# 2025-04-06 03:45:06 by RouterOS 7.17# system id = s+UXm/vUeeG#/interface

1. # 2025-04-06 03:45:06 by RouterOS 7.17
2. # system id = s+UXm/vUeeG
3. #
4. /interface bridge
5. add name=bridge1
6. /interface ethernet
7. set [ find default-name=ether1 ] disable-running-check=no name=ether3
8. set [ find default-name=ether2 ] disable-running-check=no name=ether4
9. /interface wireguard
10. add listen-port=[port] mtu=1420 name="ID CHR(S) --> US SF CHR"
11. add listen-port=[port] mtu=1400 name="SG CHR(S) --> US SF CHR"
12. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> DE CHR"
13. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> L009"
14. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> RB3011"
15. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> RB5009"
16. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> PC"
17. add listen-port=[port] mtu=1420 name="US SF CHR(S) --> US NY CHR"
18. /ip smb users
19. set [ find default=yes ] disabled=yes
20. /port
21. set 0 name=serial0
22. /ip firewall connection tracking
23. set udp-timeout=10s
24. /interface ovpn-server server
25. add mac-address=FE:75:55:58:D0:F6 name=ovpn-server1
26. /interface wireguard peers
27. add allowed-address=172.25.110.2/32,0.0.0.0/0,::/0 interface="US SF CHR(S) --> ID RB3011" name="RB3011" \
28. persistent-keepalive=15s public-key="[key]"
29. add allowed-address=172.22.110.4/32,0.0.0.0/0,::/0 interface="US SF CHR(S) --> ID RB5009" name="RB5009" \
30. public-key="[key]"
31. add allowed-address=172.25.100.3/32,0.0.0.0/0,::/0 endpoint-address=[ip addr] endpoint-port=32002 \
32. interface="SG CHR(S) --> US SF CHR" name="SG CHR" persistent-keepalive=15s public-key=\
33. "[key]"
34. add allowed-address=172.25.110.8/32,0.0.0.0/0,::/0 endpoint-address=[ip addr] endpoint-port=32101 \
35. interface="US SF CHR(S) --> DE CHR" name="DE CHR" persistent-keepalive=15s public-key=\
36. "[key]"
37. add allowed-address=172.25.110.10/32,0.0.0.0/0,::/0 endpoint-address=[ip addr] endpoint-port=32103 \
38. interface="US SF CHR(S) --> US NY CHR" name="NY CHR" persistent-keepalive=15s public-key=\
39. "[key]"
40. add allowed-address=172.25.150.5/32,0.0.0.0/0,::/0 endpoint-address=[ip addr] endpoint-port=32505 \
41. interface="ID CHR(S) --> US SF CHR" name="ID CHR" persistent-keepalive=15s public-key=\
42. "[key]"
43. add allowed-address=::/0,0.0.0.0/0,172.22.110.20/32 interface="US SF CHR(S) --> PC" name=PC \
44. public-key="[key]"
45. add allowed-address=::/0,0.0.0.0/0,172.25.110.6/32 interface="US SF CHR(S) --> L009" name="L009 GS" \
46. persistent-keepalive=15s public-key="[key]"
47. /ip address
48. add address=172.25.100.4 interface="SG CHR(S) --> US SF CHR" network=172.25.100.3
49. add address=172.25.110.5 interface="US SF CHR(S) --> L009" network=172.25.110.6
50. add address=172.22.110.3 interface="US SF CHR(S) --> RB5009" network=172.22.110.4
51. add address=172.25.110.7 interface="US SF CHR(S) --> DE CHR" network=172.25.110.8
52. add address=172.25.110.9 interface="US SF CHR(S) --> US NY CHR" network=172.25.110.10
53. add address=172.25.150.6 interface="ID CHR(S) --> US SF CHR" network=172.25.150.5
54. add address=172.22.110.19 interface="US SF CHR(S) --> PC" network=172.22.110.20
55. /ip dhcp-client
56. add interface=ether3
57. /ip dns
58. set servers=1.1.1.1,8.8.8.8
59. /ip firewall filter
60. add action=accept chain=input comment="WinBox Wan Administration" disabled=yes dst-port=8291 protocol=tcp
61. /ip firewall mangle
62. add action=change-mss chain=forward in-interface="US SF CHR(S) --> RB5009" new-mss=1380 protocol=tcp \
63. tcp-flags=syn tcp-mss=1381-65535
64. /ip firewall nat
65. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=7050 protocol=tcp to-addresses=\
66. 10.3.0.10 to-ports=7050
67. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=7050 protocol=udp to-addresses=\
