VPN interface being used is PPTP
I can only ping the main router (192.168.0.1) - no other addresses are pingable.
I can also ping any webpage/public ip.
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R ;;; Bridge for Local Network
name="bridge1" type="bridge" mtu=1500 l2mtu=1524
1 X ;;; NTL - WAN1
name="ether1" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
2 R ;;; VM -WAN2
name="ether2" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
3 R ;;; Switch - to 192.168.0.0/24
name="ether3" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
4 name="ether4" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
5 name="ether5" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524
6 R name="NTL Static bridge" type="bridge" mtu=1500 l2mtu=65535
7 R ;;; Hurricane Electric IPv6 Tunnel Broker
name="sit1" type="sit" mtu=1280
8 name="PPTP-test" type="pptp-in"
9 R name="PPP bridge" type="bridge" mtu=1500 l2mtu=65535
/ip address print detail
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.0.1/24 network=192.168.0.0 interface=bridge1
actual-interface=bridge1
1 address=10.0.0.1/24 network=10.0.0.0 interface=bridge1
actual-interface=bridge1
2 D address=XX.XXX.YYY.233/22 network=81.YYY.YYY.0 interface=ether2
actual-interface=ether2
/ip route print detail
/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 S dst-address=0.0.0.0/0 gateway=86.8.176.1
gateway-status=XX.XXX.YYY.1 unreachable distance=1 scope=30
target-scope=10 routing-mark=routing-voip
1 ADS dst-address=0.0.0.0/0 gateway=81.106.116.1
gateway-status=XX.XXX.YYY.1 reachable ether2 distance=2 scope=30
target-scope=10 vrf-interface=ether2
2 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
3 ADC dst-address=XX.XXX.YYY.0/22 pref-src=XX.XXX.YYY.233 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
4 A S ;;; vpn test
dst-address=ZZ.ZZZ.208.1/32 gateway=XX.XXX.YYY.1
gateway-status=XX.XXX.YYY.1 reachable ether2 distance=1 scope=30
target-scope=10
5 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
/ip firewall export
/ip firewall layer7-protocol
add name=sip regexp=\
"^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
/ip firewall address-list
add address=192.168.0.0/24 disabled=no list=lan_list
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward disabled=no dst-port=5060 protocol=udp
add action=accept chain=forward disabled=no dst-port=5060 protocol=tcp
add action=accept chain=forward disabled=no dst-port=5090 protocol=udp
add action=accept chain=forward disabled=no dst-port=5090 protocol=tcp
add action=accept chain=forward disabled=no dst-port=9000-9049 protocol=udp
add action=accept chain=forward disabled=no dst-port=10000 protocol=udp
add action=add-src-to-address-list address-list=VOIP_list \
address-list-timeout=0s chain=forward comment="mark voip" connection-type=\
sip disabled=no
add action=accept chain=input comment="accept hosts from trusted list" \
disabled=no src-address-list=trusted_list
add action=accept chain=input comment="accept established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="accept related connections" \
connection-state=related disabled=no
add action=accept chain=input comment="accept hosts from lan" disabled=no \
src-address-list=lan_list
add action=accept chain=input comment=vpn disabled=yes dst-port=1723 protocol=\
tcp
add action=accept chain=input comment="vpn 2" disabled=yes protocol=gre
add action=accept chain=icmp comment="allow established connections" disabled=\
no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="allow already established connections" \
disabled=no icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="allow source quench" disabled=no \
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" disabled=no \
icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" disabled=no \
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=12:0 protocol=icmp
add action=accept chain=input comment="IPv6 input" disabled=no protocol=41 \
src-address=216.66.80.26
add action=accept chain=output comment="IPv6 output" disabled=no protocol=41
add action=jump chain=forward comment="jump to the virus chain" disabled=no \
jump-target=virus
add action=drop chain=input comment="drop invalid connections" \
connection-state=invalid disabled=no
add action=drop chain=input comment="Drop FTP Brute Forcers" disabled=no \
dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no \
dst-limit=1/1m,9,dst-address/2m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
disabled=no protocol=tcp
add action=drop chain=input comment="Drop SSH Brute Forcers" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=drop chain=forward disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="drop invalid connections" disabled=no \
icmp-options=0:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=no
add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" \
disabled=no dst-port=25 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="Detect and add-list SMTP virus or spammers" \
connection-limit=30,32 disabled=no dst-port=25 limit=50,5 protocol=tcp
add action=drop chain=virus comment="Drop Spammer" disabled=no dst-port=25 \
protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=virus comment="add to spammer list" connection-limit=30,32 \
disabled=no dst-port=25 limit=50,5 protocol=tcp
add action=jump chain=forward comment="SYN Flood protect" connection-state=new \
disabled=no jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new disabled=no limit=\
400,5 protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new disabled=no protocol=\
tcp tcp-flags=syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no \
src-address-list="port scanners"
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 \
protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 \
protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no \
dst-port=65506 protocol=tcp
add action=drop chain=input comment="drop everything else" disabled=no
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"2010.09.09 route 5060 via eth1" disabled=no dst-port=5060 in-interface=\
bridge1 new-routing-mark=routing-voip passthrough=yes protocol=udp
