Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/08/2018 18:05:44 by RouterOS 6.42.6
- # software id = P703-JFHM
- #
- # model = CCR1016-12S-1S+
- # serial number = 58A1042470D9
- /interface bridge
- add fast-forward=no name=OVPN_bridge
- add fast-forward=no name=eoip-lan
- /interface ethernet
- set [ find default-name=sfp1 ] comment=RT
- set [ find default-name=sfp2 ] comment=Global63
- set [ find default-name=sfp5 ] comment="LOCAL NAT"
- /interface pptp-client
- add allow=mschap2 connect-to=85.113.39.168 disabled=no name=df-alabin \
- password= user=
- /interface eoip
- add mac-address=FE:68:17:1E:19:BF name=eoiptunnel remote-address=172.16.0.2 \
- tunnel-id=101
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=gw2-alabin
- /ip ipsec proposal
- set [ find default=yes ] disabled=yes pfs-group=none
- /ip pool
- add name=dhcp-pool-1 ranges=10.1.1.230-10.1.1.255
- add name=wifi-pool ranges=10.1.2.50-10.1.4.250
- add name=vpn-pool ranges=172.16.0.2-172.16.0.150
- add name=OVPN_srv_pool ranges=192.168.100.1-192.168.100.250
- /ip dhcp-server
- add address-pool=wifi-pool authoritative=after-2sec-delay disabled=no \
- interface=eoip-lan lease-time=3d6h name=dhcp1
- /ipv6 dhcp-server
- add address-pool=/port interface=sfp5 name=server1
- /ppp profile
- add change-tcp-mss=yes dns-server=172.16.0.150 local-address=172.16.0.150 \
- name=vpn only-one=no rate-limit=1M/10M remote-address=vpn-pool \
- use-compression=no use-encryption=yes use-mpls=no use-upnp=no
- add local-address=192.168.100.1 name=OVPN_server remote-address=OVPN_srv_pool
- set *FFFFFFFE dns-server=10.1.1.1,8.8.8.8 local-address=172.16.0.1 \
- remote-address=vpn-pool
- /queue simple
- add burst-limit=3M/3M burst-time=15s/15s disabled=yes max-limit=2M/2M name=\
- kassa queue=default-small/default target=10.1.5.101/32 total-queue=\
- default
- add burst-limit=20M/20M burst-time=15s/15s disabled=yes max-limit=10M/10M \
- name=buh queue=default/default target="10.1.1.22/32,10.1.1.122/32,10.1.1.2\
- 0/32,10.1.1.21/32,10.1.2.124/32,10.1.1.123/32,10.1.1.158/32" total-queue=\
- default
- add burst-time=15s/15s disabled=yes name=director queue=default/default \
- target=10.1.6.105/32 total-queue=default
- add disabled=yes name=servers queue=default/default target=\
- 10.1.10.0/24,10.1.20.0/24,10.1.1.2/32,10.1.1.5/32,10.1.5.0/24 \
- total-queue=default
- add disabled=yes name=Kolev queue=default/default target=\
- 10.1.1.8/32,10.1.1.9/32 total-queue=default
- add disabled=yes name=10.1.2.139 queue=default/default target=10.1.2.139/32 \
- total-queue=default
- add disabled=yes name=temp queue=default/default target=\
- 10.1.6.150/32,10.1.6.151/32 total-queue=default
- add disabled=yes name=Admin queue=default/default target=10.1.1.4/32 \
- total-queue=default
- add disabled=yes name=DF queue=default/default target=\
- 10.1.1.153/32,10.1.20.153/32 total-queue=default
- add disabled=yes max-limit=128k/128k name=vk queue=default/default target=\
- 87.240.128.0/18,93.186.224.0/21,93.186.232.0/21,95.142.192.0/20 \
- total-queue=default
- add disabled=yes name=voip queue=default/default target=10.1.7.1/32 \
- total-queue=default
- add disabled=yes name=Xbox queue=default/default target=10.1.2.150/32 \
- total-queue=default
- add disabled=yes limit-at=9M/9M max-limit=10M/10M name=NAS queue=\
- default/default target=10.1.1.247/32,10.1.1.248/32 total-queue=default
- add burst-limit=1M/1M burst-time=15s/15s disabled=yes max-limit=1M/1M name=\
- econom1 queue=default/default target=10.1.2.51/32 total-queue=default
- add burst-limit=3M/3M burst-time=5s/5s disabled=yes max-limit=2M/2M name=\
- sekretar queue=default/default target=10.1.1.49/32 total-queue=default
- add burst-limit=2M/2M burst-time=15s/15s disabled=yes max-limit=1M/1M name=\
- urist queue=default/default target=10.1.1.157/32,10.1.2.25/32 \
- total-queue=default
- add disabled=yes max-limit=5M/5M name=others queue=default/default target=\
- 10.1.1.145/32 total-queue=default
- add disabled=yes dst=sfp2 max-limit=1M/1M name=alluser>eth7 queue=\
- default/default target=10.1.0.0/16 total-queue=default
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0
- /system logging action
- set 0 memory-lines=100
- set 1 disk-lines-per-file=100
- /tool user-manager customer
- set admin access=\
- own-routers,own-users,own-profiles,own-limits,config-payment-gw
- /interface bridge port
- add bridge=eoip-lan hw=no interface=sfp5
- add bridge=eoip-lan interface=eoiptunnel
- add bridge=eoip-lan hw=no interface=sfp12
- add bridge=eoip-lan hw=no interface=sfp11
- /interface bridge settings
- set use-ip-firewall=yes
- /ipv6 settings
- set max-neighbor-entries=1024
- /interface l2tp-server server
- set max-mru=1460 max-mtu=1460
- /interface ovpn-server server
- set auth=sha1 certificate=test-srv-OVPN cipher=blowfish128 default-profile=\
- OVPN_server keepalive-timeout=disabled port=443 \
- require-client-certificate=yes
- /interface pptp-server server
- set max-mru=1460 max-mtu=1460
- /ip address
- add address=85.112.39.102/30 interface=sfp1 network=85.112.39.100
- add address=10.1.1.1/16 interface=sfp5 network=10.1.0.0
- add address=10.1.20.1/16 interface=sfp5 network=10.1.0.0
