API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 8th, 2018
479
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.51 KB | None | 0 0
raw download clone embed print report
  1. # nov/08/2018 18:05:44 by RouterOS 6.42.6
  2. # software id = P703-JFHM
  3. #
  4. # model = CCR1016-12S-1S+
  5. # serial number = 58A1042470D9
  6. /interface bridge
  7. add fast-forward=no name=OVPN_bridge
  8. add fast-forward=no name=eoip-lan
  9. /interface ethernet
  10. set [ find default-name=sfp1 ] comment=RT
  11. set [ find default-name=sfp2 ] comment=Global63
  12. set [ find default-name=sfp5 ] comment="LOCAL NAT"
  13. /interface pptp-client
  14. add allow=mschap2 connect-to=85.113.39.168 disabled=no name=df-alabin \
  15. password= user=
  16. /interface eoip
  17. add mac-address=FE:68:17:1E:19:BF name=eoiptunnel remote-address=172.16.0.2 \
  18. tunnel-id=101
  19. /interface wireless security-profiles
  20. set [ find default=yes ] supplicant-identity=gw2-alabin
  21. /ip ipsec proposal
  22. set [ find default=yes ] disabled=yes pfs-group=none
  23. /ip pool
  24. add name=dhcp-pool-1 ranges=10.1.1.230-10.1.1.255
  25. add name=wifi-pool ranges=10.1.2.50-10.1.4.250
  26. add name=vpn-pool ranges=172.16.0.2-172.16.0.150
  27. add name=OVPN_srv_pool ranges=192.168.100.1-192.168.100.250
  28. /ip dhcp-server
  29. add address-pool=wifi-pool authoritative=after-2sec-delay disabled=no \
  30. interface=eoip-lan lease-time=3d6h name=dhcp1
  31. /ipv6 dhcp-server
  32. add address-pool=/port interface=sfp5 name=server1
  33. /ppp profile
  34. add change-tcp-mss=yes dns-server=172.16.0.150 local-address=172.16.0.150 \
  35. name=vpn only-one=no rate-limit=1M/10M remote-address=vpn-pool \
  36. use-compression=no use-encryption=yes use-mpls=no use-upnp=no
  37. add local-address=192.168.100.1 name=OVPN_server remote-address=OVPN_srv_pool
  38. set *FFFFFFFE dns-server=10.1.1.1,8.8.8.8 local-address=172.16.0.1 \
  39. remote-address=vpn-pool
  40. /queue simple
  41. add burst-limit=3M/3M burst-time=15s/15s disabled=yes max-limit=2M/2M name=\
  42. kassa queue=default-small/default target=10.1.5.101/32 total-queue=\
  43. default
  44. add burst-limit=20M/20M burst-time=15s/15s disabled=yes max-limit=10M/10M \
  45. name=buh queue=default/default target="10.1.1.22/32,10.1.1.122/32,10.1.1.2\
  46. 0/32,10.1.1.21/32,10.1.2.124/32,10.1.1.123/32,10.1.1.158/32" total-queue=\
  47. default
  48. add burst-time=15s/15s disabled=yes name=director queue=default/default \
  49. target=10.1.6.105/32 total-queue=default
  50. add disabled=yes name=servers queue=default/default target=\
  51. 10.1.10.0/24,10.1.20.0/24,10.1.1.2/32,10.1.1.5/32,10.1.5.0/24 \
  52. total-queue=default
  53. add disabled=yes name=Kolev queue=default/default target=\
  54. 10.1.1.8/32,10.1.1.9/32 total-queue=default
  55. add disabled=yes name=10.1.2.139 queue=default/default target=10.1.2.139/32 \
  56. total-queue=default
  57. add disabled=yes name=temp queue=default/default target=\
  58. 10.1.6.150/32,10.1.6.151/32 total-queue=default
  59. add disabled=yes name=Admin queue=default/default target=10.1.1.4/32 \
  60. total-queue=default
  61. add disabled=yes name=DF queue=default/default target=\
  62. 10.1.1.153/32,10.1.20.153/32 total-queue=default
  63. add disabled=yes max-limit=128k/128k name=vk queue=default/default target=\
  64. 87.240.128.0/18,93.186.224.0/21,93.186.232.0/21,95.142.192.0/20 \
  65. total-queue=default
  66. add disabled=yes name=voip queue=default/default target=10.1.7.1/32 \
  67. total-queue=default
  68. add disabled=yes name=Xbox queue=default/default target=10.1.2.150/32 \
  69. total-queue=default
  70. add disabled=yes limit-at=9M/9M max-limit=10M/10M name=NAS queue=\
  71. default/default target=10.1.1.247/32,10.1.1.248/32 total-queue=default
  72. add burst-limit=1M/1M burst-time=15s/15s disabled=yes max-limit=1M/1M name=\
  73. econom1 queue=default/default target=10.1.2.51/32 total-queue=default
  74. add burst-limit=3M/3M burst-time=5s/5s disabled=yes max-limit=2M/2M name=\
  75. sekretar queue=default/default target=10.1.1.49/32 total-queue=default
  76. add burst-limit=2M/2M burst-time=15s/15s disabled=yes max-limit=1M/1M name=\
  77. urist queue=default/default target=10.1.1.157/32,10.1.2.25/32 \
  78. total-queue=default
  79. add disabled=yes max-limit=5M/5M name=others queue=default/default target=\
  80. 10.1.1.145/32 total-queue=default
  81. add disabled=yes dst=sfp2 max-limit=1M/1M name=alluser>eth7 queue=\
  82. default/default target=10.1.0.0/16 total-queue=default
  83. /snmp community
  84. set [ find default=yes ] addresses=0.0.0.0/0
  85. /system logging action
  86. set 0 memory-lines=100
  87. set 1 disk-lines-per-file=100
  88. /tool user-manager customer
  89. set admin access=\
  90. own-routers,own-users,own-profiles,own-limits,config-payment-gw
  91. /interface bridge port
  92. add bridge=eoip-lan hw=no interface=sfp5
  93. add bridge=eoip-lan interface=eoiptunnel
  94. add bridge=eoip-lan hw=no interface=sfp12
  95. add bridge=eoip-lan hw=no interface=sfp11
  96. /interface bridge settings
  97. set use-ip-firewall=yes
  98. /ipv6 settings
  99. set max-neighbor-entries=1024
  100. /interface l2tp-server server
  101. set max-mru=1460 max-mtu=1460
  102. /interface ovpn-server server
  103. set auth=sha1 certificate=test-srv-OVPN cipher=blowfish128 default-profile=\
  104. OVPN_server keepalive-timeout=disabled port=443 \
  105. require-client-certificate=yes
  106. /interface pptp-server server
  107. set max-mru=1460 max-mtu=1460
  108. /ip address
  109. add address=85.112.39.102/30 interface=sfp1 network=85.112.39.100
  110. add address=10.1.1.1/16 interface=sfp5 network=10.1.0.0
  111. add address=10.1.20.1/16 interface=sfp5 network=10.1.0.0