68. 10.3.0.10 to-ports=7050
69. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> DE CHR"
70. add action=masquerade chain=srcnat out-interface="ID CHR(S) --> US SF CHR"
71. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> L009"
72. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> US NY CHR"
73. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> RB3011"
74. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> RB5009"
75. add action=masquerade chain=srcnat out-interface="US SF CHR(S) --> PC"
76. add action=masquerade chain=srcnat out-interface="SG CHR(S) --> US SF CHR"
77. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=25590 protocol=tcp to-addresses=\
78. 10.0.0.16 to-ports=25590
79. add action=dst-nat chain=dstnat disabled=yes dst-address=[ip addr] dst-port=25598 protocol=tcp \
80. to-addresses=10.100.63.251 to-ports=25590
81. add action=dst-nat chain=dstnat disabled=yes dst-address=[ip addr] dst-port=25595 protocol=tcp \
82. to-addresses=10.0.15.192 to-ports=25590
83. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=25596 protocol=tcp to-addresses=\
84. 10.0.0.102 to-ports=25590
85. add action=dst-nat chain=dstnat disabled=yes dst-address=[ip addr] dst-port=25596 protocol=udp \
86. to-addresses=10.0.0.102 to-ports=25565
87. add action=dst-nat chain=dstnat comment="UNIFI INFORM (UDP)" dst-address=[ip addr] dst-port=8080 \
88. protocol=udp to-addresses=10.0.0.9 to-ports=8080
89. add action=dst-nat chain=dstnat comment="UNIFI STUN (UDP)" dst-address=[ip addr] dst-port=3478 \
90. protocol=udp to-addresses=10.0.0.9 to-ports=3478
91. add action=dst-nat chain=dstnat comment="UNIFI STUN (TCP)" dst-address=[ip addr] dst-port=3478 \
92. protocol=tcp to-addresses=10.0.0.9 to-ports=3478
93. add action=dst-nat chain=dstnat comment="UNIFI WEB (TCP)" disabled=yes dst-address=[ip addr] dst-port=\
94. 8443 protocol=tcp to-addresses=10.0.0.9 to-ports=8443
95. add action=dst-nat chain=dstnat disabled=yes dst-address=[ip addr] dst-port=54500 protocol=tcp \
96. to-addresses=10.0.0.16 to-ports=3000
97. add action=dst-nat chain=dstnat comment="UNIFI INFORM (TCP)" dst-address=[ip addr] dst-port=8080 \
98. protocol=tcp to-addresses=10.0.0.9 to-ports=8080
99. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=25590 protocol=udp to-addresses=\
100. 10.0.0.16 to-ports=25590
101. add action=dst-nat chain=dstnat dst-address=[ip addr] dst-port=25595 protocol=udp to-addresses=\
102. 10.0.0.102 to-ports=25590
103. /ip ipsec profile
104. set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
105. /ip route
106. add disabled=no distance=1 dst-address=10.0.0.0/16 gateway=172.25.100.3 pref-src="" routing-table=main \
107. scope=30 suppress-hw-offload=no target-scope=10
108. add disabled=no distance=2 dst-address=10.100.0.0/16 gateway=172.22.110.4 pref-src="" routing-table=main \
109. scope=30 suppress-hw-offload=no target-scope=10
110. add disabled=no distance=2 dst-address=10.0.0.0/16 gateway=172.25.110.2 pref-src="" routing-table=main \
111. scope=30 suppress-hw-offload=no target-scope=10
112. add disabled=no dst-address=[ip addr] gateway=172.25.110.8 routing-table=main suppress-hw-offload=no
113. add disabled=yes distance=1 dst-address=10.100.0.0/16 gateway=172.25.100.3 pref-src="" routing-table=main \
114. scope=30 suppress-hw-offload=no target-scope=10
115. /ip service
116. set telnet disabled=yes
117. set ftp disabled=yes
118. set www disabled=yes
119. set ssh address=[ip addr]
120. set api disabled=yes
121. set winbox address=[ip addr] port=8450
122. set api-ssl disabled=yes
123. /ip smb shares
124. set [ find default=yes ] directory=/pub
125. /system clock
126. set time-zone-autodetect=no time-zone-name=Asia/Bangkok
127. /system identity
128. set name="US SF CHR"
129. /system note
130. set show-at-login=no