CRS226-24G-2S+ not usable as a router

RouterOS General
1

Hi!

People, be advised, the CRS226-24G-2S+ is pretty much unusable as a router. Wasn’t able to get more than ~10 mbit/s from my ISP, wondered why, have been looking for problems for weeks (wireless etc.) … had to switch back to a $30 model RB750 to get full speed again! Wouldn’t have thought that’s possible.

2

Thats very odd because I have one of them routing on a 50/50 fiber that is doing quite well.
Maybe you are you bridging the LAN ports and not switching them?

3

Post your configuration, then we can think what is wrong.

4

in all honesty, if you are not able to saturate a 1gbps link, then you are doing something wrong.
It does not take much power to route.

On the other hand, it takes a lot of power to bridge, even more if you are using IP filters on that bridge.

5

The switched ports aren’t the problem, they can easily be saturated (gigabit).
What part of the config would you like to see? I loaded the config back to my RB450G and boom, speed was back.
BTW it only came to my mind it could be the crs because I found one or 2 threads about similar problems here in the forum. Basically the opinion was the crs isn’t suitable for more than 20 mbit/s of internet connectivity.

6

Please post the IP & Interface exports

7

OK, that’s about it:

# sep/14/2014 14:30:27 by RouterOS 6.19
# software id = 303I-LAN7
#
/interface bridge
add name=loopback protocol-mode=none
/interface ethernet
set [ find default-name=ether3 ] mac-address=68:05:CA:01:E9:4F name=Closeness
set [ find default-name=ether4 ] name=LAN
set [ find default-name=ether5 ] l2mtu=9204 master-port=LAN name=\
    "Link Wohnzimmer"
set [ find default-name=ether12 ] master-port=LAN name=MacMini
set [ find default-name=ether9 ] master-port=LAN name=PowerLAN
set [ find default-name=ether1 ] mac-address=F8:1A:67:36:6B:6B name=\
    Swisscable
set [ find default-name=ether2 ] mac-address=00:0C:29:A6:6C:0C name=\
    Telefonica
set [ find default-name=ether24 ] master-port=LAN name=TimeMachine
set [ find default-name=ether11 ] master-port=LAN name="VMware ESXI"
set [ find default-name=ether13 ] master-port=LAN name=\
    "WLAN Bridge Gaestehaus"
set [ find default-name=ether7 ] master-port=LAN name=cs
set [ find default-name=ether10 ] master-port=LAN
set [ find default-name=ether14 ] master-port=LAN
set [ find default-name=ether15 ] master-port=LAN
set [ find default-name=ether16 ] master-port=LAN
set [ find default-name=ether17 ] master-port=LAN
set [ find default-name=ether18 ] master-port=LAN
set [ find default-name=ether19 ] master-port=LAN
set [ find default-name=ether20 ] master-port=LAN
set [ find default-name=ether21 ] master-port=LAN
set [ find default-name=ether22 ] master-port=LAN
set [ find default-name=ether8 ] master-port=LAN name="iMac 27"
/interface pptp-server
add name=pptp-vpn-server user=""
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" local-address=\
    xxx.xxx.60.46 mtu=1280 name=sit1 remote-address=216.66.80.98
/ip neighbor discovery
set sit1 comment="Hurricane Electric IPv6 Tunnel Broker"
/interface ethernet
set [ find default-name=ether6 ] master-port=LAN name="Airport Schreibtisch"
set [ find default-name=ether23 ] master-port=LAN name=Data
/ip ipsec proposal
set [ find default=yes ] lifetime=10m
/ip pool
add name=default-dhcp ranges=192.168.1.100-192.168.1.124
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=LAN lease-time=5m name=\
    default
/port
set 0 name=serial0
/interface bridge port
add bridge=loopback disabled=yes interface=LAN
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
set 26 dscp-based-qos-dscp-to-dscp-mapping=no
/interface pptp-server server
set authentication=mschap2 default-profile=vpn-profile enabled=yes max-mru=\
    1460 max-mtu=1460
/ip address
add address=192.168.1.1/24 interface=LAN network=192.168.1.0
add address=192.168.2.2/24 interface=Telefonica network=192.168.2.0