- add address=80.252.24.172/26 interface=sfp2 network=80.252.24.128
- add address=80.252.25.16/29 interface=sfp5 network=80.252.25.16
- add address=80.252.25.17/29 interface=sfp5 network=80.252.25.16
- add address=80.252.25.18/29 interface=sfp2 network=80.252.25.16
- add address=80.252.25.23/29 interface=sfp2 network=80.252.25.16
- add address=10.1.19.1/24 interface=sfp5 network=10.1.19.0
- add address=192.168.0.111 disabled=yes interface=sfp5 network=192.168.0.0
- add address=192.168.0.111 interface=sfp5 network=192.168.0.111
- add address=10.2.1.1/16 interface=sfp12 network=10.2.0.0
- add address=10.1.9.1/24 interface=sfp5 network=10.1.9.0
- add address=192.168.8.1/24 interface=sfp5 network=192.168.8.0
- add address=80.252.25.19/29 interface=sfp5 network=80.252.25.16
- add address=80.252.25.20/29 interface=sfp5 network=80.252.25.16
- add address=7.143.107.1/24 disabled=yes interface=sfp5 network=7.143.107.0
- add address=192.168.88.99/24 interface=sfp12 network=192.168.88.0
- /ip arp
- add address=10.1.1.153 interface=sfp5 mac-address=90:2B:34:03:37:FD
- add address=10.1.1.152 interface=sfp5 mac-address=D4:3D:7E:B8:17:96
- add address=10.1.1.123 interface=sfp5 mac-address=D4:3D:7E:4B:00:01
- add address=10.1.1.9 interface=sfp5 mac-address=D4:3D:7E:4A:FF:7C
- add address=10.1.6.101 interface=sfp5 mac-address=D4:3D:7E:4A:FF:7F
- add address=10.1.6.102 interface=sfp5 mac-address=D4:3D:7E:4B:04:12
- add address=10.1.6.103 interface=sfp5 mac-address=D4:3D:7E:B8:14:DA
- add address=10.1.1.77 interface=sfp5 mac-address=50:E5:49:51:4F:4A
- add address=10.1.1.151 interface=sfp5 mac-address=D4:3D:7E:4B:04:12
- /ip dhcp-server lease
- add address=10.1.2.66 always-broadcast=yes client-id=1:0:15:5d:14:fc:1d \
- comment=Guseva_server mac-address=00:15:5D:14:FC:1D server=dhcp1
- add address=10.1.2.148 client-id=1:64:51:6:23:ad:58 comment="PRNTR 201" \
- mac-address=64:51:06:23:AD:58 server=dhcp1
- add address=10.1.2.145 always-broadcast=yes comment=IPKVM mac-address=\
- 00:10:74:61:34:FA server=dhcp1
- add address=10.1.2.147 client-id=1:0:15:5d:14:fc:23 comment=term3 \
- mac-address=00:15:5D:14:FC:23 server=dhcp1
- add address=10.1.2.89 client-id=1:0:15:5d:14:fc:27 comment=ArinaGuseva_vm \
- mac-address=00:15:5D:14:FC:27 server=dhcp1
- add address=10.1.2.130 always-broadcast=yes client-id=1:64:51:6:23:ad:56 \
- comment="Printer HP new bolshoy" mac-address=64:51:06:23:AD:56 server=\
- dhcp1
- add address=10.1.2.133 client-id=1:0:15:5d:14:fc:29 comment=\
- term4_lavrentiev_comp mac-address=00:15:5D:14:FC:29 server=dhcp1
- add address=10.1.2.149 comment=Bahareva_term4+printer mac-address=\
- 00:0F:EA:4F:DE:45 server=dhcp1
- add address=10.1.2.106 client-id=1:0:15:5d:14:fc:2a comment=\
- vm_proverka1_steklo mac-address=00:15:5D:14:FC:2A server=dhcp1
- add address=10.1.2.131 comment=Guseva_terminal mac-address=00:11:5B:A3:8D:F8 \
- server=dhcp1
- add address=10.1.2.58 client-id=1:74:d4:35:7d:be:a2 mac-address=\
- 74:D4:35:7D:BE:A2 server=dhcp1
- add address=10.1.2.78 always-broadcast=yes comment=dim_217_thin mac-address=\
- 00:01:6C:27:06:15 server=dhcp1
- add address=10.1.2.143 comment=term_DIATIAN_COMP mac-address=\
- 00:16:76:69:50:B4 server=dhcp1
- add address=10.1.2.83 always-broadcast=yes comment=term5 mac-address=\
- 00:0F:EA:12:B2:8B server=dhcp1
- add address=10.1.2.96 client-id=1:3c:4a:92:4a:56:18 comment="HP 7500A 235" \
- mac-address=3C:4A:92:4A:56:18 server=dhcp1
- add address=10.1.2.63 always-broadcast=yes client-id=1:20:10:7a:99:59:59 \
- mac-address=20:10:7A:99:59:59 server=dhcp1
- add address=10.1.2.124 client-id=1:fc:aa:14:88:db:77 mac-address=\
- FC:AA:14:88:DB:77 server=dhcp1
- add address=10.1.2.128 client-id=1:0:15:5d:14:fc:2e comment=\
- proverka-25-09-2015 mac-address=00:15:5D:14:FC:2E server=dhcp1
- add address=10.1.2.110 always-broadcast=yes comment=thin_general-engineer \
- mac-address=00:1E:90:F1:4A:40 server=dhcp1
- add address=10.1.2.85 always-broadcast=yes client-id=1:0:15:5d:14:fc:37 \
- comment=lavrentiev_vm mac-address=00:15:5D:14:FC:37 server=dhcp1
- add address=10.1.2.150 client-id=1:b4:ae:2b:18:8d:ba comment=Xbox \
- mac-address=B4:AE:2B:18:8D:BA server=dhcp1
- add address=10.1.2.144 client-id=1:0:15:5d:14:fc:2b comment=vm_dim_217 \
- mac-address=00:15:5D:14:FC:2B server=dhcp1
- add address=10.1.2.140 client-id=1:0:15:5d:14:fc:41 comment=vm_inform_centr \
- mac-address=00:15:5D:14:FC:41 server=dhcp1
- add address=10.1.2.141 client-id=1:0:15:5d:14:fc:43 comment=vm_stashenkov \
- mac-address=00:15:5D:14:FC:43 server=dhcp1
- add address=10.1.2.136 client-id=1:0:15:5d:14:fc:44 comment=vm_215_sky \
- mac-address=00:15:5D:14:FC:44 server=dhcp1
- add address=10.1.2.115 comment=thin_infocenter2_usilit mac-address=\
- 00:19:D1:12:83:C3 server=dhcp1
- add address=10.1.2.121 client-id=1:0:15:5d:14:fc:47 comment=\
- vm_thin_infocenter2 mac-address=00:15:5D:14:FC:47 server=dhcp1
- add address=10.1.2.112 always-broadcast=yes comment=thin_pr1_jenia \
- mac-address=00:13:8F:49:AA:C3 server=dhcp1
- add address=10.1.2.146 client-id=1:0:15:5d:14:fc:49 comment=vm_pr1_jenia \
- mac-address=00:15:5D:14:FC:49 server=dhcp1
- add address=10.1.2.138 client-id=1:0:15:5d:14:fc:4b comment=vm_buh215 \
- mac-address=00:15:5D:14:FC:4B server=dhcp1