  112. add address=80.252.24.172/26 interface=sfp2 network=80.252.24.128
  113. add address=80.252.25.16/29 interface=sfp5 network=80.252.25.16
  114. add address=80.252.25.17/29 interface=sfp5 network=80.252.25.16
  115. add address=80.252.25.18/29 interface=sfp2 network=80.252.25.16
  116. add address=80.252.25.23/29 interface=sfp2 network=80.252.25.16
  117. add address=10.1.19.1/24 interface=sfp5 network=10.1.19.0
  118. add address=192.168.0.111 disabled=yes interface=sfp5 network=192.168.0.0
  119. add address=192.168.0.111 interface=sfp5 network=192.168.0.111
  120. add address=10.2.1.1/16 interface=sfp12 network=10.2.0.0
  121. add address=10.1.9.1/24 interface=sfp5 network=10.1.9.0
  122. add address=192.168.8.1/24 interface=sfp5 network=192.168.8.0
  123. add address=80.252.25.19/29 interface=sfp5 network=80.252.25.16
  124. add address=80.252.25.20/29 interface=sfp5 network=80.252.25.16
  125. add address=7.143.107.1/24 disabled=yes interface=sfp5 network=7.143.107.0
  126. add address=192.168.88.99/24 interface=sfp12 network=192.168.88.0
  127. /ip arp
  128. add address=10.1.1.153 interface=sfp5 mac-address=90:2B:34:03:37:FD
  129. add address=10.1.1.152 interface=sfp5 mac-address=D4:3D:7E:B8:17:96
  130. add address=10.1.1.123 interface=sfp5 mac-address=D4:3D:7E:4B:00:01
  131. add address=10.1.1.9 interface=sfp5 mac-address=D4:3D:7E:4A:FF:7C
  132. add address=10.1.6.101 interface=sfp5 mac-address=D4:3D:7E:4A:FF:7F
  133. add address=10.1.6.102 interface=sfp5 mac-address=D4:3D:7E:4B:04:12
  134. add address=10.1.6.103 interface=sfp5 mac-address=D4:3D:7E:B8:14:DA
  135. add address=10.1.1.77 interface=sfp5 mac-address=50:E5:49:51:4F:4A
  136. add address=10.1.1.151 interface=sfp5 mac-address=D4:3D:7E:4B:04:12
  137. /ip dhcp-server lease
  138. add address=10.1.2.66 always-broadcast=yes client-id=1:0:15:5d:14:fc:1d \
  139. comment=Guseva_server mac-address=00:15:5D:14:FC:1D server=dhcp1
  140. add address=10.1.2.148 client-id=1:64:51:6:23:ad:58 comment="PRNTR 201" \
  141. mac-address=64:51:06:23:AD:58 server=dhcp1
  142. add address=10.1.2.145 always-broadcast=yes comment=IPKVM mac-address=\
  143. 00:10:74:61:34:FA server=dhcp1
  144. add address=10.1.2.147 client-id=1:0:15:5d:14:fc:23 comment=term3 \
  145. mac-address=00:15:5D:14:FC:23 server=dhcp1
  146. add address=10.1.2.89 client-id=1:0:15:5d:14:fc:27 comment=ArinaGuseva_vm \
  147. mac-address=00:15:5D:14:FC:27 server=dhcp1
  148. add address=10.1.2.130 always-broadcast=yes client-id=1:64:51:6:23:ad:56 \
  149. comment="Printer HP new bolshoy" mac-address=64:51:06:23:AD:56 server=\
  150. dhcp1
  151. add address=10.1.2.133 client-id=1:0:15:5d:14:fc:29 comment=\
  152. term4_lavrentiev_comp mac-address=00:15:5D:14:FC:29 server=dhcp1
  153. add address=10.1.2.149 comment=Bahareva_term4+printer mac-address=\
  154. 00:0F:EA:4F:DE:45 server=dhcp1
  155. add address=10.1.2.106 client-id=1:0:15:5d:14:fc:2a comment=\
  156. vm_proverka1_steklo mac-address=00:15:5D:14:FC:2A server=dhcp1
  157. add address=10.1.2.131 comment=Guseva_terminal mac-address=00:11:5B:A3:8D:F8 \
  158. server=dhcp1
  159. add address=10.1.2.58 client-id=1:74:d4:35:7d:be:a2 mac-address=\
  160. 74:D4:35:7D:BE:A2 server=dhcp1
  161. add address=10.1.2.78 always-broadcast=yes comment=dim_217_thin mac-address=\
  162. 00:01:6C:27:06:15 server=dhcp1
  163. add address=10.1.2.143 comment=term_DIATIAN_COMP mac-address=\
  164. 00:16:76:69:50:B4 server=dhcp1
  165. add address=10.1.2.83 always-broadcast=yes comment=term5 mac-address=\
  166. 00:0F:EA:12:B2:8B server=dhcp1
  167. add address=10.1.2.96 client-id=1:3c:4a:92:4a:56:18 comment="HP 7500A 235" \
  168. mac-address=3C:4A:92:4A:56:18 server=dhcp1
  169. add address=10.1.2.63 always-broadcast=yes client-id=1:20:10:7a:99:59:59 \
  170. mac-address=20:10:7A:99:59:59 server=dhcp1
  171. add address=10.1.2.124 client-id=1:fc:aa:14:88:db:77 mac-address=\
  172. FC:AA:14:88:DB:77 server=dhcp1
  173. add address=10.1.2.128 client-id=1:0:15:5d:14:fc:2e comment=\
  174. proverka-25-09-2015 mac-address=00:15:5D:14:FC:2E server=dhcp1
  175. add address=10.1.2.110 always-broadcast=yes comment=thin_general-engineer \
  176. mac-address=00:1E:90:F1:4A:40 server=dhcp1
  177. add address=10.1.2.85 always-broadcast=yes client-id=1:0:15:5d:14:fc:37 \
  178. comment=lavrentiev_vm mac-address=00:15:5D:14:FC:37 server=dhcp1
  179. add address=10.1.2.150 client-id=1:b4:ae:2b:18:8d:ba comment=Xbox \
  180. mac-address=B4:AE:2B:18:8D:BA server=dhcp1
  181. add address=10.1.2.144 client-id=1:0:15:5d:14:fc:2b comment=vm_dim_217 \
  182. mac-address=00:15:5D:14:FC:2B server=dhcp1
  183. add address=10.1.2.140 client-id=1:0:15:5d:14:fc:41 comment=vm_inform_centr \
  184. mac-address=00:15:5D:14:FC:41 server=dhcp1
  185. add address=10.1.2.141 client-id=1:0:15:5d:14:fc:43 comment=vm_stashenkov \
  186. mac-address=00:15:5D:14:FC:43 server=dhcp1
  187. add address=10.1.2.136 client-id=1:0:15:5d:14:fc:44 comment=vm_215_sky \
  188. mac-address=00:15:5D:14:FC:44 server=dhcp1
  189. add address=10.1.2.115 comment=thin_infocenter2_usilit mac-address=\
  190. 00:19:D1:12:83:C3 server=dhcp1
  191. add address=10.1.2.121 client-id=1:0:15:5d:14:fc:47 comment=\
  192. vm_thin_infocenter2 mac-address=00:15:5D:14:FC:47 server=dhcp1
  193. add address=10.1.2.112 always-broadcast=yes comment=thin_pr1_jenia \
  194. mac-address=00:13:8F:49:AA:C3 server=dhcp1
  195. add address=10.1.2.146 client-id=1:0:15:5d:14:fc:49 comment=vm_pr1_jenia \
  196. mac-address=00:15:5D:14:FC:49 server=dhcp1
  197. add address=10.1.2.138 client-id=1:0:15:5d:14:fc:4b comment=vm_buh215 \
  198. mac-address=00:15:5D:14:FC:4B server=dhcp1
  199. add address=10.1.2.127 client-id=1:6c:62:6d:e4:ea:9a comment=\
  200. "213room XP comp" mac-address=6C:62:6D:E4:EA:9A server=dhcp1
  201. add address=10.1.2.123 client-id=1:0:15:5d:14:fc:4d comment=vm_etno2 \