add address=192.168.254.1/32 interface=loopback network=192.168.254.1
/ip cloud
set enabled=yes
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=Swisscable
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=Closeness
/ip dhcp-server lease
add address=192.168.1.7 mac-address=00:09:34:1C:08:C4
add address=192.168.1.8 mac-address=00:08:7B:07:33:39
add address=192.168.1.9 mac-address=00:05:CD:21:F1:53
add address=192.168.1.10 always-broadcast=yes mac-address=00:1D:EC:05:79:19
add address=192.168.1.11 mac-address=00:09:34:2E:57:0F
add address=192.168.1.12 mac-address=00:09:34:1B:A7:15
add address=192.168.1.13 mac-address=00:09:34:28:11:30
add address=192.168.1.14 mac-address=00:02:72:A2:70:98
add address=192.168.1.15 mac-address=1C:C1:DE:FE:E5:33
add address=192.168.1.28 mac-address=00:15:6D:EE:A3:C2
add address=192.168.1.29 mac-address=00:15:6D:EE:A3:59
add address=192.168.1.41 mac-address=00:0C:29:C8:A1:2F
add address=192.168.1.50 mac-address=68:05:CA:01:CB:5A
add address=192.168.1.54 mac-address=00:0C:29:F4:A6:A3
add address=192.168.1.55 mac-address=00:50:56:B6:6A:08
add address=192.168.1.56 mac-address=00:0C:29:3D:A9:44
add address=192.168.1.57 mac-address=00:0C:29:FB:2A:BA
add address=192.168.1.61 mac-address=00:0C:29:F0:A9:A0
add address=192.168.1.125 mac-address=00:50:56:B6:6A:0D
add address=192.168.1.199 mac-address=44:57:52:44:81:7E
add address=192.168.1.200 mac-address=00:9C:02:5B:1C:C0
add address=192.168.1.201 mac-address=00:22:3F:F8:49:3C
add address=192.168.1.202 mac-address=00:22:3F:F8:49:34
add address=192.168.1.38 client-id=1:40:6c:8f:3b:5e:b9 mac-address=\
    40:6C:8F:3B:5E:B9 server=default
add address=192.168.1.34 always-broadcast=yes client-id=1:b8:f6:b1:10:cd:cd \
    mac-address=B8:F6:B1:10:CD:CD server=default
add address=192.168.1.39 client-id=1:0:23:df:fd:6f:53 mac-address=\
    00:23:DF:FD:6F:53 server=default
add address=192.168.1.84 always-broadcast=yes client-id=1:70:73:cb:ce:92:6d \
    mac-address=70:73:CB:CE:92:6D server=default
add address=192.168.1.37 always-broadcast=yes client-id=1:0:23:df:81:24:c6 \
    mac-address=00:23:DF:81:24:C6 server=default
add address=192.168.1.33 client-id=1:0:26:8:e1:68:20 mac-address=\
    00:26:08:E1:68:20 server=default
add address=192.168.1.82 always-broadcast=yes client-id=1:f0:cb:a1:a5:4b:eb \
    mac-address=F0:CB:A1:A5:4B:EB server=default
add address=192.168.1.36 always-broadcast=yes client-id=1:0:26:8:e8:b8:b5 \
    mac-address=00:26:08:E8:B8:B5 server=default
add address=192.168.1.81 always-broadcast=yes client-id=1:f0:cb:a1:7e:b3:3a \
    mac-address=F0:CB:A1:7E:B3:3A server=default
add address=192.168.1.87 client-id=1:90:27:e4:35:1b:26 mac-address=\
    90:27:E4:35:1B:26 server=default
add address=192.168.1.83 always-broadcast=yes client-id=1:a4:67:6:ab:b9:c2 \
    mac-address=A4:67:06:AB:B9:C2 server=default
add address=192.168.1.91 always-broadcast=yes client-id=1:4:f7:e4:4c:d0:b5 \
    mac-address=04:F7:E4:4C:D0:B5 server=default
add address=192.168.1.2 mac-address=00:0D:B9:2E:97:D9 server=default
add address=192.168.1.3 mac-address=24:65:11:77:AA:0A
add address=192.168.1.89 always-broadcast=yes client-id=1:74:e1:b6:94:ef:49 \
    mac-address=74:E1:B6:94:EF:49 server=default
add address=192.168.1.92 always-broadcast=yes client-id=1:4:f7:e4:46:8e:21 \
    mac-address=04:F7:E4:46:8E:21 server=default
add address=192.168.1.49 always-broadcast=yes client-id=1:60:45:bd:f2:c1:24 \
    mac-address=60:45:BD:F2:C1:24 server=default
add address=192.168.1.90 always-broadcast=yes client-id=1:28:e1:4c:97:7b:d3 \
    mac-address=28:E1:4C:97:7B:D3 server=default
add address=192.168.1.85 always-broadcast=yes client-id=1:b8:e8:56:85:fd:a9 \
    mac-address=B8:E8:56:85:FD:A9 server=default
add address=192.168.1.6 client-id=1:70:9e:29:37:5a:d5 mac-address=\
    70:9E:29:37:5A:D5 server=default
add address=192.168.1.47 mac-address=00:0C:29:96:67:51 server=default
