Community discussions

MikroTik App
  4. RouterOS
  5. General

How to select where the traffic goes out through. Router with several IP's on the same interface

Post Reply
 
titansmc
just joined
Topic Author
Posts: 16
Joined: Wed Jun 07, 2017 11:51 am

How to select where the traffic goes out through. Router with several IP's on the same interface

Wed Sep 13, 2017 3:38 pm

Hi,
We have just migrated our GNU/Linux router to a Mikrotik CCR1009-7G-1C-1S+ . We have mainly a bunch of IP address (public and privat) on the combo1 interface and that's it But now when doing connections from the router to somewhere , they are failing. For example:

DNS client on the router has stopped working, not able to resolve names anymore, it has two static IP address as a DNS servers.

Telnet to a public ip isn't working

[admin@router1] > /system telnet 185.69.52.** 443
Trying 185.69.52.**...
^C
Welcome back!

VPN client connection to a server outside isn't working.

It seems to that that the router messes up with all the interfaces and doesn't know how to go out. Am I right? Is someone else facing this problem?
Top
 
tholderbaum
newbie
Posts: 38
Joined: Thu Jan 23, 2014 3:34 am
Location: Tampa, Florida
Contact:
Contact tholderbaum

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Thu Sep 14, 2017 7:03 pm

Hi,
We have just migrated our GNU/Linux router to a Mikrotik CCR1009-7G-1C-1S+ . We have mainly a bunch of IP address (public and privat) on the combo1 interface and that's it But now when doing connections from the router to somewhere , they are failing. For example:

DNS client on the router has stopped working, not able to resolve names anymore, it has two static IP address as a DNS servers.

Telnet to a public ip isn't working

[admin@router1] > /system telnet 185.69.52.** 443
Trying 185.69.52.**...
^C
Welcome back!

VPN client connection to a server outside isn't working.

It seems to that that the router messes up with all the interfaces and doesn't know how to go out. Am I right? Is someone else facing this problem?
Please post your config. I am doing the same thing and it is working for me.
Top
 
titansmc
just joined
Topic Author
Posts: 16
Joined: Wed Jun 07, 2017 11:51 am

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Fri Sep 29, 2017 1:53 pm

Hi sorry, I thought I had set up the mailing reply on every post.

How can I export my config without compromising my network? It is a pretty large file, so it's not easy to replace every single IP.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Fri Sep 29, 2017 5:12 pm

load the config in notepad and do a search/replace for your public IP stuff....

e.g. if your public IPs are all 192.0.2.x, then replace 192.0.2. with x.x.x.
If you have multiple routing prefixes, then use a different prefix for each substitution but be consistent with each one.
So if a second block is 198.51.100.x then replace 198.51.100. with y.y.y.

etc.

Don't worry about obfuscating private IP addresses because those are unreachable anyway.
Top
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Fri Sep 29, 2017 7:49 pm

How can I export my config without compromising my network?
I think /export compact hide-sensitive file=MyFile.rsc does what you want.
Top
 
