Hi,
I have a router v6.34.6
I know pretty much nothing, just some theory stuff because I have been reading. My new position requires me to manage this badboy router. Really nice and really does so much. I had a consultant and he would not show me or reference what I need to read in order to understand the current config. Anyhow we let them go for other mostly other reasons.

I really really just like to know how easy it is to switch on a new internet connection that would replace all three dsl connections that I currently have on the router.

I do have 1 to 2 vlans for each of the dsl’s via the router and everyone connects mostly via wireless by SSID config (unfi controller) and of course appropriate configs set on switch ports.
Anyhow I don’t want to change the vlans as that is all set and done.

Should I just redo the entire config from beginning? I have a couple of more of these badarse routers that I could play with
but I was looking for just changing the settings with new ip numbers. Wouldnt it be easier?

Funny thing is, I added the new Fiber connection to port 1 on address list then configed the route list and then enabled it and it took over as the new default internet but the other vlans besides the main one didnt change to the new internet.

About what hardware are you talking about? “I have a router v6.34.6” … What does that mean? v6.34.6 is a version of the SOFTWARE not hardware.

What is your goal?

“I know pretty much nothing… I really really just like to know how easy it is to switch on a new internet connection that would replace all three dsl connections that I currently have on the router.”

You want some help, but with what?

Help with changing to my new internet connection. Removing the other DSL’s, what settings ensure a clean setup, what do I remove or update.
I have one dsl on port 3 one on 4 and another on 5. I wanted to move all vlans that are connected to those ports to use port 1 on the router for Internet.
They all go through port 10 as the lan through our filtering.

I have it working with all vlans now but not sure if its correct.
What I did was, I changed the mangle and nat rules to point at the new internet connection on port 1.
As far as firewall thats still the same and it was previously setup. Would I need to add anything?
The vlans seem fine and are working but would I need to change anything?
If I leave what I changed (mangle and nat rules) is that correctly set?
If I remove anything that has to do with the other DSL’s (settings for Route list, Interface list, etc) on the router what would happen? Although all is working?

I mentioned I didnt know anything about the router or Mikrotik. I don’t know what matters as far as what hardware or router software version I have. The router is a foreign language to me but I understand how networking works and it didnt take longer the a few hours to figure out where to change the vlans to use port 1. But is this the correct way?

A little tip about RouterOS: It gives you pretty low-level access and freedom to do things almost any way you want. There’s usually more than one way to set things up. In other words, nobody here knows what your current config is and so it’s hard to give you any specific advice. If your starting config has tree DSLs, it sounds complex, so it’s even worse.

But there’s hope, a magic command exists:

/export hide-sensitive

If you post the output here (you can censor things like IP addresses if you wish), your chances to get useful answers will increase considerably.

I have to remove the external ip and some vpn usernames. I get this bot that keeps trying to connect and it tries guessing username/password all-day-long. I’m just editing and its taking me a bit of time going through. Sorry…I mean after running that command you gave me.