add address=192.168.1.40 client-id=1:d0:50:99:2e:d1:10 mac-address=\
    D0:50:99:2E:D1:10 server=default
add address=192.168.1.48 client-id=1:d0:50:99:2e:d1:11 mac-address=\
    D0:50:99:2E:D1:11 server=default
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.1 domain=xxx.xxx gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=\
    192.168.222.1,192.168.3.20,2001:4860:4860::8844,2001:4860:4860::8888
/ip dns static
add address=192.168.1.56 name=xxx.xxx.ch
add address=192.168.1.61 name=simplebuild.xxx.xxx
add address=192.168.1.19 name=mrtg2.xxx.xxx
add address=192.168.1.127 name=bbs.xxx.xxx
add address=192.168.1.115 name=joomlaxxx.xxx.xxx.xxx
add address=192.168.1.115 name=freetemplate.xxx.xxx
add address=192.168.1.19 name=cs.xxx.xxx
add address=192.168.1.47 name=dev.projectluxury.com
add address=192.168.1.19 name=argus.xxx.xxx
add address=192.168.1.48 name=timemachine.xxx.xxx
/ip firewall filter
add chain=forward comment="accept established forward" connection-state=\
    established
add chain=input comment="accept established" connection-state=established
add chain=forward comment="accept related forward" connection-state=related
add chain=input comment="accept related input" connection-state=related
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="PPTP Tunnel" protocol=gre
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=icmp src-address=192.168.1.0/24
add chain=input comment="f\FCr vpn" dst-port=500 protocol=udp src-address=\
    xxx.xxx.177.42
add chain=input dst-port=500 protocol=udp src-address=xxx.xxx.60.179
add chain=input comment="SNMP Firewall" dst-port=161 protocol=udp \
    src-address=xxx.xxx.179.135
add chain=input comment="Von www.xxx.xxx alles zulassen" src-address=\
    xxx.xxx.179.135
add chain=input dst-port=8291 protocol=tcp
add chain=forward comment="Zugriff vom La Guardia auf CS" dst-address=\
    192.168.1.19 src-address=192.168.10.0/24
add chain=forward dst-address=192.168.1.19 src-address=192.168.115.0/24
add chain=input src-address=xxx.xxx.60.179
add chain=forward comment="IPSec Dino" disabled=yes dst-address=\
    192.168.1.0/24 src-address=192.168.115.0/24
add action=drop chain=forward comment="IPSec La Guardia" dst-address=\
    192.168.1.0/24 src-address=192.168.10.0/24
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=\
    192.168.115.0/24
add action=drop chain=input in-interface=Swisscable
add action=drop chain=input in-interface=Telefonica
add action=drop chain=input in-interface=Closeness
/ip firewall mangle
add chain=prerouting comment="f\FCr ipsec" dst-address=192.168.10.0/24
add chain=prerouting dst-address=192.168.115.0/24
add action=mark-routing chain=prerouting comment=ipads/iphones \
    new-routing-mark=Closeness passthrough=no src-address=192.168.1.125
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    src-address=192.168.1.83
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    src-address=192.168.1.85
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    src-address=192.168.1.89
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    src-address=192.168.1.118
add action=mark-routing chain=prerouting comment=Closeness new-routing-mark=\
    Closeness passthrough=no src-address=192.168.1.153
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.154
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.155
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.156
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.157
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.158
add action=mark-routing chain=prerouting new-routing-mark=Closeness \
    passthrough=no src-address=192.168.1.159
add chain=prerouting comment="f\FCr Pingtest" dst-address=xxx.xxx.179.135 \
    src-address=192.168.1.19
add chain=prerouting dst-address=xxx.xxx.60.1 src-address=192.168.1.19
add chain=prerouting dst-address=xx.xx.119.217 src-address=192.168.1.19
add action=mark-routing chain=prerouting comment=\
