_SSH
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=udp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    tcp src-port="" to-addresses=192.168.1.53 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    udp to-addresses=192.168.1.53 to-ports=3074
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=192.168.1.0/24 gateway=*B routing-table=main \
    suppress-hw-offload=no
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24,192.168.216.0/24
set api-ssl address=192.168.1.0/24
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ipv6 nd
add hop-limit=64 interface=bridge1 managed-address-configuration=yes \
    other-configuration=yes
/ipv6 nd prefix
add interface=bridge1
/system clock
set time-zone-name=America/Los_Angeles
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

      ti conviene scrivere sul forum Mikrotik

      Hunty
      È simile alla mia configurazione ma io sono tim/fibercop
      Togli la vlan1 dalla lista WAN
      Togli la route che si sta riferendo a qualcosa di rimosso
      Rimetti il pppoe client sulla vlan1

      C'è anche un po' di confusione con il vecchio e il nuovo wifi. Che pacchetto driver stai usando?

      • Hunty ha risposto a questo messaggio

          • wtf

            • Messaggio #4
            • Modificato

            Hunty

            Per farla semplice direi:

            /interface vlan
            add interface=ether1 name=vlan835 vlan-id=835

            /interface pppoe-client
            add name=pppoe-out1 interface=vlan835 user="TUO_USERNAME" password="TUA_PASSWORD" disabled=no use-peer-dns=yes add-default-route=yes

            L'incongruenza che vedo nella tua conf è che vlan1 è creata su ether1, ma anche pppoe-out1 utilizza ether1 come interfaccia.
            C'è poi altra "sporcizia" nella conf.

            • Hunty ha risposto a questo messaggio

                • HHunty

                  • Autore
                  • Messaggio #5
                  • Modificato

                  mario152475
                  ho dovuto usare il pacchetto wireless vecchio perchè ho dei condizionatori che non supportano l'802.11g ma hanno bisogno del b, anche se il g dovrebbe essere retroattivo purtroppo non si collegano

                  mi potresti aiutare ad eliminare la confusione fra il vecchio e il nuovo pacchetto wireless?

                  wtf
                  l'incongruenza è dovuta al fatto che per potermi collegare ho dovuto mettere il client pppoe sulla ether1, se lo metto sulla vlan1 non riesce a raggiungere il server pppoe.

                  Quale è l'altra sporcizia nella conf?

                        Se navighi mettendo la pppoe direttamente sulla ETH1 significa che il traffico viene già messo sulla ethernet dall'ONT.
                        Che in effetti è una configurazione che già diversi isp in passato adottavano. Bastava chiederlo a OF.

                        • wtf

                          • Messaggio #7

                          Hunty

                          La configurazione VLAN e PPPoE su ether1 in conflitto

                          La vlan1 è creata su ether1, ma anche pppoe-out1 utilizza ether1 come interfaccia. Ti avevo scritto la configurazione nel post precedente.

                          Altre incongruenze:

                          • SSID non coerente tra CAPsMAN e interfaccia wireless
                            Nell’interfaccia wireless, la SSID per wlan5G è Tiscalli5G, mentre in CAPsMAN è Tiscalli. Questo può creare problemi di roaming e gestione centralizzata.

                          • no_country_set nelle interfacce wireless
                            L’opzione no_country_set è utilizzata nelle interfacce wlan1 e wlan2. Questo significa che il router non sta rispettando le normative locali sulle frequenze e la potenza di trasmissione.

                          • mtu=1492 su VLAN e PPPoE
                            Con PPPoE su VLAN l’MTU potrebbe dover essere impostata su 1480.

                          • Ci sono due regole FastTrack duplicate

                          • La riga add disabled=no dst-address=192.168.1.0/24 gateway=*B routing-table=main suppress-hw-offload=no
                            ha un gateway *B,

                          • Hunty ha risposto a questo messaggio

                              Hunty ho dovuto usare il pacchetto wireless vecchio perchè ho dei condizionatori che non supportano l'802.11g ma hanno bisogno del b, anche se il g dovrebbe essere retroattivo purtroppo non si collegano

                              mi potresti aiutare ad eliminare la confusione fra il vecchio e il nuovo pacchetto wireless?