- add address=10.1.2.127 client-id=1:6c:62:6d:e4:ea:9a comment=\
- "213room XP comp" mac-address=6C:62:6D:E4:EA:9A server=dhcp1
- add address=10.1.2.123 client-id=1:0:15:5d:14:fc:4d comment=vm_etno2 \
- mac-address=00:15:5D:14:FC:4D server=dhcp1
- add address=10.1.2.120 always-broadcast=yes comment=thin_etno2 mac-address=\
- 00:19:D1:88:AB:60 server=dhcp1
- add address=10.1.2.61 client-id=1:74:d4:35:93:a7:27 mac-address=\
- 74:D4:35:93:A7:27 server=dhcp1
- add address=10.1.2.82 client-id=1:0:15:17:19:47:f6 mac-address=\
- 00:15:17:19:47:F6 server=dhcp1
- add address=10.1.2.217 always-broadcast=yes client-id=1:50:e5:49:51:4f:4a \
- comment=PR_MARY mac-address=50:E5:49:51:4F:4A server=dhcp1
- add address=10.1.2.230 client-id=1:0:15:5d:e4:b2:b comment=vm_216_2 \
- mac-address=00:15:5D:E4:B2:0B server=dhcp1
- add address=10.1.2.231 comment=thin_216_2 mac-address=00:19:D1:25:3C:E4 \
- server=dhcp1
- add address=10.1.2.238 client-id=1:0:90:a9:96:9c:71 comment="WD LIVE" \
- mac-address=00:90:A9:96:9C:71 server=dhcp1
- add address=10.1.3.6 client-id=1:b8:27:eb:8:66:20 mac-address=\
- B8:27:EB:08:66:20 server=dhcp1
- add address=10.1.3.8 client-id=1:b8:27:eb:5d:33:75 mac-address=\
- B8:27:EB:5D:33:75 server=dhcp1
- add address=10.1.2.196 always-broadcast=yes client-id=1:0:16:76:25:2c:5a \
- comment=215-Ryzhova_thin_hardware mac-address=00:16:76:25:2C:5A server=\
- dhcp1
- add address=10.1.2.132 client-id=1:0:15:5d:14:fc:35 comment=massov_3_216 \
- mac-address=00:15:5D:14:FC:35 server=dhcp1
- add address=10.1.2.201 client-id=1:0:26:5a:32:70:c2 comment="Matveev DIR-300" \
- mac-address=00:26:5A:32:70:C2 server=dhcp1
- add address=10.1.3.41 client-id=1:0:17:6f:71:1d:bd comment=\
- "POS TERMINAL KASSA" mac-address=00:17:6F:71:1D:BD server=dhcp1
- add address=10.1.3.52 client-id=1:fc:75:16:c3:49:98 comment="wifi dap-2310" \
- mac-address=FC:75:16:C3:49:98 server=dhcp1
- /ip dhcp-server network
- add address=10.1.0.0/16 boot-file-name=5.4.36/wtware.pxe dns-server=\
- 10.1.1.252,10.1.1.1 domain=ALABIN gateway=10.1.1.1 netmask=16 \
- next-server=10.1.20.254
- /ip dns
- set max-udp-packet-size=512 servers=10.1.1.252
- /ip dns static
- add address=10.1.1.247 name=ddd.ru
- add address=10.1.1.247 name=ttsam.ru
- add address=10.1.10.100 name=lectory.alabin.ru
- add address=10.1.10.100 name=lectory2.alabin.ru
- add address=10.1.1.252 name=alabin.local
- add address=10.1.5.120 name=storenode1
- add address=10.1.1.1 name=route.alabin.ru
- add address=10.1.10.100 name=blank.alabin.ru
- add address=10.1.10.100 name=quest.alabin.ru
- add address=10.1.10.100 name=modern.alabin.ru
- add address=10.1.2.191 name=old.alabin.ru
- /ip firewall address-list
- add address=10.1.20.106 list=netmap_ip
- add address=10.1.20.251 list=netmap_ip
- add address=10.1.1.111 list=netmap_ip
- add address=10.1.1.153 list=netmap_ip
- add address=10.1.1.9 list=netmap_ip
- add address=10.1.20.253 list=netmap_ip
- add address=10.1.8.200 list=netmap_ip
- add address=10.1.2.118 list=netmap_ip
- add address=10.1.9.100 list=netmap_ip
- add address=10.1.10.100 list=netmap_ip
- add address=10.1.16.1 list=netmap_ip
- add address=10.1.3.97 list=netmap_ip
- /ip firewall filter
- add action=jump chain=forward comment="ddos protect" connection-state=new \
- disabled=yes jump-target=detect-ddos
- add action=return chain=detect-ddos disabled=yes dst-limit=\
- 32,32,src-and-dst-addresses/10s
- add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
- 5m chain=detect-ddos disabled=yes
- add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
- 10m chain=detect-ddos disabled=yes
- add action=drop chain=forward connection-state=new disabled=yes \
- dst-address-list=ddosed src-address-list=ddoser
- add action=jump chain=forward comment="SYN Flood protect" connection-state=\
- new disabled=yes jump-target=SYN-Protect protocol=tcp tcp-flags=syn
- add action=drop chain=SYN-Protect connection-state=new disabled=yes protocol=\
- tcp tcp-flags=syn
- add action=add-src-to-address-list address-list=blocked-addr \
- address-list-timeout=1d chain=input comment=limit connection-limit=25,32 \
- disabled=yes protocol=tcp
- add action=tarpit chain=input connection-limit=5,32 disabled=yes protocol=tcp \
- src-address-list=blocked-addr
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2d chain=input comment="Port scanners to list " \
- disabled=yes protocol=tcp psd=21,3s,3,1
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
- disabled=yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=yes \
- protocol=tcp tcp-flags=fin,syn
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2d chain=input comment="SYN/RST scan" disabled=yes \
- protocol=tcp tcp-flags=syn,rst
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
- yes protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=yes \
- protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
- add action=add-src-to-address-list address-list="port scanners" \
- address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=yes \
- protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
- add action=drop chain=input comment="dropping port scanners" disabled=yes \
- src-address-list="port scanners"
