Hello we are a small grocery store in need of help with our 951G routers that were setup by a fly by night voip company.
Willing to pay reputable and well know Mikrotik Consultants or forum members if needed.
Issues:
Current Queue Tree Voip Prioritization script not working (does not seem to be seeing voip traffic)
Security and PCI Compliance
LTE automatic Failover
IPsec missing from VPN
Contact: Josh@sommersmarket.com
Current Configuration
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.39.1 (c) 1999-2017 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@Warehouse Main1] > export compact
# jul/05/2017 16:13:53 by RouterOS 6.39.1
# software id = BEUB-UCGA
#
/interface bridge
add fast-forward=no mtu=1500 name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
frequency=auto mode=station-bridge rx-chains=0 ssid="Use me Sommers Wifi" \
tx-chains=0 wireless-protocol=nv2-nstreme-802.11
/interface l2tp-server
add name=market user=market
add name=sl user=sl
add name=store user=store
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=RGWifi23 \
wpa2-pre-shared-key=RGWifi23
/ip dhcp-server
add authoritative=after-2sec-delay interface=ether1 lease-time=3d name=dhcp1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.3.100-192.168.3.200
add name=VPN ranges=10.0.5.5-10.0.5.20
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge1 lease-time=3d name=dhcp2
/ppp profile
set *0 local-address=VPN remote-address=VPN
add local-address=192.168.3.1 name="SL VPN" remote-address=dhcp
/queue simple
add disabled=yes max-limit=9M/90M name="All Bandwidth" target=192.168.3.0/24
add disabled=yes limit-at=1M/1M max-limit=8M/80M name=Voip parent=\
"All Bandwidth" priority=2/2 target=192.168.3.2/32
add disabled=yes max-limit=8M/80M name="The Rest Of the network" parent=\
"All Bandwidth" priority=3/3 target=bridge1
/queue tree
add max-limit=9500k name=DSCP_ether1 parent=ether1 priority=1
add name="1. Network Control (ether1)" parent=DSCP_ether1 priority=1 queue=\
ethernet-default
add comment=dscp_63 name="Network Control (ether1) (Pri: 1)" packet-mark=\
dscp_63 parent="1. Network Control (ether1)" priority=1 queue=\
ethernet-default
add comment=dscp_62 name="Network Control (ether1) (Pri: 2)" packet-mark=\
dscp_62 parent="1. Network Control (ether1)" priority=2 queue=\
ethernet-default
add comment=dscp_61 name="Network Control (ether1) (Pri: 3)" packet-mark=\
dscp_61 parent="1. Network Control (ether1)" priority=3 queue=\
ethernet-default
add comment=dscp_60 name="Network Control (ether1) (Pri: 4)" packet-mark=\
dscp_60 parent="1. Network Control (ether1)" priority=4 queue=\
ethernet-default
add comment=dscp_59 name="Network Control (ether1) (Pri: 5)" packet-mark=\
dscp_59 parent="1. Network Control (ether1)" priority=5 queue=\
ethernet-default
add comment=dscp_58 name="Network Control (ether1) (Pri: 6)" packet-mark=\
dscp_58 parent="1. Network Control (ether1)" priority=6 queue=\
ethernet-default
add comment=dscp_57 name="Network Control (ether1) (Pri: 7)" packet-mark=\
dscp_57 parent="1. Network Control (ether1)" priority=7 queue=\
ethernet-default
add comment=dscp_56 name="Network Control (ether1) (Pri: 8)" packet-mark=\
dscp_56 parent="1. Network Control (ether1)" queue=ethernet-default
add name="2. Internetwork Control (ether1)" parent=DSCP_ether1 priority=2 \
queue=ethernet-default
add comment=dscp_55 name="Internetwork Control (ether1) (Pri: 1)" packet-mark=\
dscp_55 parent="2. Internetwork Control (ether1)" priority=1 queue=\
ethernet-default
add comment=dscp_54 name="Internetwork Control (ether1) (Pri: 2)" packet-mark=\
dscp_54 parent="2. Internetwork Control (ether1)" priority=2 queue=\
ethernet-default
add comment=dscp_53 name="Internetwork Control (ether1) (Pri: 3)" packet-mark=\
dscp_53 parent="2. Internetwork Control (ether1)" priority=3 queue=\
ethernet-default
add comment=dscp_52 name="Internetwork Control (ether1) (Pri: 4)" packet-mark=\
dscp_52 parent="2. Internetwork Control (ether1)" priority=4 queue=\
ethernet-default
add comment=dscp_51 name="Internetwork Control (ether1) (Pri: 5)" packet-mark=\
dscp_51 parent="2. Internetwork Control (ether1)" priority=5 queue=\
ethernet-default
add comment=dscp_50 name="Internetwork Control (ether1) (Pri: 6)" packet-mark=\