  202. mac-address=00:15:5D:14:FC:4D server=dhcp1
  203. add address=10.1.2.120 always-broadcast=yes comment=thin_etno2 mac-address=\
  204. 00:19:D1:88:AB:60 server=dhcp1
  205. add address=10.1.2.61 client-id=1:74:d4:35:93:a7:27 mac-address=\
  206. 74:D4:35:93:A7:27 server=dhcp1
  207. add address=10.1.2.82 client-id=1:0:15:17:19:47:f6 mac-address=\
  208. 00:15:17:19:47:F6 server=dhcp1
  209. add address=10.1.2.217 always-broadcast=yes client-id=1:50:e5:49:51:4f:4a \
  210. comment=PR_MARY mac-address=50:E5:49:51:4F:4A server=dhcp1
  211. add address=10.1.2.230 client-id=1:0:15:5d:e4:b2:b comment=vm_216_2 \
  212. mac-address=00:15:5D:E4:B2:0B server=dhcp1
  213. add address=10.1.2.231 comment=thin_216_2 mac-address=00:19:D1:25:3C:E4 \
  214. server=dhcp1
  215. add address=10.1.2.238 client-id=1:0:90:a9:96:9c:71 comment="WD LIVE" \
  216. mac-address=00:90:A9:96:9C:71 server=dhcp1
  217. add address=10.1.3.6 client-id=1:b8:27:eb:8:66:20 mac-address=\
  218. B8:27:EB:08:66:20 server=dhcp1
  219. add address=10.1.3.8 client-id=1:b8:27:eb:5d:33:75 mac-address=\
  220. B8:27:EB:5D:33:75 server=dhcp1
  221. add address=10.1.2.196 always-broadcast=yes client-id=1:0:16:76:25:2c:5a \
  222. comment=215-Ryzhova_thin_hardware mac-address=00:16:76:25:2C:5A server=\
  223. dhcp1
  224. add address=10.1.2.132 client-id=1:0:15:5d:14:fc:35 comment=massov_3_216 \
  225. mac-address=00:15:5D:14:FC:35 server=dhcp1
  226. add address=10.1.2.201 client-id=1:0:26:5a:32:70:c2 comment="Matveev DIR-300" \
  227. mac-address=00:26:5A:32:70:C2 server=dhcp1
  228. add address=10.1.3.41 client-id=1:0:17:6f:71:1d:bd comment=\
  229. "POS TERMINAL KASSA" mac-address=00:17:6F:71:1D:BD server=dhcp1
  230. add address=10.1.3.52 client-id=1:fc:75:16:c3:49:98 comment="wifi dap-2310" \
  231. mac-address=FC:75:16:C3:49:98 server=dhcp1
  232. /ip dhcp-server network
  233. add address=10.1.0.0/16 boot-file-name=5.4.36/wtware.pxe dns-server=\
  234. 10.1.1.252,10.1.1.1 domain=ALABIN gateway=10.1.1.1 netmask=16 \
  235. next-server=10.1.20.254
  236. /ip dns
  237. set max-udp-packet-size=512 servers=10.1.1.252
  238. /ip dns static
  239. add address=10.1.1.247 name=ddd.ru
  240. add address=10.1.1.247 name=ttsam.ru
  241. add address=10.1.10.100 name=lectory.alabin.ru
  242. add address=10.1.10.100 name=lectory2.alabin.ru
  243. add address=10.1.1.252 name=alabin.local
  244. add address=10.1.5.120 name=storenode1
  245. add address=10.1.1.1 name=route.alabin.ru
  246. add address=10.1.10.100 name=blank.alabin.ru
  247. add address=10.1.10.100 name=quest.alabin.ru
  248. add address=10.1.10.100 name=modern.alabin.ru
  249. add address=10.1.2.191 name=old.alabin.ru
  250. /ip firewall address-list
  251. add address=10.1.20.106 list=netmap_ip
  252. add address=10.1.20.251 list=netmap_ip
  253. add address=10.1.1.111 list=netmap_ip
  254. add address=10.1.1.153 list=netmap_ip
  255. add address=10.1.1.9 list=netmap_ip
  256. add address=10.1.20.253 list=netmap_ip
  257. add address=10.1.8.200 list=netmap_ip
  258. add address=10.1.2.118 list=netmap_ip
  259. add address=10.1.9.100 list=netmap_ip
  260. add address=10.1.10.100 list=netmap_ip
  261. add address=10.1.16.1 list=netmap_ip
  262. add address=10.1.3.97 list=netmap_ip
  263. /ip firewall filter
  264. add action=jump chain=forward comment="ddos protect" connection-state=new \
  265. disabled=yes jump-target=detect-ddos
  266. add action=return chain=detect-ddos disabled=yes dst-limit=\
  267. 32,32,src-and-dst-addresses/10s
  268. add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
  269. 5m chain=detect-ddos disabled=yes
  270. add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
  271. 10m chain=detect-ddos disabled=yes
  272. add action=drop chain=forward connection-state=new disabled=yes \
  273. dst-address-list=ddosed src-address-list=ddoser
  274. add action=jump chain=forward comment="SYN Flood protect" connection-state=\
  275. new disabled=yes jump-target=SYN-Protect protocol=tcp tcp-flags=syn
  276. add action=drop chain=SYN-Protect connection-state=new disabled=yes protocol=\
  277. tcp tcp-flags=syn
  278. add action=add-src-to-address-list address-list=blocked-addr \
  279. address-list-timeout=1d chain=input comment=limit connection-limit=25,32 \
  280. disabled=yes protocol=tcp
  281. add action=tarpit chain=input connection-limit=5,32 disabled=yes protocol=tcp \
  282. src-address-list=blocked-addr
  283. add action=add-src-to-address-list address-list="port scanners" \
  284. address-list-timeout=2d chain=input comment="Port scanners to list " \
  285. disabled=yes protocol=tcp psd=21,3s,3,1
  286. add action=add-src-to-address-list address-list="port scanners" \
  287. address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
  288. disabled=yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
  289. add action=add-src-to-address-list address-list="port scanners" \
  290. address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=yes \
  291. protocol=tcp tcp-flags=fin,syn
  292. add action=add-src-to-address-list address-list="port scanners" \
  293. address-list-timeout=2d chain=input comment="SYN/RST scan" disabled=yes \
  294. protocol=tcp tcp-flags=syn,rst
  295. add action=add-src-to-address-list address-list="port scanners" \
  296. address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
  297. yes protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
  298. add action=add-src-to-address-list address-list="port scanners" \
  299. address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=yes \
  300. protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
  301. add action=add-src-to-address-list address-list="port scanners" \
  302. address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=yes \