- add action=drop chain=input comment="Block hole Windows" dst-port=\
- 135,137-139,445,593,4444 protocol=tcp
- add action=drop chain=forward dst-port=135,137-139,445,593,4444 protocol=tcp
- add action=drop chain=input dst-port=135,137-139 protocol=udp
- add action=drop chain=forward dst-port=135,137-139 protocol=udp
- add action=drop chain=forward comment="Block Bogon IP Address" src-address=\
- 127.0.0.0/8
- add action=drop chain=forward dst-address=127.0.0.0/8
- add action=drop chain=forward src-address=224.0.0.0/3
- add action=drop chain=forward dst-address=224.0.0.0/3
- add action=drop chain=forward protocol=udp src-address=85.113.37.46
- add action=drop chain=forward src-address=80.252.18.3
- add action=drop chain=forward src-address=94.31.249.252
- add action=drop chain=forward src-address=95.84.201.119
- add action=drop chain=forward src-address=209.9.43.26
- add action=drop chain=forward comment=china src-address=27.152.0.0/13
- add action=drop chain=forward src-address=110.88.0.0/14
- add action=drop chain=forward src-address=110.80.0.0/13
- add action=drop chain=forward src-address=113.204.0.0/14
- add action=drop chain=forward src-address=113.204.0.0/14
- add action=drop chain=forward src-address=175.42.0.0/18
- add action=drop chain=forward src-address=50.7.136.130
- add action=drop chain=forward comment="USA DDOS" src-address=87.245.196.64/26
- add action=accept chain=forward
- /ip firewall mangle
- add action=change-mss chain=forward disabled=yes new-mss=1500 passthrough=no \
- protocol=tcp tcp-flags=syn tcp-mss=!0-1448
- add action=change-mss chain=postrouting comment="MSS TCP" new-mss=1360 \
- passthrough=yes protocol=tcp tcp-flags=syn
- add action=mark-connection chain=input dst-address=85.112.39.102 \
- in-interface=sfp1 new-connection-mark=rt passthrough=no
- add action=mark-routing chain=output connection-mark=rt new-routing-mark=rt \
- passthrough=no
- add action=mark-connection chain=input dst-address=80.252.24.172 \
- in-interface=sfp2 new-connection-mark=global63 passthrough=no
- add action=mark-routing chain=output connection-mark=global63 \
- new-routing-mark=global63 passthrough=no
- add action=mark-connection chain=prerouting disabled=yes in-interface=sfp1 \
- new-connection-mark=rt-con passthrough=yes
- add action=mark-connection chain=prerouting disabled=yes in-interface=sfp2 \
- new-connection-mark=global63-con passthrough=yes
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=yes src-address=10.1.1.153
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=df \
- passthrough=yes src-address=10.1.8.107
- add action=mark-routing chain=prerouting new-routing-mark=global63 \
- passthrough=no src-address=10.1.10.100
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=no src-address=10.1.20.0/24
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=no src-address=10.1.10.0/24
- add action=mark-routing chain=prerouting comment="buh 207" disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.20-10.1.1.22
- add action=mark-routing chain=prerouting comment=VoIp disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.20.154
- add action=mark-routing chain=prerouting comment="sterlikova 207" disabled=\
- yes new-routing-mark=rt passthrough=yes src-address=10.1.2.124
- add action=mark-routing chain=prerouting comment="Nadejda 210" disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.127
- add action=mark-routing chain=prerouting comment=otdelkadrov disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.152
- add action=mark-routing chain=prerouting comment=kolev disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.9
- add action=mark-routing chain=prerouting comment=economist disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.2.51
- add action=mark-routing chain=prerouting comment=Tarazanova disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.101
- add action=mark-routing chain=prerouting comment=kramareva disabled=yes \
- new-routing-mark=global63 passthrough=yes src-address=10.1.1.148
- add action=mark-routing chain=prerouting comment="sasha pr" disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.77
- add action=mark-routing chain=prerouting comment=director disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.6.105
- add action=mark-routing chain=prerouting comment=stas disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.2.25
- add action=mark-routing chain=prerouting comment=arch2 disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.25
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=yes src-address=10.1.1.75
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=yes src-address=10.1.2.92
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=yes src-address=10.1.1.141
- add action=mark-routing chain=prerouting comment=urist disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.157
- add action=mark-routing chain=prerouting comment=kassa disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.13
- add action=mark-routing chain=prerouting comment=dmitrieva disabled=yes \
- new-routing-mark=rt passthrough=yes src-address=10.1.1.123
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
- passthrough=yes src-address=10.1.6.105
