I've installed RB5009 and terminated my 3 WAN connections in it. I am using 1 ethernet port for my Users-LAN and another for my servers LAN. When I create a NAT rule to forward a port to specific IP from my server LAN, one or 2 rules are working but other are not.
Here is my router configuration. Real IP addresses of my WAN are replaced with xxx.xx.xx.xxx.
\
2024-10-30 16:50:34 by RouterOS 7.16.1
software id = ICP1-4SCV
model = RB5009UG+S+
serial number =
/interface ethernet
set [ find default-name=ether1 ] arp=reply-only comment=LAN name=
ether1-HO_LAN
set [ find default-name=ether2 ] arp=reply-only comment=Servers-LAN name=
ether2-Servers
set [ find default-name=ether5 ] comment=Wateen name=ether5-WAN_1
set [ find default-name=ether6 ] comment=PTCL name=ether6-WAN_2
set [ find default-name=ether7 ] comment=VPN_Link name=ether7-WAN_3
set [ find default-name=ether8 ] comment="Link to AMG" name=ether8-VPN_AMG
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add comment="WAN Interfaces" name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add interface=ether5-WAN_1 lease-time=1d name=ISP-1
add interface=ether6-WAN_2 lease-time=1d name=ISP-2
add interface=ether1-HO_LAN lease-time=1d10m name=HO-LAN
add interface=ether2-Servers lease-time=1d name=Servers
add interface=ether8-VPN_AMG lease-time=1d name=AMG
/ip firewall layer7-protocol
add name=streaming regexp=videoplayback|video
add name=bit_conn regexp="^.(get|GET).+(torrent|thepiratebay|isohunt|entertan
e|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|m
eganova|fulldls|btbot|fenopy|gpirate|commonbits).$"
add name=L7_FB regexp="^.+(youtube.com).$"
add name=BitTorrent regexp="^(\x13bittorrent protocol|azver\x01$|get /scrap
e\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data
\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]"
add name=Streaming-Web regexp="^..+\.(youtube.com|googlevideo.com|cdn.dailymo
tion.com|akamaihd.net|metacafe.com|mccont.com|tamashaweb.com).$"
add comment="P2P WWW web base content Matching" name=p2p_www regexp="^.(get|G
ET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|fl
ixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gp
irate|commonbits).$"
add comment="P2P DNS Matching" name=p2p_dns regexp="^.+(torrent|thepiratebay|i
sohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bi
tnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*$"
/ip pool
add name=VPN_Pool ranges=10.10.10.51-10.10.10.150
add name=pool1 ranges=192.0.0.1,192.0.0.50
add name=pool2 ranges=192.168.6.26
/ip smb users
set [ find default=yes ] disabled=yes
/ppp profile
add local-address=10.10.10.1 name=OpenVPN remote-address=VPN_Pool
/queue simple
add comment="Video conf-1" dst=192.168.6.54/32 max-limit=50M/50M name=
"Video conf-1 Wateen" target=ether5-WAN_1
add comment="Video conf-1" dst=192.168.6.54/32 max-limit=50M/50M name=
"Video conf-1 PTCL" target=ether6-WAN_2
add comment="Video conf-2" dst=192.168.6.55/32 max-limit=50M/50M name=
"Video conf-2 Wateen" target=ether5-WAN_1
add comment="Video conf-2" dst=192.168.6.55/32 max-limit=50M/50M name=
"Video conf-2 PTCL" target=ether6-WAN_2
add comment="Email Backup server" dst=192.168.6.16/32 max-limit=50M/50M name=
"Email Backup server" target=ether6-WAN_2
add comment="Email Backup server w2" dst=ether5-WAN_1 max-limit=50M/50M name=
queue1 target=192.168.6.16/32
add comment="Email Backup server w2a" dst=ether6-WAN_2 max-limit=20M/50M
name=queue2 target=192.168.6.3/32
add comment="Ali Tariq HUB-Wateen" dst=192.168.6.166/32 max-limit=50M/50M
name="Ali Tariq HUB-Wateen" target=ether5-WAN_1
add comment="Ali Tariq HUB-PTCL" dst=192.168.6.166/32 max-limit=50M/50M name=
"Ali Tariq HUB-PTCL" target=ether6-WAN_2
add comment="Asad Tariq HUB-Wateen" dst=192.168.6.143/32 max-limit=50M/50M
name="Asad Tariq HUB-Wateen" target=ether5-WAN_1