titansmc
just joined
Topic Author
Posts: 16
Joined: Wed Jun 07, 2017 11:51 am

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Wed Oct 04, 2017 1:34 pm

Right, I think everything has been replaced now, thanks:
Code: Select all
# oct/04/2017 12:15:37 by RouterOS 6.40.3
# software id = JSNT-DG49
#
# model = CCR1009-7G-1C-1S+
# serial number = 7AEC073A28C4
/interface l2tp-server
add disabled=yes name=l2tp-in1 user=jmca
/interface ethernet
set [ find default-name=combo1 ] comment="INTERFICIE INTERNA - B4"
set [ find default-name=ether1 ] comment="INTERFICIE EXTERNA - A1"
set [ find default-name=ether2 ] comment="Connectat a B2"
set [ find default-name=ether3 ] comment="Connectat a B1"
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface vlan
add interface=ether1 name=euronet1 vlan-id=297
add interface=ether1 name=euronet2 vlan-id=597
add interface=ether1 name=eurochat-245 vlan-id=245
add interface=ether1 name=eurochat-545 vlan-id=545
add interface=ether1 name=office2_8 vlan-id=8
add interface=ether1 name=office2_9 vlan-id=9
add comment="VLAN Bridge with old router" interface=ether1 name=vlan98 \
    vlan-id=98
add comment="Adreces externes" interface=ether1 name=vlan99 vlan-id=99
add interface=combo1 name=vlan201 vlan-id=201
add comment="VLAN PRBBgrcert" interface=combo1 name=vlan202 vlan-id=202
add interface=combo1 name=vlan205 vlan-id=205
add interface=combo1 name=vlan206 vlan-id=206
add interface=combo1 name=vlan207 vlan-id=207
add interface=combo1 name=vlan210 vlan-id=210
add interface=combo1 name=vlan223 vlan-id=223
add interface=combo1 name=vlan224 vlan-id=224
add comment="VLAN GESTIO" interface=combo1 name=vlan999 vlan-id=999
add interface=combo1 name=vlan2016 vlan-id=2016
add comment="DMZ - Servidors" interface=combo1 name=vlan2017 vlan-id=2017
add comment="VLAN Usuaris interns" interface=ether3 name=vlan2018 vlan-id=\
    2018
add comment="vlan VPN clients" interface=combo1 name=vlan2019 vlan-id=2019
add comment="VLAN labros" interface=ether2 name=vlan2020 vlan-id=2020
add interface=combo1 name=vlan4001 vlan-id=4001
add interface=combo1 name=vlan4005 vlan-id=4005
/interface list
add comment="eurochat new 245,545" name=eurochat
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add add-arp=yes disabled=no interface=vlan999 name=xarxa-mgmt
/ip pool
add name=L2tp-pool ranges=10.10.10.2-10.10.10.254
add name=clientsinternsgrcert ranges=10.18.200.1-10.18.203.254
add name=gestio-ap-wifi ranges=172.20.132.51-172.20.132.253
add name=nuc-sales ranges=172.20.134.10-172.20.134.254
add name=clients-wifi ranges=172.20.136.40-172.20.139.250
/ip dhcp-server
add add-arp=yes address-pool=clientsinternsgrcert disabled=no interface=\
    vlan2018 name=DNSVLAN2018
add add-arp=yes address-pool=clients-wifi disabled=no interface=vlan202 \
    lease-time=8m name=clients-wifi
add add-arp=yes address-pool=gestio-ap-wifi disabled=no interface=vlan205 \
    name=gestio-ap-wifi
add add-arp=yes address-pool=nuc-sales disabled=no interface=vlan207 name=\
    nuc-sales
/ppp profile
set *FFFFFFFE local-address=10.10.10.1 remote-address=L2tp-pool
/queue simple
add burst-limit=25M/25M burst-threshold=22M/22M burst-time=1m/1m max-limit=\
    20M/20M name=office2EXTERN target=office2_8,office2_8
/routing bgp instance
set default as=65245 redistribute-connected=yes redistribute-ospf=yes \
    redistribute-other-bgp=yes redistribute-rip=yes redistribute-static=yes \
    routing-table=IN_73.22.18.130
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/dude
set enabled=yes
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=eurochat-245 list=eurochat
add interface=eurochat-545 list=eurochat
/ip address
add address=192.168.10.230/24 interface=combo1 network=192.168.10.0
add address=148.124.6.12/24 interface=combo1 network=148.124.6.0
add address=192.168.98.254/24 comment="vlan bridge amb oldrouter" interface=\
    vlan98 network=192.168.98.0
add address=148.125.244.253/24 interface=ether1 network=148.125.244.0
add address=10.99.254.254/16 comment="vlan GESTIO" interface=vlan999 network=\
    10.99.0.0
add address=10.19.254.254/16 comment="IP vlan VPN clients" interface=vlan2019 \
    network=10.19.0.0
add address=148.125.6.254/24 comment="Adre\E7a externa" interface=vlan99 \
    network=148.125.6.0
add address=10.17.254.254/16 comment="VLAN DMZ - Servidors" interface=\
    vlan2017 network=10.17.0.0
add address=73.22.20.6/30 comment=euronet2 interface=euronet2 network=73.22.20.4
add address=10.18.254.254/16 comment="VLAN clients grcert" interface=vlan2018 \
    network=10.18.0.0
add address=148.125.6.253/24 comment="Adre\E7a externa 2" interface=vlan99 \
    network=148.125.6.0
add address=148.125.6.252/24 comment="Adre\E7a externa 3" interface=vlan99 \
    network=148.125.6.0
add address=73.22.16.6/30 comment=euronet1 interface=euronet1 network=73.22.16.4
add address=148.126.191.254/29 comment="office2 Externa" interface=office2_8 \
    network=148.126.191.248
add address=192.168.20.1/24 comment="office2 Interna" interface=office2_9 network=\
    192.168.20.0
add address=192.168.10.30/24 interface=combo1 network=192.168.10.0
add address=148.125.244.254/24 interface=combo1 network=148.125.244.0
add address=148.127.240.254/24 interface=combo1 network=148.127.240.0
add address=148.124.6.8/24 interface=combo1 network=148.124.6.0
add address=192.168.0.254/24 interface=combo1 network=192.168.0.0
add address=172.20.4.99/22 interface=ether2 network=172.20.4.0
add address=172.20.150.253/24 interface=combo1 network=172.20.150.0
add address=172.20.152.253/24 interface=combo1 network=172.20.152.0
add address=172.20.153.253/24 interface=combo1 network=172.20.153.0
add address=172.20.154.253/24 interface=combo1 network=172.20.154.0
add address=172.20.16.253/24 interface=combo1 network=172.20.16.0
add address=148.127.240.200/24 interface=combo1 network=148.127.240.0
add address=148.124.6.254/24 interface=combo1 network=148.124.6.0
add address=148.124.6.200/24 interface=combo1 network=148.124.6.0
add address=148.124.6.151/24 interface=combo1 network=148.124.6.0
add address=148.124.6.152/24 interface=combo1 network=148.124.6.0
add address=148.124.6.153/24 interface=combo1 network=148.124.6.0
add address=148.124.6.154/24 interface=combo1 network=148.124.6.0
add address=148.124.6.155/24 interface=combo1 network=148.124.6.0
add address=148.124.6.156/24 interface=combo1 network=148.124.6.0
add address=148.124.6.157/24 interface=combo1 network=148.124.6.0
add address=148.124.6.158/24 interface=combo1 network=148.124.6.0
add address=148.124.6.150/24 interface=combo1 network=148.124.6.0
add address=192.168.10.254/24 interface=combo1 network=192.168.10.0
add address=192.168.10.31/24 interface=combo1 network=192.168.10.0
add address=192.168.10.32/24 interface=combo1 network=192.168.10.0
add address=172.20.6.201/22 interface=ether2 network=172.20.4.0
add address=172.20.150.254/24 interface=combo1 network=172.20.150.0
add address=192.168.16.2/24 interface=vlan4001 network=192.168.16.0
add address=172.20.135.1/24 interface=vlan201 network=172.20.135.0
add address=172.20.136.1/22 interface=vlan202 network=172.20.136.0
add address=172.20.132.50/24 interface=vlan205 network=172.20.132.0
add address=172.20.132.1/24 interface=vlan205 network=172.20.132.0
add address=172.16.0.1/16 interface=vlan2016 network=172.16.0.0
add address=172.18.0.1/16 disabled=yes interface=vlan2018 network=172.18.0.0
add address=148.127.242.254/24 interface=vlan4005 network=148.127.242.0
add address=172.20.133.1/24 interface=vlan206 network=172.20.133.0
add address=172.20.134.1/24 interface=vlan207 network=172.20.134.0
add address=172.20.130.50/24 interface=vlan210 network=172.20.130.0
add address=172.20.128.254/24 interface=vlan223 network=172.20.128.0
add address=172.20.129.254/24 interface=vlan224 network=172.20.129.0
add address=73.22.18.130/30 comment="eurochat Externes 1" interface=eurochat-245 \
    network=73.22.18.128
add address=73.22.22.130/30 comment="eurochat Externes 2" interface=eurochat-545 \
    network=73.22.22.128
add address=73.22.174.254/24 comment="Externa proves" interface=vlan2017 \
    network=73.22.174.0
add address=73.22.174.253/24 interface=vlan2017 network=73.22.174.0
/ip dhcp-client
add disabled=no