- /ip firewall nat
- add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
- 80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
- add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
- dst-port=80 out-interface=sfp5 protocol=tcp src-address=10.1.0.0/16
- add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
- dst-port=80 protocol=tcp src-address=10.1.0.0/16
- add action=dst-nat chain=dstnat disabled=yes dst-address=80.252.24.172 \
- dst-port=80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
- add action=masquerade chain=srcnat disabled=yes src-address=172.16.0.0/24
- add action=masquerade chain=srcnat disabled=yes out-interface=df-alabin
- add action=dst-nat chain=dstnat comment="RN VPN" dst-address=80.252.25.16 \
- dst-port=443 protocol=tcp to-addresses=10.1.1.1 to-ports=443
- add action=dst-nat chain=dstnat disabled=yes dst-address=80.252.24.172 \
- dst-port=80 protocol=tcp to-addresses=10.1.10.100
- add action=masquerade chain=srcnat disabled=yes dst-address=80.252.24.172 \
- dst-port=80 protocol=tcp src-address=10.1.0.0/16
- add action=dst-nat chain=dstnat comment=HAIRPIN dst-address=80.252.24.172 \
- dst-port=80 in-interface=eoip-lan protocol=tcp to-addresses=10.1.10.100
- add action=masquerade chain=srcnat dst-address=80.252.24.172 dst-port=80 \
- protocol=tcp src-address=10.0.0.0/16
- add action=masquerade chain=srcnat comment=White_list out-interface=sfp2 \
- src-address-list=!netmap_ip
- add action=netmap chain=srcnat comment=Gameclodo src-address=10.1.20.106 \
- to-addresses=80.252.25.22
- add action=netmap chain=dstnat dst-address=80.252.25.22 to-addresses=\
- 10.1.20.106
- add action=netmap chain=srcnat comment="10.1.3.119 - ryzen1500x" disabled=yes \
- src-address=10.1.3.119 to-addresses=80.252.25.20
- add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.20 \
- to-addresses=10.1.3.119
- add action=netmap chain=srcnat comment="Golos razuma" disabled=yes \
- src-address=10.1.20.253 to-addresses=80.252.25.17
- add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.17 \
- to-addresses=10.1.20.253
- add action=netmap chain=srcnat comment=kuba4 src-address=10.1.8.200 \
- to-addresses=80.252.25.18
- add action=netmap chain=dstnat dst-address=80.252.25.18 to-addresses=\
- 10.1.8.200
- add action=netmap chain=srcnat comment="kuba4 test vm admin" src-address=\
- 10.1.9.100 to-addresses=80.252.25.19
- add action=netmap chain=dstnat dst-address=80.252.25.19 to-addresses=\
- 10.1.9.100
- add action=netmap chain=srcnat comment="Server C" disabled=yes src-address=\
- 10.1.2.118 to-addresses=80.252.25.19
- add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.19 \
- to-addresses=10.1.2.118
- add action=netmap chain=srcnat disabled=yes src-address=10.1.1.9 \
- to-addresses=80.252.25.20
- add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.20 \
- to-addresses=10.1.1.9
- add action=dst-nat chain=dstnat disabled=yes dst-address=85.112.39.102 \
- dst-address-type=local dst-port=80 protocol=tcp to-addresses=10.1.10.100 \
- to-ports=80
- add action=masquerade chain=srcnat comment="2 NAT" out-interface=sfp1
- add action=masquerade chain=srcnat out-interface=sfp2
- add action=masquerade chain=srcnat disabled=yes out-interface=!sfp5 \
- to-addresses=0.0.0.0
- add action=dst-nat chain=dstnat disabled=yes dst-address=85.112.39.102 \
- dst-port=80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
- add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
- 80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
- add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
- dst-port=80 out-interface=sfp5 protocol=tcp src-address=85.112.39.102
- add action=dst-nat chain=dstnat comment=stratum dst-port=9982 in-interface=\
- sfp2 protocol=tcp to-addresses=10.1.3.28 to-ports=9982
- add action=dst-nat chain=dstnat dst-port=53322 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.3.28 to-ports=22
- add action=dst-nat chain=dstnat dst-port=8081 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.3.28 to-ports=80
- add action=dst-nat chain=dstnat dst-port=3333 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.3.28 to-ports=3333
- add action=dst-nat chain=dstnat comment=winbox dst-port=8291 in-interface=\
- sfp1 protocol=tcp to-addresses=10.1.1.1 to-ports=8291
- add action=dst-nat chain=dstnat dst-port=5060 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.7.1 to-ports=5060
- add action=dst-nat chain=dstnat dst-port=5061 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.7.1 to-ports=5061
- add action=dst-nat chain=dstnat dst-port=5060-5061 in-interface=sfp1 \
- protocol=udp to-addresses=10.1.7.1 to-ports=5060-5061
- add action=dst-nat chain=dstnat comment="to broadcast WOL" dst-port=4321 \
- in-interface=sfp1 protocol=udp to-addresses=10.1.1.153 to-ports=9
- add action=dst-nat chain=dstnat comment=bserver dst-port=53389 in-interface=\
- sfp2 protocol=tcp to-addresses=10.1.1.2 to-ports=3389
- add action=dst-nat chain=dstnat comment=Server-D disabled=yes dst-port=53390 \
- in-interface=sfp2 protocol=tcp to-addresses=10.1.20.252 to-ports=3389
- add action=dst-nat chain=dstnat comment="kamis-catalog rdp" dst-port=53402 \
- in-interface=sfp1 protocol=tcp to-addresses=10.1.1.3 to-ports=3389