dscp_50 parent="2. Internetwork Control (ether1)" priority=6 queue=\
ethernet-default
add comment=dscp_49 name="Internetwork Control (ether1) (Pri: 7)" packet-mark=\
dscp_49 parent="2. Internetwork Control (ether1)" priority=7 queue=\
ethernet-default
add comment=dscp_48 name="Internetwork Control (ether1) (Pri: 8)" packet-mark=\
dscp_48 parent="2. Internetwork Control (ether1)" queue=ethernet-default
add name="3. Critical (ether1)" parent=DSCP_ether1 priority=3 queue=\
ethernet-default
add comment=dscp_47 name="Critical (ether1) (Pri: 1)" packet-mark=dscp_47 \
parent="3. Critical (ether1)" priority=1 queue=ethernet-default
add comment=dscp_46 name="Critical (ether1) (Pri: 2)" packet-mark=dscp_46 \
parent="3. Critical (ether1)" priority=2 queue=ethernet-default
add comment=dscp_45 name="Critical (ether1) (Pri: 3)" packet-mark=dscp_45 \
parent="3. Critical (ether1)" priority=3 queue=ethernet-default
add comment=dscp_44 name="Critical (ether1) (Pri: 4)" packet-mark=dscp_44 \
parent="3. Critical (ether1)" priority=4 queue=ethernet-default
add comment=dscp_43 name="Critical (ether1) (Pri: 5)" packet-mark=dscp_43 \
parent="3. Critical (ether1)" priority=5 queue=ethernet-default
add comment=dscp_42 name="Critical (ether1) (Pri: 6)" packet-mark=dscp_42 \
parent="3. Critical (ether1)" priority=6 queue=ethernet-default
add comment=dscp_41 name="Critical (ether1) (Pri: 7)" packet-mark=dscp_41 \
parent="3. Critical (ether1)" priority=7 queue=ethernet-default
add comment=dscp_40 name="Critical (ether1) (Pri: 8)" packet-mark=dscp_40 \
parent="3. Critical (ether1)" queue=ethernet-default
add name="4. Flash Override (ether1)" parent=DSCP_ether1 priority=4 queue=\
ethernet-default
add comment=dscp_39 name="Flash Override (ether1) (Pri: 1)" packet-mark=dscp_39 \
parent="4. Flash Override (ether1)" priority=1 queue=ethernet-default
add comment=dscp_38 name="Flash Override (ether1) (Pri: 2)" packet-mark=dscp_38 \
parent="4. Flash Override (ether1)" priority=2 queue=ethernet-default
add comment=dscp_37 name="Flash Override (ether1) (Pri: 3)" packet-mark=dscp_37 \
parent="4. Flash Override (ether1)" priority=3 queue=ethernet-default
add comment=dscp_36 name="Flash Override (ether1) (Pri: 4)" packet-mark=dscp_36 \
parent="4. Flash Override (ether1)" priority=4 queue=ethernet-default
add comment=dscp_35 name="Flash Override (ether1) (Pri: 5)" packet-mark=dscp_35 \
parent="4. Flash Override (ether1)" priority=5 queue=ethernet-default
add comment=dscp_34 name="Flash Override (ether1) (Pri: 6)" packet-mark=dscp_34 \
parent="4. Flash Override (ether1)" priority=6 queue=ethernet-default
add comment=dscp_33 name="Flash Override (ether1) (Pri: 7)" packet-mark=dscp_33 \
parent="4. Flash Override (ether1)" priority=7 queue=ethernet-default
add comment=dscp_32 name="Flash Override (ether1) (Pri: 8)" packet-mark=dscp_32 \
parent="4. Flash Override (ether1)" queue=ethernet-default
add name="5. Flash (ether1)" parent=DSCP_ether1 priority=5 queue=\
ethernet-default
add comment=dscp_31 name="Flash (ether1) (Pri: 1)" packet-mark=dscp_31 parent=\
"5. Flash (ether1)" priority=1 queue=ethernet-default
add comment=dscp_30 name="Flash (ether1) (Pri: 2)" packet-mark=dscp_30 parent=\
"5. Flash (ether1)" priority=2 queue=ethernet-default
add comment=dscp_29 name="Flash (ether1) (Pri: 3)" packet-mark=dscp_29 parent=\
"5. Flash (ether1)" priority=3 queue=ethernet-default
add comment=dscp_28 name="Flash (ether1) (Pri: 4)" packet-mark=dscp_28 parent=\
"5. Flash (ether1)" priority=4 queue=ethernet-default
add comment=dscp_27 name="Flash (ether1) (Pri: 5)" packet-mark=dscp_27 parent=\
"5. Flash (ether1)" priority=5 queue=ethernet-default
add comment=dscp_26 name="Flash (ether1) (Pri: 6)" packet-mark=dscp_26 parent=\
"5. Flash (ether1)" priority=6 queue=ethernet-default
add comment=dscp_25 name="Flash (ether1) (Pri: 7)" packet-mark=dscp_25 parent=\
"5. Flash (ether1)" priority=7 queue=ethernet-default
add comment=dscp_24 name="Flash (ether1) (Pri: 8)" packet-mark=dscp_24 parent=\
"5. Flash (ether1)" queue=ethernet-default
add name="6. Immedate (ether1)" parent=DSCP_ether1 priority=6 queue=\
ethernet-default
add comment=dscp_23 name="Immedate (ether1) (Pri: 1)" packet-mark=dscp_23 \
parent="6. Immedate (ether1)" priority=1 queue=ethernet-default
