Community discussions

MikroTik App
 
Kataius
newbie
Topic Author
Posts: 33
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

Problem with opening the ports

Wed May 17, 2023 10:43 am

Hi, I have a problem with opening the ports. I managed to open two ports, the others and also the upnp does not open the ports for me... Where am I wrong?
I used the site

https://portchecker.co/checking

to see if the ports are open or not.

Only 8123 and 32400 are open, the others seems closed
/ip/firewall/nat> print
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=srcnat action=masquerade src-address=192.168.0.0/20 log=no 
      log-prefix="" 

 1    chain=srcnat action=masquerade src-address=172.16.0.0/20 log=no 
      log-prefix="" 

 2    chain=srcnat action=masquerade src-address=10.255.255.0/24 log=no 
      log-prefix="" 

 3    ;;; HARPIN NAT
      chain=srcnat action=masquerade connection-mark=Hairpin NAT log=no 
      log-prefix="" 

 4    ;;; DNS Redirect to PI-Hole
      chain=dstnat action=dst-nat to-addresses=192.168.0.8 to-ports=53 
      protocol=udp dst-address=!192.168.0.8 src-address-list=192.168.0.0/24 
      dst-port=53 log=no log-prefix="" 

 5    ;;; DNS Redirect to PI-Hole
      chain=dstnat action=dst-nat to-addresses=192.168.0.8 to-ports=53 
      protocol=tcp dst-address=!192.168.0.8 src-address-list=192.168.0.0/24 
      dst-port=53 log=no log-prefix="" 

 6    chain=srcnat action=masquerade out-interface=dimensione-pppoe 

 7 X  ;;; Port forward: HASSIO
      chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=8123 
      protocol=tcp dst-address-list=net_casa dst-port=8123 log=no log-prefix="" 

 8    ;;; Port forward: HASSIO
      chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=8123 
      protocol=tcp dst-address-list=WAN dst-port=8123 log=no log-prefix="" 

 9 X  ;;; Port forward: HASSIO
      chain=srcnat action=masquerade protocol=tcp src-address=192.168.0.0/20 
      dst-address=192.168.0.10 out-interface=br-VLANs dst-port=8123 log=no 
      log-prefix="" 

10    ;;; Port Online: PLEX
      chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=32400 
      protocol=tcp in-interface=dimensione-pppoe dst-port=32400 log=no 
      log-prefix="" 

11    ;;; Port Online: HASSIO
      chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=8123 
      protocol=tcp in-interface=dimensione-pppoe dst-port=8123 log=no 
      log-prefix="" 

12    ;;; Port Online: INVERTERT MAMMA
      chain=dstnat action=dst-nat to-addresses=10.255.255.6 to-ports=10000 
      protocol=tcp in-interface=dimensione-pppoe dst-port=10000 log=no 
      log-prefix="" 

13  D ;;; upnp 192.168.0.9: libtorrent/1.2.11
      chain=dstnat action=dst-nat to-addresses=192.168.0.9 to-ports=7881 
      protocol=tcp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=7881 

14  D ;;; upnp 192.168.0.9: libtorrent/1.2.11
14  D ;;; upnp 192.168.0.9: libtorrent/1.2.11
      chain=dstnat action=dst-nat to-addresses=192.168.0.9 to-ports=7881 
      protocol=udp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=7881 

15  D ;;; upnp 192.168.0.9: Transmission at 51413
      chain=dstnat action=dst-nat to-addresses=192.168.0.9 to-ports=51413 
      protocol=tcp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=51413 

16  D ;;; upnp 192.168.0.9: Transmission at 51413
      chain=dstnat action=dst-nat to-addresses=192.168.0.9 to-ports=51413 
      protocol=udp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=51413 

17  D ;;; upnp 192.168.0.17: Azureus UPnP 29395 UDP
      chain=dstnat action=dst-nat to-addresses=192.168.0.17 to-ports=29395 
      protocol=udp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=29395 

18  D ;;; upnp 192.168.0.17: Azureus UPnP 29395 TCP
      chain=dstnat action=dst-nat to-addresses=192.168.0.17 to-ports=29395 
      protocol=tcp dst-address=xxx.xxx.xxx.xxx in-interface=dimensione-pppoe 
      dst-port=29395 
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Problem with opening the ports

Wed May 17, 2023 11:06 am

A complete config would be helpfull:

/export file=anynameyoulike

Make sure to remove serial, public IP and any other personal information.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Problem with opening the ports

Wed May 17, 2023 12:32 pm

Un "print" non fa vedere tutti i parametri,
fornisci uno schema, l'export della configurazione, come indicato sopra, e pure la descrizione di cosa vuoi ottenere alla fine.
In inglese...
 