                              Strano: ho una vecchissima stampante che non mi si collegava con la Vodafone Station ma con l'hap ax3 è andata quasi subito (mi è bastato abilitare solo wpa2-psk). Comunque con solo 16MB di flash in molti fan fatica a tenere aggiornato RouterOS. Quindi forse fai bene a stare su wireless. Purtroppo, però non conosco quel pacchetto. Ho provato a eliminare parti/modificare la configurazione. Io di solito carico il nuovo file sul router poi vado di reset-configuration con keep users.

                              /interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=100 \
    max-mru=1492 max-mtu=1492 name=pppoe-out1 use-peer-dns=no user=openfiber
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
    group-encryption=aes-ccm name=security
/caps-man configuration
add channel.band=2ghz-b/g .control-channel-width=20mhz .extension-channel=XX \
    country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
    yes name=cfg-2ghz security=security ssid=Tiscalli
add channel.band=5ghz-a/n/ac .control-channel-width=20mhz .extension-channel=\
    XXXX country=etsi datapath.client-to-client-forwarding=yes \
    .local-forwarding=yes name=cfg-5ghz-ac security=security ssid=Tiscalli
add channel.band=5ghz-a/n .control-channel-width=20mhz .extension-channel=XX \
    country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
    yes name=cfg-5ghz-an security=security ssid=Tiscalli
/interface list
add name=WAN
add name=LAN
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=ch1_6_11 name=ch1 width=20
add band=2ghz-b/g/n frequency=2437 list=ch1_6_11 name=ch6 width=20
add band=2ghz-b/g/n frequency=2462 list=ch1_6_11 name=ch11 width=20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
    no_country_set disabled=no frequency=ch11 frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan2.4 scan-list=ch1_6_11 ssid=Tiscalli \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac country=\
    no_country_set disabled=no frequency=auto frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan5G ssid=Tiscalli5G wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.200
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg-2ghz name-format=prefix-identity name-prefix=2ghz
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
    cfg-5ghz-ac name-format=prefix-identity name-prefix=5ghz-ac
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
    cfg-5ghz-an name-format=prefix-identity name-prefix=5ghz-an
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan5G
add bridge=bridge1 interface=wlan2.4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=pppoe-out1 list=WAN
/interface wireless cap
set interfaces=wlan5G,wlan2.4
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-server lease
add address=192.168.1.7 mac-address=60:01:94:D8:E3:F5 server=dhcp1
add address=192.168.1.9 client-id=1:48:0:33:ae:66:37 comment=skipper \
    mac-address=48:00:33:AE:66:37 server=dhcp1
add address=192.168.1.251 mac-address=40:9F:38:D0:C5:0D server=dhcp1
add address=192.168.1.252 mac-address=40:9F:38:D0:F3:CC server=dhcp1
add address=192.168.1.250 mac-address=40:9F:38:D0:FA:E6 server=dhcp1
add address=192.168.1.253 mac-address=40:9F:38:D0:D6:C7 server=dhcp1
add address=192.168.1.254 mac-address=40:9F:38:D1:07:06 server=dhcp1
add address=192.168.1.6 mac-address=24:0A:C4:10:5A:EC server=dhcp1
add address=192.168.1.15 mac-address=70:EE:50:1F:05:0C server=dhcp1
add address=192.168.1.5 client-id=1:78:24:af:41:bc:3d mac-address=\
    78:24:AF:41:BC:3D server=dhcp1
add address=192.168.1.3 client-id=1:78:f2:9e:90:86:da mac-address=\
    78:F2:9E:90:86:DA server=dhcp1
add address=192.168.1.53 client-id=1:e4:2a:ac:c3:ee:7a mac-address=\
    E4:2A:AC:C3:EE:7A server=dhcp1
add address=192.168.1.57 client-id=1:3c:2a:f4:a6:c4:c0 comment=Stampante \
    mac-address=3C:2A:F4:A6:C4:C0 server=dhcp1
add address=192.168.1.68 client-id=1:d8:ce:3a:89:92:7 comment=mi9se \
    mac-address=D8:CE:3A:89:92:07 server=dhcp1
add address=192.168.1.4 client-id=1:4a:bd:13:4:bc:e1 mac-address=\
    4A:BD:13:04:BC:E1 server=dhcp1
add address=192.168.1.196 comment=echo mac-address=DC:54:D7:BF:12:F3 server=\
    dhcp1
add address=192.168.1.17 client-id=1:5c:62:8b:a0:e1:b0 mac-address=\
    5C:62:8B:A0:E1:B0 server=dhcp1
add address=192.168.1.20 client-id=1:9c:eb:e8:ef:25:63 mac-address=\
    9C:EB:E8:EF:25:63 server=dhcp1
add address=192.168.1.19 client-id=1:3c:6:30:14:c0:90 mac-address=\
    3C:06:30:14:C0:90 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.2 gateway=192.168.1.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=drop chain=input in-interface-list=WAN
add action=drop chain=input connection-state=invalid log=yes log-prefix=\
    DROP_INVALID
add action=add-src-to-address-list address-list=BruteForce_SSH \
    address-list-timeout=1h chain=input dst-port=22 log=yes log-prefix=\
    SSH_ATTACK protocol=tcp src-address-list=!trusted
add action=drop chain=input dst-port=22 protocol=tcp src-address-list=\
    BruteForce_SSH
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=udp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    tcp src-port="" to-addresses=192.168.1.53 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    udp to-addresses=192.168.1.53 to-ports=3074
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24,192.168.216.0/24
set api-ssl address=192.168.1.0/24
/system clock
set time-zone-name=Europe/Rome
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