add comment=dscp_22 name="Immedate (ether1) (Pri: 2)" packet-mark=dscp_22 \
parent="6. Immedate (ether1)" priority=2 queue=ethernet-default
add comment=dscp_21 name="Immedate (ether1) (Pri: 3)" packet-mark=dscp_21 \
parent="6. Immedate (ether1)" priority=3 queue=ethernet-default
add comment=dscp_20 name="Immedate (ether1) (Pri: 4)" packet-mark=dscp_20 \
parent="6. Immedate (ether1)" priority=4 queue=ethernet-default
add comment=dscp_19 name="Immedate (ether1) (Pri: 5)" packet-mark=dscp_19 \
parent="6. Immedate (ether1)" priority=5 queue=ethernet-default
add comment=dscp_18 name="Immedate (ether1) (Pri: 6)" packet-mark=dscp_18 \
parent="6. Immedate (ether1)" priority=6 queue=ethernet-default
add comment=dscp_17 name="Immedate (ether1) (Pri: 7)" packet-mark=dscp_17 \
parent="6. Immedate (ether1)" priority=7 queue=ethernet-default
add comment=dscp_16 name="Immedate (ether1) (Pri: 8)" packet-mark=dscp_16 \
parent="6. Immedate (ether1)" queue=ethernet-default
add name="7. Priority (ether1)" parent=DSCP_ether1 priority=7 queue=\
ethernet-default
add comment=dscp_15 name="Priority (ether1) (Pri: 1)" packet-mark=dscp_15 \
parent="7. Priority (ether1)" priority=1 queue=ethernet-default
add comment=dscp_14 name="Priority (ether1) (Pri: 2)" packet-mark=dscp_14 \
parent="7. Priority (ether1)" priority=2 queue=ethernet-default
add comment=dscp_13 name="Priority (ether1) (Pri: 3)" packet-mark=dscp_13 \
parent="7. Priority (ether1)" priority=3 queue=ethernet-default
add comment=dscp_12 name="Priority (ether1) (Pri: 4)" packet-mark=dscp_12 \
parent="7. Priority (ether1)" priority=4 queue=ethernet-default
add comment=dscp_11 name="Priority (ether1) (Pri: 5)" packet-mark=dscp_11 \
parent="7. Priority (ether1)" priority=5 queue=ethernet-default
add comment=dscp_10 name="Priority (ether1) (Pri: 6)" packet-mark=dscp_10 \
parent="7. Priority (ether1)" priority=6 queue=ethernet-default
add comment=dscp_9 name="Priority (ether1) (Pri: 7)" packet-mark=dscp_9 parent=\
"7. Priority (ether1)" priority=7 queue=ethernet-default
add comment=dscp_8 name="Priority (ether1) (Pri: 8)" packet-mark=dscp_8 parent=\
"7. Priority (ether1)" queue=ethernet-default
add name="8. Routine (ether1)" parent=DSCP_ether1 queue=ethernet-default
add comment=dscp_7 name="Routine (ether1) (Pri: 1)" packet-mark=dscp_7 parent=\
"8. Routine (ether1)" priority=1 queue=ethernet-default
add comment=dscp_6 name="Routine (ether1) (Pri: 2)" packet-mark=dscp_6 parent=\
"8. Routine (ether1)" priority=2 queue=ethernet-default
add comment=dscp_5 name="Routine (ether1) (Pri: 3)" packet-mark=dscp_5 parent=\
"8. Routine (ether1)" priority=3 queue=ethernet-default
add comment=dscp_4 name="Routine (ether1) (Pri: 4)" packet-mark=dscp_4 parent=\
"8. Routine (ether1)" priority=4 queue=ethernet-default
add comment=dscp_3 name="Routine (ether1) (Pri: 5)" packet-mark=dscp_3 parent=\
"8. Routine (ether1)" priority=5 queue=ethernet-default
add comment=dscp_2 name="Routine (ether1) (Pri: 6)" packet-mark=dscp_2 parent=\
"8. Routine (ether1)" priority=6 queue=ethernet-default
add comment=dscp_1 name="Routine (ether1) (Pri: 7)" packet-mark=dscp_1 parent=\
"8. Routine (ether1)" priority=7 queue=ethernet-default
add comment=dscp_0 name="Routine (ether1) (Pri: 8)" packet-mark=dscp_0 parent=\
"8. Routine (ether1)" queue=ethernet-default
/system logging action
set 0 memory-lines=100
/user group
add name=sniffer policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!te\
st,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether1
/interface l2tp-server server
set caller-id-type=ip-address default-profile="SL VPN" enabled=yes \
ipsec-secret=sl
/interface pptp-server server
set default-profile="SL VPN"
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.3.187/32
/ip address
add address=192.168.3.1/24 interface=ether2 network=192.168.3.0
add address=x.x.x.x/29 interface=ether1 network=x.x.x.x
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.3.81 client-id=1:0:b:82:63:3e:58 comment=\
"Grand Central Analog Wireless Phone Adapter Ext 106" mac-address=\
00:0B:82:63:3E:58 server=dhcp2
add address=192.168.3.200 client-id=1:0:17:61:10:f2:e7 comment=\
"Warehouse Employee Time Clock" mac-address=00:17:61:10:F2:E7 server=dhcp2