/ip dhcp-server network
add address=10.18.0.0/16 dns-server=172.20.4.10,172.20.4.18 domain=grcert.es \
    gateway=10.18.254.254 netmask=16 ntp-server=172.20.4.10,172.20.4.18 \
    wins-server=172.20.4.10,172.20.4.18
add address=172.20.132.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=172.20.132.1
add address=172.20.134.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=172.20.134.1
add address=172.20.136.0/22 dns-server=8.8.8.8,8.8.4.4 gateway=172.20.136.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.18.0.0/16 list=grcertinternesclients
add address=172.20.4.0/22 list=grcertinternservers
add address=172.20.4.10 comment=Aleph1 list=windowsservers
add address=172.20.4.10 comment="DNS intern" list=InternalDNS
add address=172.20.4.18 comment="DNS Intern" list=InternalDNS
add address=8.8.8.8 comment="DNS externs" list=ExternalDNS
add address=172.20.4.18 comment=Aleph0 list=windowsservers
add address=172.20.4.36 comment=Hermes2 list=windowsservers
add address=10.18.254.54 comment="SSH Cloud router" list=SSHservers
add address=192.168.10.0/24 comment="SSH 192.168.10" list=SSHservers
add address=172.20.4.0/24 comment="CloudStation Server" list=CloudStation
add address=172.20.4.30 comment="Offieuronetn server" list=Offieuronetn
add address=172.20.4.30 comment=Offieuronetn list=windowsservers
add address=172.20.4.47 comment=Folder.grcert.es list=SSHservers
add address=10.18.100.0/24 comment=\
    "RDP - IMW01753 - Susanna Tello i resta de clients RDP workstations" \
    list=RDPClients
add address=10.18.200.0/24 comment="RDP - Temporalment per provar" list=\
    RDPClients
add address=10.18.10.1 list=RDPClients
add address=10.18.10.0/24 list=Sysadmins
add address=172.20.4.84 comment=IMAV0002 list=windowsservers
add address=172.20.4.68 comment=Hermes3 list=windowsservers
add address=172.20.4.0/22 comment=172.20.4.0/22 list=INTERNAL
add address=10.99.0.0/16 comment=10.99.0.0/16 list=INTERNAL
add address=10.17.0.0/16 comment=10.17.0.0/16 list=INTERNAL
add address=10.18.0.0/16 comment=10.18.0.0/16 list=INTERNAL
add address=192.168.10.0/24 comment=192.168.10.0/24 list=INTERNAL
add address=172.20.136.0/22 list=INTERNAL
add address=192.168.20.0/24 list=office2INTERN
add address=10.0.0.0/16 list=office2INTERN
add address=10.1.0.0/16 list=office2INTERN
add address=10.2.0.0/16 list=office2INTERN
add address=172.20.150.0/24 list=INTERNAL
add address=148.124.6.157 list=INTERNAL
add address=148.124.6.158 list=INTERNAL
add address=172.20.7.42 list=Desenvolupament
add address=172.20.7.109 list=Desenvolupament
add address=73.22.16.6 list=AdrecesEnllaceuronet
add address=73.22.20.6 list=AdrecesEnllaceuronet
add address=73.22.16.5 list=AdrecesMonitoratgeeuronet
add address=73.22.20.5 list=AdrecesMonitoratgeeuronet
add address=73.22.7.254 list=AdrecesMonitoratgeeuronet
add address=148.124.6.150 list=INTERNAL
add address=192.168.110.0/24 comment="LAb de recerca de Catalunya" list=\
    INTERNAL
add address=19.23.14.111 list=labrosExternalTargets
add address=clients.idtm.se list=labrosExternalTargets
add address=ftp.pwc.de list=labrosExternalTargets
add address=ftp.red.de list=labrosExternalTargets
add address=148.125.223.123 list=AdrecesMonitoratgeeuronet
add address=172.20.4.0/22 list=labrosInternal
add address=10.18.0.0/16 list=labrosInternal
add address=172.20.4.0/22 list=IntranetIPs
add address=172.20.150.0/24 list=IntranetIPs
add address=10.17.0.0/16 list=IntranetIPs
add address=10.18.0.0/16 list=IntranetIPs
add address=10.19.0.0/16 list=IntranetIPs
add address=192.168.10.0/24 list=IntranetIPs
add address=10.99.0.0/16 list=IntranetIPs
add address=192.168.110.0/24 list=IntranetIPs
add address=172.20.136.0/22 list=IntranetIPs
add address=73.22.12.111 list=AdrecesMonitoratgeeuronet
add address=73.22.18.129 list=AdrecesMonitoratgeeuronet
add address=73.22.22.129 list=AdrecesMonitoratgeeuronet
add address=73.22.174.0/24 list=INTERNAL
add address=172.20.4.25 comment=Sirius list=windowsservers
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward comment="Accept stablished and related" \
    connection-mark="" connection-state=established,related
add action=accept chain=forward comment="Allow DNAT connections" \
    connection-nat-state=dstnat
add action=accept chain=forward comment="148.125.244.0 out" dst-port=\
    80,443,53 protocol=tcp src-address=148.125.244.0/24
add action=accept chain=forward dst-port=53 protocol=udp src-address=\
    148.125.244.0/24
add action=accept chain=output comment="148.125.244.253 out" src-address=\
    148.125.244.253
add action=accept chain=input comment="148.125.244.253 ping" dst-address=\
    148.125.244.253 protocol=icmp
add action=accept chain=input comment="Prova IP externa nova" dst-address=\
    73.22.174.1 protocol=icmp
add action=accept chain=forward comment="Obrim tot cap a servidors windows" \
    dst-address-list=windowsservers src-address=10.18.0.0/16
add action=accept chain=forward comment="Cluster cont" connection-state=new \
    protocol=tcp src-address=192.168.10.0/24
add action=accept chain=forward comment="Cluster cont" dst-port=\
    53,389,137,138 protocol=udp src-address=192.168.10.0/24
add action=accept chain=forward comment="Servers interns 172.20.150" \
    connection-state=new dst-address=0.0.0.0/0 dst-port=\
    80,443,22,23,53,139,993,995,145,587,465,53 protocol=tcp src-address=\
    172.20.150.0/24
add action=accept chain=forward dst-address=0.0.0.0/0 dst-port=53,137,138 \
    protocol=udp src-address=172.20.150.0/24
add action=accept chain=forward comment="office2 Intern" dst-address-list=\
    office2INTERN src-address-list=INTERNAL
add action=accept chain=forward comment="office2 Intern IN" protocol=tcp \
    src-address-list=office2INTERN src-port=80,443
add action=accept chain=forward comment="Tot el tr\E0fic office2 extern" \
    dst-address=148.126.190.0/23
