Thu Dec 13, 2018 8:32 pm
Here is the export from Route and Firewall sections:
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=SRC-ROUTE1
add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=SRC-ROUTE1
add distance=3 gateway=ISP1 routing-mark=SRC-ROUTE1
add check-gateway=ping distance=1 gateway=212.91.180.249
add distance=2 gateway=ISP1
add distance=1 dst-address=8.8.4.4/32 gateway=ISP2 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=ISP1 scope=10
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-nat-state=dstnat connection-state=established,related,untracked
add action=accept chain=input comment=UDP protocol=udp
add action=accept chain=forward comment="Ako znaem kakvo pravim !!!" in-interface=ether2-vivacom
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-nat-state=srcnat connection-state=established,related,new,untracked
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!srcnat,dstnat connection-state=untracked disabled=yes \
in-interface-list=WAN
add action=reject chain=forward comment=block_WinUp content=download.windowsupdate.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_WinUp content=download.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_WinUp content=update.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_WinUp content=windowsupdate.com reject-with=icmp-network-unreachable
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=20-23,25,81,110,443,465 new-routing-mark=SRC-ROUTE1 passthrough=no protocol=tcp
add action=mark-routing chain=prerouting dst-port=993,995,2222,2526,4444,5060-5061,8291 new-routing-mark=SRC-ROUTE1 passthrough=no protocol=tcp
add action=mark-routing chain=prerouting dst-port=5060-5061,10000,10052-20000 new-routing-mark=SRC-ROUTE1 passthrough=no protocol=udp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat comment=Clock dst-address=213.16.35.128/27 dst-port=3050-3051 protocol=tcp to-addresses=192.168.0.77 to-ports=3050-3051
add action=dst-nat chain=dstnat comment="Main Switch incoming" dst-port=8888 protocol=tcp to-addresses=192.168.2.2 to-ports=80
add action=dst-nat chain=dstnat comment="Zabbix incoming" dst-port=8080 port="" protocol=tcp to-addresses=192.168.0.78 to-ports=80
add action=masquerade chain=srcnat comment="Spectrum Net" out-interface=ether1-mtel
add action=masquerade chain=srcnat comment=Vivacom out-interface=ether2-vivacom
add action=masquerade chain=srcnat comment="Main Switch outgoing" src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="Free net" src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment=Staff src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="IP cameras" src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment="Et 1" src-address=192.168.101.0/24
add action=masquerade chain=srcnat comment="Et 2" src-address=192.168.102.0/24
add action=masquerade chain=srcnat comment="Et 3" src-address=192.168.103.0/24
add action=masquerade chain=srcnat comment="Et 4" src-address=192.168.104.0/24
add action=masquerade chain=srcnat comment="Et 5" src-address=192.168.105.0/24
add action=masquerade chain=srcnat comment="E krilo" src-address=192.168.106.0/24
add action=masquerade chain=srcnat comment="G krilo" src-address=192.168.107.0/24
add action=masquerade chain=srcnat comment="Konf zala" src-address=192.168.108.0/24
add action=masquerade chain=srcnat comment=DVR src-address=62.204.134.144/28