add address=192.168.3.175 client-id=1:48:5d:60:69:f9:12 comment=\
"W Freezer Temp" mac-address=48:5D:60:69:F9:12 server=dhcp2
add address=192.168.3.113 client-id=1:0:15:65:73:ae:19 comment=\
"Yealink Cordless NF 1" mac-address=00:15:65:73:AE:19 server=dhcp2
add address=192.168.3.80 client-id=1:0:b:82:63:48:db comment=\
"Grand Central Analog Wireless Phone Adapter Ext 108" mac-address=\
00:0B:82:63:48:DB server=dhcp2
add address=192.168.3.196 client-id=1:28:92:4a:b6:9b:dd comment=\
"Warehouse 1st Floor Printer 8600" mac-address=28:92:4A:B6:9B:DD server=\
dhcp2
add address=192.168.3.121 client-id=1:d8:cb:8a:54:24:8b comment=EPLUM \
mac-address=D8:CB:8A:54:24:8B server=dhcp2
add address=192.168.3.136 always-broadcast=yes client-id=1:3c:d9:2b:6c:60:f7 \
comment="NF2 Pricing" mac-address=3C:D9:2B:6C:60:F7 server=dhcp2
add address=192.168.3.100 client-id=1:9c:ad:ef:20:5e:ac comment=\
"OBI Fax Device" mac-address=9C:AD:EF:20:5E:AC server=dhcp2
add address=192.168.3.172 client-id=1:ec:b1:d7:c7:84:47 comment=\
"Warehouse Basement Printer HP 8610" mac-address=EC:B1:D7:C7:84:47 server=\
dhcp2
add address=192.168.3.138 client-id=1:0:21:70:5c:a2:38 mac-address=\
00:21:70:5C:A2:38 server=dhcp2
add address=192.168.3.108 client-id=1:78:61:7c:e9:39:3f comment=IT-Tablet \
mac-address=78:61:7C:E9:39:3F server=dhcp2
add address=192.168.3.167 client-id=1:0:b:82:63:12:da comment=\
"Warehouse LunchRoom 112" mac-address=00:0B:82:63:12:DA server=dhcp2
add address=192.168.3.154 always-broadcast=yes client-id=1:0:15:5d:3:3:2 \
comment=Kaspersky mac-address=00:15:5D:03:03:02 server=dhcp2
add address=192.168.3.2 client-id=1:d8:cb:8a:88:a6:3f mac-address=\
D8:CB:8A:88:A6:3F server=dhcp2
add address=192.168.3.4 client-id=1:0:15:5d:3:c6:2 comment="Deut RDP SERVER" \
mac-address=00:15:5D:03:C6:02 server=dhcp2
add address=192.168.3.6 client-id=1:0:15:5d:3:c6:1 comment="Leviticus VTC DB" \
mac-address=00:15:5D:03:C6:01 server=dhcp2
add address=192.168.3.103 client-id=1:0:15:5d:3:c6:3 comment=SL-Server \
mac-address=00:15:5D:03:C6:03 server=dhcp2
add address=192.168.3.5 client-id=1:0:15:5d:3:c6:4 comment=NumbersQB \
mac-address=00:15:5D:03:C6:04 server=dhcp2
add address=192.168.3.3 client-id=1:18:66:da:9f:23:48 mac-address=\
18:66:DA:9F:23:48 server=dhcp2
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1 \
netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=forward disabled=yes src-mac-address=78:D7:5F:87:5D:67
/ip firewall mangle
add action=mark-packet chain=postrouting comment=dscp_63 dscp=63 \
new-packet-mark=dscp_63 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_62 dscp=62 \
new-packet-mark=dscp_62 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_61 dscp=61 \
new-packet-mark=dscp_61 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_60 dscp=60 \
new-packet-mark=dscp_60 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_59 dscp=59 \
new-packet-mark=dscp_59 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_58 dscp=58 \
new-packet-mark=dscp_58 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_57 dscp=57 \
new-packet-mark=dscp_57 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_56 dscp=56 \
new-packet-mark=dscp_56 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_55 dscp=55 \
new-packet-mark=dscp_55 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_54 dscp=54 \
new-packet-mark=dscp_54 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_53 dscp=53 \
new-packet-mark=dscp_53 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_52 dscp=52 \
new-packet-mark=dscp_52 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_51 dscp=51 \
new-packet-mark=dscp_51 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_50 dscp=50 \
new-packet-mark=dscp_50 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_49 dscp=49 \
new-packet-mark=dscp_49 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_48 dscp=48 \
new-packet-mark=dscp_48 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_47 dscp=47 \
new-packet-mark=dscp_47 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_46 dscp=46 \
new-packet-mark=dscp_46 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_45 dscp=45 \
new-packet-mark=dscp_45 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_44 dscp=44 \