                              Due note. Ho tolto anche ipv6. Ma capsman lo usi?

                              • Hunty ha risposto a questo messaggio

                                  wtf

                                  • la vlan l'ho disabilitata subito dopo aver esportato la configurazione, per cui adesso su ether1 c'è solo il client pppoe
                                  • è strano che ci sia configurato capsman, non lo uso. ho solo un dispositivo mikrotik
                                  • per il no_country_set avevo letto che era l'opzione migliore per poter far erogare la massima potenza sul wifi
                                  • non avevo notato le due fasttrack, grazie
                                  • questa route con gateway=*B mi è nuova, non l'ho settata io

                                  mario152475
                                  come ho scritto sopra, capsman non lo uso, devo averlo settato quando ho fatto qualche prova, idem ipv6

                                        Hunty
                                        Allora si semplifica ancora di più:

                                        /interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes interface=ether1 name=pppoe-out1 use-peer-dns=no user=openfiber
/interface list
add name=WAN
add name=LAN
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=ch1_6_11 name=ch1 width=20
add band=2ghz-b/g/n frequency=2437 list=ch1_6_11 name=ch6 width=20
add band=2ghz-b/g/n frequency=2462 list=ch1_6_11 name=ch11 width=20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
    no_country_set disabled=no frequency=ch11 frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan2.4 scan-list=ch1_6_11 ssid=Tiscalli \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac country=\
    no_country_set disabled=no frequency=auto frequency-mode=manual-txpower \
    mode=ap-bridge name=wlan5G ssid=Tiscalli5G wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.200
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan5G
add bridge=bridge1 interface=wlan2.4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-server lease
add address=192.168.1.7 mac-address=60:01:94:D8:E3:F5 server=dhcp1
add address=192.168.1.9 client-id=1:48:0:33:ae:66:37 comment=skipper \
    mac-address=48:00:33:AE:66:37 server=dhcp1
add address=192.168.1.251 mac-address=40:9F:38:D0:C5:0D server=dhcp1
add address=192.168.1.252 mac-address=40:9F:38:D0:F3:CC server=dhcp1
add address=192.168.1.250 mac-address=40:9F:38:D0:FA:E6 server=dhcp1
add address=192.168.1.253 mac-address=40:9F:38:D0:D6:C7 server=dhcp1
add address=192.168.1.254 mac-address=40:9F:38:D1:07:06 server=dhcp1
add address=192.168.1.6 mac-address=24:0A:C4:10:5A:EC server=dhcp1
add address=192.168.1.15 mac-address=70:EE:50:1F:05:0C server=dhcp1
add address=192.168.1.5 client-id=1:78:24:af:41:bc:3d mac-address=\
    78:24:AF:41:BC:3D server=dhcp1
add address=192.168.1.3 client-id=1:78:f2:9e:90:86:da mac-address=\
    78:F2:9E:90:86:DA server=dhcp1
add address=192.168.1.53 client-id=1:e4:2a:ac:c3:ee:7a mac-address=\
    E4:2A:AC:C3:EE:7A server=dhcp1
add address=192.168.1.57 client-id=1:3c:2a:f4:a6:c4:c0 comment=Stampante \
    mac-address=3C:2A:F4:A6:C4:C0 server=dhcp1
add address=192.168.1.68 client-id=1:d8:ce:3a:89:92:7 comment=mi9se \
    mac-address=D8:CE:3A:89:92:07 server=dhcp1
add address=192.168.1.4 client-id=1:4a:bd:13:4:bc:e1 mac-address=\
    4A:BD:13:04:BC:E1 server=dhcp1
add address=192.168.1.196 comment=echo mac-address=DC:54:D7:BF:12:F3 server=\
    dhcp1
add address=192.168.1.17 client-id=1:5c:62:8b:a0:e1:b0 mac-address=\
    5C:62:8B:A0:E1:B0 server=dhcp1