add comment="Asad Tariq HUB-PTCL" dst=192.168.6.143/32 max-limit=50M/50M
name="Asad Tariq HUB-PTCL" target=ether6-WAN_2
add comment="Azhar IT USB-LAN-Wateen" dst=192.168.6.3/32 max-limit=100M/100M
name="Azhar IT USB-LAN-Wateen" target=ether5-WAN_1
add comment="Azhar IT USB-LAN-Wateen" dst=192.168.6.15/32 max-limit=100M/100M
name=Sobia_IT_PTCL target=ether6-WAN_2
add comment="Azhar IT Mobile-Wateen" dst=192.168.6.68/32 max-limit=100M/100M
name=queue4 target=ether5-WAN_1
add comment="Azhar IT LAN-Wateen" dst=192.168.6.11/32 max-limit=100M/100M
name="Azhar IT LAN-Wateen" target=ether5-WAN_1
add comment="Azhar IT WLAN-Wateen" dst=192.168.6.25/32 max-limit=100M/100M
name="Azhar IT WLAN-Wateen" target=ether5-WAN_1
add comment="Azhar IT WLAN-PTCL" dst=192.168.6.25/32 max-limit=100M/100M
name="Azhar IT WLAN-PTCL" target=ether6-WAN_2
add comment="Azhar IT Mobile-Wateen" dst=192.168.6.68/32 max-limit=50M/50M
name="Azhar IT Mobile-Wateen" target=ether5-WAN_1
add comment="Azhar IT Mobile-PTCL" dst=192.168.6.68/32 max-limit=50M/50M
name="Azhar IT Mobile PTCL" target=ether6-WAN_2
add comment="Tariq Yasin LT-Wateen" dst=192.168.6.208/32 max-limit=50M/50M
name="Tariq Yasin LT-Wateen" target=ether5-WAN_1
add comment="Tariq Yasin LT-PTCL" dst=192.168.6.208/32 max-limit=50M/50M
name="Tariq Yasin LT-PTCL" target=ether6-WAN_2
add comment="Tariq Yasin LAN-Wateen" dst=192.168.6.208/32 max-limit=50M/50M
name="Tariq Yasin LAN-Wateen" target=ether5-WAN_1
add comment="Tariq Yasin LAN-PTCL" dst=192.168.6.208/32 max-limit=50M/50M
name="Tariq Yasin LAN-PTCL" target=ether6-WAN_2
/queue type
add kind=pcq name="8 MB per user DN" pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
pcq-total-limit=12000KiB
add kind=pcq name="8 MB per user UP" pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
pcq-total-limit=12000KiB
add kind=pcq name="8 MB ptcl dn" pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=8M pcq-src-address6-mask=64
pcq-total-limit=12000KiB
add kind=pcq name="8 MB ptcl up" pcq-classifier=src-address
pcq-dst-address6-mask=64 pcq-rate=8M pcq-src-address6-mask=64
pcq-total-limit=12000KiB
add kind=pcq name="8MB ptcl up" pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=8M pcq-src-address6-mask=64
pcq-total-limit=12000KiB
add kind=pcq name=Youtube pcq-classifier=dst-address pcq-dst-address6-mask=64
pcq-rate=2M pcq-src-address6-mask=64 pcq-total-limit=12000KiB
/queue simple
add comment="Email Server Zimbra" disabled=yes max-limit=50M/50M name=queue3
queue=default/default target=46.4.12.109/32 total-queue=default
add comment=YouTube max-limit=4M/4M name=queue6 queue=Youtube/Youtube target=
142.251.42.0/24 total-queue=default
add comment=FB max-limit=4M/4M name=queue7 queue=Youtube/Youtube target=
157.240.0.0/16 total-queue=default
add comment="Sobia IT" dst=192.168.6.15/32 max-limit=100M/100M name=Sobia_IT
queue=default/default target=ether5-WAN_1
add comment="Sobia IT" dst=192.168.6.15/32 max-limit=100M/100M name=
Sobia_IT_2 queue=default/default target=ether6-WAN_2
add comment="Ali Tariq LT-Wateen" dst=192.168.6.155/32 max-limit=50M/50M
name="Ali Tariq LT-Wateen" queue=default/default target=ether5-WAN_1
add comment="Ali Tariq LT-PTCL" dst=192.168.6.155/32 max-limit=50M/50M name=
"Ali Tariq LT-PTCL" queue=default/default target=ether6-WAN_2
add comment="Asad Tariq LT-Wateen" dst=192.168.6.151/32 max-limit=50M/50M
name="Asad Tariq LT-Wateen" queue=default/default target=ether5-WAN_1
add comment="Asad Tariq LT-PTCL" dst=192.168.6.151/32 max-limit=50M/50M name=
"Asad Tariq LT-PTCL" queue=default/default target=ether6-WAN_2
add comment="Azhar IT USB-LAN-PTCL" dst=192.168.6.3/32 max-limit=100M/100M
name="Azhar IT USB-LAN-PTCL" queue=default/default target=ether6-WAN_2
add comment="Azhar IT Mobile-PTCL" dst=192.168.6.68/32 max-limit=100M/100M