  303. protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
  304. add action=drop chain=input comment="dropping port scanners" disabled=yes \
  305. src-address-list="port scanners"
  306. add action=drop chain=input comment="Block hole Windows" dst-port=\
  307. 135,137-139,445,593,4444 protocol=tcp
  308. add action=drop chain=forward dst-port=135,137-139,445,593,4444 protocol=tcp
  309. add action=drop chain=input dst-port=135,137-139 protocol=udp
  310. add action=drop chain=forward dst-port=135,137-139 protocol=udp
  311. add action=drop chain=forward comment="Block Bogon IP Address" src-address=\
  312. 127.0.0.0/8
  313. add action=drop chain=forward dst-address=127.0.0.0/8
  314. add action=drop chain=forward src-address=224.0.0.0/3
  315. add action=drop chain=forward dst-address=224.0.0.0/3
  316. add action=drop chain=forward protocol=udp src-address=85.113.37.46
  317. add action=drop chain=forward src-address=80.252.18.3
  318. add action=drop chain=forward src-address=94.31.249.252
  319. add action=drop chain=forward src-address=95.84.201.119
  320. add action=drop chain=forward src-address=209.9.43.26
  321. add action=drop chain=forward comment=china src-address=27.152.0.0/13
  322. add action=drop chain=forward src-address=110.88.0.0/14
  323. add action=drop chain=forward src-address=110.80.0.0/13
  324. add action=drop chain=forward src-address=113.204.0.0/14
  325. add action=drop chain=forward src-address=113.204.0.0/14
  326. add action=drop chain=forward src-address=175.42.0.0/18
  327. add action=drop chain=forward src-address=50.7.136.130
  328. add action=drop chain=forward comment="USA DDOS" src-address=87.245.196.64/26
  329. add action=accept chain=forward
  330. /ip firewall mangle
  331. add action=change-mss chain=forward disabled=yes new-mss=1500 passthrough=no \
  332. protocol=tcp tcp-flags=syn tcp-mss=!0-1448
  333. add action=change-mss chain=postrouting comment="MSS TCP" new-mss=1360 \
  334. passthrough=yes protocol=tcp tcp-flags=syn
  335. add action=mark-connection chain=input dst-address=85.112.39.102 \
  336. in-interface=sfp1 new-connection-mark=rt passthrough=no
  337. add action=mark-routing chain=output connection-mark=rt new-routing-mark=rt \
  338. passthrough=no
  339. add action=mark-connection chain=input dst-address=80.252.24.172 \
  340. in-interface=sfp2 new-connection-mark=global63 passthrough=no
  341. add action=mark-routing chain=output connection-mark=global63 \
  342. new-routing-mark=global63 passthrough=no
  343. add action=mark-connection chain=prerouting disabled=yes in-interface=sfp1 \
  344. new-connection-mark=rt-con passthrough=yes
  345. add action=mark-connection chain=prerouting disabled=yes in-interface=sfp2 \
  346. new-connection-mark=global63-con passthrough=yes
  347. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  348. passthrough=yes src-address=10.1.1.153
  349. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=df \
  350. passthrough=yes src-address=10.1.8.107
  351. add action=mark-routing chain=prerouting new-routing-mark=global63 \
  352. passthrough=no src-address=10.1.10.100
  353. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  354. passthrough=no src-address=10.1.20.0/24
  355. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  356. passthrough=no src-address=10.1.10.0/24
  357. add action=mark-routing chain=prerouting comment="buh 207" disabled=yes \
  358. new-routing-mark=rt passthrough=yes src-address=10.1.1.20-10.1.1.22
  359. add action=mark-routing chain=prerouting comment=VoIp disabled=yes \
  360. new-routing-mark=rt passthrough=yes src-address=10.1.20.154
  361. add action=mark-routing chain=prerouting comment="sterlikova 207" disabled=\
  362. yes new-routing-mark=rt passthrough=yes src-address=10.1.2.124
  363. add action=mark-routing chain=prerouting comment="Nadejda 210" disabled=yes \
  364. new-routing-mark=rt passthrough=yes src-address=10.1.1.127
  365. add action=mark-routing chain=prerouting comment=otdelkadrov disabled=yes \
  366. new-routing-mark=rt passthrough=yes src-address=10.1.1.152
  367. add action=mark-routing chain=prerouting comment=kolev disabled=yes \
  368. new-routing-mark=rt passthrough=yes src-address=10.1.1.9
  369. add action=mark-routing chain=prerouting comment=economist disabled=yes \
  370. new-routing-mark=rt passthrough=yes src-address=10.1.2.51
  371. add action=mark-routing chain=prerouting comment=Tarazanova disabled=yes \
  372. new-routing-mark=rt passthrough=yes src-address=10.1.1.101
  373. add action=mark-routing chain=prerouting comment=kramareva disabled=yes \
  374. new-routing-mark=global63 passthrough=yes src-address=10.1.1.148
  375. add action=mark-routing chain=prerouting comment="sasha pr" disabled=yes \
  376. new-routing-mark=rt passthrough=yes src-address=10.1.1.77
  377. add action=mark-routing chain=prerouting comment=director disabled=yes \
  378. new-routing-mark=rt passthrough=yes src-address=10.1.6.105
  379. add action=mark-routing chain=prerouting comment=stas disabled=yes \
  380. new-routing-mark=rt passthrough=yes src-address=10.1.2.25
  381. add action=mark-routing chain=prerouting comment=arch2 disabled=yes \
  382. new-routing-mark=rt passthrough=yes src-address=10.1.1.25
  383. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  384. passthrough=yes src-address=10.1.1.75
  385. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  386. passthrough=yes src-address=10.1.2.92
  387. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  388. passthrough=yes src-address=10.1.1.141
  389. add action=mark-routing chain=prerouting comment=urist disabled=yes \
  390. new-routing-mark=rt passthrough=yes src-address=10.1.1.157
  391. add action=mark-routing chain=prerouting comment=kassa disabled=yes \