Hi, Here is the data.
HAPPY _Main] > /export hide-sensitive

jan/24/2017 15:31:29 by RouterOS 6.34.6

software id = RUGT-9M9Y9

/interface bridge
add disabled=yes mtu=1500 name="Camera Bridge" protocol-mode=none
add name=Newserver
/interface ethernet
set [ find default-name=ether6 ] l2mtu=1500 mac-address=D4:CA:6D:3D:23:76 name=Camera-eth6
set [ find default-name=ether1 ] mac-address=D4:CA:6D:3D:23:71
set [ find default-name=ether2 ] mac-address=D4:CA:6D:3D:23:72 name="ether2- DSL 0532"
set [ find default-name=ether3 ] mac-address=D4:CA:6D:3D:23:73 name="ether3 DSL 0598"
set [ find default-name=ether4 ] mac-address=D4:CA:6D:3D:23:74
set [ find default-name=ether5 ] comment="NEW Profile SERVER100.5" mac-address=D4:CA:6D:3D:23:75
set [ find default-name=ether8 ] comment="NEW SERVER" mac-address=D4:CA:6D:3D:23:78
set [ find default-name=ether9 ] auto-negotiation=no mac-address=D4:CA:6D:3D:23:79 name=ether9-WAN
set [ find default-name=ether10 ] mac-address=D4:CA:6D:3D:23:7A name=ether10-LAN
set [ find default-name=ether11 ] mac-address=D4:CA:6D:3D:23:7B
set [ find default-name=ether12 ] mac-address=D4:CA:6D:3D:23:7C
set [ find default-name=ether13 ] mac-address=D4:CA:6D:3D:23:7D
/interface pptp-server
add name="Mac Academy" user=""
add disabled=yes name="Virtual/Distance Learning" user=Administrator
/ip neighbor discovery
set ether5 comment="NEW Profile SERVER100.5"
set ether8 comment="NEW SERVER"
set "Acad " discover=no
set "Virtual/Distance Learning" discover=no
/interface vlan
add interface=ether9-WAN name="Vlan 3 - External" vlan-id=3
add interface=ether10-LAN name="Vlan 101 - Teachers" vlan-id=101
add interface=ether10-LAN name="Vlan 102 - Staff" vlan-id=102
add interface=ether10-LAN name="Vlan 103 - Students" vlan-id=103
add interface=ether10-LAN name="Vlan 104 - Exam" vlan-id=104
add interface=ether10-LAN name="Vlan 105 - Guests" vlan-id=105
add interface=ether10-LAN name="Vlan 106 - VPN" vlan-id=106
add interface=Camera-eth6 name="Vlan 107 - Phone-Camera" vlan-id=107
add disabled=yes interface=ether10-LAN name="Vlan 110" vlan-id=110
add interface=ether10-LAN name="Vlan100 - Devices" vlan-id=100
add interface=ether10-LAN name="vlan107 test" vlan-id=107
/interface ethernet
set [ find default-name=ether7 ] mac-address=D4:CA:6D:3D:23:77 master-port=ether10-LAN speed=1Gbps
/ip neighbor discovery
set "Vlan 3 - External" discover=no
set "Vlan 101 - Teachers" discover=no
set "Vlan 102 - Staff" discover=no
set "Vlan 103 - Students" discover=no
set "Vlan 104 - Exam" discover=no
set "Vlan 105 - Guests" discover=no
set "Vlan 106 - VPN" discover=no
set "Vlan 107 - Phone-Camera" discover=no
set "Vlan100 - Devices" discover=no
set "vlan107 test" discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
add enc-algorithms=3des name=HAPPY _l2tp pfs-group=none
/ip pool
add name=pool100 ranges=172.16.1.51-172.16.1.254
add name=pool101 ranges=172.16.2.51-172.16.2.254
add name=pool102 ranges=172.16.3.51-172.16.3.254
add name=pool104 ranges=172.16.6.51-172.16.6.254
add name=pool105 ranges=172.16.7.51-172.16.7.254
add name=pool106 ranges=172.16.8.51-172.16.8.254
add name=pool107 ranges=172.16.9.51-172.16.9.254
add name=pool103-2 ranges=172.16.14.2-172.16.14.254
add name=VPNpool ranges=172.16.20.1-172.16.20.254
add name=pool110 ranges=172.16.100.51-172.16.100.254
/ip dhcp-server
add address-pool=pool100 disabled=no interface=ether10-LAN lease-time=4h name=DHCP100
add add-arp=yes address-pool=pool101 disabled=no interface="Vlan 101 - Teachers" lease-time=1d name=DHCP101
add address-pool=pool102 disabled=no interface="Vlan 102 - Staff" lease-time=1d name=DHCP102
add address-pool=pool104 disabled=no interface="Vlan 104 - Exam" lease-time=3d name=DHCP104
add address-pool=pool105 disabled=no interface="Vlan 105 - Guests" lease-time=1d name=DHCP105
add address-pool=pool106 disabled=no interface="Vlan 106 - VPN" lease-time=3d name=DHCP106
add address-pool=pool107 disabled=no interface="Vlan 107 - Phone-Camera" lease-time=3d name=DHCP107
add address-pool=pool110 disabled=no interface="Vlan 110" lease-time=1d name=DHCP110
/ip pool
add name=pool103 next-pool=pool103-2 ranges=172.16.4.51-172.16.4.254
/ip dhcp-server
add address-pool=pool103 disabled=no interface="Vlan 103 - Students" lease-time=6h name=DHCP103
/ppp profile
set *0 local-address=172.16.8.1 remote-address=pool106 use-compression=yes use-encryption=yes
add dns-server=172.16.1.10,172.16.1.20 local-address=172.16.1.230 name=MainVPN only-one=no remote-address=