name=queue5 queue=default/default target=ether6-WAN_2
add comment="Azhar IT LAN-PTCL" dst=192.168.6.11/32 max-limit=100M/100M name=
"Azhar IT LAN-PTCL" queue=default/default target=ether6-WAN_2
add comment="Umair IT LAN-Wateen" dst=192.168.6.105/32 max-limit=50M/50M
name="Umair IT LAN-Wateen" queue=default/default target=ether5-WAN_1
add comment="Umair IT LAN-PTCL" dst=192.168.6.105/32 max-limit=50M/50M name=
"Umair IT LAN-PTCL" queue=default/default target=ether6-WAN_2
add comment="TAQ-HO Limit Wateen" dst=ether1-HO_LAN max-limit=40M/40M name=
"TAQ-HO Internet Wateen" queue="8 MB per user UP/8 MB per user DN"
target=ether5-WAN_1
add comment="TAQ-HO Limit PTCL" dst=ether1-HO_LAN max-limit=40M/40M name=
"TAQ-HO Internet PTCL" queue="8MB ptcl up/8 MB ptcl dn" target=
ether6-WAN_2
/routing table
add fib name=To_WAN1
add fib name=To_WAN2
add disabled=no fib name=To_WAN3
/system logging action
set 1 disk-stop-on-full=yes
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1/tmp
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether5-WAN_1 list=WAN
add interface=ether6-WAN_2 list=WAN
add interface=ether7-WAN_3 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=Server cipher=aes256-cbc default-profile=OpenVPN
enabled=yes require-client-certificate=yes
/interface wireguard peers
add allowed-address=10.10.1.2/32 interface=wireguard1 name=peer1 public-key=
"KkIX8jndaojwzZYvu9Cwz0IJbIX54s7jsAKm2Pcj2GA="
add allowed-address=10.10.1.3/32 interface=wireguard1 name=peer2 public-key=
"p57oROCX77Bdz/YLp8ApwqrO+m5QKsJTLApZqmfc1zc="
/ip address
add address=xxx.xx.xx.xxx/30 comment=Wateen interface=ether5-WAN_1 network=
xxx.xx.xx.xxx
add address=192.168.200.10/24 comment=PTCL interface=ether6-WAN_2 network=
192.168.200.0
add address=192.168.6.1/24 comment=HO_LAN interface=ether1-HO_LAN network=
192.168.6.0
add address=192.168.15.1/24 comment=AMG-Network interface=ether8-VPN_AMG
network=192.168.15.0
add address=192.0.0.99/24 comment=Servers interface=ether2-Servers network=
192.0.0.0
add address=10.10.1.1/24 comment=WireGuard interface=wireguard1 network=
10.10.1.0
add address=xxx.xx.xxx.xxx/30 comment=VPN interface=ether7-WAN_3 network=
xxx.xx.xxx.xxx
/ip cloud
set update-time=no
/ip dns
set allow-remote-requests=yes servers=192.0.0.9,192.0.0.10
/ip dns static
add address=192.0.0.245 name=sh.tlpk.com type=A
add address=192.0.0.6 name=helpdesk.tlpk.com type=A
add address=192.0.0.21 name=wiki.tlpk.com type=A
add address=192.0.0.21 name=prj.tlpk.com type=A
add address=192.0.0.7 name=toc.tlpk.com type=A
add address=192.0.0.17 name=chat.tlpk.com type=A
add address=192.0.0.17 name=taqreporting.tlpk.com type=A
add address=192.0.0.3 name=phoenix.tlpk.com type=A
add address=192.0.0.17 name=tracking.tlpk.com type=A
add address=192.0.0.21 name=tserver.tlpk.com type=A
add address=192.0.0.17 name=crm.tlpk.com type=A
add address=192.0.0.19 name=udb.tlpk.com type=A
add address=192.0.0.17 name=sms.tlpk.com type=A
add address=192.0.0.17 name=monitor.tlpk.com type=A
add address=192.0.0.222 name=backup.tlpk.com type=A
add address=192.0.0.3 name=taqtracking.tlpk.com type=A
add address=192.0.0.3 name=cf.tlpk.com type=A
add address=192.0.0.17 name=tm.tlpk.com type=A
add address=192.0.0.222 name=spider.tlpk.com type=A
add address=192.0.0.222 name=tri.tlpk.com type=A
add address=192.0.0.22 name=dashboard.tlpk.com type=A
add address=192.0.0.246 name=sf.tlpk.com type=A
add address=192.0.0.245 name=fs.tlpk.com type=A
add address=192.0.0.5 name=tpdp.tlpk.com type=A
add address=192.0.0.17 name=hr.tlpk.com type=A
add address=192.0.0.3 name=tgs.tlpk.com type=A
add address=192.0.0.222 name=spd.tlpk.com type=A
add address=192.0.0.17 name=tlscrm.tlpk.com type=A
add address=192.0.0.17 name=meraincentive.tlpk.com type=A
add address=192.0.0.17 name=3c.tlpk.com type=A