  392. new-routing-mark=rt passthrough=yes src-address=10.1.1.13
  393. add action=mark-routing chain=prerouting comment=dmitrieva disabled=yes \
  394. new-routing-mark=rt passthrough=yes src-address=10.1.1.123
  395. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=rt \
  396. passthrough=yes src-address=10.1.6.105
  397. /ip firewall nat
  398. add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
  399. 80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
  400. add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
  401. dst-port=80 out-interface=sfp5 protocol=tcp src-address=10.1.0.0/16
  402. add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
  403. dst-port=80 protocol=tcp src-address=10.1.0.0/16
  404. add action=dst-nat chain=dstnat disabled=yes dst-address=80.252.24.172 \
  405. dst-port=80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
  406. add action=masquerade chain=srcnat disabled=yes src-address=172.16.0.0/24
  407. add action=masquerade chain=srcnat disabled=yes out-interface=df-alabin
  408. add action=dst-nat chain=dstnat comment="RN VPN" dst-address=80.252.25.16 \
  409. dst-port=443 protocol=tcp to-addresses=10.1.1.1 to-ports=443
  410. add action=dst-nat chain=dstnat disabled=yes dst-address=80.252.24.172 \
  411. dst-port=80 protocol=tcp to-addresses=10.1.10.100
  412. add action=masquerade chain=srcnat disabled=yes dst-address=80.252.24.172 \
  413. dst-port=80 protocol=tcp src-address=10.1.0.0/16
  414. add action=dst-nat chain=dstnat comment=HAIRPIN dst-address=80.252.24.172 \
  415. dst-port=80 in-interface=eoip-lan protocol=tcp to-addresses=10.1.10.100
  416. add action=masquerade chain=srcnat dst-address=80.252.24.172 dst-port=80 \
  417. protocol=tcp src-address=10.0.0.0/16
  418. add action=masquerade chain=srcnat comment=White_list out-interface=sfp2 \
  419. src-address-list=!netmap_ip
  420. add action=netmap chain=srcnat comment=Gameclodo src-address=10.1.20.106 \
  421. to-addresses=80.252.25.22
  422. add action=netmap chain=dstnat dst-address=80.252.25.22 to-addresses=\
  423. 10.1.20.106
  424. add action=netmap chain=srcnat comment="10.1.3.119 - ryzen1500x" disabled=yes \
  425. src-address=10.1.3.119 to-addresses=80.252.25.20
  426. add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.20 \
  427. to-addresses=10.1.3.119
  428. add action=netmap chain=srcnat comment="Golos razuma" disabled=yes \
  429. src-address=10.1.20.253 to-addresses=80.252.25.17
  430. add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.17 \
  431. to-addresses=10.1.20.253
  432. add action=netmap chain=srcnat comment=kuba4 src-address=10.1.8.200 \
  433. to-addresses=80.252.25.18
  434. add action=netmap chain=dstnat dst-address=80.252.25.18 to-addresses=\
  435. 10.1.8.200
  436. add action=netmap chain=srcnat comment="kuba4 test vm admin" src-address=\
  437. 10.1.9.100 to-addresses=80.252.25.19
  438. add action=netmap chain=dstnat dst-address=80.252.25.19 to-addresses=\
  439. 10.1.9.100
  440. add action=netmap chain=srcnat comment="Server C" disabled=yes src-address=\
  441. 10.1.2.118 to-addresses=80.252.25.19
  442. add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.19 \
  443. to-addresses=10.1.2.118
  444. add action=netmap chain=srcnat disabled=yes src-address=10.1.1.9 \
  445. to-addresses=80.252.25.20
  446. add action=netmap chain=dstnat disabled=yes dst-address=80.252.25.20 \
  447. to-addresses=10.1.1.9
  448. add action=dst-nat chain=dstnat disabled=yes dst-address=85.112.39.102 \
  449. dst-address-type=local dst-port=80 protocol=tcp to-addresses=10.1.10.100 \
  450. to-ports=80
  451. add action=masquerade chain=srcnat comment="2 NAT" out-interface=sfp1
  452. add action=masquerade chain=srcnat out-interface=sfp2
  453. add action=masquerade chain=srcnat disabled=yes out-interface=!sfp5 \
  454. to-addresses=0.0.0.0
  455. add action=dst-nat chain=dstnat disabled=yes dst-address=85.112.39.102 \
  456. dst-port=80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
  457. add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
  458. 80 protocol=tcp to-addresses=10.1.10.100 to-ports=80
  459. add action=masquerade chain=srcnat disabled=yes dst-address=10.1.10.100 \
  460. dst-port=80 out-interface=sfp5 protocol=tcp src-address=85.112.39.102
  461. add action=dst-nat chain=dstnat comment=stratum dst-port=9982 in-interface=\
  462. sfp2 protocol=tcp to-addresses=10.1.3.28 to-ports=9982
  463. add action=dst-nat chain=dstnat dst-port=53322 in-interface=sfp2 protocol=tcp \
  464. to-addresses=10.1.3.28 to-ports=22
  465. add action=dst-nat chain=dstnat dst-port=8081 in-interface=sfp2 protocol=tcp \
  466. to-addresses=10.1.3.28 to-ports=80
  467. add action=dst-nat chain=dstnat dst-port=3333 in-interface=sfp2 protocol=tcp \
  468. to-addresses=10.1.3.28 to-ports=3333
  469. add action=dst-nat chain=dstnat comment=winbox dst-port=8291 in-interface=\
  470. sfp1 protocol=tcp to-addresses=10.1.1.1 to-ports=8291
  471. add action=dst-nat chain=dstnat dst-port=5060 in-interface=sfp1 protocol=tcp \
  472. to-addresses=10.1.7.1 to-ports=5060
  473. add action=dst-nat chain=dstnat dst-port=5061 in-interface=sfp1 protocol=tcp \
  474. to-addresses=10.1.7.1 to-ports=5061
  475. add action=dst-nat chain=dstnat dst-port=5060-5061 in-interface=sfp1 \
  476. protocol=udp to-addresses=10.1.7.1 to-ports=5060-5061
  477. add action=dst-nat chain=dstnat comment="to broadcast WOL" dst-port=4321 \
  478. in-interface=sfp1 protocol=udp to-addresses=10.1.1.153 to-ports=9
  479. add action=dst-nat chain=dstnat comment=bserver dst-port=53389 in-interface=\
  480. sfp2 protocol=tcp to-addresses=10.1.1.2 to-ports=3389
  481. add action=dst-nat chain=dstnat comment=Server-D disabled=yes dst-port=53390 \
  482. in-interface=sfp2 protocol=tcp to-addresses=10.1.20.252 to-ports=3389
