-
-
arthurmitch
Frequent Visitor
- Posts: 82
- Joined:
- Location: South Africa
- Contact:
fowarding email
is there a way i can foward all traffic coming from port 25 to leave via a specific interface because i have three wan interfaces and one lan and i only wish to use my one wan for emailing
fowarding email
You could use a Mangle rule to change the routing mark to match a specific interface.
-
-
arthurmitch
Frequent Visitor
- Posts: 82
- Joined:
- Location: South Africa
- Contact:
Re: fowarding email
ok im a bit of a newb too this type of thing is there a how to or a exsample or somthing?
Re: fowarding email
This is the most basic rule that will do what you want to get it to go out the right interface depending upon your routing table and mangle rules. Where you place it within your rules depends upon your mangle setup.
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=to_outside2 dst-port=25 protocol=tcp
-
-
arthurmitch
Frequent Visitor
- Posts: 82
- Joined:
- Location: South Africa
- Contact:
Re: fowarding email
ok so if my rules in my mangle looks like this where do i put it?
Mangel:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-mweb
1 I chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether2-is
2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
connection-mark=wan1_conn
3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
connection-mark=wan2_conn
4 chain=prerouting action=accept dst-address=197.212.100.0/28
in-interface=ether10-lan
5 chain=prerouting action=accept dst-address=47.134.110.0/28
in-interface=ether10-lan
6 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-
8082
7 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
8 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb dst-port=143,110,5999
9 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
10 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-
8082
11 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=143,110,5999
12 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address=192.168.88.2 in-interface=ether10-lan
13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address=192.168.88.2 in-interface=ether10-lan
14 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address-type=!local in-interface=ether10-lan
connection-mark=no-mark per-connection-classifier=both-addresses:2/0
15 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address-type=!local in-interface=ether10-lan
connection-mark=no-mark per-connection-classifier=both-addresses:2/1
16 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=no in-interface=ether10-lan connection-mark=wan1_conn
17 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=no in-interface=ether10-lan connection-mark=wan2_conn
-- [Q quit|D dump|up|down]
oh the 192.168.88.2 is my email server and after my email server is my client pc's.
so how would i go about that?
Mangel:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-mweb
1 I chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether2-is
2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
connection-mark=wan1_conn
3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
connection-mark=wan2_conn
4 chain=prerouting action=accept dst-address=197.212.100.0/28
in-interface=ether10-lan
5 chain=prerouting action=accept dst-address=47.134.110.0/28
in-interface=ether10-lan
6 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-
8082
7 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
8 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb dst-port=143,110,5999
9 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
10 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-
8082
11 I chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=143,110,5999
12 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address=192.168.88.2 in-interface=ether10-lan
13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address=192.168.88.2 in-interface=ether10-lan
14 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address-type=!local in-interface=ether10-lan
connection-mark=no-mark per-connection-classifier=both-addresses:2/0
15 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address-type=!local in-interface=ether10-lan
connection-mark=no-mark per-connection-classifier=both-addresses:2/1
16 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=no in-interface=ether10-lan connection-mark=wan1_conn
17 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=no in-interface=ether10-lan connection-mark=wan2_conn
-- [Q quit|D dump|up|down]
oh the 192.168.88.2 is my email server and after my email server is my client pc's.
so how would i go about that?
Re: fowarding email
Somewhere before rule 12 would be ideal.
I'm not sure what you are asking about with your second question. I'm assuming though that it's related to how your clients can access the mail server over the public IP. The best solution to that is to place the e-mail server on it's own routed interface with a different subnet, and set up an appropriate firewall between your two networks. Much like a DMZ. The other option is an ugly hack called hairpin nat http://wiki.mikrotik.com/wiki/Hairpin_NAT.
I'm not sure what you are asking about with your second question. I'm assuming though that it's related to how your clients can access the mail server over the public IP. The best solution to that is to place the e-mail server on it's own routed interface with a different subnet, and set up an appropriate firewall between your two networks. Much like a DMZ. The other option is an ugly hack called hairpin nat http://wiki.mikrotik.com/wiki/Hairpin_NAT.
-
-
arthurmitch
Frequent Visitor
- Posts: 82
- Joined:
- Location: South Africa
- Contact:
Re: fowarding email
ok sorry my config has changed a bit but it still does not route all my outgoing mail via my ppp interface.
mangel:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn passthrough=no in-interface=ether1-mweb
1 chain=input action=mark-connection new-connection-mark=wan2_conn passthrough=no in-interface=ether2-is
2 chain=input action=mark-connection new-connection-mark=wan3_conn passthrough=no in-interface=Open-Web
3 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no connection-mark=wan1_conn
4 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no connection-mark=wan2_conn
5 chain=output action=mark-routing new-routing-mark=to_wan3 passthrough=no connection-mark=wan3_conn
6 chain=prerouting action=accept dst-address=197.212.100.0/28 in-interface=ether10-lan
7 chain=prerouting action=accept dst-address=47.134.110.0/28 in-interface=ether10-lan
8 chain=prerouting action=accept dst-address=197.215.212.0/28 in-interface=ether10-lan
9 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
10 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
11 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb dst-port=143,110,5999
12 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
14 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is dst-port=143,110,5999
15 ;;; Email routing
chain=prerouting action=mark-routing new-routing-mark=to_wan3 passthrough=yes protocol=tcp in-interface=ether10-lan dst-port=25
16 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
17 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
18 chain=prerouting action=mark-connection new-connection-mark=wan3_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
19 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes dst-address-type=!local in-interface=ether10-lan connection-mark=no-mark
per-connection-classifier=both-addresses:2/0
20 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes dst-address-type=!local in-interface=ether10-lan connection-mark=no-mark
per-connection-classifier=both-addresses:2/1
21 chain=prerouting action=mark-routing new-routing-mark=to_wan1 passthrough=no in-interface=ether10-lan connection-mark=wan1_conn
22 chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=no in-interface=ether10-lan connection-mark=wan2_conn
23 chain=prerouting action=mark-routing new-routing-mark=to_wan3 passthrough=no in-interface=ether10-lan connection-mark=wan3_conn
-- [Q quit|D dump|up|down]
plz assis?!
mangel:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn passthrough=no in-interface=ether1-mweb
1 chain=input action=mark-connection new-connection-mark=wan2_conn passthrough=no in-interface=ether2-is
2 chain=input action=mark-connection new-connection-mark=wan3_conn passthrough=no in-interface=Open-Web
3 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no connection-mark=wan1_conn
4 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no connection-mark=wan2_conn
5 chain=output action=mark-routing new-routing-mark=to_wan3 passthrough=no connection-mark=wan3_conn
6 chain=prerouting action=accept dst-address=197.212.100.0/28 in-interface=ether10-lan
7 chain=prerouting action=accept dst-address=47.134.110.0/28 in-interface=ether10-lan
8 chain=prerouting action=accept dst-address=197.215.212.0/28 in-interface=ether10-lan
9 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
10 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
11 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether1-mweb dst-port=143,110,5999
12 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881
13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082
14 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is dst-port=143,110,5999
15 ;;; Email routing
chain=prerouting action=mark-routing new-routing-mark=to_wan3 passthrough=yes protocol=tcp in-interface=ether10-lan dst-port=25
16 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
17 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
18 chain=prerouting action=mark-connection new-connection-mark=wan3_conn passthrough=no dst-address=192.168.88.2 in-interface=ether10-lan
19 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes dst-address-type=!local in-interface=ether10-lan connection-mark=no-mark
per-connection-classifier=both-addresses:2/0
20 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes dst-address-type=!local in-interface=ether10-lan connection-mark=no-mark
per-connection-classifier=both-addresses:2/1
21 chain=prerouting action=mark-routing new-routing-mark=to_wan1 passthrough=no in-interface=ether10-lan connection-mark=wan1_conn
22 chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=no in-interface=ether10-lan connection-mark=wan2_conn
23 chain=prerouting action=mark-routing new-routing-mark=to_wan3 passthrough=no in-interface=ether10-lan connection-mark=wan3_conn
-- [Q quit|D dump|up|down]
plz assis?!
Re: fowarding email
Please provide:
/ip route print detail
/ip address print detail
/ip firewall export
And wrap them in code tags so that they are more readable. We can then look at what you really have and then make suggestions/adjustments.
/ip route print detail
/ip address print detail
/ip firewall export
And wrap them in code tags so that they are more readable. We can then look at what you really have and then make suggestions/adjustments.
-
-
arthurmitch
Frequent Visitor
- Posts: 82
- Joined:
- Location: South Africa
- Contact:
Re: fowarding email
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=41.134.110.9 gateway-status=41.134.110.9 reachable via ether1-mweb check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan1
1 S dst-address=0.0.0.0/0 gateway=196.212.100.145 gateway-status=196.212.100.145 unreachable check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan2
2 A S dst-address=0.0.0.0/0 gateway=196.210.136.129 gateway-status=196.210.136.129 reachable via Open-Web check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan3
3 A S dst-address=0.0.0.0/0 gateway=41.134.110.9 gateway-status=41.134.110.9 reachable via ether1-mweb check-gateway=ping distance=2 scope=30 target-scope=10
4 S dst-address=0.0.0.0/0 gateway=196.212.100.145 gateway-status=196.212.100.145 unreachable check-gateway=ping distance=3 scope=30 target-scope=10
5 S dst-address=0.0.0.0/0 gateway=196.210.136.129 gateway-status=196.210.136.129 reachable via Open-Web check-gateway=ping distance=4 scope=30 target-scope=10
6 ADC dst-address=41.134.110.0/28 pref-src=41.134.110.10 gateway=ether1-mweb gateway-status=ether1-mweb reachable distance=0 scope=10
7 ADC dst-address=192.168.45.0/24 pref-src=192.168.45.2 gateway=ether3-Open-Web gateway-status=ether3-Open-Web reachable distance=0 scope=10
8 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether10-lan gateway-status=ether10-lan reachable distance=0 scope=10
9 ADC dst-address=196.210.136.129/32 pref-src=196.215.142.40 gateway=Open-Web gateway-status=Open-Web reachable distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 I ;;; InterNet Solutions
address=196.212.100.148/28 network=196.212.100.144 interface=ether2-is actual-interface=ether2-is
1 ;;; lan
address=192.168.88.1/24 network=192.168.88.0 interface=ether10-lan actual-interface=ether10-lan
2 ;;; mwe-connect
address=41.134.110.10/28 network=41.134.110.0 interface=ether1-mweb actual-interface=ether1-mweb
3 ;;; Open-Web
address=192.168.45.2/24 network=192.168.45.0 interface=ether3-Open-Web actual-interface=ether3-Open-Web
4 D address=196.215.142.40/32 network=196.210.136.129 interface=Open-Web actual-interface=Open-Web
/ip firewall export
# jun/12/2012 10:17:41 by RouterOS 5.17
/ip firewall layer7-protocol
add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozl\
e|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|ent\
ertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
add name=facebook-wwws regexp="^.*(get|GET).+(facebook).*\$"
add name=facebook-dns regexp="^.+(facebook).*\$"
/ip firewall connection tracking
set enabled=yes generic-timeout=15m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=1m10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=1m10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment="block all torrents" disabled=no p2p=all-p2p
add action=drop chain=forward comment="block torrent-dns" disabled=no dst-port=53 layer7-protocol=torrent-dns protocol=udp
add action=drop chain=forward comment="block torrent-wwws" disabled=no layer7-protocol=torrent-wwws
add action=drop chain=forward comment="block facebook-dns" disabled=no dst-port=53 layer7-protocol=facebook-dns protocol=udp time=8h-16h,mon,tue,wed,thu,fri
add action=drop chain=forward comment="block facebook-wwws" disabled=yes layer7-protocol=facebook-wwws time=8h-16h,mon,tue,wed,thu,fri
ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=ether1-mweb new-connection-mark=wan1_conn passthrough=no
add action=mark-connection chain=input disabled=no in-interface=ether2-is new-connection-mark=wan2_conn passthrough=no
add action=mark-connection chain=input disabled=no in-interface=Open-Web new-connection-mark=wan3_conn passthrough=no
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 out-interface=ether1-mweb passthrough=no
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 out-interface=ether2-is passthrough=no
add action=mark-routing chain=output connection-mark=wan3_conn disabled=no new-routing-mark=to_wan3 out-interface=Open-Web passthrough=no
add action=accept chain=prerouting disabled=no dst-address=41.134.110.0/28 in-interface=ether10-lan
add action=accept chain=prerouting disabled=no dst-address=196.212.100.0/28 in-interface=ether10-lan
add action=accept chain=prerouting disabled=no dst-address=196.215.212.0/28 in-interface=ether10-lan
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082 in-interface=ether1-mweb \
new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881 in-interface=ether1-mweb \
new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=143,110,5999 in-interface=ether1-mweb new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881 in-interface=ether2-is \
new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082 in-interface=ether2-is \
new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=143,110,5999 in-interface=ether2-is new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment="Email routing" disabled=yes dst-port=25 in-interface=ether10-lan new-routing-mark=to_wan3 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan1_conn passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan2_conn passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan3_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=ether10-lan new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=ether10-lan new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Internet on mweb" disabled=no out-interface=ether1-mweb
add action=masquerade chain=srcnat comment="Internet on IS" disabled=no out-interface=ether2-is
add action=masquerade chain=srcnat comment="Loop Back" disabled=no dst-address=192.168.88.2 src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=196.212.100.148 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=196.209.248.197 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=41.134.110.10 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=196.212.100.148 dst-port=80-81 protocol=tcp to-addresses=192.168.88.2 to-ports=80-81
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=41.134.110.10 dst-port=80-81 protocol=tcp to-addresses=192.168.88.2 to-ports=80-81
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=196.212.100.148 dst-port=443 protocol=tcp to-addresses=192.168.88.2 to-ports=443
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=41.134.110.10 dst-port=443 protocol=tcp to-addresses=192.168.88.2 to-ports=443
add action=dst-nat chain=dstnat comment=lftp disabled=no dst-address=196.212.100.148 dst-port=2040-2050 protocol=tcp to-addresses=192.168.88.2 to-ports=2040-2050
add action=dst-nat chain=dstnat comment=lftp disabled=no dst-address=41.134.110.10 dst-port=2040-2050 protocol=tcp to-addresses=192.168.88.2 to-ports=2040-2050
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=3203-3206 protocol=tcp to-addresses=192.168.88.2 to-ports=3203-3206
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=3203-3206 protocol=tcp to-addresses=192.168.88.2 to-ports=3203-3206
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=196.212.100.148 dst-port=5900-5935 protocol=tcp to-addresses=192.168.88.2 to-ports=5900-5935
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=196.212.100.148 dst-port=5999 protocol=tcp to-addresses=192.168.88.2 to-ports=5999
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=41.134.110.10 dst-port=5900-5935 protocol=tcp to-addresses=192.168.88.2 to-ports=5900-5935
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=41.134.110.10 dst-port=5999 protocol=tcp to-addresses=192.168.88.2 to-ports=5999
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=6000-6020 protocol=tcp to-addresses=192.168.88.2 to-ports=6000-6020
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=6000-6020 protocol=tcp to-addresses=192.168.88.2 to-ports=6000-6020
add action=dst-nat chain=dstnat disabled=no dst-address=196.212.100.148 dst-port=6080 protocol=tcp to-addresses=192.168.88.2 to-ports=6080
add action=dst-nat chain=dstnat disabled=no dst-address=41.134.110.10 dst-port=6080 protocol=tcp to-addresses=192.168.88.2 to-ports=6080
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=196.212.100.148 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=ECS-COMMUNICATOR disabled=no dst-address=196.212.100.148 dst-port=8080-8082 protocol=tcp to-addresses=192.168.88.2 to-ports=8080-8082
add action=dst-nat chain=dstnat comment=ECS-COMMUNICATOR disabled=no dst-address=41.134.110.10 dst-port=8080-8082 protocol=tcp to-addresses=192.168.88.2 to-ports=8080-8082
add action=dst-nat chain=dstnat comment="Kode Program" disabled=no dst-address=196.212.100.148 dst-port=9091 protocol=tcp to-addresses=192.168.88.2 to-ports=9091
add action=dst-nat chain=dstnat comment="Kode Program" disabled=no dst-address=41.134.110.10 dst-port=9091 protocol=tcp to-addresses=192.168.88.2 to-ports=9091
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=41.134.110.10 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=196.212.100.148 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=EAP disabled=no dst-address=196.212.100.148 dst-port=8061 protocol=tcp to-addresses=192.168.88.2 to-ports=8061
add action=dst-nat chain=dstnat comment=EAP disabled=no dst-address=41.134.110.10 dst-port=8061 protocol=tcp to-addresses=192.168.88.2 to-ports=8061
add action=dst-nat chain=dstnat comment="Gerrit Web Service" disabled=no dst-address=196.212.100.148 dst-port=6500-6501 protocol=tcp to-addresses=192.168.88.2 to-ports=6500-6501
add action=dst-nat chain=dstnat comment="Gerrit Web Service" disabled=no dst-address=41.134.110.10 dst-port=6500-6501 protocol=tcp to-addresses=192.168.88.2 to-ports=6500-6501
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=196.212.100.148 dst-port=88-89 protocol=tcp to-addresses=192.168.88.2 to-ports=88-89
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=41.134.110.10 dst-port=88-89 protocol=tcp to-addresses=192.168.88.2 to-ports=88-89
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=881 protocol=tcp to-addresses=192.168.88.2 to-ports=881
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=3000 protocol=tcp to-addresses=192.168.88.2 to-ports=3000
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=143 protocol=tcp to-addresses=192.168.88.2 to-ports=143
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=110 protocol=tcp to-addresses=192.168.88.2 to-ports=110
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=881 protocol=tcp to-addresses=192.168.88.2 to-ports=881
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=110 protocol=tcp to-addresses=192.168.88.2 to-ports=110
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=3000 protocol=tcp to-addresses=192.168.88.2 to-ports=3000
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=143 protocol=tcp to-addresses=192.168.88.2 to-ports=143
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
i hope everything is in order u wanted it?
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=41.134.110.9 gateway-status=41.134.110.9 reachable via ether1-mweb check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan1
1 S dst-address=0.0.0.0/0 gateway=196.212.100.145 gateway-status=196.212.100.145 unreachable check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan2
2 A S dst-address=0.0.0.0/0 gateway=196.210.136.129 gateway-status=196.210.136.129 reachable via Open-Web check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_wan3
3 A S dst-address=0.0.0.0/0 gateway=41.134.110.9 gateway-status=41.134.110.9 reachable via ether1-mweb check-gateway=ping distance=2 scope=30 target-scope=10
4 S dst-address=0.0.0.0/0 gateway=196.212.100.145 gateway-status=196.212.100.145 unreachable check-gateway=ping distance=3 scope=30 target-scope=10
5 S dst-address=0.0.0.0/0 gateway=196.210.136.129 gateway-status=196.210.136.129 reachable via Open-Web check-gateway=ping distance=4 scope=30 target-scope=10
6 ADC dst-address=41.134.110.0/28 pref-src=41.134.110.10 gateway=ether1-mweb gateway-status=ether1-mweb reachable distance=0 scope=10
7 ADC dst-address=192.168.45.0/24 pref-src=192.168.45.2 gateway=ether3-Open-Web gateway-status=ether3-Open-Web reachable distance=0 scope=10
8 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether10-lan gateway-status=ether10-lan reachable distance=0 scope=10
9 ADC dst-address=196.210.136.129/32 pref-src=196.215.142.40 gateway=Open-Web gateway-status=Open-Web reachable distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 I ;;; InterNet Solutions
address=196.212.100.148/28 network=196.212.100.144 interface=ether2-is actual-interface=ether2-is
1 ;;; lan
address=192.168.88.1/24 network=192.168.88.0 interface=ether10-lan actual-interface=ether10-lan
2 ;;; mwe-connect
address=41.134.110.10/28 network=41.134.110.0 interface=ether1-mweb actual-interface=ether1-mweb
3 ;;; Open-Web
address=192.168.45.2/24 network=192.168.45.0 interface=ether3-Open-Web actual-interface=ether3-Open-Web
4 D address=196.215.142.40/32 network=196.210.136.129 interface=Open-Web actual-interface=Open-Web
/ip firewall export
# jun/12/2012 10:17:41 by RouterOS 5.17
/ip firewall layer7-protocol
add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozl\
e|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|ent\
ertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
add name=facebook-wwws regexp="^.*(get|GET).+(facebook).*\$"
add name=facebook-dns regexp="^.+(facebook).*\$"
/ip firewall connection tracking
set enabled=yes generic-timeout=15m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=1m10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=1m10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment="block all torrents" disabled=no p2p=all-p2p
add action=drop chain=forward comment="block torrent-dns" disabled=no dst-port=53 layer7-protocol=torrent-dns protocol=udp
add action=drop chain=forward comment="block torrent-wwws" disabled=no layer7-protocol=torrent-wwws
add action=drop chain=forward comment="block facebook-dns" disabled=no dst-port=53 layer7-protocol=facebook-dns protocol=udp time=8h-16h,mon,tue,wed,thu,fri
add action=drop chain=forward comment="block facebook-wwws" disabled=yes layer7-protocol=facebook-wwws time=8h-16h,mon,tue,wed,thu,fri
ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=ether1-mweb new-connection-mark=wan1_conn passthrough=no
add action=mark-connection chain=input disabled=no in-interface=ether2-is new-connection-mark=wan2_conn passthrough=no
add action=mark-connection chain=input disabled=no in-interface=Open-Web new-connection-mark=wan3_conn passthrough=no
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 out-interface=ether1-mweb passthrough=no
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 out-interface=ether2-is passthrough=no
add action=mark-routing chain=output connection-mark=wan3_conn disabled=no new-routing-mark=to_wan3 out-interface=Open-Web passthrough=no
add action=accept chain=prerouting disabled=no dst-address=41.134.110.0/28 in-interface=ether10-lan
add action=accept chain=prerouting disabled=no dst-address=196.212.100.0/28 in-interface=ether10-lan
add action=accept chain=prerouting disabled=no dst-address=196.215.212.0/28 in-interface=ether10-lan
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082 in-interface=ether1-mweb \
new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881 in-interface=ether1-mweb \
new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=143,110,5999 in-interface=ether1-mweb new-connection-mark=wan1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881 in-interface=ether2-is \
new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082 in-interface=ether2-is \
new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-port=143,110,5999 in-interface=ether2-is new-connection-mark=wan2_conn passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment="Email routing" disabled=yes dst-port=25 in-interface=ether10-lan new-routing-mark=to_wan3 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan1_conn passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan2_conn passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-address=192.168.88.2 in-interface=ether10-lan new-connection-mark=wan3_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=ether10-lan new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=ether10-lan new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=no in-interface=ether10-lan new-routing-mark=to_wan3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Internet on mweb" disabled=no out-interface=ether1-mweb
add action=masquerade chain=srcnat comment="Internet on IS" disabled=no out-interface=ether2-is
add action=masquerade chain=srcnat comment="Loop Back" disabled=no dst-address=192.168.88.2 src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=196.212.100.148 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=196.209.248.197 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=FTP-SSH disabled=no dst-address=41.134.110.10 dst-port=20-25 protocol=tcp to-addresses=192.168.88.2 to-ports=20-25
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=196.212.100.148 dst-port=80-81 protocol=tcp to-addresses=192.168.88.2 to-ports=80-81
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=41.134.110.10 dst-port=80-81 protocol=tcp to-addresses=192.168.88.2 to-ports=80-81
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=196.212.100.148 dst-port=443 protocol=tcp to-addresses=192.168.88.2 to-ports=443
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=41.134.110.10 dst-port=443 protocol=tcp to-addresses=192.168.88.2 to-ports=443
add action=dst-nat chain=dstnat comment=lftp disabled=no dst-address=196.212.100.148 dst-port=2040-2050 protocol=tcp to-addresses=192.168.88.2 to-ports=2040-2050
add action=dst-nat chain=dstnat comment=lftp disabled=no dst-address=41.134.110.10 dst-port=2040-2050 protocol=tcp to-addresses=192.168.88.2 to-ports=2040-2050
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=3203-3206 protocol=tcp to-addresses=192.168.88.2 to-ports=3203-3206
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=3203-3206 protocol=tcp to-addresses=192.168.88.2 to-ports=3203-3206
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=196.212.100.148 dst-port=5900-5935 protocol=tcp to-addresses=192.168.88.2 to-ports=5900-5935
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=196.212.100.148 dst-port=5999 protocol=tcp to-addresses=192.168.88.2 to-ports=5999
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=41.134.110.10 dst-port=5900-5935 protocol=tcp to-addresses=192.168.88.2 to-ports=5900-5935
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=41.134.110.10 dst-port=5999 protocol=tcp to-addresses=192.168.88.2 to-ports=5999
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=6000-6020 protocol=tcp to-addresses=192.168.88.2 to-ports=6000-6020
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=6000-6020 protocol=tcp to-addresses=192.168.88.2 to-ports=6000-6020
add action=dst-nat chain=dstnat disabled=no dst-address=196.212.100.148 dst-port=6080 protocol=tcp to-addresses=192.168.88.2 to-ports=6080
add action=dst-nat chain=dstnat disabled=no dst-address=41.134.110.10 dst-port=6080 protocol=tcp to-addresses=192.168.88.2 to-ports=6080
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=196.212.100.148 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=ECS-COMMUNICATOR disabled=no dst-address=196.212.100.148 dst-port=8080-8082 protocol=tcp to-addresses=192.168.88.2 to-ports=8080-8082
add action=dst-nat chain=dstnat comment=ECS-COMMUNICATOR disabled=no dst-address=41.134.110.10 dst-port=8080-8082 protocol=tcp to-addresses=192.168.88.2 to-ports=8080-8082
add action=dst-nat chain=dstnat comment="Kode Program" disabled=no dst-address=196.212.100.148 dst-port=9091 protocol=tcp to-addresses=192.168.88.2 to-ports=9091
add action=dst-nat chain=dstnat comment="Kode Program" disabled=no dst-address=41.134.110.10 dst-port=9091 protocol=tcp to-addresses=192.168.88.2 to-ports=9091
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=41.134.110.10 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=KODE-PROGRAM disabled=no dst-address=196.212.100.148 dst-port=7000 protocol=tcp to-addresses=192.168.88.2 to-ports=7000
add action=dst-nat chain=dstnat comment=EAP disabled=no dst-address=196.212.100.148 dst-port=8061 protocol=tcp to-addresses=192.168.88.2 to-ports=8061
add action=dst-nat chain=dstnat comment=EAP disabled=no dst-address=41.134.110.10 dst-port=8061 protocol=tcp to-addresses=192.168.88.2 to-ports=8061
add action=dst-nat chain=dstnat comment="Gerrit Web Service" disabled=no dst-address=196.212.100.148 dst-port=6500-6501 protocol=tcp to-addresses=192.168.88.2 to-ports=6500-6501
add action=dst-nat chain=dstnat comment="Gerrit Web Service" disabled=no dst-address=41.134.110.10 dst-port=6500-6501 protocol=tcp to-addresses=192.168.88.2 to-ports=6500-6501
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=196.212.100.148 dst-port=88-89 protocol=tcp to-addresses=192.168.88.2 to-ports=88-89
add action=dst-nat chain=dstnat comment=WEB-APP disabled=no dst-address=41.134.110.10 dst-port=88-89 protocol=tcp to-addresses=192.168.88.2 to-ports=88-89
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=881 protocol=tcp to-addresses=192.168.88.2 to-ports=881
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=3000 protocol=tcp to-addresses=192.168.88.2 to-ports=3000
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=143 protocol=tcp to-addresses=192.168.88.2 to-ports=143
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=196.212.100.148 dst-port=110 protocol=tcp to-addresses=192.168.88.2 to-ports=110
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=881 protocol=tcp to-addresses=192.168.88.2 to-ports=881
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=110 protocol=tcp to-addresses=192.168.88.2 to-ports=110
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=3000 protocol=tcp to-addresses=192.168.88.2 to-ports=3000
add action=dst-nat chain=dstnat comment=CASHFREE disabled=no dst-address=41.134.110.10 dst-port=143 protocol=tcp to-addresses=192.168.88.2 to-ports=143
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
i hope everything is in order u wanted it?
Who is online
Users browsing this forum: Bing [Bot], godel0914 and 74 guests