add address=192.0.0.17 name=lcs.tlpk.com type=A
add address=192.0.0.17 name=social.tlpk.com type=A
add address=192.0.0.5 name=test.tlpk.com type=A
add address=192.0.0.21 name=ns2.tlpk.com type=A
add address=192.0.0.222 name=instantqoute.tlpk.com type=A
add address=192.0.0.5 name=fas.tlpk.com type=A
add address=192.0.0.5 name=sd.tlpk.com type=A
add address=192.0.0.5 name=hris.tlpk.com type=A
add address=192.0.0.50 name=ocloud.tlpk.com type=A
add address=46.4.12.109 name=mail.tlpk.com type=A
add address=192.0.0.5 name=HIRSSVR type=A
/ip firewall address-list
add address=192.0.0.245 disabled=yes list="internet block"
add address=192.0.0.246 disabled=yes list="internet block"
add address=192.0.0.40 disabled=yes list="internet block"
add address=192.0.0.101 disabled=yes list="internet block"
add address=192.0.0.3 disabled=yes list="internet block"
/ip firewall filter
add action=add-src-to-address-list address-list=Torrent_Conn
address-list-timeout=2m chain=forward layer7-protocol=BitTorrent
src-address-list=!allow-bit
add action=add-src-to-address-list address-list=Streaming_Conn
address-list-timeout=2m chain=forward layer7-protocol=streaming
src-address-list=!allow-bit
add action=accept chain=output comment="For Netwatch" dst-address=
xxx.xx.xx.xxx out-interface=ether5-WAN_1 protocol=icmp
add action=drop chain=output dst-address=xxx.xx.xxx.xxx out-interface=
ether6-WAN_2 protocol=icmp
add action=accept chain=output dst-address=xxx.xx.xxx.xxx out-interface=
ether6-WAN_2 protocol=icmp
add action=drop chain=output dst-address=xxx.xxx.xxx.xx out-interface=
ether5-WAN_1 protocol=icmp
add action=drop chain=forward comment=
"Block General P2P Connections , default mikrotik p2p colelction"
layer7-protocol=BitTorrent
add action=drop chain=forward comment="Block P2p_www Packets"
layer7-protocol=p2p_www
add action=drop chain=forward comment="Block P2p_dns Packets"
layer7-protocol=p2p_dns
add action=reject chain=forward comment="tamasa app " content=tamashaweb
disabled=yes protocol=tcp reject-with=icmp-network-unreachable
add action=reject chain=input comment="Internet block" reject-with=
icmp-admin-prohibited src-address-list="internet block"
/ip firewall mangle
add action=accept chain=prerouting comment="Accept Rules" dst-address=
192.0.0.0/24
add action=accept chain=prerouting dst-address=192.168.10.0/24
add action=accept chain=prerouting dst-address=192.168.15.0/24
add action=mark-routing chain=prerouting comment="Use Wateen for these"
dst-address=64.31.43.0/24 new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=64.31.28.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=64.31.22.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=46.4.12.109
new-routing-mark=To_WAN3 passthrough=no
add action=mark-routing chain=prerouting dst-address=54.226.0.0/16
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=65.109.10.153
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=65.109.139.200
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=104.22.38.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=185.194.217.0/24
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=104.244.42.0/24
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=23.32.29.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=103.226.216.0/24
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=103.8.14.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=151.106.26.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=46.31.112.0/24
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=135.181.67.0/24
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=95.217.147.0/24
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=prerouting dst-address=3.73.0.0/16
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=34.107.204.0