  483. add action=dst-nat chain=dstnat comment="kamis-catalog rdp" dst-port=53402 \
  484. in-interface=sfp1 protocol=tcp to-addresses=10.1.1.3 to-ports=3389
  485. add action=dst-nat chain=dstnat comment=KAMIS dst-port=1521 in-interface=sfp1 \
  486. protocol=tcp to-addresses=10.1.1.2 to-ports=1521
  487. add action=dst-nat chain=dstnat dst-port=1521 in-interface=sfp1 protocol=udp \
  488. to-addresses=10.1.1.2 to-ports=1521
  489. # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
  490. add action=dst-nat chain=dstnat comment=NFS dst-port=2049 in-interface=sfp5 \
  491. protocol=udp to-addresses=10.1.1.247 to-ports=2049
  492. # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
  493. add action=dst-nat chain=dstnat dst-port=111 in-interface=sfp5 protocol=tcp \
  494. to-addresses=10.1.1.247 to-ports=111
  495. # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
  496. add action=dst-nat chain=dstnat dst-port=32765-32770 in-interface=sfp5 \
  497. protocol=tcp to-addresses=10.1.1.247 to-ports=32765-32770
  498. # in/out-interface matcher not possible when interface (sfp5) is slave - use master instead (eoip-lan)
  499. add action=dst-nat chain=dstnat dst-port=32765-32770 in-interface=sfp5 \
  500. protocol=udp to-addresses=10.1.1.247 to-ports=32765-32770
  501. add action=dst-nat chain=dstnat comment="Synology DAV" disabled=yes dst-port=\
  502. 5005-5006 in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 \
  503. to-ports=5005-5006
  504. add action=dst-nat chain=dstnat comment="DRV SRV video3" dst-port=5556 \
  505. in-interface=sfp1 protocol=tcp to-addresses=192.168.0.23 to-ports=5556
  506. add action=dst-nat chain=dstnat dst-port=5556 in-interface=sfp1 protocol=udp \
  507. to-addresses=192.168.0.23 to-ports=5556
  508. add action=dst-nat chain=dstnat comment=video2 dst-port=5557 in-interface=\
  509. sfp1 protocol=tcp to-addresses=192.168.0.25 to-ports=5557
  510. add action=dst-nat chain=dstnat dst-port=5557 in-interface=sfp1 protocol=udp \
  511. to-addresses=192.168.0.25 to-ports=5557
  512. add action=dst-nat chain=dstnat comment=video1 dst-port=5558 in-interface=\
  513. sfp1 protocol=tcp to-addresses=192.168.0.21 to-ports=5558
  514. add action=dst-nat chain=dstnat dst-port=5558 in-interface=sfp1 protocol=udp \
  515. to-addresses=192.168.0.21 to-ports=5558
  516. add action=dst-nat chain=dstnat comment="Matveev PC" disabled=yes dst-port=\
  517. 53393 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.153 to-ports=\
  518. 3389
  519. add action=dst-nat chain=dstnat comment=Server-C disabled=yes dst-port=53392 \
  520. in-interface=sfp2 protocol=tcp to-addresses=10.1.1.22 to-ports=3389
  521. add action=dst-nat chain=dstnat comment=MatveevRDP dst-port=53394 \
  522. in-interface=sfp2 protocol=tcp to-addresses=10.1.20.251 to-ports=3389
  523. add action=dst-nat chain=dstnat comment=AkulovaRDP disabled=yes dst-port=\
  524. 53395 in-interface=sfp2 protocol=tcp to-addresses=10.1.20.253 to-ports=\
  525. 3389
  526. add action=dst-nat chain=dstnat disabled=yes dst-port=55002 in-interface=sfp1 \
  527. protocol=tcp to-addresses=10.1.1.252 to-ports=3389
  528. add action=dst-nat chain=dstnat comment=VoIP disabled=yes dst-port=9000-9499 \
  529. in-interface=sfp1 protocol=tcp to-addresses=10.1.7.1 to-ports=9000-9499
  530. add action=dst-nat chain=dstnat disabled=yes dst-port=9000-9255 in-interface=\
  531. sfp1 protocol=udp to-addresses=10.1.7.1 to-ports=9000-9255
  532. add action=dst-nat chain=dstnat disabled=yes dst-port=5090 in-interface=sfp1 \
  533. protocol=udp to-addresses=10.1.7.1 to-ports=5090
  534. add action=dst-nat chain=dstnat disabled=yes dst-port=9500 in-interface=sfp1 \
  535. protocol=udp to-addresses=10.1.7.1 to-ports=9500
  536. add action=dst-nat chain=dstnat comment=WEB dst-port=80 in-interface=sfp2 \
  537. protocol=tcp to-addresses=10.1.10.100 to-ports=80
  538. add action=dst-nat chain=dstnat dst-port=1500 in-interface=sfp2 protocol=tcp \
  539. to-addresses=10.1.10.100 to-ports=1500
  540. add action=dst-nat chain=dstnat dst-port=443 in-interface=sfp2 protocol=tcp \
  541. to-addresses=10.1.10.100 to-ports=443
  542. add action=dst-nat chain=dstnat dst-port=35000 in-interface=sfp1 protocol=tcp \
  543. to-addresses=10.1.10.100 to-ports=35000
  544. add action=dst-nat chain=dstnat dst-port=10349 in-interface=sfp1 protocol=udp \
  545. to-addresses=10.1.10.100 to-ports=10349
  546. add action=dst-nat chain=dstnat dst-port=25 in-interface=sfp2 protocol=tcp \
  547. to-addresses=10.1.10.100 to-ports=25
  548. add action=dst-nat chain=dstnat dst-port=110 in-interface=sfp2 protocol=tcp \
  549. to-addresses=10.1.10.100 to-ports=110
  550. add action=dst-nat chain=dstnat dst-port=53 in-interface=sfp2 protocol=udp \
  551. to-addresses=10.1.10.100 to-ports=53
  552. add action=dst-nat chain=dstnat dst-port=53 in-interface=sfp2 protocol=tcp \
  553. to-addresses=10.1.10.100 to-ports=53
  554. add action=dst-nat chain=dstnat dst-port=143 in-interface=sfp2 protocol=tcp \
  555. to-addresses=10.1.10.100 to-ports=143
  556. add action=dst-nat chain=dstnat dst-port=143 in-interface=sfp2 protocol=udp \
  557. to-addresses=10.1.10.100 to-ports=143
  558. add action=dst-nat chain=dstnat dst-port=587 in-interface=sfp2 protocol=udp \
  559. to-addresses=10.1.10.100 to-ports=587
  560. add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=sfp2 \
  561. protocol=tcp to-addresses=10.1.1.157 to-ports=3389
  562. add action=dst-nat chain=dstnat dst-port=27151 in-interface=sfp1 protocol=udp \
  563. to-addresses=10.1.20.105 to-ports=27151
  564. add action=dst-nat chain=dstnat dst-port=27150 in-interface=sfp1 protocol=udp \
  565. to-addresses=10.1.20.105 to-ports=27150
  566. add action=dst-nat chain=dstnat dst-port=27100-27199 in-interface=sfp2 \
  567. protocol=tcp to-addresses=10.1.20.105 to-ports=27100-27199