VPNpool use-compression=yes use-encryption=yes
add local-address=172.16.1.200 name=Other remote-address=VPNpool use-compression=yes
add change-tcp-mss=yes local-address=172.16.8.1 name=VPN remote-address=pool106 use-encryption=yes
set *FFFFFFFE dns-server=172.16.1.10,172.16.1.20 local-address=172.16.8.1 remote-address=pool106
/queue simple
add burst-limit=1M/6M burst-time=6s/6s disabled=yes name=Loyd queue=pcq-upload-default/pcq-download-default
target=172.16.9.66/32
add disabled=yes name=joemama queue=pcq-upload-default/pcq-download-default target=172.16.1.76/32 total-queue=
pcq-download-default
add disabled=yes name=queue1 queue=pcq-upload-default/pcq-download-default target=172.16.2.251/32
add disabled=yes name=LLOYDmama queue=pcq-upload-default/pcq-download-default target=172.16.1.75/32 total-queue=
pcq-download-default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge="Camera Bridge" interface="Vlan 107 - Phone-Camera"
add bridge="Camera Bridge" interface="vlan107 test"
add bridge=Newserver interface=ether8
add bridge=Newserver interface=ether5
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=default enabled=yes max-mru=1460 max-mtu=1460
/interface pppoe-server server
add disabled=no interface="Vlan 106 - VPN" keepalive-timeout=disabled max-mru=1480 max-mtu=1480
one-session-per-host=yes service-name=service1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=MainVPN enabled=yes max-mru=1460 max-mtu=1460
/interface sstp-server server
set authentication=mschap1,mschap2 default-profile=VPN
/ip address
add address=00.000.000.22/30 comment=WAN1 interface="Vlan 3 - External" network=00.000.000.20
add address=172.16.1.1/24 comment="LOCAL MAIN LAN" interface=ether10-LAN network=172.16.1.0
add address=172.16.2.1/24 interface="Vlan 101 - Teachers" network=172.16.2.0
add address=172.16.3.1/24 interface="Vlan 102 - Staff" network=172.16.3.0
add address=172.16.4.1/24 interface="Vlan 103 - Students" network=172.16.4.0
add address=172.16.6.1/24 interface="Vlan 104 - Exam" network=172.16.6.0
add address=172.16.7.1/24 interface="Vlan 105 - Guests" network=172.16.7.0
add address=172.16.8.1/24 interface="Vlan 106 - VPN" network=172.16.8.0
add address=172.16.9.1/24 interface="Vlan 107 - Phone-Camera" network=172.16.9.0
add address=172.16.14.1/24 interface="Vlan 103 - Students" network=172.16.14.0
add address=00.000.000.162 /28 interface="Vlan 3 - External" network=00.000.000.160
add address=00.000.000.d21/30 comment="DOE FIBER" disabled=yes interface=ether1 network=00.000.000.20d
add address=00.000.000.180/25 interface="ether2- DSL 0532" network=00.000.000.128
add address=00.000.000.001 26/25 interface="ether3 DSL 0598" network=00.000.000.001
add address=172.16.100.1/24 comment="LOCAL LAN" interface=Newserver network=172.16.100.0
add address=00.000.000.127/25 disabled=yes interface="ether2- DSL 0532" network=00.000.174.000
add address=172.16.100.1/24 interface="Vlan 110" network=172.16.100.0
add address=00.000.000.221/28 interface=ether1 network=00.000.000.208
/ip arp
add address=172.16.1.67 interface=ether10-LAN
add address=172.16.1.75 interface=ether10-LAN mac-address=08:62:66:A0:2C:EA
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server alert
add disabled=no interface=ether12
/ip dhcp-server config
set store-leases-disk=4m
/ip dhcp-server lease
add address=172.16.1.70 client-id="ITAttic Printer" mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.90 client-id=C2_Printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.28 client-id=BusMgrPrinter mac-address=00:1B:A9:CD:99:2E
add address=172.16.1.58 client-id="David in Attic" mac-address=30:05:5C:10:2D:3F
add address=172.16.1.50 client-id=A2_Printer mac-address=00:80:77:0A:50:69
add address=172.16.1.65 client-id="Acellus Server"
add address=172.16.1.37 client-id=C1_printer
add address=172.16.1.166 client-id=GailClarke_Printer
add address=172.16.1.144 always-broadcast=yes client-id="Nadia Ranne_Printer"
add address=172.16.1.73 client-id=MiddelSchool_1_printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.52 client-id=D_1_Printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.47 client-id=MiddelSchool2_printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.97 client-id=Printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.89 client-id=A1_printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.91 client-id="Hui La`au 1 Printer" mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.92 client-id=B-2_Printer mac-address=FE:80:20:0A:AF:FF