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting dst-address=159.148.147.239
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=
To_WAN1 passthrough=no src-address=192.168.6.105
add action=mark-routing chain=prerouting comment=fbr dst-address=
103.125.60.0/24 new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=prerouting comment=tamashaweb disabled=yes
dst-address=15.184.221.0/24 new-routing-mark=To_WAN2 passthrough=no
add action=mark-connection chain=input comment="Input Rules for VPN Links"
in-interface=ether5-WAN_1 new-connection-mark=WAN1_Conn passthrough=yes
add action=mark-connection chain=input in-interface=ether6-WAN_2
new-connection-mark=WAN2_Conn passthrough=yes
add action=mark-connection chain=input in-interface=ether7-WAN_3
new-connection-mark=WAN3_Conn passthrough=yes
add action=mark-connection chain=prerouting comment="Mark Connection Rules"
connection-mark=no-mark connection-state=new in-interface=ether5-WAN_1
new-connection-mark=WAN1_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new in-interface=ether6-WAN_2 new-connection-mark=
WAN2_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new disabled=yes in-interface=ether7-WAN_3
new-connection-mark=WAN3_Conn passthrough=yes
add action=mark-connection chain=prerouting comment="PCC Rules"
connection-mark=no-mark connection-state=new dst-address-type=!local
in-interface=ether1-HO_LAN new-connection-mark=WAN1_Conn passthrough=yes
per-connection-classifier=src-address-and-port:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local in-interface=ether1-HO_LAN
new-connection-mark=WAN2_Conn passthrough=yes per-connection-classifier=
src-address-and-port:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new disabled=yes dst-address-type=!local in-interface=
ether1-HO_LAN new-connection-mark=WAN3_Conn passthrough=yes
per-connection-classifier=src-address-and-port:3/2
add action=mark-routing chain=output comment=
"Output Rules for VPN Links & LoadBalancing" connection-mark=WAN1_Conn
new-routing-mark=To_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_Conn
new-routing-mark=To_WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN3_Conn
new-routing-mark=To_WAN3 passthrough=no
add action=mark-routing chain=prerouting comment="Mark Routes Rules"
connection-mark=WAN1_Conn in-interface=ether1-HO_LAN new-routing-mark=
To_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_Conn
in-interface=ether1-HO_LAN new-routing-mark=To_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_Conn disabled=
yes in-interface=ether1-HO_LAN new-routing-mark=To_WAN3 passthrough=yes
add action=mark-packet chain=postrouting comment="p2p download" disabled=yes
layer7-protocol=p2p_www new-packet-mark="p2p download" passthrough=no
add action=mark-packet chain=postrouting disabled=yes layer7-protocol=p2p_dns
new-packet-mark="p2p download" passthrough=no
add action=return chain=prerouting disabled=yes src-address=192.0.0.246
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerading for WAN_Connections"
out-interface-list=WAN
add action=masquerade chain=srcnat comment="Masquerading for WAN_2" disabled=
yes out-interface=ether6-WAN_2
add action=masquerade chain=srcnat comment="Masquerading for WAN_3 (VPN)"
disabled=yes out-interface=ether7-WAN_3
add action=dst-nat chain=dstnat comment="PlayStore IIS" dst-port=80
in-interface=ether5-WAN_1 log=yes log-prefix=192.0.0.3 protocol=tcp
to-addresses=192.0.0.3 to-ports=80
add action=dst-nat chain=dstnat comment="WebServer (SSL)" dst-port=443
in-interface=ether5-WAN_1 protocol=tcp to-addresses=192.0.0.8 to-ports=
443
add action=dst-nat chain=dstnat comment="VPN Proxmox" dst-port=1193
in-interface=ether6-WAN_2 log=yes protocol=tcp to-addresses=192.0.0.11
to-ports=1194
add action=dst-nat chain=dstnat comment=WebServer connection-mark=""