add action=accept chain=forward comment="Acc\E9s de office2 extern a nosaltres" \
    dst-port=80,443 out-interface=!euronet1 protocol=tcp src-address=\
    148.126.190.0/23
add action=accept chain=forward comment="office2 de dins extern" out-interface=\
    euronet1 src-address=148.126.190.0/23
add action=accept chain=forward comment="ADMINS to servers" dst-address=\
    10.17.0.0/16 protocol=icmp src-address-list=Sysadmins
add action=accept chain=forward comment="office2 telnet extern" \
    connection-state=related,new dst-address=148.126.191.14 dst-port=23 \
    protocol=tcp src-address=148.124.6.0/24
add action=accept chain=forward comment="Web navigation from 148.124.6.0" \
    dst-port=80,443,53 protocol=tcp src-address=148.124.6.0/24
add action=accept chain=forward comment="DNS from 148.124.6.0" dst-port=53 \
    protocol=udp src-address=148.124.6.0/24
add action=accept chain=forward comment=\
    "Allow access to admin VLAN from admin workstations" connection-state=new \
    dst-address=10.99.0.0/16 src-address-list=Sysadmins
add action=accept chain=forward comment="DMZ servers ssh from VPN" \
    connection-state=new dst-address=10.17.0.0/16 dst-port=22 protocol=tcp \
    src-address=10.19.0.0/16 src-port=""
add action=accept chain=forward comment="Sortida servidors 2017" dst-address=\
    0.0.0.0/0 dst-port=22,80,443,53,587 protocol=tcp src-address=10.17.0.0/16
add action=accept chain=forward comment="Sortida servidors 2017" dst-address=\
    0.0.0.0/0 dst-port=53 protocol=udp src-address=10.17.0.0/16
add action=accept chain=input comment="VPN access a interfcie router" \
    dst-address=10.18.254.254 dst-port=443 protocol=tcp src-address=\
    10.19.0.29
add action=accept chain=input comment="VPN access a interfcie router" \
    dst-address=172.20.4.99 dst-port=443 protocol=tcp
add action=accept chain=input dst-address=10.17.254.254 protocol=icmp
add action=accept chain=forward connection-state=new dst-address=10.17.10.1 \
    dst-port=8088 protocol=tcp
add action=accept chain=input comment="Ping euronet2" dst-address=73.22.20.6 \
    in-interface=euronet2 protocol=icmp
add action=accept chain=input comment=SNMP dst-address=0.0.0.0/0 dst-port=161 \
    protocol=udp src-address=192.168.10.0/24
add action=accept chain=forward comment="Ping Prometheus monitoritzacio" \
    dst-address=172.20.4.0/22 protocol=icmp src-address=192.168.10.0/24
add action=accept chain=forward dst-address=10.17.0.0/16 protocol=icmp \
    src-address=192.168.10.0/24
add action=accept chain=forward dst-address=10.99.10.1 protocol=tcp
add action=accept chain=input comment="ping 172.18.254.254" dst-address=\
    10.18.254.254 protocol=icmp
add action=drop chain=forward comment="DENY access to admin vlan" disabled=\
    yes dst-address=10.99.0.0
add action=accept chain=input comment="ROUTER interf\EDcie web router" \
    connection-state="" dst-address=10.18.254.254 dst-port=443 in-interface=\
    vlan2018 protocol=tcp src-address-list=Sysadmins src-port=""
add action=accept chain=forward comment=\
    "Acc\E9s cl\FAster cont des-de desenvolupament" dst-address=\
    192.168.10.0/24 src-address-list=Desenvolupament
add action=accept chain=input comment="ROUTER ssh server" connection-state="" \
    dst-port=22 protocol=tcp
add action=accept chain=forward comment=RDP connection-state=new \
    dst-address-list=windowsservers dst-port=3389 protocol=tcp \
    src-address-list=Sysadmins
add action=accept chain=forward comment="Acc\E9s Telnet" \
    connection-nat-state="" connection-state=new dst-port=23,22 protocol=tcp \
    src-address-list=Sysadmins
add action=accept chain=forward comment=\
    "Acc\E9s telnet a office2 des-de clients" connection-state=new \
    dst-address-list=office2INTERN dst-port=23 protocol=tcp src-address=\
    172.20.4.0/22
add action=accept chain=forward comment=SSH connection-state=new dst-address=\
    172.20.4.0/22 dst-port=22 protocol=tcp src-address-list=\
    grcertinternesclients
add action=accept chain=forward comment="office2 extern telnet" dst-address=\
    148.126.191.14 dst-port=23 protocol=tcp src-address=10.18.0.0/16
add action=accept chain=forward comment="Acces a pgadmin de produccio" \
    dst-address=192.168.10.69 dst-port=5050 protocol=tcp src-address=\
    10.18.10.0/24 src-address-list="" src-port=""
add action=accept chain=forward comment=SSH connection-state=new dst-address=\
    192.168.10.0/24 dst-port=22 protocol=tcp src-address=10.18.0.0/16
add action=accept chain=forward comment="Navegaci\F3 web ports standard" \
    connection-state=new dst-address=0.0.0.0/0 dst-port=80,443 protocol=tcp \
    src-address=10.18.0.0/16
add action=accept chain=forward comment="DNS interns" connection-state=new \
    dst-address=172.20.4.0/22 dst-port=53 protocol=udp src-address=\
    10.18.0.0/16
add action=accept chain=forward comment="DNS Google" connection-state=new \
    dst-address=8.8.8.8 dst-port=53 protocol=udp src-address=10.18.0.0/16
add action=accept chain=forward comment="smtp/imap gmail" dst-port=\
    587,993,465 protocol=tcp src-address=10.18.0.0/16
add action=accept chain=forward comment="Connexi\F3 amb MAILDU" dst-address=\
    192.168.10.61 dst-port=2526 protocol=tcp src-address=172.20.4.36
add action=accept chain=forward comment="Proxy gger 172.20.4.0/22" \
    dst-address=84.89.157.0/24 dst-port=9090 protocol=tcp src-address=\
    172.20.4.0/22
add action=accept chain=forward comment="Host desde nova VPN clients" \
    dst-address-list=office2INTERN dst-port=23 log=yes log-prefix=HOST protocol=\
    tcp src-address=10.18.0.0/16
add action=accept chain=forward comment="Proxy gger" connection-state=new \
    dst-address=84.89.157.0/24 dst-port=9090 protocol=tcp src-address=\
    10.18.0.0/16
add action=accept chain=forward comment="SMB, CIFS,  WebDAV" \
    connection-state=new dst-address=172.20.4.0/22 dst-port=\