add address=172.16.1.96 client-id="Hui 2 Printer Gene Madriaga" mac-address=FE:80:20:0A:AF:FE
add address=172.16.1.99 client-id="Bldg A attic" mac-address=FE:80:20:0A:AF:FE
add address=172.16.1.84 client-id="D-2 Baker Printer" mac-address=FE:80:20:0A:AF:FE
add address=172.16.1.19 client-id=MFC-9340 mac-address=30:05:5C:00:18:9F use-src-mac=yes
add address=172.16.1.95 client-id="Office fax" mac-address=9C:93:4E:67:01:6F use-src-mac=yes
add address=172.16.1.40 client-id="Xerox B-1" mac-address=9C:93:4E:2E:89:47 use-src-mac=yes
add address=172.16.1.11 comment=HAPPY 16DOMAIN mac-address=78:2B:CB:44:BF:4E
add address=172.16.1.83 client-id="Susan printer" mac-address=00:80:92:AA:53:53 use-src-mac=yes
add address=172.16.1.67 client-id="Pavilion printer" mac-address=00:00:AA:D8:0F:BF use-src-mac=yes
add address=172.16.1.142 client-id="Logans printer" mac-address=30:05:5C:07:FC:50 use-src-mac=yes
add address=172.16.1.106 mac-address=9C:93:4E:2E:89:4E server=DHCP100
add address=172.16.1.213 always-broadcast=yes client-id=1:0:80:a3:b7:24:21 mac-address=00:80:A3:B7:24:21
/ip dhcp-server network
add address=172.16.1.0/24 dns-server=172.16.100.5,8.8.8.8 domain=HAPPY 16.local gateway=172.16.1.1 netmask=24
add address=172.16.2.0/24 dns-server=172.16.100.5,8.8.4.4 domain=HAPPY 16.local gateway=172.16.2.1 netmask=24
add address=172.16.3.0/24 dns-server=172.16.100.5,8.8.8.8 domain=HAPPY 16.local gateway=172.16.3.1 netmask=24
add address=172.16.4.0/24 dns-server=172.16.100.5,8.8.4.4 domain=HAPPY 16.local gateway=172.16.4.1 netmask=24
add address=172.16.6.0/24 dns-server=172.16.1.10,172.16.1.20 domain=HAPPY .com gateway=172.16.6.1 netmask=24
add address=172.16.7.0/24 dns-server=172.16.1.10,172.16.1.20 domain=HAPPY .com gateway=172.16.7.1 netmask=24
add address=172.16.8.0/24 dhcp-option=*1 dns-server=172.16.1.10,172.16.1.20 domain=HAPPY .com gateway=172.16.8.1
netmask=24
add address=172.16.9.0/24 dns-server=8.8.8.8,172.16.1.20 gateway=172.16.9.1 netmask=24
add address=172.16.14.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=172.16.14.1 netmask=24
add address=172.16.100.0/24 dns-server=172.16.100.5,8.8.8.8 domain=HAPPY 16.local gateway=172.16.100.1 netmask=
24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add chain=input protocol=gre
add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder
add chain=output protocol=gre
add chain=input protocol=udp src-port=500
add chain=input protocol=udp src-port=4500
add chain=input protocol=tcp src-port=1723
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment=
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment=
"Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment=
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=25,587 limit=30/1m,0:packet
protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp src-address-list=
spammers
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=
ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
"NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list="port scanners"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=
ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input
connection-state=new dst-port=22 protocol=tcp
add action=drop chain=input comment="Godaddy Wierd" src-address=107.180.36.99
/ip firewall mangle
add action=mark-routing chain=prerouting comment="new server" dst-address=!172.16.0.0/16 new-routing-mark=main
src-address=172.16.100.0/24
add action=mark-routing chain=prerouting comment="Student DSL0532 route" dst-address=!172.16.0.0/16
new-routing-mark=main passthrough=no src-address=172.16.4.0/24
add action=mark-routing chain=prerouting comment="Student DSL0532 route" dst-address=!172.16.0.0/16
new-routing-mark=DSL0532 src-address=172.16.14.0/24
add action=mark-routing chain=prerouting comment="Staff DSL0598 route" dst-address=!172.16.0.0/16
new-routing-mark=main passthrough=no src-address=172.16.2.0/24
add action=mark-routing chain=prerouting disabled=yes dst-address=!172.16.0.0/16 new-routing-mark=teacher
src-address=172.16.2.0/24
/ip firewall nat
add action=src-nat chain=srcnat dst-address=!172.16.0.0/16 src-address=172.16.2.0/24 to-addresses=
00.000.000.221
add action=src-nat chain=srcnat dst-address=!172.16.0.0/16 src-address=172.16.4.0/24 to-addresses=
00.000.000.221
add action=src-nat chain=srcnat dst-address=!172.16.0.0/16 src-address=172.16.100.0/24 to-addresses=