new-packet-mark=dscp_44 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_43 dscp=43 \
new-packet-mark=dscp_43 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_42 dscp=42 \
new-packet-mark=dscp_42 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_41 dscp=41 \
new-packet-mark=dscp_41 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_40 dscp=40 \
new-packet-mark=dscp_40 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_39 dscp=39 \
new-packet-mark=dscp_39 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_38 dscp=38 \
new-packet-mark=dscp_38 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_37 dscp=37 \
new-packet-mark=dscp_37 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_36 dscp=36 \
new-packet-mark=dscp_36 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_35 dscp=35 \
new-packet-mark=dscp_35 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_34 dscp=34 \
new-packet-mark=dscp_34 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_33 dscp=33 \
new-packet-mark=dscp_33 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_32 dscp=32 \
new-packet-mark=dscp_32 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_31 dscp=31 \
new-packet-mark=dscp_31 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_30 dscp=30 \
new-packet-mark=dscp_30 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_29 dscp=29 \
new-packet-mark=dscp_29 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_28 dscp=28 \
new-packet-mark=dscp_28 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_27 dscp=27 \
new-packet-mark=dscp_27 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_26 dscp=26 \
new-packet-mark=dscp_26 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_25 dscp=25 \
new-packet-mark=dscp_25 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_24 dscp=24 \
new-packet-mark=dscp_24 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_23 dscp=23 \
new-packet-mark=dscp_23 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_22 dscp=22 \
new-packet-mark=dscp_22 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_21 dscp=21 \
new-packet-mark=dscp_21 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_20 dscp=20 \
new-packet-mark=dscp_20 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_19 dscp=19 \
new-packet-mark=dscp_19 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_18 dscp=18 \
new-packet-mark=dscp_18 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_17 dscp=17 \
new-packet-mark=dscp_17 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_16 dscp=16 \
new-packet-mark=dscp_16 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_15 dscp=15 \
new-packet-mark=dscp_15 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_14 dscp=14 \
new-packet-mark=dscp_14 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_13 dscp=13 \
new-packet-mark=dscp_13 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_12 dscp=12 \
new-packet-mark=dscp_12 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_11 dscp=11 \
new-packet-mark=dscp_11 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_10 dscp=10 \
new-packet-mark=dscp_10 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_9 dscp=9 new-packet-mark=\
dscp_9 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_8 dscp=8 new-packet-mark=\
dscp_8 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_7 dscp=7 new-packet-mark=\
dscp_7 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_6 dscp=6 new-packet-mark=\
dscp_6 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_5 dscp=5 new-packet-mark=\
dscp_5 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_4 dscp=4 new-packet-mark=\
dscp_4 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_3 dscp=3 new-packet-mark=\
dscp_3 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_2 dscp=2 new-packet-mark=\
dscp_2 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_1 dscp=1 new-packet-mark=\
dscp_1 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_0 dscp=0 new-packet-mark=\
dscp_0 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_63 dscp=63 \
new-packet-mark=dscp_63 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_62 dscp=62 \
new-packet-mark=dscp_62 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_61 dscp=61 \
new-packet-mark=dscp_61 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_60 dscp=60 \