    135,137,138,139,445,389,636,88,53,5006 protocol=tcp src-address=\
    10.18.0.0/16
add action=accept chain=forward comment="Samba udp" connection-state=new \
    connection-type="" dst-address=172.20.4.0/22 dst-port=\
    389,88,445,464,138,137 protocol=udp src-address=10.18.0.0/16
add action=accept chain=forward comment=trendmicro connection-state=new \
    dst-address-list=grcertinternservers dst-port=8080,4343 protocol=tcp \
    src-address-list=grcertinternesclients
add action=accept chain=forward comment="Access outlook" connection-state=new \
    dst-address=172.20.4.36 dst-port=!25 protocol=tcp src-address-list=\
    grcertinternesclients
add action=accept chain=input comment="L2TP Entrada externa" \
    connection-state=new dst-address=148.124.6.12 dst-port=500,4500,1701 \
    protocol=udp
add action=accept chain=forward comment=L2TP connection-state=new \
    dst-address=10.19.0.29 dst-port=500,4500,1701 in-interface=ether1 \
    protocol=udp
add action=accept chain=forward comment=CloudStation connection-state=new \
    dst-address-list=CloudStation dst-port=6690 protocol=tcp \
    src-address-list=grcertinternesclients
add action=accept chain=forward dst-address-list=CloudStation dst-port=5001 \
    protocol=tcp
add action=accept chain=forward comment="CloudStation extern" dst-address=\
    148.124.6.1 dst-port=6690 protocol=tcp src-address=0.0.0.0/0
add action=accept chain=forward comment=\
    "Connexi\F3 client Offieuronetn 28844 cal revisar-ho" dst-address-list=\
    Offieuronetn protocol=tcp src-address-list=grcertinternesclients
add action=accept chain=input comment="ping gesti\F3" in-interface=vlan999 \
    protocol=icmp
add action=accept chain=input comment="ping 172.19.254.254" dst-address=\
    10.19.254.254 in-interface=vlan2019
add action=accept chain=forward comment="Offieuronetn reverse" dst-address=\
    10.18.0.0/16 protocol=tcp src-address=172.20.4.30
add action=accept chain=forward comment="VPN - DNS intern" connection-state=\
    new dst-address-list=InternalDNS dst-port=53 protocol=udp src-address=\
    10.19.0.29
add action=accept chain=forward comment="VPN - Proxy Pompeu" \
    connection-state=new dst-address=84.89.157.0/24 dst-port=9090 protocol=\
    tcp src-address=10.19.0.29
add action=accept chain=forward comment=\
    "VPN - Navegaci\F3 ports web estandard" dst-address=0.0.0.0/0 dst-port=\
    80,443 protocol=tcp src-address=10.19.0.29
add action=accept chain=forward comment="VPN - Google DNS" connection-state=\
    new dst-address=8.8.8.8 dst-port=53 protocol=udp src-address=10.19.0.29
add action=accept chain=forward comment=\
    "VPN - Remote Desktop - Windows Server" dst-address-list=windowsservers \
    dst-port=3389 in-interface=vlan2019 protocol=tcp
add action=accept chain=forward comment="VPN - RDP clients" connection-state=\
    new dst-address-list=RDPClients in-interface=vlan2019
add action=accept chain=forward comment="VPN CloudStation" connection-state=\
    new dst-address-list=CloudStation dst-port=6690 protocol=tcp src-address=\
    10.19.0.29
add action=accept chain=forward comment="VPN ssh servers" dst-address-list=\
    SSHservers dst-port=22 protocol=tcp src-address=10.19.0.29
add action=accept chain=forward comment="VPN all ssh" dst-port=22 protocol=\
    tcp src-address=10.19.0.29
add action=accept chain=input disabled=yes dst-address=192.168.98.254 \
    in-interface=vlan98
add action=accept chain=input disabled=yes dst-address=148.125.6.254 \
    protocol=icmp
add action=accept chain=input disabled=yes dst-address=148.125.6.254 \
    dst-port=80 protocol=tcp
add action=accept chain=forward disabled=yes dst-address=148.125.6.254
add action=accept chain=forward comment=\
    "Servers grcert i clients antics - Servidor Impressores" connection-state=\
    new dst-address=0.0.0.0/0 dst-port=\
    80,443,22,23,53,993,995,145,587,465,139,445,9100 protocol=tcp \
    src-address=172.20.4.0/22
add action=accept chain=forward comment="Sortida habilitada per labros" \
    connection-state=new dst-port=43389 protocol=tcp src-address-list=\
    labrosInternal
add action=accept chain=forward comment="Laboratori labros" dst-address=\
    185.40.184.84 protocol=tcp src-address-list=labrosInternal
add action=accept chain=forward comment="Lab labros" connection-state=\
    new,untracked dst-address=93.104.247.67 protocol=tcp src-address-list=\
    labrosInternal
add action=accept chain=forward comment="Impressio LPR LDP" dst-address=\
    10.18.0.0/16 dst-port=515,8080,80,443 protocol=tcp src-address=\
    172.20.4.0/22
add action=accept chain=forward comment=\
    "Send mail smtp regicor desde leomessi" dst-address=46.16.61.50 dst-port=\
    578 protocol=tcp src-address=172.20.4.74
add action=accept chain=forward comment="Printer server" dst-address=\
    10.18.0.0/16 dst-port=161,162 protocol=udp src-address=172.20.4.84
add action=accept chain=forward comment="IMAV0002 Printer Server" \
    dst-address=10.18.0.0/16 log=yes log-prefix=PRINTER src-address=\
    172.20.4.84
add action=accept chain=forward comment="Consulta DNS externs" dst-address=\
    0.0.0.0/0 dst-port=53 protocol=udp src-address=172.20.4.0/22
add action=accept chain=forward dst-port=25 protocol=tcp src-address=\
    172.20.4.36
add action=accept chain=forward comment="WIFI clients" connection-state=new \
    dst-address-list=!IntranetIPs dst-port=\
    80,443,22,23,53,993,995,145,587,465,1022 protocol=tcp src-address=\
    172.20.136.0/22
add action=accept chain=forward dst-address-list=!IntranetIPs dst-port=53 \
    protocol=udp src-address=172.20.136.0/22
add action=accept chain=forward comment="VLAN 2016 4. planta" \
    connection-state=new dst-port=80,443,22,23,53,993,995,145,587,465 \
    protocol=tcp src-address=172.16.0.0/16
add action=accept chain=forward comment="SNMP Netdisco cap a Tot" \