00.000.000.180
add action=src-nat chain=srcnat dst-address=!172.16.0.0/16 src-address=172.16.14.0/24 to-addresses=
00.000.000.180
add action=dst-nat chain=dstnat dst-address=00.000.000.22 protocol=rdp to-addresses=172.16.1.10
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=8082 protocol=tcp to-addresses=172.16.1.43
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=8044 protocol=tcp to-addresses=172.16.1.44
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=8045 protocol=tcp to-addresses=172.16.1.45
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=8046 protocol=tcp to-addresses=172.16.1.46
add action=src-nat chain=srcnat comment="VPN Pool" dst-address=!172.16.0.0/16 src-address=172.16.20.0/24
to-addresses=00.000.000.22
add action=dst-nat chain=dstnat in-interface=ether10-LAN protocol=tcp src-port=8070 to-addresses=172.16.1.65
to-ports=80
add action=masquerade chain=srcnat comment="catch all masqurade" src-address=172.16.0.0/16 to-addresses=
00.000.000.180
add action=dst-nat chain=dstnat disabled=yes dst-address=00.00.174.181 to-addresses=172.16.100.2
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=4480 log=yes protocol=tcp to-addresses=
172.16.1.115 to-ports=4480
add action=dst-nat chain=dstnat dst-address=00.000.000.22 dst-port=4481 log=yes protocol=tcp to-addresses=
172.16.1.115 to-ports=4481
/ip ipsec peer
add address=00.000.000.50/32 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override
local-address=0.0.0.0 nat-traversal=no
add address=0.0.0.0/0 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override local-address=
0.0.0.0
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=00.000.000.129 routing-mark=DSL0532
add distance=1 gateway=00.000.000.001 routing-mark=DSL0598
add distance=1 gateway=00.000.000.209
add distance=2 gateway=00.000.000.21
add check-gateway=ping disabled=yes distance=1 gateway=165.248.74.22
add check-gateway=ping disabled=yes distance=1 dst-address=165.248.0.0/32 gateway=ether1
add check-gateway=ping disabled=yes distance=1 dst-address=165.248.74.22/32 gateway=ether1
add distance=1 dst-address=172.16.16.0/24 gateway=10.10.0.2
/ip service
set www-ssl disabled=no
set api address=0.0.0.0/0,0.0.0.0/0
set winbox address=0.0.0.0/0
/ip smb
set domain=HAPPY .com enabled=yes
/ppp secret
add name=soap profile=VPN
add name=martcart profile=VPN
add name=main_connect service=l2tp
add local-address=10.10.0.1 name=Administrator profile=MainVPN remote-address=10.10.0.2
add name=raining profile=VPN
add name=ca profile=VPN
add name=ahinil profile=VPN
add name=moanalisa profile=VPN
add name=fencelist profile=VPN
add name=goodadm profile=VPN
add name=lmar profile=VPN
add name=vpnblow profile=VPN
add name=goadm profile=VPN
/snmp
set enabled=yes trap-target=172.16.1.213,0.0.0.0
/system clock
set time-zone-name=Pacific/Honolulu
/system clock manual
set dst-end="jan/01/2016 00:00:00" dst-start="jan/01/2014 00:00:00" time-zone=-10:00
/system identity
set name=HAPPY _Main
/system logging
add action=echo topics=pptp
/system ntp client
set enabled=yes primary-ntp=24.56.178.140 secondary-ntp=198.60.73.8
/system script
add name=SPam owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/ip firewal
l filter\r
\n\r
\nadd action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input \\r
\ncomment="Add Syn Flood IP to the list" connection-limit=30,32 disabled=no protocol=tcp tcp-flags=syn\r
\nadd action=drop chain=input comment="Drop to syn flood list" disabled=no src-address-list=Syn_Flooder\r
\nadd action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment=
"Port Scanner Detect"\\r
\ndisabled=no protocol=tcp psd=21,3s,3,1\r
\nadd action=drop chain=input comment="Drop to port scan list" disabled=no src-address-list=Port_Scanner
\r
\nadd action=jump chain=input comment="Jump for icmp input flow" disabled=no jump-target=ICMP protocol=ic
mp\r
\nadd action=drop chain=input\\r
\ncomment="Block all access to the winbox - except to support list # DO NOT ENABLE THIS RULE BEFORE ADD YO
UR SUBNET IN THE SUPPORT ADDRESS LIST"\\r
\ndisabled=yes dst-port=8291 protocol=tcp src-address-list=!support\r
\nadd action=jump chain=forward comment="Jump for icmp forward flow" disabled=no jump-target=ICMP protoco
l=icmp\r
\nadd action=drop chain=forward comment="Drop to bogon list" disabled=no dst-address-list=bogons\r
\nadd action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment="