new-packet-mark=dscp_60 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_59 dscp=59 \
new-packet-mark=dscp_59 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_58 dscp=58 \
new-packet-mark=dscp_58 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_57 dscp=57 \
new-packet-mark=dscp_57 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_56 dscp=56 \
new-packet-mark=dscp_56 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_55 dscp=55 \
new-packet-mark=dscp_55 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_54 dscp=54 \
new-packet-mark=dscp_54 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_53 dscp=53 \
new-packet-mark=dscp_53 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_52 dscp=52 \
new-packet-mark=dscp_52 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_51 dscp=51 \
new-packet-mark=dscp_51 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_50 dscp=50 \
new-packet-mark=dscp_50 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_49 dscp=49 \
new-packet-mark=dscp_49 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_48 dscp=48 \
new-packet-mark=dscp_48 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_47 dscp=47 \
new-packet-mark=dscp_47 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_46 dscp=46 \
new-packet-mark=dscp_46 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_45 dscp=45 \
new-packet-mark=dscp_45 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_44 dscp=44 \
new-packet-mark=dscp_44 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_43 dscp=43 \
new-packet-mark=dscp_43 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_42 dscp=42 \
new-packet-mark=dscp_42 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_41 dscp=41 \
new-packet-mark=dscp_41 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_40 dscp=40 \
new-packet-mark=dscp_40 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_39 dscp=39 \
new-packet-mark=dscp_39 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_38 dscp=38 \
new-packet-mark=dscp_38 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_37 dscp=37 \
new-packet-mark=dscp_37 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_36 dscp=36 \
new-packet-mark=dscp_36 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_35 dscp=35 \
new-packet-mark=dscp_35 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_34 dscp=34 \
new-packet-mark=dscp_34 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_33 dscp=33 \
new-packet-mark=dscp_33 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_32 dscp=32 \
new-packet-mark=dscp_32 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_31 dscp=31 \
new-packet-mark=dscp_31 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_30 dscp=30 \
new-packet-mark=dscp_30 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_29 dscp=29 \
new-packet-mark=dscp_29 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_28 dscp=28 \
new-packet-mark=dscp_28 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_27 dscp=27 \
new-packet-mark=dscp_27 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_26 dscp=26 \
new-packet-mark=dscp_26 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_25 dscp=25 \
new-packet-mark=dscp_25 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_24 dscp=24 \
new-packet-mark=dscp_24 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_23 dscp=23 \
new-packet-mark=dscp_23 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_22 dscp=22 \
new-packet-mark=dscp_22 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_21 dscp=21 \
new-packet-mark=dscp_21 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_20 dscp=20 \
new-packet-mark=dscp_20 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_19 dscp=19 \
new-packet-mark=dscp_19 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_18 dscp=18 \
new-packet-mark=dscp_18 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_17 dscp=17 \
new-packet-mark=dscp_17 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_16 dscp=16 \
new-packet-mark=dscp_16 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_15 dscp=15 \
new-packet-mark=dscp_15 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_14 dscp=14 \