    dst-address=0.0.0.0/0 dst-port=137,138,161,219 log=yes log-prefix=\
    NETDISCO protocol=udp src-address=192.168.10.0/24
add action=accept chain=forward comment="VLAN 2016 4. planta" dst-port=53 \
    protocol=udp src-address=172.16.0.0/16
add action=accept chain=forward dst-address=0.0.0.0/0 dst-port=138,139,219 \
    protocol=tcp src-address=192.168.10.0/24
add action=accept chain=input comment="Monitoratge euronet" dst-address-list=\
    AdrecesEnllaceuronet protocol=icmp src-address-list=AdrecesMonitoratgeeuronet
add action=accept chain=forward comment="A esborrar JMCA" connection-state=\
    new dst-address=0.0.0.0/0 dst-port=5002 protocol=tcp src-address=\
    10.18.0.0/16
add action=accept chain=forward comment=Unifi dst-port=\
    8080,8081,8443,8880,8843,53 protocol=tcp src-address=172.20.132.0/24
add action=accept chain=forward dst-port=10001,3478,53,123 protocol=udp \
    src-address=172.20.132.0/24
add action=accept chain=forward comment="VPN client gwersb" dst-address=\
    83.55.159.246
add action=accept chain=input comment="Adre\E7a externa eurochat\
    \n" dst-address=73.22.174.0/24 protocol=icmp src-address=0.0.0.0/0
add action=accept chain=forward disabled=yes dst-address=73.22.174.0/24 \
    in-interface=eurochat-245 log-prefix=BLABLA out-interface=vlan2017 protocol=\
    icmp src-address=0.0.0.0/0
add action=accept chain=forward disabled=yes dst-address=73.22.174.0/24 \
    in-interface=eurochat-545 out-interface=vlan2017 protocol=icmp src-address=\
    0.0.0.0/0
add action=accept chain=input in-interface=eurochat-245 protocol=icmp \
    src-address-list=AdrecesMonitoratgeeuronet
add action=accept chain=input in-interface=eurochat-545 protocol=icmp \
    src-address-list=AdrecesMonitoratgeeuronet
add action=accept chain=forward comment=\
    "Traffic entre QUALSEVOL i VLAN Maquinari Xarxa" dst-address=10.99.0.0/16 \
    protocol=tcp src-address=10.18.10.0/24
add action=accept chain=input comment="eurochat BGP" connection-state=new \
    dst-address=73.22.18.130 dst-port=179 protocol=tcp
add action=accept chain=input comment="eurochat BGP" connection-state=new \
    dst-address=73.22.22.130 dst-port=179 protocol=tcp
add action=accept chain=input comment="eurochat BGP" dst-address=73.22.18.130 \
    protocol=tcp src-port=179
add action=accept chain=input comment="eurochat BGP" dst-address=73.22.22.130 \
    protocol=tcp src-port=179
add action=accept chain=forward comment="NETDISCO nou rang xarxa" \
    dst-address=10.99.0.0/16 src-address=0.0.0.0
add action=accept chain=forward comment="WIFI rails" connection-state=\
    related,new dst-address-list=IntranetIPs dst-port=3000 protocol=tcp \
    src-address=172.20.136.0/22
add action=accept chain=forward comment="LDAP TLS" connection-state=new \
    dst-address=172.20.4.10 dst-port=636 protocol=tcp src-address=\
    10.17.0.0/16
add action=accept chain=forward comment="LDAP from SERVERS" dst-address=\
    172.20.4.0/22 dst-port=389 protocol=tcp src-address=10.17.0.0/16
add action=accept chain=forward connection-state=related,new dst-address=\
    10.17.0.0/16 dst-port=3000 protocol=tcp src-address=10.18.0.0/16
add action=accept chain=forward comment=\
    "Obrim conexions sortints cap a FTP i SSH extern" dst-address=0.0.0.0/0 \
    dst-port=22,21 log=yes log-prefix=SFTP-gger protocol=tcp src-address=\
    10.18.0.0/16
add action=accept chain=forward dst-address=10.17.0.0/16 dst-port=3000 \
    protocol=tcp src-address=172.20.4.0/22
add action=accept chain=forward comment="store Silvius" dst-address=\
    10.17.1.1 dst-port=5001 protocol=tcp src-address=10.18.0.0/16
add action=accept chain=forward comment=\
    "Sophie VLAN 2018 cap a casper2.grcert.es" dst-address=172.20.4.20 log=yes \
    log-prefix=PATXI src-address=10.18.100.4
add action=accept chain=forward comment="SSH sortida sysadmins" dst-port=22 \
    protocol=tcp src-address-list=Sysadmins
add action=drop chain=input
add action=drop chain=forward
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new dst-address=73.22.174.0/24 new-connection-mark=TTT \
    passthrough=yes
add action=mark-routing chain=prerouting connection-mark=TTT \
    connection-nat-state=dstnat new-routing-mark=IN_73.22.18.130 passthrough=\
    no src-address=192.168.10.0/24
add action=mark-connection chain=prerouting dst-address=73.22.174.253 \
    dst-port=22,3000 new-connection-mark=TTT passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting dst-address=73.22.174.253 dst-port=\
    500,4500,1701 new-packet-mark=TTT passthrough=yes protocol=udp
add action=mark-routing chain=prerouting connection-mark=TTT \
    new-routing-mark=IN_73.22.18.130 passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=IN_73.22.18.130 \
    packet-mark=TTT passthrough=no
add action=mark-packet chain=prerouting dst-address=148.125.244.0/24 \
    new-packet-mark=IN193_145_244 passthrough=yes
add action=mark-packet chain=prerouting comment="eurochat 245" in-interface=\
    eurochat-245 new-packet-mark=IN_73.22.18.130 passthrough=yes
add action=mark-packet chain=prerouting comment="eurochat 545" in-interface=\
    eurochat-545 new-packet-mark=IN_73.22.18.130 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=NET193_145_244 \
    packet-mark=IN193_145_244 passthrough=yes
add action=mark-routing chain=prerouting comment="eurochat 245" new-routing-mark=\
    IN_73.22.18.130 packet-mark=IN_73.22.18.130 passthrough=yes
add action=mark-routing chain=prerouting comment="eurochat 545" new-routing-mark=\
    IN_73.22.18.130 packet-mark=IN_73.22.18.130 passthrough=yes
add action=accept chain=prerouting
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=src-nat chain=srcnat disabled=yes dst-address=172.20.4.1 dst-port=\
    22 protocol=tcp src-address-list=!INTERNAL to-addresses=148.125.6.253