dst-port=80 in-interface=ether7-WAN_3 protocol=tcp to-addresses=
192.0.0.17 to-ports=80
add action=dst-nat chain=dstnat comment="WebServer (SSL)" dst-port=443
in-interface=ether7-WAN_3 protocol=tcp to-addresses=192.0.0.17 to-ports=
443
add action=dst-nat chain=dstnat comment=PRAL_FTP dst-port=3221 in-interface=
ether5-WAN_1 protocol=tcp to-addresses=192.0.0.17 to-ports=21
add action=dst-nat chain=dstnat comment=DashBoard dst-port=9898 in-interface=
ether5-WAN_1 protocol=tcp to-addresses=192.0.0.22 to-ports=80
add action=dst-nat chain=dstnat comment=WMS_Backup dst-port=421 in-interface=
ether5-WAN_1 protocol=tcp to-addresses=192.0.0.22 to-ports=21
add action=dst-nat chain=dstnat comment=VPN dst-port=1195 in-interface=
ether5-WAN_1 protocol=tcp to-addresses=192.0.0.23 to-ports=1195
add action=dst-nat chain=dstnat comment=AR-GoogleSheets dst-port=9899
in-interface=ether5-WAN_1 protocol=tcp to-addresses=192.0.0.222 to-ports=
80
add action=dst-nat chain=dstnat comment=OwnCloud dst-port=9998 in-interface=
ether5-WAN_1 log=yes log-prefix=222 protocol=tcp to-addresses=192.0.0.222
to-ports=9998
add action=dst-nat chain=dstnat comment=Spider dst-port=9696 in-interface=
ether5-WAN_1 protocol=tcp to-addresses=192.0.0.222 to-ports=80
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add check-gateway=ping comment=WAN1 disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=xxx.xx.xx.xxx pref-src="" routing-table=To_WAN1 scope=
30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WAN2 disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=192.168.200.1 pref-src="" routing-table=To_WAN2 scope=
30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=Wateen disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=xxx.xx.xx.xxx pref-src="" routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=PTCL disabled=no distance=2 dst-address=
0.0.0.0/0 gateway=192.168.200.1 pref-src="" routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=xxx.xx.xx.xxx/32
gateway=192.168.100.1 routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=xxx.xxx.xxx.xx/32
gateway=192.168.200.1 pref-src="" routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.10.0/24 gateway=192.168.15.2
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=VPN disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=xxx.xx.xxx.xxx routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WAN3 disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=xxx.xx.xxx.xxx routing-table=To_WAN3 scope=30
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ppp secret
add comment="Azhar IT" name=azhar profile=OpenVPN service=ovpn
add comment="Asma FSD" name=fsd-1 profile=OpenVPN service=ovpn
add comment=Tufail-MUX name=mux-1 profile=OpenVPN service=ovpn
add comment="Sygenta Multan" name=s_mux1 profile=OpenVPN service=ovpn
add comment="Sygenta Sahiwal Rizwan" name=s_swl profile=OpenVPN service=ovpn
add comment="Imran FSD" name=fsd-2 profile=OpenVPN service=ovpn
add comment="Sonia FSD" name=fsd-3 profile=OpenVPN service=ovpn
add comment="Khursheed Anwer Khalidi" name=khi-1 profile=OpenVPN service=ovpn
add comment="Umair IT" name=umair profile=OpenVPN service=ovpn
add comment="Khalid Alvi" name=khalidalvi profile=OpenVPN service=ovpn
add comment="waseem saleem khi" name=khi-2 profile=OpenVPN service=ovpn
add comment="Nadeem Bandhani Khi" name=khi-3 profile=OpenVPN service=ovpn
add comment="Javed jaffery" name=khi-4 profile=OpenVPN service=ovpn
add comment="Nadeem Khan khi" name=khi-5 profile=OpenVPN service=ovpn
add comment="Atif Ghayur khi" name=khi-6 profile=OpenVPN service=ovpn
add comment="Rukhsana Shaikh Khi" name=khi-7 profile=OpenVPN service=ovpn
add comment="Sajid mux" name=mux profile=OpenVPN service=ovpn
add comment="Atif Kmaran Mianwali" name=mwvpn profile=OpenVPN service=ovpn