new-packet-mark=dscp_14 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_13 dscp=13 \
new-packet-mark=dscp_13 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_12 dscp=12 \
new-packet-mark=dscp_12 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_11 dscp=11 \
new-packet-mark=dscp_11 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_10 dscp=10 \
new-packet-mark=dscp_10 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_9 dscp=9 new-packet-mark=\
dscp_9 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_8 dscp=8 new-packet-mark=\
dscp_8 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_7 dscp=7 new-packet-mark=\
dscp_7 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_6 dscp=6 new-packet-mark=\
dscp_6 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_5 dscp=5 new-packet-mark=\
dscp_5 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_4 dscp=4 new-packet-mark=\
dscp_4 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_3 dscp=3 new-packet-mark=\
dscp_3 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_2 dscp=2 new-packet-mark=\
dscp_2 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_1 dscp=1 new-packet-mark=\
dscp_1 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_0 dscp=0 new-packet-mark=\
dscp_0 passthrough=no
/ip firewall nat
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=dst-nat chain=dstnat dst-port=5060 in-interface=ether1 protocol=udp \
to-addresses=192.168.3.2 to-ports=5060
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat src-address=192.168.3.0/24
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=accept chain=dstnat dst-port=5000 in-interface=ether1 protocol=tcp
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=dst-nat chain=dstnat dst-port=9000-9500 in-interface=ether1 \
protocol=udp to-addresses=192.168.3.2 to-ports=9000-9049
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=tcp \
to-addresses=192.168.3.2 to-ports=5090
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge1)
add action=dst-nat chain=dstnat dst-port=5090 in-interface=ether1 protocol=udp \
to-addresses=192.168.3.2 to-ports=5090
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=ether1 \
protocol=tcp to-addresses=192.168.3.103 to-ports=3389
/ip firewall service-port
set sip disabled=yes
/ip ipsec peer
add address=0.0.0.0/0 secret=test
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=X.X.X.X
add check-gateway=ping distance=1 dst-address=192.168.0.0/24 gateway=store
add check-gateway=ping distance=1 dst-address=192.168.1.0/24 gateway=market
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/ppp secret
add name=store password=rg1234
add name=market password=rg1234
add local-address=192.168.3.1 name=sl password=RGVpn22 profile="SL VPN" \
service=l2tp
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system identity
set name="Warehouse Main1"
/system routerboard settings
set init-delay=0s
/system script
add name="QOS QUE" owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":lo\
cal wanInterfaceName \"ether1\"\r\
\n:local uploadBandwidth 10000k\r\
\n\r\
\n:local queueName (\"DSCP_\" . \$wanInterfaceName)\r\
\n:local dscpClass [:toarray \"Network Control,Internetwork Control,Critical\
,Flash Override,Flash,Immedate,Priority,Routine\"]\r\
\n:local dscp 64\r\
\n\r\
\n:for thisDscp from 63 to 00 do={\r\
\n /ip firewall mangle add action=mark-packet chain=postrouting comment=(\
\"dscp_\" . \$thisDscp) \\\r\
\n disabled=no dscp=\$thisDscp new-packet-mark=(\"dscp_\" . \$thisDs\
cp) passthrough=no\r\
\n}\r\
\n\r\
\n/queue tree add max-limit=\$uploadBandwidth name=\$queueName parent=\$wanI\
nterfaceName priority=1\r\
\n\r\
\n:for thisDscp from=0 to=7 do={\r\
\n :local subClass ([:pick \$dscpClass \$thisDscp] . \" (\" . \$wanInterfa\
ceName . \")\")\r\
\n /queue tree add \\ \r\
\n name=(\$thisDscp+1 . \". \" . \$subClass ) parent=\$queueName priori\
ty=(\$thisDscp+1) queue=ethernet-default\r\
\n :for thisQueue from=0 to=7 do={\r\
\n :set dscp (\$dscp-1)\r\
\n /queue tree add name=(\$subClass . \" (Pri: \" . \$thisQueue+1 .\")\
\") \\\r\
\n parent=(\$thisDscp+1 . \". \" . \$subClass) priority=(\$thisQueue+1)\
\_\\\r\
\n packet-mark=(\"dscp_\" . \$dscp) queue=ethernet-default comment=(\"d\
scp_\" . \$dscp)\r\
\n }\r\
\n}"
[admin@Warehouse Main1] >