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.10.68 \
    dst-port=80 protocol=tcp src-address=0.0.0.0/0 src-address-list=!INTERNAL \
    to-addresses=148.124.6.12
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 out-interface-list=eurochat \
    src-address=192.168.10.69 to-addresses=73.22.174.254
add action=masquerade chain=srcnat comment="Ahir PIN NAT cont cluster" \
    dst-address=192.168.10.61 dst-port=80,443,10443,10080 protocol=tcp \
    src-address=192.168.10.0/24 to-addresses=192.168.10.30
add action=masquerade chain=srcnat comment="Hair pin nat cont resitry" \
    dst-address=172.20.4.46 dst-port=8080,8443 protocol=tcp src-address=\
    192.168.10.0/24 to-addresses=10.17.254.254
add action=masquerade chain=srcnat comment=\
    "Hair pin store registry cont" dst-address=172.20.4.46 dst-port=\
    8080,8443 protocol=tcp src-address=172.20.4.0/22
add action=src-nat chain=srcnat comment="office2 INTERN NAT DESDE 10.18" \
    dst-address-list=office2INTERN src-address=10.18.0.0/16 to-addresses=\
    172.20.4.99
add action=src-nat chain=srcnat dst-address=148.126.190.0/23 src-address=\
    10.18.0.0/16 to-addresses=148.124.6.152
add action=accept chain=srcnat comment="DON'T NAT internal ranges" \
    dst-address-list=INTERNAL
add action=accept chain=srcnat dst-address=148.124.6.0/24 src-address=\
    10.18.0.0/16
add action=accept chain=srcnat dst-address=148.124.6.0/24 src-address=\
    10.19.0.0/16
add action=accept chain=srcnat dst-address=148.125.6.0/24 src-address=\
    10.19.0.0/16
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 src-address=\
    172.20.150.0/24 to-addresses=148.125.244.253
add action=accept chain=srcnat disabled=yes dst-address=148.124.6.0/24 \
    src-address=192.168.10.0/24
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.10.0/24 \
    out-interface=combo1 to-addresses=192.168.10.230
add action=src-nat chain=srcnat disabled=yes dst-address=172.20.150.0/24 \
    out-interface=combo1 to-addresses=192.168.10.230
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 out-interface=ether1 \
    src-address=192.168.99.0/24 to-addresses=148.124.6.12
add action=src-nat chain=srcnat comment="Sortida per labros" \
    dst-address-list=labrosExternalTargets src-address=10.18.0.0/16 \
    to-addresses=148.124.6.155
add action=src-nat chain=srcnat dst-address=84.89.157.0/24 protocol=tcp \
    src-address=10.18.0.0/16 to-addresses=148.124.6.12
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL src-address=10.18.0.0/16 to-addresses=148.125.6.254
add action=src-nat chain=srcnat comment="VPN - NAT Pompem " dst-address=\
    84.89.157.0/24 dst-port=9090 protocol=tcp src-address=10.19.0.29 \
    to-addresses=148.124.6.12
add action=src-nat chain=srcnat comment="Cluster cont cap a office2 intern" \
    dst-address-list=office2INTERN src-address=192.168.10.0/24 to-addresses=\
    172.20.4.99
add action=dst-nat chain=dstnat comment="L2TP softether" dst-address=\
    148.124.6.12 dst-port=500,4500,1701 protocol=udp to-addresses=10.19.0.29
add action=dst-nat chain=dstnat dst-address=73.22.174.253 dst-port=\
    500,4500,1701 protocol=udp to-addresses=10.19.0.29
add action=dst-nat chain=dstnat disabled=yes dst-address=73.22.174.253 \
    dst-port=22 protocol=tcp to-addresses=10.19.0.29
add action=dst-nat chain=dstnat dst-address=148.124.6.12 dst-port=8080 \
    protocol=tcp to-addresses=10.19.0.29
add action=dst-nat chain=dstnat dst-address=148.125.6.253 dst-port=8080 \
    protocol=tcp to-addresses=10.19.0.29
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL src-address=10.17.0.0/16 to-addresses=148.124.6.200
add action=src-nat chain=srcnat disabled=yes out-interface=vlan98 \
    src-address=10.19.0.0/16 to-addresses=148.125.6.254
add action=src-nat chain=srcnat comment="VPN - Nat http,https" dst-address=\
    0.0.0.0/0 dst-address-list=!INTERNAL src-address=10.19.0.0/16 \
    to-addresses=148.124.6.12
add action=dst-nat chain=dstnat disabled=yes dst-address=148.125.6.253 \
    dst-port=25 protocol=tcp to-addresses=172.20.4.36
add action=dst-nat chain=dstnat disabled=yes dst-address=148.125.6.253 \
    dst-port=22 protocol=tcp to-addresses=172.20.4.1
add action=dst-nat chain=dstnat comment=HERMES2 dst-address=148.125.244.254 \
    dst-port=993,995,145,587,465,25 protocol=tcp to-addresses=172.20.4.36
add action=dst-nat chain=dstnat comment=HERMES2 dst-address=148.124.6.158 \
    dst-port=993,995,145,587,465,25 protocol=tcp to-addresses=172.20.4.36
add action=dst-nat chain=dstnat comment=HERMES2 dst-address=148.124.6.153 \
    dst-port=993,995,145,587,465,25 protocol=tcp to-addresses=172.20.4.36
add action=dst-nat chain=dstnat comment="store - cont registry" \
    dst-address=10.17.254.254 dst-port=80 protocol=tcp src-address=0.0.0.0/0 \
    to-addresses=172.20.4.46 to-ports=8080
add action=dst-nat chain=dstnat comment="store - cont registry" \
    dst-address=10.17.254.254 dst-port=443 protocol=tcp to-addresses=\
    172.20.4.46 to-ports=8443
add action=dst-nat chain=dstnat comment="store - cont registry" \
    dst-address=10.17.254.254 dst-port=5001 protocol=tcp to-addresses=\
    172.20.4.46 to-ports=5001
add action=dst-nat chain=dstnat comment="Cluster produccio" dst-address=\
    148.124.6.157 dst-port=80,443 protocol=tcp to-addresses=192.168.10.61
add action=dst-nat chain=dstnat comment="Cluster produccio 10080" \
    dst-address=148.124.6.158 dst-port=80 protocol=tcp to-addresses=\
    192.168.10.61 to-ports=10080
add action=dst-nat chain=dstnat comment="Cluster produccio 10443" \
    dst-address=148.124.6.158 dst-port=443 protocol=tcp to-addresses=\
    192.168.10.61 to-ports=10443
add action=dst-nat chain=dstnat comment="Cluster nuc fgrcert" dst-address=\
    148.124.6.151 dst-port=8090,443,80 protocol=tcp src-mac-address=\
    00:00:00:00:00:00 to-addresses=192.168.10.206