add action=mark-routing chain=prerouting comment=\
"2010.07.27 route sip via eth1" connection-type=sip disabled=no \
in-interface=bridge1 new-routing-mark=routing-voip passthrough=yes
add action=mark-connection chain=prerouting comment=\
"2010.07.27 sip connection mark" connection-type=sip disabled=no \
new-connection-mark=conn-voip passthrough=yes
add action=mark-routing chain=prerouting comment="2010.09.09 route via eth1" \
disabled=no in-interface=bridge1 new-routing-mark=routing-voip \
passthrough=yes src-address=192.168.0.200
add action=mark-connection chain=prerouting comment=\
"2010.09.09 mark-conn for traffic received via eth1 if not marked already" \
disabled=no in-interface=ether1 new-connection-mark=conn-eth1-in \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"2010.09.06 set voip packet mark" connection-mark=conn-voip disabled=no \
new-packet-mark=packet-voip passthrough=yes
add action=mark-routing chain=output comment=\
"2010.09.09 traffic received on eth1 sent back via eth1" connection-mark=\
conn-eth1-in disabled=no new-routing-mark=routing-voip passthrough=yes
add action=mark-routing chain=output comment="2010.09.09 route via eth1" \
disabled=no dst-address=192.168.0.200 new-routing-mark=routing-voip \
passthrough=yes
add action=mark-routing chain=prerouting comment="route stun through eth1" \
disabled=no dst-port=3478 in-interface=bridge1 new-routing-mark=\
routing-voip passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="2010.09.04 icmp packetmark" \
disabled=no new-packet-mark=packet-icmp passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment="2010.09.03 dns packetmark" \
disabled=no dst-port=53 new-packet-mark=packet-dns passthrough=no \
protocol=udp
add action=jump chain=prerouting disabled=no jump-target=mangle-200 \
src-address=192.168.0.200
add action=jump chain=prerouting disabled=yes jump-target=mangle-112 \
src-address=192.168.0.112
add action=jump chain=prerouting disabled=yes jump-target=mangle-113 \
src-address=192.168.0.113
add action=jump chain=prerouting disabled=yes jump-target=mangle-117 \
src-address=192.168.0.117
add action=jump chain=prerouting disabled=yes jump-target=mangle-120 \
src-address=192.168.0.120
add action=jump chain=prerouting disabled=yes jump-target=mangle-121 \
src-address=192.168.0.121
add action=jump chain=prerouting disabled=yes jump-target=mangle-124 \
src-address=192.168.0.124
add action=jump chain=prerouting disabled=yes jump-target=mangle-138 \
src-address=192.168.0.138
add action=jump chain=prerouting disabled=yes jump-target=mangle-139 \
src-address=192.168.0.139
add action=jump chain=prerouting disabled=yes jump-target=mangle-154 \
src-address=192.168.0.154
add action=jump chain=prerouting disabled=yes jump-target=mangle-167 \
src-address=192.168.0.167
add action=jump chain=prerouting disabled=yes jump-target=mangle-169 \
src-address=192.168.0.169
add action=jump chain=prerouting disabled=yes jump-target=mangle-179 \
src-address=192.168.0.179
add action=jump chain=prerouting disabled=yes jump-target=mangle-185 \
src-address=192.168.0.185
add action=jump chain=prerouting disabled=yes jump-target=mangle-186 \
src-address=192.168.0.186
add action=jump chain=prerouting disabled=yes jump-target=mangle-192 \
src-address=192.168.0.192
add action=jump chain=prerouting disabled=yes jump-target=mangle-193 \
src-address=192.168.0.193
add action=jump chain=prerouting disabled=yes jump-target=mangle-194 \
src-address=192.168.0.194
add action=mark-packet chain=prerouting disabled=no new-packet-mark=upload-10k \
passthrough=no src-address=192.168.0.0/24
add action=mark-packet chain=mangle-200 comment="http requests" \
connection-bytes=0-500000 disabled=no dst-port=80 new-packet-mark=\
packet-200-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-200 comment="http download" \
connection-bytes=500001-0 disabled=no dst-port=80 new-packet-mark=\
packet-200-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-200 disabled=no new-packet-mark=\
packet-200-other passthrough=no
add action=mark-packet chain=mangle-112 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-112-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-112 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-112-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-112 disabled=yes new-packet-mark=\
packet-XX-other passthrough=no
add action=mark-packet chain=mangle-113 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-113-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-113 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-113-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-113 disabled=yes new-packet-mark=\
packet-113-other passthrough=no
add action=mark-packet chain=mangle-117 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-117-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-117 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-117-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-117 disabled=yes new-packet-mark=\
packet-117-other passthrough=no
add action=mark-packet chain=mangle-120 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-120-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-120 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-120-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-120 disabled=yes new-packet-mark=\
packet-120-other passthrough=no
add action=mark-packet chain=mangle-121 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-121-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-121 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-121-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-121 disabled=yes new-packet-mark=\
packet-121-other passthrough=no
add action=mark-packet chain=mangle-124 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-124-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-124 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-124-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-124 disabled=yes new-packet-mark=\
packet-124-other passthrough=no