  568. add action=dst-nat chain=dstnat dst-port=27100-27199 in-interface=sfp2 \
  569. protocol=udp to-addresses=10.1.20.105 to-ports=27100-27199
  570. add action=dst-nat chain=dstnat dst-port=83 in-interface=sfp1 protocol=tcp \
  571. to-addresses=10.1.20.105 to-ports=80
  572. add action=dst-nat chain=dstnat dst-port=53306 in-interface=sfp1 protocol=tcp \
  573. to-addresses=10.1.20.105 to-ports=3306
  574. add action=dst-nat chain=dstnat dst-port=2123 in-interface=sfp1 protocol=tcp \
  575. to-addresses=10.1.20.252 to-ports=21
  576. add action=dst-nat chain=dstnat comment="vm-stashenkov RDP" disabled=yes \
  577. dst-port=53401 in-interface=sfp2 protocol=tcp to-addresses=10.1.2.141 \
  578. to-ports=3389
  579. add action=dst-nat chain=dstnat comment=Kolev disabled=yes dst-port=5901 \
  580. in-interface=sfp2 protocol=tcp to-addresses=10.1.1.9 to-ports=3389
  581. add action=dst-nat chain=dstnat comment="Kolev RDP" disabled=yes dst-port=\
  582. 33389 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.9 to-ports=3389
  583. add action=dst-nat chain=dstnat comment=KARCHAGINA disabled=yes dst-port=\
  584. 53397 in-interface=sfp2 protocol=tcp to-addresses=10.1.1.240 to-ports=\
  585. 3389
  586. add action=dst-nat chain=dstnat comment="Loseva 220" disabled=yes dst-port=\
  587. 53398 in-interface=sfp1 protocol=tcp to-addresses=10.1.1.81 to-ports=3389
  588. add action=dst-nat chain=dstnat comment=Gameclodo dst-port=27200-27300 \
  589. in-interface=sfp2 protocol=udp to-addresses=10.1.20.106 to-ports=\
  590. 27200-27300
  591. add action=dst-nat chain=dstnat dst-port=27200-27300 in-interface=sfp2 \
  592. protocol=tcp to-addresses=10.1.20.106 to-ports=27200-27300
  593. add action=dst-nat chain=dstnat dst-port=22 in-interface=sfp2 protocol=tcp \
  594. to-addresses=10.1.10.100 to-ports=22
  595. add action=dst-nat chain=dstnat dst-port=2128 in-interface=sfp2 protocol=tcp \
  596. to-addresses=10.1.20.106 to-ports=21
  597. add action=dst-nat chain=dstnat comment=DF dst-port=27015 in-interface=sfp2 \
  598. protocol=udp to-addresses=10.1.8.107 to-ports=27015
  599. add action=dst-nat chain=dstnat dst-port=3306 in-interface=sfp2 protocol=tcp \
  600. to-addresses=10.1.10.100 to-ports=3306
  601. add action=dst-nat chain=dstnat comment=dkvm1 dst-port=8080 in-interface=sfp1 \
  602. protocol=tcp to-addresses=10.1.20.100 to-ports=8080
  603. add action=dst-nat chain=dstnat disabled=yes dst-port=59222 in-interface=sfp1 \
  604. protocol=tcp to-addresses=10.1.1.247 to-ports=22
  605. add action=dst-nat chain=dstnat comment="dedic1 XCP" disabled=yes dst-port=\
  606. 5900-5910 in-interface=sfp1 protocol=tcp to-addresses=192.168.0.33 \
  607. to-ports=5900-5910
  608. add action=dst-nat chain=dstnat disabled=yes dst-port=59223 in-interface=sfp1 \
  609. protocol=tcp to-addresses=10.1.20.250 to-ports=22
  610. add action=dst-nat chain=dstnat comment="dedic2 XCP" disabled=yes dst-port=\
  611. 55443 in-interface=sfp1 protocol=tcp to-addresses=10.1.20.251 to-ports=\
  612. 443
  613. add action=dst-nat chain=dstnat comment=NAS disabled=yes dst-port=8082 \
  614. in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 to-ports=22
  615. add action=dst-nat chain=dstnat disabled=yes dst-port=5000 in-interface=sfp2 \
  616. protocol=tcp to-addresses=10.1.1.247 to-ports=5000
  617. add action=dst-nat chain=dstnat disabled=yes dst-port=5002 in-interface=sfp1 \
  618. protocol=tcp to-addresses=10.1.1.249 to-ports=80
  619. add action=dst-nat chain=dstnat disabled=yes dst-port=55000 in-interface=sfp1 \
  620. protocol=tcp to-addresses=10.1.1.247 to-ports=5000
  621. add action=dst-nat chain=dstnat disabled=yes dst-port=55001 in-interface=sfp1 \
  622. protocol=tcp to-addresses=10.1.1.248 to-ports=5000
  623. add action=dst-nat chain=dstnat comment="27051. 27.08.2015" disabled=yes \
  624. dst-port=54422 in-interface=sfp2 protocol=tcp to-addresses=10.1.20.52 \
  625. to-ports=22
  626. add action=dst-nat chain=dstnat disabled=yes dst-port=27500-27549 \
  627. in-interface=sfp2 protocol=udp to-addresses=10.1.20.52 to-ports=\
  628. 27500-27549
  629. add action=dst-nat chain=dstnat disabled=yes dst-port=27500-27549 \
  630. in-interface=sfp2 protocol=tcp to-addresses=10.1.20.52 to-ports=\
  631. 27500-27549
  632. add action=dst-nat chain=dstnat disabled=yes dst-port=54421 in-interface=sfp2 \
  633. protocol=tcp to-addresses=10.1.20.52 to-ports=21
  634. add action=dst-nat chain=dstnat disabled=yes dst-port=27777 in-interface=sfp2 \
  635. protocol=udp to-addresses=10.1.20.52 to-ports=27777
  636. add action=dst-nat chain=dstnat disabled=yes dst-port=27555 in-interface=sfp2 \
  637. protocol=udp to-addresses=10.1.20.52 to-ports=27555
  638. add action=dst-nat chain=dstnat disabled=yes dst-port=27444 in-interface=sfp2 \
  639. protocol=udp to-addresses=10.1.20.52 to-ports=27444
  640. add action=dst-nat chain=dstnat comment=Synology disabled=yes dst-port=5001 \
  641. in-interface=sfp1 protocol=tcp to-addresses=10.1.1.247 to-ports=80
  642. add action=dst-nat chain=dstnat disabled=yes dst-port=5003 in-interface=sfp1 \
  643. protocol=tcp to-addresses=10.1.1.6 to-ports=5903
  644. add action=dst-nat chain=dstnat comment=vm1 dst-port=55522 in-interface=sfp1 \
  645. protocol=tcp to-addresses=10.1.1.251 to-ports=22
  646. add action=dst-nat chain=dstnat dst-port=27100-27149 in-interface=sfp1 \
  647. protocol=udp to-addresses=10.1.10.51 to-ports=27100-27149
  648. add action=dst-nat chain=dstnat dst-port=55900 in-interface=sfp1 protocol=tcp \
  649. to-addresses=10.1.10.51 to-ports=5900
  650. add action=dst-nat chain=dstnat dst-port=2125 in-interface=sfp2 protocol=tcp \
  651. to-addresses=10.1.20.106 to-ports=21
  652. add action=dst-nat chain=dstnat dst-port=52000-52100 in-interface=sfp1 \