Add Spammers to the list for 3 hours"\\r
\nconnection-limit=30,32 disabled=no dst-port=25,587 limit=30/1m,0 protocol=tcp\r
\nadd action=drop chain=forward comment="Avoid spammers action" disabled=no dst-port=25,587 protocol=tcp
src-address-list=spammers\r
\nadd action=accept chain=input comment="Accept DNS - UDP" disabled=no port=53 protocol=udp\r
\nadd action=accept chain=input comment="Accept DNS - TCP" disabled=no port=53 protocol=tcp\r
\nadd action=accept chain=input comment="Accept to established connections" connection-state=established
\\r
\ndisabled=no\r
\nadd action=accept chain=input comment="Accept to related connections" connection-state=related disabled
=no\r
\nadd action=accept chain=input comment="Full access to SUPPORT address list" disabled=no src-address-lis
t=support\r
\nadd action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE
ABOUT ALL ACCEPT RULES YOU NEED"\\r
\ndisabled=yes\r
\nadd action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" disabled=no icmp-options=8:0
limit=1,5 protocol=icmp\r
\nadd action=accept chain=ICMP comment="Echo reply" disabled=no icmp-options=0:0 protocol=icmp\r
\nadd action=accept chain=ICMP comment="Time Exceeded" disabled=no icmp-options=11:0 protocol=icmp\r
\nadd action=accept chain=ICMP comment="Destination unreachable" disabled=no icmp-options=3:0-1 protocol=
icmp\r
\nadd action=accept chain=ICMP comment=PMTUD disabled=no icmp-options=3:4 protocol=icmp\r
\nadd action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=no protocol=icmp\r
\nadd action=jump chain=output comment="Jump for icmp output" disabled=no jump-target=ICMP protocol=icmp"
add name="Brute Force" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/i
p firewall filter\r
\nadd chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \\r
\ncomment="drop ssh brute forcers" disabled=no\r
\nadd chain=input protocol=tcp dst-port=22 connection-state=new \\r
\nsrc-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \\r
\naddress-list-timeout=10d comment="" disabled=no\r
\nadd chain=input protocol=tcp dst-port=22 connection-state=new \\r
\nsrc-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \\r
\naddress-list-timeout=1m comment="" disabled=no\r
\nadd chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \\r
\naction=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no\r
\nadd chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \\r
\naddress-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no\r
\n"
add name="Ping attacke" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/
ip firewall filter\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="Port scanners to list " disabled=no \\r
\nprotocol=tcp psd=21,3s,3,1\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="NMAP FIN Stealth scan" disabled=no \\r
\nprotocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="SYN/FIN scan" disabled=no protocol=tcp \\r
\ntcp-flags=fin,syn\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="SYN/RST scan" disabled=no protocol=tcp \\r
\ntcp-flags=syn,rst\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="FIN/PSH/URG scan" disabled=no protocol=\\r
\ntcp tcp-flags=fin,psh,urg,!syn,!rst,!ack\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="ALL/ALL scan" disabled=no protocol=tcp \\r
\ntcp-flags=fin,syn,rst,psh,ack,urg\r
\nadd action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input com
ment="NMAP NULL scan" disabled=no protocol=\\r
\ntcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg\r
\nadd action=drop chain=input comment="dropping port scanners" disabled=no src-address-list="port scanne
rs""
/tool graphing interface
add interface=ether10-LAN
add interface=ether9-WAN
/tool romon port

It’s a little long to try to understand all details. But if the goal is to replace three DSL connections by single new connection and that’s all what the router will have in future, then it should be simple. You won’t need other routes in “/ip route” with routing marks, just the one for new connection. You won’t need to set any routing marks in “/ip firewall mangle”.
The rest should be ok. Firewall could be probably optimized, for example instead of detecting all kinds of port scans and trying to limit ssh login attempts, it might be easier to use whitelist for allowed addresses, then allow what must be publicly accessible (e.g. ports for incoming VPN connections) and then simply block everything else. But it depends on your exact needs.