add action=mark-packet chain=mangle-138 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-138-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-138 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-138-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-138 disabled=yes new-packet-mark=\
packet-138-other passthrough=no
add action=mark-packet chain=mangle-139 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-139-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-139 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-139-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-139 disabled=yes new-packet-mark=\
packet-139-other passthrough=no
add action=mark-packet chain=mangle-154 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-154-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-154 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-154-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-154 disabled=yes new-packet-mark=\
packet-154-other passthrough=no
add action=mark-packet chain=mangle-167 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-167-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-167 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-167-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-167 disabled=yes new-packet-mark=\
packet-167-other passthrough=no
add action=mark-packet chain=mangle-169 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-169-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-169 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-169-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-169 disabled=yes new-packet-mark=\
packet-169-other passthrough=no
add action=mark-packet chain=mangle-179 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-179-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-179 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-179-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-179 disabled=yes new-packet-mark=\
packet-179-other passthrough=no
add action=mark-packet chain=mangle-185 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-185-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-185 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-185-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-185 disabled=yes new-packet-mark=\
packet-185-other passthrough=no
add action=mark-packet chain=mangle-186 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-186-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-186 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-186-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-186 disabled=yes new-packet-mark=\
packet-186-other passthrough=no
add action=mark-packet chain=mangle-192 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-192-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-192 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-192-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-192 disabled=yes new-packet-mark=\
packet-192-other passthrough=no
add action=mark-packet chain=mangle-193 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-193-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-193 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-193-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-193 disabled=yes new-packet-mark=\
packet-193-other passthrough=no
add action=mark-packet chain=mangle-194 comment="http requests" \
connection-bytes=0-500000 disabled=yes dst-port=80 new-packet-mark=\
packet-194-http1 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-194 comment="http download" \
connection-bytes=500001-0 disabled=yes dst-port=80 new-packet-mark=\
packet-194-http2 passthrough=no protocol=tcp
add action=mark-packet chain=mangle-194 disabled=yes new-packet-mark=\
packet-194-other passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="2010.07.22 src-nat on WAN1" \
disabled=no out-interface=ether1 src-address=192.168.0.0/24 \
src-address-list=lan_list
add action=masquerade chain=srcnat comment="2010.07.22 src-nat on WAN2" \
disabled=no out-interface=ether2 src-address=192.168.0.0/24 \
src-address-list=lan_list
add action=log chain=dstnat disabled=yes in-interface=ether1 log-prefix=nat \
protocol=udp src-address=91.195.228.9
add action=dst-nat chain=dstnat disabled=no dst-address=XX.XXX.YYY.233 \
dst-port=14141 protocol=tcp to-addresses=192.168.0.126 to-ports=14141
add action=dst-nat chain=dstnat disabled=no dst-address=XX.XXX.YYY.233 \
dst-port=51000-52000 protocol=tcp to-addresses=192.168.0.126 to-ports=\
51000-52000
add action=dst-nat chain=dstnat disabled=no dst-address=AA.A.AA.177 dst-port=\
22 protocol=tcp src-address-list=trusted_list to-addresses=192.168.0.126 \
to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=XX.XXX.YYY.233 \
dst-port=22 protocol=tcp src-address-list=trusted_list to-addresses=\
192.168.0.126 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=XX.XXX.YYY.233 \
dst-port=22 protocol=tcp src-address-list="temp list" to-addresses=\
192.168.0.126 to-ports=22
/ip firewall service-port
set ftp disabled=no ports=21,22
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061,5090 sip-direct-media=yes
set pptp disabled=no
/ppp print
/ppp profile
set default change-tcp-mss=default name=default only-one=default \
use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
default use-vj-compression=default
add bridge="PPP bridge" change-tcp-mss=default dns-server=8.8.8.8,8.8.4.4 \
local-address="PPP pool" name=PPtP-test only-one=default remote-address=\
"PPP pool" use-compression=default use-encryption=yes use-ipv6=yes \
use-mpls=default use-vj-compression=default
add bridge=bridge1 change-tcp-mss=yes local-address=dhcp_pool_bridge1 name=\
"PPTP remote" only-one=default remote-address=dhcp_pool_bridge1 \
use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default \
use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=\
default use-compression=default use-encryption=yes use-ipv6=yes use-mpls=\
default use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=\
192.168.0.199 name=test password=test profile=default remote-address=\
192.168.0.201 routes="" service=pptp