  653. protocol=tcp to-addresses=10.1.20.12 to-ports=52000-52100
  654. add action=dst-nat chain=dstnat dst-port=8083 in-interface=sfp1 protocol=tcp \
  655. to-addresses=10.1.20.33 to-ports=80
  656. add action=dst-nat chain=dstnat comment=ftp_server-d disabled=yes dst-port=\
  657. 52101-52200 in-interface=sfp1 protocol=tcp to-addresses=10.1.20.252 \
  658. to-ports=52101-52200
  659. add action=dst-nat chain=dstnat disabled=yes dst-port=24 in-interface=sfp2 \
  660. protocol=tcp to-addresses=10.1.20.252 to-ports=21
  661. add action=dst-nat chain=dstnat comment=GameHost dst-port=2121 in-interface=\
  662. sfp2 protocol=tcp to-addresses=10.1.20.11 to-ports=2121
  663. add action=dst-nat chain=dstnat dst-port=8081 in-interface=sfp2 protocol=tcp \
  664. to-addresses=10.1.20.106 to-ports=80
  665. add action=dst-nat chain=dstnat dst-port=50000-50100 in-interface=sfp1 \
  666. protocol=tcp to-addresses=10.1.20.11 to-ports=50000-50100
  667. add action=dst-nat chain=dstnat dst-port=27021 in-interface=sfp1 protocol=udp \
  668. to-addresses=10.1.20.11 to-ports=27021
  669. add action=dst-nat chain=dstnat dst-port=27015 in-interface=sfp1 protocol=tcp \
  670. to-addresses=10.1.8.107 to-ports=27015
  671. add action=dst-nat chain=dstnat dst-port=81 in-interface=sfp1 protocol=tcp \
  672. to-addresses=10.1.1.1 to-ports=80
  673. add action=dst-nat chain=dstnat dst-port=82 in-interface=sfp1 protocol=tcp \
  674. to-addresses=10.1.20.100 to-ports=80
  675. add action=dst-nat chain=dstnat dst-port=1968 in-interface=sfp1 protocol=tcp \
  676. to-addresses=10.1.20.252 to-ports=1968
  677. add action=dst-nat chain=dstnat dst-port=53396 in-interface=sfp1 protocol=tcp \
  678. to-addresses=192.168.0.77 to-ports=3389
  679. add action=dst-nat chain=dstnat dst-port=27016-27020 in-interface=sfp1 \
  680. protocol=udp to-addresses=10.1.20.11 to-ports=27016-27020
  681. add action=dst-nat chain=dstnat dst-port=53399 in-interface=sfp2 protocol=tcp \
  682. to-addresses=10.1.2.66 to-ports=3389
  683. add action=dst-nat chain=dstnat dst-port=23 in-interface=sfp2 protocol=tcp \
  684. to-addresses=10.1.10.100 to-ports=22
  685. add action=dst-nat chain=dstnat dst-port=21 in-interface=sfp2 protocol=tcp \
  686. to-addresses=10.1.10.100 to-ports=21
  687. add action=dst-nat chain=dstnat disabled=yes dst-port=3307 in-interface=sfp2 \
  688. protocol=tcp to-addresses=10.1.10.100 to-ports=3306
  689. add action=dst-nat chain=dstnat dst-port=84 in-interface=sfp1 protocol=tcp \
  690. to-addresses=10.1.2.10 to-ports=80
  691. add action=dst-nat chain=dstnat dst-port=53400 in-interface=sfp2 protocol=tcp \
  692. to-addresses=10.1.20.5 to-ports=3389
  693. add action=dst-nat chain=dstnat dst-port=9000 in-interface=sfp2 protocol=tcp \
  694. to-addresses=10.1.2.145 to-ports=9000
  695. /ip ipsec peer
  696. add dh-group=modp1024 disabled=yes exchange-mode=main-l2tp generate-policy=\
  697. port-override secret=test
  698. /ip ipsec policy
  699. set 0 disabled=yes
  700. /ip proxy
  701. set max-cache-size=none parent-proxy=0.0.0.0 port=8000
  702. /ip route
  703. add distance=1 gateway=85.112.39.101 routing-mark=rt
  704. add disabled=yes distance=1 dst-address=10.1.0.0/16 gateway=sfp5 pref-src=\
  705. 10.1.1.1 routing-mark=rt
  706. add distance=1 gateway=80.252.24.129 routing-mark=global63
  707. add distance=1 gateway=80.252.24.129
  708. add disabled=yes distance=1 gateway=85.112.39.101
  709. add distance=1 dst-address=8.8.4.4/32 gateway=80.252.24.129
  710. add distance=1 dst-address=8.8.8.8/32 gateway=85.112.39.101
  711. add distance=1 dst-address=85.113.39.168/32 gateway=80.252.24.129
  712. add distance=1 dst-address=192.168.0.0/24 gateway=eoip-lan
  713. /ip service
  714. set telnet disabled=yes
  715. set ftp disabled=yes
  716. set ssh disabled=yes
  717. set api disabled=yes
  718. set api-ssl disabled=yes
  719. /ip socks
  720. set port=4145
  721. /ip traffic-flow
  722. set cache-entries=4k enabled=yes
  723. /lcd
  724. set default-screen=stats
  725. /radius
  726. add address=10.2.1.1 disabled=yes secret=12345678 service=hotspot,wireless
  727. /radius incoming
  728. set accept=yes
  729. /snmp
  730. set enabled=yes
  731. /system clock
  732. set time-zone-name=Europe/Samara
  733. /system identity
  734. set name=gw2-alabin
  735. /system ntp client
  736. set enabled=yes primary-ntp=31.28.25.35 secondary-ntp=195.3.254.2
  737. /system routerboard settings
  738. set silent-boot=no
  739. /system scheduler
  740. /system upgrade mirror
  741. set enabled=yes
  742. /system watchdog
  743. set automatic-supout=no watchdog-timer=no
  744. /tool bandwidth-server
  745. set authenticate=no enabled=no
  746. /tool graphing interface
  747. add
  748. /tool graphing queue
  749. add
  750. /tool graphing resource
  751. add
  752. /tool netwatch
  753. add down-script="/ip route disable [find dst-address=0.0.0.0/0 and gateway=80.\
  754. 252.24.129 and !routing-mark~\"\"];\r\
  755. \n\r\
  756. \n/ip route enable [find dst-address=0.0.0.0/0 and gateway=85.112.39.101 a\
  757. nd !routing-mark~\"\"];" host=8.8.4.4 interval=5s up-script="/ip route ena\
  758. ble [find dst-address=0.0.0.0/0 and gateway=80.252.24.129 and !routing-mar\
  759. k~\"\"];\r\
  760. \n\r\
  761. \n/ip route disable [find dst-address=0.0.0.0/0 and gateway=85.112.39.101 \
  762. and !routing-mark~\"\"];"
  763. add disabled=yes down-script="/ip route enable [find dst-address=0.0.0.0/0 and\
  764. \_gateway=85.112.39.102 and !routing-mark~\"\"];" host=8.8.8.8 interval=\
  765. 5s up-script="/ip route disable [find dst-address=0.0.0.0/0 and gateway=85\
  766. .112.39.102 and !routing-mark~\"\"];"
  767. /tool sniffer
  768. set filter-stream=yes
  769. /tool user-manager database
  770. set db-path=user-manager
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!