    "cardsharing geht \FCber Telefonica" new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.19
add action=mark-routing chain=prerouting comment=Telefonica new-routing-mark=\
    Telefonica passthrough=no src-address=192.168.1.133
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.134
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.135
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.136
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.137
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.138
add action=mark-routing chain=prerouting new-routing-mark=Telefonica \
    passthrough=no src-address=192.168.1.139
add action=mark-routing chain=prerouting comment=LoadBalance \
    new-routing-mark=Loadbalance passthrough=no src-address=192.168.1.163
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.164
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.165
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.166
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.167
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.168
add action=mark-routing chain=prerouting new-routing-mark=Loadbalance \
    passthrough=no src-address=192.168.1.169
add action=mark-routing chain=prerouting comment=Swisscable new-routing-mark=\
    Swisscable passthrough=no src-address=192.168.1.183
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.184
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.185
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.186
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.187
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.188
add action=mark-routing chain=prerouting new-routing-mark=Swisscable \
    passthrough=no src-address=192.168.1.189
add action=mark-routing chain=prerouting comment=Mini disabled=yes \
    new-routing-mark=Closeness passthrough=no src-address=192.168.1.37
/ip firewall nat
add chain=srcnat comment="IPSec Dino" dst-address=192.168.115.0/24 \
    src-address=192.168.1.0/24
add chain=srcnat comment="IPSec La Guardia" dst-address=192.168.10.0/24 \
    src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Masquerade Swisscable" \
    out-interface=Swisscable
add action=masquerade chain=srcnat comment="Masquerade Telefonica" \
    out-interface=Telefonica
add action=masquerade chain=srcnat comment="Masquerade Closeness" \
    out-interface=Closeness
add action=masquerade chain=srcnat dst-address=192.168.1.39 dst-port=22 \
    out-interface=LAN protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.19 dst-port=8882 \
    out-interface=LAN protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.10 dst-port=22 \
    out-interface=LAN protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-port=8882 protocol=tcp to-addresses=\
    192.168.1.19 to-ports=8882
add action=dst-nat chain=dstnat comment=bbs dst-port=80 in-interface=\
    Swisscable protocol=tcp to-addresses=192.168.1.47 to-ports=80
add action=dst-nat chain=dstnat comment=ntp dst-address=83.61.17.122 \
    dst-port=123 protocol=udp to-addresses=192.168.1.19 to-ports=123
add action=dst-nat chain=dstnat dst-port=8005 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.126 to-ports=80
add action=dst-nat chain=dstnat dst-port=21 in-interface=Swisscable protocol=\
    tcp to-addresses=192.168.1.115 to-ports=21
add action=dst-nat chain=dstnat dst-port=23 in-interface=Swisscable protocol=\
    tcp to-addresses=192.168.1.127 to-ports=23
add action=dst-nat chain=dstnat dst-port=25 in-interface=Swisscable protocol=\
    tcp to-addresses=192.168.1.126 to-ports=25
add action=dst-nat chain=dstnat comment=dns dst-port=53 in-interface=\
    Swisscable protocol=udp to-addresses=192.168.1.19 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=Swisscable protocol=\
    tcp to-addresses=192.168.1.19 to-ports=53
add action=dst-nat chain=dstnat dst-port=81 in-interface=Telefonica protocol=\
    tcp to-addresses=192.168.1.19 to-ports=12001