add action=dst-nat chain=dstnat comment="Cluster nuc intern" dst-address=\
    192.168.10.31 dst-port=80,443 protocol=tcp to-addresses=192.168.10.206
add action=dst-nat chain=dstnat comment="Cluster nuc intern test" \
    dst-address=192.168.10.32 dst-port=80,443 protocol=tcp to-addresses=\
    192.168.10.61
add action=dst-nat chain=dstnat comment="Clusternuc 153" dst-address=\
    148.124.6.153 dst-port=80,443 protocol=tcp to-addresses=192.168.10.61
add action=dst-nat chain=dstnat comment="Cluster nuc 8" dst-address=\
    148.124.6.8 dst-port=80,443 protocol=tcp to-addresses=192.168.10.61
add action=dst-nat chain=dstnat comment="Cluster comput" dst-address=\
    148.124.6.156 dst-port=80,443,3023,3022,10443 protocol=tcp to-addresses=\
    192.168.10.101
add action=accept chain=srcnat comment=\
    "No NAT per 172.20.40/22 a office2 intern" dst-address-list=office2INTERN \
    src-address=172.20.4.0/22
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 src-address=172.20.4.36 \
    to-addresses=148.124.6.152
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL src-address=172.20.4.0/22 to-addresses=148.124.6.155
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL src-address=192.168.10.0/24 to-addresses=148.124.6.152
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL src-address=172.20.136.0/22 to-addresses=148.124.6.153
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 src-address=\
    172.16.0.0/16 to-addresses=148.124.6.12
add action=dst-nat chain=dstnat comment="Cloudstation des de fora" \
    dst-address=148.124.6.1 dst-port=6690,5001 protocol=tcp to-addresses=\
    172.20.4.69
add action=dst-nat chain=dstnat dst-address=73.22.174.254 dst-port=80,443 \
    protocol=tcp to-addresses=192.168.10.69
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 dst-address-list=\
    !INTERNAL routing-mark=IN_73.22.18.130 src-address=10.19.0.0/16 \
    to-addresses=73.22.174.253
add action=dst-nat chain=dstnat dst-address=73.22.174.253 dst-port=3000,8080 \
    protocol=tcp to-addresses=10.17.10.2
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 routing-mark=\
    IN_73.22.18.130 src-address=10.17.0.0/16 to-addresses=73.22.174.253
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024
/ip route
add distance=1 gateway=73.22.16.5 routing-mark=NET193_145_244
add distance=1 dst-address=172.20.150.0/24 gateway=combo1 routing-mark=\
    NET193_145_244
add distance=1 dst-address=148.125.244.0/24 gateway=ether1 routing-mark=\
    NET193_145_244
add comment=euronet-245 disabled=yes distance=1 gateway=73.22.18.129 \
    routing-mark=IN_73.22.18.130
add distance=1 dst-address=10.17.0.0/16 gateway=vlan2017 routing-mark=\
    IN_73.22.18.130
add distance=1 dst-address=10.18.0.0/16 gateway=vlan2018 routing-mark=\
    IN_73.22.18.130
add distance=1 dst-address=10.19.0.0/16 gateway=vlan2019 routing-mark=\
    IN_73.22.18.130
add distance=1 dst-address=73.22.18.128/30 gateway=eurochat-245 routing-mark=\
    IN_73.22.18.130
add distance=1 dst-address=73.22.22.128/30 gateway=eurochat-545 routing-mark=\
    IN_73.22.18.130
add comment=eurochat-245 disabled=yes distance=1 dst-address=73.22.174.0/24 \
    gateway=vlan2017 routing-mark=IN_73.22.18.130
add comment=eurochat disabled=yes distance=1 dst-address=73.22.174.0/24 gateway=\
    vlan2017 routing-mark=IN_73.22.18.130
add distance=1 dst-address=192.168.10.0/24 gateway=combo1 routing-mark=\
    IN_73.22.18.130
add comment=eurochat-545 disabled=yes distance=1 gateway=73.22.22.129 \
    routing-mark=IN_73.22.22.130
add comment="euronet-1 default gateway" distance=1 gateway=73.22.16.5
add comment="euronet-2 Default gateway" disabled=yes distance=1 gateway=\
    73.22.20.5
add comment="office2 - intern" distance=1 dst-address=10.0.0.0/16 gateway=\
    192.168.20.2
add comment="office2 - intern" distance=1 dst-address=10.1.0.0/16 gateway=\
    192.168.20.2
add comment="office2 -intern" distance=1 dst-address=10.2.0.0/16 gateway=\
    192.168.20.2
add comment="office2 - intern - lab de recerca de Catalunya" distance=1 \
    dst-address=192.168.110.0/24 gateway=192.168.20.2
add distance=1 dst-address=148.126.190.0/23 gateway=148.126.191.253
/ip route rule
add src-address=73.22.174.0/24 table=IN_73.22.18.130
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=10.19.0.29/32,10.18.0.0/16,172.20.4.0/22
set www-ssl address=10.19.0.29/32,10.18.10.0/24,172.20.4.0/22 certificate=\
    router disabled=no
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=jmca profile=default-encryption service=l2tp
/routing bgp network
add network=73.22.174.0/24 synchronize=no
/routing bgp peer
add name=peer1 remote-address=73.22.18.129 remote-as=13041 ttl=default
add name=peer2 remote-address=73.22.22.129 remote-as=13041 ttl=default
/snmp
set contact=grcert enabled=yes location=grcert
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=router1
/system ntp client
set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=91.226.136.138
/system ntp server
set enabled=yes
/system routerboard settings
set boot-delay=1s
/tool e-mail
set address=smtp-relay.gmail.com from=mikrotik-router-1@grcert.cat port=465 \
    start-tls=yes
/tool graphing
set store-every=hour
/tool graphing interface
add interface=office2_8
add interface=euronet1
add interface=office2_9
add interface=vlan2019
add interface=vlan2018
add interface=vlan2016
add interface=combo1
add interface=ether1
/tool graphing resource
add
/tool sniffer
set filter-interface=combo1 filter-ip-address=148.124.6.1/32 \
    filter-ip-protocol=tcp filter-port=6690
/tool user-manager database
set db-path=user-manager
Top
 
titansmc
just joined
Topic Author
Posts: 16
Joined: Wed Jun 07, 2017 11:51 am

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Fri Oct 06, 2017 2:52 pm

May I have a wrong srcnat?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 44 guests
  4. RouterOS
  5. General