add address=192.168.1.20 client-id=1:9c:eb:e8:ef:25:63 mac-address=\
    9C:EB:E8:EF:25:63 server=dhcp1
add address=192.168.1.19 client-id=1:3c:6:30:14:c0:90 mac-address=\
    3C:06:30:14:C0:90 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.2 gateway=192.168.1.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=drop chain=input in-interface-list=WAN
add action=drop chain=input connection-state=invalid log=yes log-prefix=\
    DROP_INVALID
add action=add-src-to-address-list address-list=BruteForce_SSH \
    address-list-timeout=1h chain=input dst-port=22 log=yes log-prefix=\
    SSH_ATTACK protocol=tcp src-address-list=!trusted
add action=drop chain=input dst-port=22 protocol=tcp src-address-list=\
    BruteForce_SSH
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=tcp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
    log-prefix="[443]" protocol=udp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    tcp src-port="" to-addresses=192.168.1.53 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
    udp to-addresses=192.168.1.53 to-ports=3074
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24,192.168.216.0/24
set api-ssl address=192.168.1.0/24
/system clock
set time-zone-name=Europe/Rome
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

                                        Dovresti però riprenderla e confrontarla con la tua configurazione includendo anche le credenziali (che giustamente hai omesso qua).

                                        • Hunty ha risposto a questo messaggio

                                            • HHunty

                                              • Autore
                                              • Messaggio #11

                                              mario152475
                                              stavo guardando che ho due regole di NAT masquerade una verso la wan ed una verso la pppoe, ora non capisco se è come per il firewall che va in ordine dall'alto verso il basso, ma terrei di più quella generica verso la wan che quella specifica verso la pppoe, che ne pensi?

                                                  Hunty
                                                  Io terrei solo quella sulla list WAN. Ma il firewall mi sembra abbastanza distante da quello di default. Non sarebbe meglio resettare tutto e riconfigurare il router da 0?

                                                    • HHunty

                                                      • Autore
                                                      • Messaggio #13

                                                      ho fatto alcune prove usando il nuovo pacchetto driver per il wifi, devono aver apportato qualche miglioria perchè ora anche i condizionatori che non si collegavano in precedenza ora si collegano, senza aver apportato modifiche se non riconfigurare la rete wifi che fra vecchi e nuovi driver è necessario fare.
                                                      Per i problemi con il mio telefono android che "droppava" la wifi e si vedeva che perdeva l'indirizzo ip, ho provato a fare pulizia dei profili "ssid - password" che avevo salvato sul mio android tramite "gestisci reti salvate", vediamo un pò come va

                                                      Informativa privacy - Informativa cookie - Termini e condizioni - Regolamento - Disclaimer - 🏳️‍🌈
                                                      P.I. IT16712091004 - info@fibraclick.it

                                                      ♻️ Il server di questo sito è alimentato al 100% con energia rinnovabile