add action=dst-nat chain=dstnat dst-port=82 in-interface=Telefonica protocol=\
    tcp to-addresses=192.168.1.19 to-ports=8003
add action=dst-nat chain=dstnat dst-port=555 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.254.1 to-ports=161
add action=dst-nat chain=dstnat dst-port=2000 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.1.200 to-ports=161
add action=dst-nat chain=dstnat dst-port=2000 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.1.200 to-ports=161
add action=dst-nat chain=dstnat dst-port=2001 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.1.201 to-ports=161
add action=dst-nat chain=dstnat dst-port=2001 in-interface=Closeness \
    protocol=udp to-addresses=192.168.1.201 to-ports=161
add action=dst-nat chain=dstnat dst-port=2001 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.1.201 to-ports=161
add action=dst-nat chain=dstnat dst-port=2002 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.1.202 to-ports=161
add action=dst-nat chain=dstnat dst-port=2002 in-interface=Closeness \
    protocol=udp to-addresses=192.168.1.202 to-ports=161
add action=dst-nat chain=dstnat dst-port=2002 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.1.202 to-ports=161
add action=dst-nat chain=dstnat dst-port=2003 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.254.1 to-ports=161
add action=dst-nat chain=dstnat dst-port=2003 in-interface=Closeness \
    protocol=udp to-addresses=192.168.254.1 to-ports=161
add action=dst-nat chain=dstnat dst-port=2003 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.254.1 to-ports=161
add action=dst-nat chain=dstnat dst-port=2004 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.1.40 to-ports=161
add action=dst-nat chain=dstnat dst-port=2004 in-interface=Closeness \
    protocol=udp to-addresses=192.168.1.40 to-ports=161
add action=dst-nat chain=dstnat dst-port=2004 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.1.40 to-ports=161
add action=dst-nat chain=dstnat dst-port=2006 in-interface=Swisscable \
    protocol=udp to-addresses=192.168.1.41 to-ports=161
add action=dst-nat chain=dstnat dst-port=2006 in-interface=Closeness \
    protocol=udp to-addresses=192.168.1.41 to-ports=161
add action=dst-nat chain=dstnat dst-port=2006 in-interface=Telefonica \
    protocol=udp to-addresses=192.168.1.41 to-ports=161
add action=dst-nat chain=dstnat dst-port=5199 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.199 to-ports=80
add action=dst-nat chain=dstnat dst-port=5199 in-interface=Telefonica \
    protocol=tcp to-addresses=192.168.1.199 to-ports=80
add action=dst-nat chain=dstnat dst-port=5199 in-interface=Closeness \
    protocol=tcp to-addresses=192.168.1.199 to-ports=80
add action=dst-nat chain=dstnat dst-port=8003 in-interface=Telefonica \
    protocol=tcp to-addresses=192.168.1.19 to-ports=8003
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8882 \
    in-interface=Telefonica protocol=tcp to-addresses=192.168.1.19 to-ports=\
    8882
add action=dst-nat chain=dstnat dst-port=8883 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.19 to-ports=16002
add action=dst-nat chain=dstnat dst-port=8887 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=8888 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.10 to-ports=443
add action=dst-nat chain=dstnat dst-port=8889 in-interface=Swisscable \
    protocol=tcp to-ports=22
add action=dst-nat chain=dstnat dst-port=8889 in-interface=Telefonica \
    protocol=tcp to-ports=22
add action=dst-nat chain=dstnat dst-port=8889 in-interface=Closeness \
    protocol=tcp to-ports=22
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8998 \
    in-interface=Swisscable protocol=tcp to-addresses=192.168.1.10 to-ports=\
    22
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8999 \
    in-interface=Swisscable protocol=tcp to-addresses=192.168.1.39 to-ports=\
    22
add action=dst-nat chain=dstnat comment=ps4 disabled=yes dst-port=80 \