- add action=dst-nat chain=dstnat comment=KAMIS dst-port=1521 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.2 to-ports=1521
- add action=dst-nat chain=dstnat dst-port=1521 in-interface=sfp1 protocol=udp \
- to-addresses=10.1.1.2 to-ports=1521
- # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
- add action=dst-nat chain=dstnat comment=NFS dst-port=2049 in-interface=sfp5 \
- protocol=udp to-addresses=10.1.1.247 to-ports=2049
- # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
- add action=dst-nat chain=dstnat dst-port=111 in-interface=sfp5 protocol=tcp \
- to-addresses=10.1.1.247 to-ports=111
- # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
- add action=dst-nat chain=dstnat dst-port=32765-32770 in-interface=sfp5 \
- protocol=tcp to-addresses=10.1.1.247 to-ports=32765-32770
- # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
- add action=dst-nat chain=dstnat dst-port=32765-32770 in-interface=sfp5 \
- protocol=udp to-addresses=10.1.1.247 to-ports=32765-32770
- add action=dst-nat chain=dstnat comment="Synology DAV" disabled=yes dst-port=\
- 5005-5006 in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 \
- to-ports=5005-5006
- add action=dst-nat chain=dstnat comment="DRV SRV video3" dst-port=5556 \
- in-interface=sfp1 protocol=tcp to-addresses=192.168.0.23 to-ports=5556
- add action=dst-nat chain=dstnat dst-port=5556 in-interface=sfp1 protocol=udp \
- to-addresses=192.168.0.23 to-ports=5556
- add action=dst-nat chain=dstnat comment=video2 dst-port=5557 in-interface=\
- sfp1 protocol=tcp to-addresses=192.168.0.25 to-ports=5557
- add action=dst-nat chain=dstnat dst-port=5557 in-interface=sfp1 protocol=udp \
- to-addresses=192.168.0.25 to-ports=5557
- add action=dst-nat chain=dstnat comment=video1 dst-port=5558 in-interface=\
- sfp1 protocol=tcp to-addresses=192.168.0.21 to-ports=5558
- add action=dst-nat chain=dstnat dst-port=5558 in-interface=sfp1 protocol=udp \
- to-addresses=192.168.0.21 to-ports=5558
- add action=dst-nat chain=dstnat comment="Matveev PC" disabled=yes dst-port=\
- 53393 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.153 to-ports=\
- 3389
- add action=dst-nat chain=dstnat comment=Server-C disabled=yes dst-port=53392 \
- in-interface=sfp2 protocol=tcp to-addresses=10.1.1.22 to-ports=3389
- add action=dst-nat chain=dstnat comment=MatveevRDP dst-port=53394 \
- in-interface=sfp2 protocol=tcp to-addresses=10.1.20.251 to-ports=3389
- add action=dst-nat chain=dstnat comment=AkulovaRDP disabled=yes dst-port=\
- 53395 in-interface=sfp2 protocol=tcp to-addresses=10.1.20.253 to-ports=\
- 3389
- add action=dst-nat chain=dstnat disabled=yes dst-port=55002 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.252 to-ports=3389
- add action=dst-nat chain=dstnat comment=VoIP disabled=yes dst-port=9000-9499 \
- in-interface=sfp1 protocol=tcp to-addresses=10.1.7.1 to-ports=9000-9499
- add action=dst-nat chain=dstnat disabled=yes dst-port=9000-9255 in-interface=\
- sfp1 protocol=udp to-addresses=10.1.7.1 to-ports=9000-9255
- add action=dst-nat chain=dstnat disabled=yes dst-port=5090 in-interface=sfp1 \
- protocol=udp to-addresses=10.1.7.1 to-ports=5090
- add action=dst-nat chain=dstnat disabled=yes dst-port=9500 in-interface=sfp1 \
- protocol=udp to-addresses=10.1.7.1 to-ports=9500
- add action=dst-nat chain=dstnat comment=WEB dst-port=80 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.10.100 to-ports=80
- add action=dst-nat chain=dstnat dst-port=1500 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=1500
- add action=dst-nat chain=dstnat dst-port=443 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=443
- add action=dst-nat chain=dstnat dst-port=35000 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=35000
- add action=dst-nat chain=dstnat dst-port=10349 in-interface=sfp1 protocol=udp \
- to-addresses=10.1.10.100 to-ports=10349
- add action=dst-nat chain=dstnat dst-port=25 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=25
- add action=dst-nat chain=dstnat dst-port=110 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=110
- add action=dst-nat chain=dstnat dst-port=53 in-interface=sfp2 protocol=udp \
- to-addresses=10.1.10.100 to-ports=53
- add action=dst-nat chain=dstnat dst-port=53 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=53
- add action=dst-nat chain=dstnat dst-port=143 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=143
- add action=dst-nat chain=dstnat dst-port=143 in-interface=sfp2 protocol=udp \
- to-addresses=10.1.10.100 to-ports=143
- add action=dst-nat chain=dstnat dst-port=587 in-interface=sfp2 protocol=udp \
- to-addresses=10.1.10.100 to-ports=587
- add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.1.157 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=27151 in-interface=sfp1 protocol=udp \
- to-addresses=10.1.20.105 to-ports=27151
- add action=dst-nat chain=dstnat dst-port=27150 in-interface=sfp1 protocol=udp \
- to-addresses=10.1.20.105 to-ports=27150
- add action=dst-nat chain=dstnat dst-port=27100-27199 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.20.105 to-ports=27100-27199
- add action=dst-nat chain=dstnat dst-port=27100-27199 in-interface=sfp2 \