add comment="Gulnam FSD" name=fsd-4 profile=OpenVPN service=ovpn
add comment="Tanzeem Khi" name=khi-8 profile=OpenVPN service=ovpn
add comment="Shehzad BA LHE" name=lhe-ba1 profile=OpenVPN service=ovpn
add comment="VAPT User" name=vapt profile=OpenVPN service=ovpn
add comment="Allah bakhsh Minawali" name=mwl-1 profile=OpenVPN service=ovpn
add comment="Sygenta Sahiwal" name=ba9 profile=OpenVPN service=ovpn
add comment="Bilal Shaikh LHE TLS\r
\n" name=lhe-tls1 profile=OpenVPN service=ovpn
add comment="Royal Fan -Muhammad Shoaib" name=lhe-tls2 profile=OpenVPN
service=ovpn
add comment="Azeem Akram TLS " name=lhe-tls3 profile=OpenVPN service=ovpn
add comment="Bilal Ahmed TLS " name=lhe-tls4 profile=OpenVPN service=ovpn
add comment="Abdul rehman Dev" name=lhe-dev1 profile=OpenVPN service=ovpn
add comment="Arif Javed TLS " name=lhe-tls5 profile=OpenVPN service=ovpn
add comment="Muhammad Ahmad tls" name=lhe-tls6 profile=OpenVPN service=ovpn
add comment="Muhammad usman TWL" name=lhe-twl1 profile=OpenVPN service=ovpn
add comment="Saad Ullah TLS" name=lhe-tls7 profile=OpenVPN service=ovpn
add comment="Mohsin abbas khi" name=khi-9 profile=OpenVPN service=ovpn
add comment="Amir Iqbal SKT" name=skt-1 profile=OpenVPN service=ovpn
add comment="Mehmood Elahi WH TLS" name=lhe-tls8 profile=OpenVPN service=ovpn
add comment="Imran WH TLS" name=lhe-tls9 profile=OpenVPN service=ovpn
add comment="Umar Audit" name=umar profile=OpenVPN service=ovpn
add comment="Arif Jamil" name=mux-01 profile=OpenVPN service=ovpn
add comment="Sagheer TLS" name=lhe-tls10 profile=OpenVPN service=ovpn
add comment="kurram Aslam TLS RYK" name=lhe-tls11 profile=OpenVPN service=
ovpn
add comment="Touquir hussain khi" name=khi-10 profile=OpenVPN service=ovpn
add comment="Salman latif BA" name=ba10 profile=OpenVPN service=ovpn
add comment="Zaheer AMG" name=lhe-amg1 profile=OpenVPN service=ovpn
add comment="Shahid Nadeem" name=lhe-tfm1 profile=OpenVPN service=ovpn
add comment="Ahsan UL Haq" name=skt-4 profile=OpenVPN service=ovpn
add comment="Muhammad Haseeb KHI" name=ecslkhi_1 profile=OpenVPN service=ovpn
add comment="Faisal Ateeq SKT" name=skt-2 profile=OpenVPN service=ovpn
add comment="Atif Ghayur khi" name=lhe-cfs1 profile=OpenVPN service=ovpn
add comment="Maria Zahid HR" name=lhe-hr1 profile=OpenVPN service=ovpn
add comment="Babar Khan RWP " name=rwp-01 profile=OpenVPN service=ovpn
add comment="Sygenta Sahiwal SanaUllah" name=s_swl2 profile=OpenVPN service=
ovpn
add comment="Qurban Ali" name=skt-3 profile=OpenVPN service=ovpn
add comment=ALTAF name=skt-5 profile=OpenVPN service=ovpn
add comment=TAYYAB name=skt-6 profile=OpenVPN service=ovpn
add comment="Adnan Aslam" name=skt-7 profile=OpenVPN service=ovpn
add comment="Waqas Tibsum" name=skt-8 profile=OpenVPN service=ovpn
add comment="Manzar Shah" name=skt-9 profile=OpenVPN service=ovpn
add comment="Muhammad Ali" name=skt-10 profile=OpenVPN service=ovpn
add comment=ANSER name=skt-11 profile=OpenVPN service=ovpn
add comment="Muhammad Saad" name=mux-2 profile=OpenVPN service=ovpn
add comment="Asif khan KHI" name=khi-11 profile=OpenVPN service=ovpn
add comment="Sygenta PEW" name=pew-1 profile=OpenVPN service=ovpn
add comment="Shoaib Amjad RWP " name=rwp-02 profile=OpenVPN service=ovpn
add comment="Abdul Jabbar SKT" name=skt-12 profile=OpenVPN service=ovpn
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name="MikroTik - TAQ-HO"
/system logging
set 3 action=disk
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes
/system ntp client servers
add address=216.239.35.0
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=1d name=AutoBackup on-event="/system script run AutoBackup"
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=2023-07-29 start-time=08:00:00
add interval=1w name=AutoRSC on-event="/system script run AutoRSC" policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=2023-08-13 start-time=00:00:00
