WAN Interface Configuration

• Interface Selection: Choose which interface connects to your ISP (typically ether1)
• DHCP Client Mode: Automatically obtain IP address, gateway, and DNS from your ISP
• Static IP Mode: Manually configure IP address, gateway, and network settings
• Use Peer DNS/NTP: Automatically use DNS and NTP servers provided by your ISP

Bridge Configuration

• Bridge Name: Name of the bridge interface (default: Hotspot-bridge)
• Bridge IP Address: IP address assigned to the bridge (e.g., 192.168.90.1/24)
• Bridge Ports: Select which physical interfaces (ether2, ether3, etc.) should be part of the bridge

DHCP Server Configuration

• Enable/Disable: Turn DHCP server on or off
• IP Pool: Select which IP address pool to use for client assignments
• Gateway: Default gateway IP address (usually the bridge IP)
• DNS Servers: DNS servers to provide to DHCP clients (comma-separated)

Service Access Control

Enable or disable RouterOS services and restrict access by IP address:

• API: Required for NettPortal (port 8728) - Cannot be disabled
• API-SSL: Secure API access (port 8729)
• SSH: Secure shell access (port 22)
• Telnet: Unencrypted terminal access (port 23)
• FTP: File transfer protocol (port 21)
• Winbox: MikroTik management tool (port 8291)
• WWW/Webfig: Web interface (ports 80/443)

For each service, you can specify allowed IP addresses (comma-separated) to restrict access. Leave empty to allow from any IP. The system automatically adds your WireGuard subnet to API service restrictions to ensure NettPortal can always connect.

Admin User Management

Change the default 'admin' user password or create new admin users:

• Username: Select which admin user to modify
• New Password: Set a new password (must be at least 8 characters)
• Confirm Password: Re-enter the password to confirm

Firewall Rules

Add, edit, or remove firewall filter rules for network security:

• Chain: Input, forward, or output chain
• Action: Accept, drop, reject, or other actions
• Protocol: TCP, UDP, ICMP, or all protocols
• Source/Destination Address: IP addresses or networks
• Ports: Source or destination ports
• Interface: Incoming or outgoing interface
• Comment: Optional description for the rule

DNS Configuration

• DNS Servers: Primary and secondary DNS servers (comma-separated, e.g., 8.8.8.8,4.2.2.2)
• Allow Remote Requests: Allow external devices to query this router's DNS
• Cache Size: DNS cache size (default: 2048KiB)
• Max TTL: Maximum time-to-live for cached entries (default: 7d)
• Query Timeouts: Server and total timeout settings
• UDP Packet Size: Maximum UDP packet size for DNS queries
• Concurrent Queries/TCP Sessions: Limits for simultaneous DNS operations

NTP Client Configuration

• Enable NTP: Turn on Network Time Protocol synchronization
• Primary NTP Server: Primary time server (e.g., pool.ntp.org)
• Secondary NTP Server: Backup time server (e.g., time.google.com)

Timezone Configuration

• Auto-Detect: Automatically detect timezone from router location
• Manual Selection: Manually select timezone from a list

Wireless Interface Configuration

• Interface Selection: Choose which wireless interface to configure
• Enable/Disable: Turn wireless interface on or off
• Mode: Access point (ap-bridge) or station mode
• SSID: Wireless network name
• Band: 2.4GHz or 5GHz frequency band
• Channel: Specific WiFi channel (auto if not specified)
• Country: Regulatory domain for compliance
• Channel Width: 20MHz, 40MHz, or 80MHz
• Wireless Protocol: 802.11 standard (b/g/n/ac/ax)

Security Profile Configuration

• Profile Name: Name for the security profile
• Authentication Types: WPA2-PSK, WPA3-PSK, or both
• WPA2 Passphrase: Password for WPA2 networks (minimum 8 characters)
• WPA3 Passphrase: Password for WPA3 networks (minimum 8 characters)
• Mode: Dynamic keys or static keys