- protocol=udp to-addresses=10.1.20.105 to-ports=27100-27199
- add action=dst-nat chain=dstnat dst-port=83 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.105 to-ports=80
- add action=dst-nat chain=dstnat dst-port=53306 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.105 to-ports=3306
- add action=dst-nat chain=dstnat dst-port=2123 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.252 to-ports=21
- add action=dst-nat chain=dstnat comment="vm-stashenkov RDP" disabled=yes \
- dst-port=53401 in-interface=sfp2 protocol=tcp to-addresses=10.1.2.141 \
- to-ports=3389
- add action=dst-nat chain=dstnat comment=Kolev disabled=yes dst-port=5901 \
- in-interface=sfp2 protocol=tcp to-addresses=10.1.1.9 to-ports=3389
- add action=dst-nat chain=dstnat comment="Kolev RDP" disabled=yes dst-port=\
- 33389 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.9 to-ports=3389
- add action=dst-nat chain=dstnat comment=KARCHAGINA disabled=yes dst-port=\
- 53397 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.240 to-ports=\
- 3389
- add action=dst-nat chain=dstnat comment="Loseva 220" disabled=yes dst-port=\
- 53398 in-interface=sfp1 protocol=tcp to-addresses=10.1.1.81 to-ports=3389
- add action=dst-nat chain=dstnat comment=Gameclodo dst-port=27200-27300 \
- in-interface=sfp2 protocol=udp to-addresses=10.1.20.106 to-ports=\
- 27200-27300
- add action=dst-nat chain=dstnat dst-port=27200-27300 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.20.106 to-ports=27200-27300
- add action=dst-nat chain=dstnat dst-port=22 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=22
- add action=dst-nat chain=dstnat dst-port=2128 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.20.106 to-ports=21
- add action=dst-nat chain=dstnat comment=DF dst-port=27015 in-interface=sfp2 \
- protocol=udp to-addresses=10.1.8.107 to-ports=27015
- add action=dst-nat chain=dstnat dst-port=3306 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=3306
- add action=dst-nat chain=dstnat comment=dkvm1 dst-port=8080 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.20.100 to-ports=8080
- add action=dst-nat chain=dstnat disabled=yes dst-port=59222 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.247 to-ports=22
- add action=dst-nat chain=dstnat comment="dedic1 XCP" disabled=yes dst-port=\
- 5900-5910 in-interface=sfp1 protocol=tcp to-addresses=192.168.0.33 \
- to-ports=5900-5910
- add action=dst-nat chain=dstnat disabled=yes dst-port=59223 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.20.250 to-ports=22
- add action=dst-nat chain=dstnat comment="dedic2 XCP" disabled=yes dst-port=\
- 55443 in-interface=sfp1 protocol=tcp to-addresses=10.1.20.251 to-ports=\
- 443
- add action=dst-nat chain=dstnat comment=NAS disabled=yes dst-port=8082 \
- in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 to-ports=22
- add action=dst-nat chain=dstnat disabled=yes dst-port=5000 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.1.247 to-ports=5000
- add action=dst-nat chain=dstnat disabled=yes dst-port=5002 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.249 to-ports=80
- add action=dst-nat chain=dstnat disabled=yes dst-port=55000 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.247 to-ports=5000
- add action=dst-nat chain=dstnat disabled=yes dst-port=55001 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.248 to-ports=5000
- add action=dst-nat chain=dstnat comment="27051. 27.08.2015" disabled=yes \
- dst-port=54422 in-interface=sfp2 protocol=tcp to-addresses=10.1.20.52 \
- to-ports=22
- add action=dst-nat chain=dstnat disabled=yes dst-port=27500-27549 \
- in-interface=sfp2 protocol=udp to-addresses=10.1.20.52 to-ports=\
- 27500-27549
- add action=dst-nat chain=dstnat disabled=yes dst-port=27500-27549 \
- in-interface=sfp2 protocol=tcp to-addresses=10.1.20.52 to-ports=\
- 27500-27549
- add action=dst-nat chain=dstnat disabled=yes dst-port=54421 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.20.52 to-ports=21
- add action=dst-nat chain=dstnat disabled=yes dst-port=27777 in-interface=sfp2 \
- protocol=udp to-addresses=10.1.20.52 to-ports=27777
- add action=dst-nat chain=dstnat disabled=yes dst-port=27555 in-interface=sfp2 \
- protocol=udp to-addresses=10.1.20.52 to-ports=27555
- add action=dst-nat chain=dstnat disabled=yes dst-port=27444 in-interface=sfp2 \
- protocol=udp to-addresses=10.1.20.52 to-ports=27444
- add action=dst-nat chain=dstnat comment=Synology disabled=yes dst-port=5001 \
- in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 to-ports=80
- add action=dst-nat chain=dstnat disabled=yes dst-port=5003 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.6 to-ports=5903
- add action=dst-nat chain=dstnat comment=vm1 dst-port=55522 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.1.251 to-ports=22
- add action=dst-nat chain=dstnat dst-port=27100-27149 in-interface=sfp1 \
- protocol=udp to-addresses=10.1.10.51 to-ports=27100-27149
- add action=dst-nat chain=dstnat dst-port=55900 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.10.51 to-ports=5900
- add action=dst-nat chain=dstnat dst-port=2125 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.20.106 to-ports=21