    in-interface=Swisscable protocol=tcp to-addresses=192.168.1.6 to-ports=80
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=465 \
    protocol=tcp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=443 \
    protocol=tcp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=3478 \
    protocol=udp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=3479 \
    protocol=udp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=5223 \
    protocol=tcp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=\
    10070-10080 protocol=tcp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=3480 \
    protocol=udp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=3658 \
    protocol=udp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-address=xxx.xxx.60.46 dst-port=10070 \
    protocol=udp to-addresses=192.168.1.6
add action=dst-nat chain=dstnat dst-port=9999 in-interface=Swisscable \
    protocol=tcp to-addresses=192.168.1.47 to-ports=22
/ip ipsec peer
add address=xxx.xxx.177.118/32 dpd-interval=10s enc-algorithm=aes-128 \
    generate-policy=port-override lifetime=10m secret=xxx
add address=xxx.xxx.60.179/32 dpd-interval=10s enc-algorithm=aes-128 \
    generate-policy=port-override lifetime=10m secret=xxx
/ip ipsec policy
add dst-address=192.168.115.0/24 level=unique sa-dst-address=xxx.xxx.177.118 \
    sa-src-address=192.168.222.38 src-address=192.168.1.0/24 tunnel=yes
add dst-address=192.168.10.0/24 level=unique sa-dst-address=xxx.xxx.60.179 \
    sa-src-address=192.168.222.38 src-address=192.168.1.0/24 tunnel=yes
/ip route
add check-gateway=ping distance=1 gateway=192.168.3.20 routing-mark=Closeness
add distance=1 dst-address=192.168.222.1/32 gateway=192.168.222.1 \
    routing-mark=Closeness
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=Telefonica
add comment="Damit cs.xxx.xxx auch packetloss von closeness checken kann" \
    distance=1 dst-address=192.168.102.1/32 gateway=192.168.3.20 \
    routing-mark=Telefonica
add distance=1 dst-address=192.168.222.1/32 gateway=192.168.222.1 \
    routing-mark=Telefonica
add check-gateway=ping distance=1 gateway=192.168.222.1,192.168.3.1 \
    routing-mark=Loadbalance
add check-gateway=ping distance=1 gateway=192.168.222.1 routing-mark=\
    Swisscable
add check-gateway=ping comment="default route Swisscable" distance=1 gateway=\
    192.168.222.1
add check-gateway=ping comment="Closeness default route" distance=2 gateway=\
    192.168.3.20
add check-gateway=ping comment="Telefonica default route" distance=3 gateway=\
    192.168.2.1
add check-gateway=ping distance=1 dst-address=xx.xx.120.108/32 gateway=\
    192.168.3.20 scope=10
add comment="Telefonica Check" distance=1 dst-address=84.16.12.250/32 \
    gateway=192.168.2.1
add comment="route Swisscablecheck" distance=1 dst-address=xx.xx.116.0/32 \
    gateway=192.168.222.1 scope=10
add comment="swisscable upstream check" distance=1 dst-address=\
    xx.xx.119.217/32 gateway=192.168.222.1
add comment="hs.xxx.xxx immer \FCber swisscable" distance=1 dst-address=\
    xxx.xxx.177.42/32 gateway=192.168.222.1
add comment="Swisscable Check IP immer \FCber Swisscable" distance=1 \
    dst-address=xxx.xxx.60.1/32 gateway=192.168.222.1
add comment="La Guardia immer \FCber Swisscable" distance=1 dst-address=\
    xxx.xxx.60.179/32 gateway=192.168.222.1
add check-gateway=ping distance=1 dst-address=192.168.102.1/32 gateway=\
    192.168.3.20
/ip service
set telnet port=24
set ftp address=192.168.1.0/24 port=26
set www-ssl disabled=no
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ipv6 address
add address=2001:470:25:27b::2 interface=sit1
/ipv6 firewall filter
add chain=forward in-interface=LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
/ipv6 nd prefix
add autonomous=no interface=LAN
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=2001:470:25:27b::1
set enabled=yes primary-ntp=17.72.148.52 secondary-ntp=79.136.87.162