/system script
add dont-require-permissions=no name=AutoBackup owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":
local EMAIL "it@tlpk.com"\r
\n:local PASSWORD "taqit09"\r
\n:local FILENAME "Backup $[/system identity get name]-$[/system clock
get date]"\r
\n:local MESSAGE "Please see attached Backup file..."\r
\n:local TIME ([/system clock get time])\r
\n:local DATE ([/system clock get date])\r
\n\r
\n/system backup save name=$FILENAME password=$PASSWORD\r
\n/delay 10\r
\n/tool e-mail send file=$FILENAME to=$EMAIL subject="Your MikroTik bac
kup file as of $DATE $TIME" body=$MESSAGE"
add dont-require-permissions=no name=AutoRSC owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":
local EMAIL "it@tlpk.com"\r
\n:local FILENAME "Backup $[/system identity get name]-$[/system clock
get date]"\r
\n:local MESSAGE "Please see attached RSC file..."\r
\n:local TIME ([/system clock get time])\r
\n:local DATE ([/system clock get date])\r
\n\r
\n/export file=$FILENAME\r
\n/delay 10\r
\n/tool e-mail send file=$FILENAME to=$EMAIL subject="Your MikroTik bac
kup file as of $DATE $TIME" body=$MESSAGE"
/tool e-mail
set from=it@tlpk.com port=465 server=46.4.12.109 tls=yes user=it@tlpk.com
/tool graphing interface
add store-on-disk=no
/tool graphing queue
add store-on-disk=no
/tool graphing resource
add store-on-disk=no
/tool netwatch
add comment=Wateen disabled=no down-script="/ip route disable [find comment="
Wateen"]\r
\n/ip route disable [find comment="WAN1"]\r
\n/tool e-mail send to="noc@tlpk.com" subject="Your Wateen-Internet Lin
k is Down" body="Your Wateen-Internet Link is Down. Please check. ""
host=xxx.xx.xx.xxx http-codes="" interval=30s start-delay=0ms
startup-delay=0s test-script="" timeout=1s type=simple up-script="/ip rout
e enable [find comment="Wateen"]\r
\n/ip route enable [find comment="WAN1"]\r
\n/tool e-mail send to="noc@tlpk.com" subject="Your Wateen-Internet Lin
k is Up" body="Your Wateen-Internet Link is Up. ""
add comment=PTCL disabled=no down-script="/ip route disable [find comment="PT
CL"]\r
\n/ip route disable [find comment="WAN2"]\r
\n/tool e-mail send to="noc@tlpk.com" subject="Your PTCL-Internet Link
is Down" body="Your PTCL-Internet Link is Down. Please check. "" host=
xxx.xxx.xxx.xx http-codes="" interval=30s start-delay=0ms startup-delay=
0s test-script="" timeout=1s type=simple up-script="/ip route enable [find
_comment="PTCL"]\r
\n/ip route enable [find comment="WAN2"]\r
\n/tool e-mail send to="noc@tlpk.com" subject="Your PTCL-Internet Link
is Up" body="Your PTCL-Internet Link is Up. ""
add comment="VPN Link" disabled=no down-script="/tool e-mail send to="noc@tlp
k.com" subject="Your VPN Link is Down" body="Your VPN Link is Down. Pl
ease check. "" host=xxx.xx.xxx.xxx http-codes="" interval=30s
start-delay=0ms startup-delay=0s test-script="" timeout=1s type=simple
up-script="/tool e-mail send to="noc@tlpk.com" subject="Your VPN Link i
s UP" body="Your VPN Link is Up now.""
add comment="AMG Link" disabled=no down-script="/tool e-mail send to="noc@tlp
k.com" subject="Your AMG Link is Down" body="Your AMG Link is Down. Pl
ease check. "" host=192.168.10.1 http-codes="" interval=30s start-delay=
0ms startup-delay=0s test-script="" timeout=1s type=simple up-script="/too
l e-mail send to="noc@tlpk.com" subject="Your AMG Link is UP" body="Y
our AMG Link is Up now.""
add comment=PK-21 disabled=no down-script="/tool e-mail send to="noc@tlpk.com
" subject="Your PK-21 Link is Down" body="Your PK-21 Link is Down. Ple
ase check. "" host=202.166.165.14 http-codes="" interval=30s
start-delay=0ms startup-delay=0s test-script="" timeout=1s type=simple
up-script="/tool e-mail send to="noc@tlpk.com" subject="Your PK-21 Link
_is UP" body="Your PK-21 Link is Up now.""