Simple Queue Configuration

• Queue Name: Name for identifying the queue
• Target: IP address, IP range, or interface to apply the queue to
• Max Limit Download: Maximum download speed (e.g., 10M)
• Max Limit Upload: Maximum upload speed (e.g., 5M)
• Priority: Traffic priority (1-8, where 8 is highest priority)
• Burst Configuration: Enable burst limits for temporary speed boosts
• Burst Limits: Download and upload burst speeds
• Burst Threshold: Speed threshold to trigger burst
• Burst Time: Duration of burst allowance
• Parent Queue: Optional parent queue for hierarchical bandwidth sharing
• Enable/Disable: Turn queue on or off
• Comment: Optional description

Hotspot Server Configuration

• Server Name: Hotspot server identifier (default: hotspot1)
• Interface: Interface to run Hotspot on (typically the bridge)
• Address Pool: IP pool for Hotspot users
• Profile: Default Hotspot profile
• Addresses Per MAC: Number of IP addresses per MAC address (default: 1)
• Enable/Disable: Turn Hotspot server on or off

Hotspot Profile Configuration

• Profile Name: Name for the profile
• Hotspot Address: IP address for the Hotspot portal
• DNS Name: DNS name for the Hotspot portal
• HTML Directory: Directory containing Hotspot HTML pages

PPPoE Server Configuration

• Service Name: PPPoE service identifier
• Interface: Interface to run PPPoE server on
• Default Profile: Default PPPoE profile for users without a specific profile
• One Session Per Host: Allow only one PPPoE session per host MAC address. Prevents multiple connections from the same device.
• Max MTU: Maximum MTU (Maximum Transmission Unit) size in bytes. Default: 1480 for PPPoE.
• Max MRRU: Maximum MRRU (Maximum Receive Reconstructed Unit) size. Used for multilink PPPoE.
• MRRU: MRRU (Maximum Receive Reconstructed Unit) size for multilink connections.
• Keepalive Timeout: Timeout for PPPoE keepalive packets. Keeps connections alive during inactivity.
• Max Sessions: Maximum number of concurrent PPPoE sessions allowed on the server.
• PADO Delay: Delay before sending PADO (PPPoE Active Discovery Offer) response, in milliseconds.
• Enable/Disable: Turn PPPoE server on or off

PPPoE Profile Configuration

• Profile Name: Name for the profile
• Local Address: Local IP address for PPPoE connections
• Remote Address: Remote IP address pool (or 'dhcp' for dynamic)
• Rate Limit: Bandwidth limit string (e.g., 10M/5M)
• Idle Timeout: Disconnect idle connections after this time
• Use MPLS: Enable MPLS support
• Use Compression: Enable data compression

Firewall Advanced

• Disable Hotspot Sharing: Prevent hotspot users from sharing their connection
• Enable FastTrack: Enable fast connection tracking for better performance
• Address Lists: Create lists of IP addresses for firewall rules
• Mangle Rules: Create packet marking rules for advanced traffic control

Static Routes

• Destination Address: Network or IP address to route to
• Gateway: Gateway IP address for the route
• Interface: Optional interface for the route
• Distance: Route priority/distance
• Comment: Optional description

System Admin

• Logging: Configure system logging (action, topics, prefix)
• Scheduler: Create scheduled tasks/scripts (start date, time, interval, on-event script)
• Backup: Configure automatic configuration backups (interval, name)

VPN Servers

• PPTP Server: Configure PPTP VPN (max MRRU, default profile)
• L2TP Server: Configure L2TP VPN (max MRRU, default profile)
• SSTP Server: Configure SSTP VPN (certificate, default profile)
• OpenVPN Server: Configure OpenVPN (certificate, port, protocol)
• IPSec: Configure IPSec VPN (peer configuration)

Queue Advanced

• Queue Tree: Create hierarchical queue trees (parent, packet mark, limits, priorities)
• PCQ Types: Configure Per Connection Queue types (dst-limit, src-limit, total-limit, burst settings)