- add action=dst-nat chain=dstnat dst-port=52000-52100 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.20.12 to-ports=52000-52100
- add action=dst-nat chain=dstnat dst-port=8083 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.33 to-ports=80
- add action=dst-nat chain=dstnat comment=ftp_server-d disabled=yes dst-port=\
- 52101-52200 in-interface=sfp1 protocol=tcp to-addresses=10.1.20.252 \
- to-ports=52101-52200
- add action=dst-nat chain=dstnat disabled=yes dst-port=24 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.20.252 to-ports=21
- add action=dst-nat chain=dstnat comment=GameHost dst-port=2121 in-interface=\
- sfp2 protocol=tcp to-addresses=10.1.20.11 to-ports=2121
- add action=dst-nat chain=dstnat dst-port=8081 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.20.106 to-ports=80
- add action=dst-nat chain=dstnat dst-port=50000-50100 in-interface=sfp1 \
- protocol=tcp to-addresses=10.1.20.11 to-ports=50000-50100
- add action=dst-nat chain=dstnat dst-port=27021 in-interface=sfp1 protocol=udp \
- to-addresses=10.1.20.11 to-ports=27021
- add action=dst-nat chain=dstnat dst-port=27015 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.8.107 to-ports=27015
- add action=dst-nat chain=dstnat dst-port=81 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.1.1 to-ports=80
- add action=dst-nat chain=dstnat dst-port=82 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.100 to-ports=80
- add action=dst-nat chain=dstnat dst-port=1968 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.20.252 to-ports=1968
- add action=dst-nat chain=dstnat dst-port=53396 in-interface=sfp1 protocol=tcp \
- to-addresses=192.168.0.77 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=27016-27020 in-interface=sfp1 \
- protocol=udp to-addresses=10.1.20.11 to-ports=27016-27020
- add action=dst-nat chain=dstnat dst-port=53399 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.2.66 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=23 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=22
- add action=dst-nat chain=dstnat dst-port=21 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.10.100 to-ports=21
- add action=dst-nat chain=dstnat disabled=yes dst-port=3307 in-interface=sfp2 \
- protocol=tcp to-addresses=10.1.10.100 to-ports=3306
- add action=dst-nat chain=dstnat dst-port=84 in-interface=sfp1 protocol=tcp \
- to-addresses=10.1.2.10 to-ports=80
- add action=dst-nat chain=dstnat dst-port=53400 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.20.5 to-ports=3389
- add action=dst-nat chain=dstnat dst-port=9000 in-interface=sfp2 protocol=tcp \
- to-addresses=10.1.2.145 to-ports=9000
- /ip ipsec peer
- add dh-group=modp1024 disabled=yes exchange-mode=main-l2tp generate-policy=\
- port-override secret=test
- /ip ipsec policy
- set 0 disabled=yes
- /ip proxy
- set max-cache-size=none parent-proxy=0.0.0.0 port=8000
- /ip route
- add distance=1 gateway=85.112.39.101 routing-mark=rt
- add disabled=yes distance=1 dst-address=10.1.0.0/16 gateway=sfp5 pref-src=\
- 10.1.1.1 routing-mark=rt
- add distance=1 gateway=80.252.24.129 routing-mark=global63
- add distance=1 gateway=80.252.24.129
- add disabled=yes distance=1 gateway=85.112.39.101
- add distance=1 dst-address=8.8.4.4/32 gateway=80.252.24.129
- add distance=1 dst-address=8.8.8.8/32 gateway=85.112.39.101
- add distance=1 dst-address=85.113.39.168/32 gateway=80.252.24.129
- add distance=1 dst-address=192.168.0.0/24 gateway=eoip-lan
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ip socks
- set port=4145
- /ip traffic-flow
- set cache-entries=4k enabled=yes
- /lcd
- set default-screen=stats
- /radius
- add address=10.2.1.1 disabled=yes secret=12345678 service=hotspot,wireless
- /radius incoming
- set accept=yes
- /snmp
- set enabled=yes
- /system clock
- set time-zone-name=Europe/Samara
- /system identity
- set name=gw2-alabin
- /system ntp client
- set enabled=yes primary-ntp=31.28.25.35 secondary-ntp=195.3.254.2
- /system routerboard settings
- set silent-boot=no
- /system scheduler
- /system upgrade mirror
- set enabled=yes
- /system watchdog
- set automatic-supout=no watchdog-timer=no
- /tool bandwidth-server
- set authenticate=no enabled=no
- /tool graphing interface
- add
- /tool graphing queue
- add
- /tool graphing resource
- add
- /tool netwatch
- add down-script="/ip route disable [find dst-address=0.0.0.0/0 and gateway=80.\
- 252.24.129 and !routing-mark~\"\"];\r\
- \n\r\
- \n/ip route enable [find dst-address=0.0.0.0/0 and gateway=85.112.39.101 a\
- nd !routing-mark~\"\"];" host=8.8.4.4 interval=5s up-script="/ip route ena\
- ble [find dst-address=0.0.0.0/0 and gateway=80.252.24.129 and !routing-mar\
- k~\"\"];\r\
- \n\r\
- \n/ip route disable [find dst-address=0.0.0.0/0 and gateway=85.112.39.101 \
- and !routing-mark~\"\"];"
- add disabled=yes down-script="/ip route enable [find dst-address=0.0.0.0/0 and\
- \_gateway=85.112.39.102 and !routing-mark~\"\"];" host=8.8.8.8 interval=\
- 5s up-script="/ip route disable [find dst-address=0.0.0.0/0 and gateway=85\
- .112.39.102 and !routing-mark~\"\"];"
- /tool sniffer
- set filter-stream=yes
- /tool user-manager database
- set db-path=user-manager
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement