/ipv6 address add address=xxxx:xxxx:ffff:fffe::10a/126 advertise=no interface=IPv6 /ipv6 route add dst-address=2000::/3 gateway=xxxx:xxxx:ffff:fffe::109
/ip firewall nat add action=accept chain=dstnat in-interface-list=WAN protocol=ipsec-esp
/export hide-sensitive file=myconfig
/interface bridge vlan add bridge=bridge tagged=bridge,ether4,ether5 vlan-ids=1000
random (integer: 1..99; Default: ) - Matches packets randomly with given probability.
/ip firewall filter add chain=forward connection-nat-state=dstnat action=accept
/ip route disable [find comment="test"] /ip route disable [find dst-address=10.0.0.0/8] /ip route disable [find dst-address=0.0.0.0/0 gateway=10.1.1.1]
It depends. Is X in 100.X.x.x between 64 and 127? If so, it's CGNAT range and it's not public either. Then your ability to forward ports would depend on ISP first forwarding ports to you from real public address.... gives me 100.x.x.x which is not a private IP).
/ip route add dst-address=192.168.10.0/24 gateway=192.168.1.120
That, if true, would be bug.The DNS cache works fine for connected IPv4 networks when "allow-remote-requests=no", ...
/ip firewall nat add chain=srcnat action=masquerade
This one is enough: https://cacerts.digicert.com/DigiCertGl ... CA.crt.pemAre you aware of a way to do this that doesn't import over 100 certificates?
/ip firewall nat add chain=srcnat dst-addresses=172.16.100.100 protocol=tcp dst-port=80 action=masquerade