Kataius
newbie
Topic Author
Posts: 33
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

Re: Problem with opening the ports

Wed May 17, 2023 1:42 pm

Thanks, I didn't know that "print" didn't put everything. I wish some ports were open from the outside.

I succeeded with 2 ports, but if I try others or the upnp ports it always gives me that the nat is closed.

Thanks

Here is my full configuration

# may/17/2023 12:13:42 by RouterOS 7.9
# software id = xxx
#
# model = RB5009UG+S+
# serial number = xxx
/container mounts
add dst=/etc/pihole name=etc_pihole src=\
    /usb1-part1/container_pihole/etc-pihole
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=\
    /usb1-part1/container_pihole/etc-dnsmasq.d
add dst=/ name=root_pihole src=/usb1-part1/container_pihole/root
/disk
set usb1 type=hardware
add parent=usb1 partition-number=1 partition-offset="1 048 576" \
    partition-size="500 106 788 864" type=partition
/interface bridge
add comment="VLAN bridge" name=br-VLANs protocol-mode=none
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-half,10M-full,100M-full,1000M-full,2500M-full
/interface veth
add address=192.168.0.8/20 gateway=192.168.0.1 name=veth1
/interface vlan
add comment=Mamma interface=br-VLANs mtu=1450 name=VLAN200 vlan-id=200
add comment=Guests interface=br-VLANs mtu=1450 name=VLAN300 vlan-id=300
add interface=sfp-sfpplus1 name=dimensione-vlan vlan-id=xxx
/interface pppoe-client
add add-default-route=yes disabled=no interface=dimensione-vlan name=\
    dimensione-pppoe use-peer-dns=yes user=xxx
/interface list
add name=WAN
add name=LAN
/interface wifiwave2 channel
add band=2ghz-ax disabled=no frequency=2462 name=silent width=20/40mhz-eC
add disabled=no name=guest
add band=2ghz-ax disabled=no name=home2ghz skip-dfs-channels=all
add band=5ghz-ax disabled=no name=home5ghz skip-dfs-channels=all
/interface wifiwave2 datapath
add bridge=br-VLANs disabled=no name=Wifi_Main
add bridge=br-VLANs disabled=no name=Wifi_Mamma vlan-id=200
add bridge=br-VLANs disabled=no name=Wifi_Guest vlan-id=300
/interface wifiwave2 security
add authentication-types=wpa2-psk name=home
add authentication-types=wpa2-psk disabled=no name=guest
add authentication-types=wpa2-psk disabled=no name=silent
/interface wifiwave2 configuration
add antenna-gain=1 channel=home2ghz country=Italy datapath=Wifi_Main \
    disabled=no name=home2ghz security=home ssid=xxx1
add channel=guest country=Italy datapath=Wifi_Guest disabled=no name=guest \
    security=guest ssid=xxx2
add channel=silent country=Italy datapath=Wifi_Mamma disabled=no hide-ssid=\
    yes name=silent security=silent ssid=xxx3
add antenna-gain=0 channel=home5ghz country=Italy datapath=Wifi_Main \
    disabled=no name=home5ghz security=home ssid=xxx1
/interface wifiwave2
add configuration=home5ghz disabled=no name=cap-wifi1
add configuration=home5ghz disabled=no name=cap-wifi2
add configuration=home2ghz disabled=no name=cap-wifi3
add configuration=home5ghz disabled=no name=cap-wifi4
add configuration=home5ghz disabled=no name=cap-wifi5
add configuration=home2ghz disabled=no name=cap-wifi6
add configuration=home2ghz disabled=no name=cap-wifi7
add configuration=home2ghz disabled=no name=cap-wifi8
add configuration=silent disabled=no mac-address=xxx \
    master-interface=cap-wifi8 name=cap-wifi9
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi8 name=cap-wifi10
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi7 name=cap-wifi11
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi3 name=cap-wifi12
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi6 name=cap-wifi13
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi5 name=cap-wifi14
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi2 name=cap-wifi15
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi1 name=cap-wifi16
add configuration=guest disabled=no mac-address=xxx \
    master-interface=cap-wifi4 name=cap-wifi17
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
    0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
    0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=CasaPool ranges=192.168.0.100-192.168.15.200
add name=MammaPool ranges=10.255.255.100-10.255.255.200
add name=GuestsPool ranges=172.16.0.2-172.16.15.254
/ip dhcp-server
add add-arp=yes address-pool=CasaPool interface=br-VLANs lease-script="# When \
    \"1\" all DNS entries with IP address of DHCP lease are removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"home.local\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"01:00:00\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"comment\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname.\$dnsDomain,\$leas\
    eClientHostname\"\r\
    \n  } else={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=1d name=Casa_dchp
add add-arp=yes address-pool=MammaPool interface=VLAN200 lease-time=1d name=\
    Mamma_dchp
add add-arp=yes address-pool=GuestsPool interface=VLAN300 lease-time=8h name=\
    Guests_dhcp
/container
add envlist=pihole_envs interface=veth1 mounts=etc_pihole,dnsmasq_pihole \
    root-dir=usb1-part1/container_pihole/pihole start-on-boot=yes
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1-part1/pull
/container envs
add key=TZ name=pihole_envs value=Europe/Rome
add key=WEBPASSWORD name=pihole_envs value="xxx"
add key=DNSMASQ_USER name=pihole_envs value=xxx
/interface bridge port
add bridge=br-VLANs interface=veth1
add bridge=br-VLANs interface=ether1
add bridge=br-VLANs interface=VLAN200
add bridge=br-VLANs interface=VLAN300
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=br-VLANs comment="Mamma VLAN" tagged=br-VLANs,ether1 vlan-ids=200
add bridge=br-VLANs comment="Guest VLAN" tagged=br-VLANs,ether1 vlan-ids=300
/interface list member
add interface=dimensione-pppoe list=WAN
add interface=ether1 list=LAN
add interface=br-VLANs list=LAN
/interface wifiwave2 capsman
set enabled=yes interfaces=LAN package-path="" require-peer-certificate=no \
    upgrade-policy=none
/interface wifiwave2 configuration
add channel=*8 country=Italy datapath=Wifi_Main disabled=yes name=home \
    security=home ssid=xxx
/interface wifiwave2 provisioning
add action=create-enabled disabled=no master-configuration=home2ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home5ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home5ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home5ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home2ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home5ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home2ghz \
    radio-mac=xxx slave-configurations=guest
add action=create-enabled disabled=no master-configuration=home2ghz \
    radio-mac=xxx slave-configurations=silent,guest
/ip address
add address=192.168.0.1/20 interface=br-VLANs network=192.168.0.0
add address=172.16.0.1/20 interface=VLAN300 network=172.16.0.0
add address=10.255.255.1/24 interface=VLAN200 network=10.255.255.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1d
/ip dhcp-server lease
add address=192.168.0.4 comment="AP Esterno" mac-address=xxx \
    server=Casa_dchp use-src-mac=yes
add address=192.168.0.3 comment="AP Centro" mac-address=xxx \
    server=Casa_dchp use-src-mac=yes
add address=192.168.0.10 client-id=xxx comment=Server-Rosae \
    mac-address=xxx server=Casa_dchp use-src-mac=yes
add address=192.168.0.9 client-id=xxx comment=Server-Downless \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.6 comment="AP Studio" mac-address=xxx \
    server=Casa_dchp use-src-mac=yes
add address=192.168.0.14 client-id=xxx comment=\
    "Harmony Soggiorno" mac-address=xxx server=Casa_dchp
add address=192.168.0.30 comment="Media GoogleHome Taverna" disabled=yes \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.22 comment="Telecamera Netatmo Garage" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.23 comment="Telecamera Netatmo Retro" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.26 comment="Termostato Netatmo Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.25 comment="Termostato Netatmo Terra" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.24 comment="Termostato Netatmo Sopra" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.27 comment="MCZ Caminetto" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.12 client-id=xxx comment=\
    "Inverter Fronius" mac-address=xxx server=Casa_dchp
add address=192.168.0.13 comment="Shelly Button" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.17 client-id=xxx comment="PC Workbook" \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.18 client-id=xxx comment="PC SteamOS" \
    mac-address=v server=Casa_dchp
add address=192.168.0.40 client-id=xxx comment="PC Macbook" \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.19 client-id=xxx comment="Phone ROG5" \
    mac-address=xxx server=Casa_dchp
add address=10.255.255.3 client-id=xxx comment=\
    "OLD Inverter Mamma" disabled=yes mac-address=xxx server=\
    Mamma_dchp
add address=192.168.0.21 client-id=v comment=\
    "Telecamera Netatmo Taverna" mac-address=xxx server=\
    Casa_dchp
add address=192.168.0.20 client-id=xxx comment=\
    "Telecamera Netatmo Terra" mac-address=xxx server=Casa_dchp
add address=192.168.0.36 client-id=xxx comment=\
    "Media TV Cucina" mac-address=xxx server=Casa_dchp
add address=192.168.0.37 client-id=xxx comment=\
    "Media Shield Soggiorno" mac-address=xxx server=Casa_dchp
add address=192.168.0.34 client-id=xxx comment="Media TVHDR" \
    mac-address=xxx   server=Casa_dchp
add address=192.168.0.38 client-id=xxx comment=\
    "Media GoogleTV Cucina" disabled=yes mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.41 comment="Termometro Shelly Sopra" mac-address=\
    xxx  server=Casa_dchp
add address=192.168.0.39 client-id=xxx comment=\
    "Media GoogleTV Cucina-WLAN" disabled=yes mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.90 client-id=xxx comment=ICIA-Nuc \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.52 client-id=xxx comment=\
    "Tablet Nvidia Shield" mac-address=xxx server=Casa_dchp
add address=192.168.0.70 comment="Climatizzatore Daikin Notte" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.28 client-id=xxx comment=\
    "MCZ Stufa Sopra" mac-address=xxx server=Casa_dchp
add address=192.168.0.62 comment="Media GoogleNest Cucina" disabled=yes \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.42 comment="Termometro Shelly Terra" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.48 client-id=xxx comment=\
    "Robot Neato Terrra" mac-address=xxx server=Casa_dchp
add address=192.168.0.60 client-id=xxx comment="ICIA Redmi" \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.29 client-id=xxx comment=\
    "Watch Galaxy4" mac-address=xxx server=Casa_dchp
add address=10.255.255.5 client-id=xxx comment=\
    "Climatizzatore Mamma Camera" mac-address=xxx server=\
    Mamma_dchp
add address=10.255.255.4 client-id=xxx comment=\
    "Climatizzatore Mamma Soggiorno" mac-address=xxx server=\
    Mamma_dchp
add address=192.168.0.46 comment="Media Denon" mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.47 comment="Robot Neato Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.50 comment="Printer Canon" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.51 comment="PC MameCAB" mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.53 comment="Media Shield Studio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.55 comment="Media GoogleHome Studio" disabled=yes \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.15 comment="Harmony Studio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.16 comment="Harmony Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.56 comment="Media TV Studio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.57 comment="Media TV Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.58 comment="Media TV Soggiorno" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.59 comment="ICIA Portatile" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.61 comment="Media GoogleTV Studio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.63 comment="OLD Console Nintendo Switch" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.64 comment="Console Nintendo3DS" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.65 comment="Console NintendoWII" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.66 comment="PC SteamDeck" mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.67 comment="Console Xbox360" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.68 comment="Console XboxOne" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.89 comment="Phone ROG3" mac-address=xxx \
    server=Casa_dchp
add address=192.168.0.87 comment="Presa Meross Station" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.75 comment="Presa Meross ITA" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.76 comment="Presa Merros SteamOS" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.77 comment="Presa Meross Lavatrice" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.78 comment="Presa Meross MameCAB" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.79 comment="Presa Meross Flipper" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.80 comment="Presa Meross MediaStudio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.81 comment="Presa Meross AccessoryStudio" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.82 comment="Presa Meross Lavastoviglie" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.83 comment="Presa Meross MediaTaverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.84 comment="Presa Meross Workbook" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.85 comment="Presa Meross Asciugatrice" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.86 comment="Presa Meross Screen" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.71 comment="Climatizzatore Daikin Mansarda" \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.72 comment="Climatizzatore Daikin Soggiorno" \
    mac-address=xxx server=Casa_dchp
add address=192.168.0.73 comment="Climatizzatore Daikin Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.44 comment="Allagamento Shelly" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.91 comment="Media CastAudio" mac-address=\
    xxx server=Casa_dchp
add address=10.255.255.10 comment="ZIO Notebook" mac-address=\
    xxx server=Mamma_dchp
add address=10.255.255.11 comment="ZIO Honor6X" mac-address=xxx \
    server=Mamma_dchp
add address=10.255.255.12 comment="ZIO TabletSamsung" mac-address=\
    xxx server=Mamma_dchp
add address=10.255.255.13 comment="ZIO Redmi11" mac-address=xxx \
    server=Mamma_dchp
add address=192.168.0.43 comment="Termometro Shelly Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.49 client-id=xxx comment=\
    "Robot Neato Primo" mac-address=xxx server=Casa_dchp
add address=192.168.0.92 comment="Shelly Button HTC" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.93 comment="Robot Braava Lavapavimenti" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.96 comment="Alexa Camera Matrimoniale" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.97 comment="Alexa Mansarda" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.99 comment="Alexa Taverna" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.95 comment="Alexa Salotto" mac-address=\
    xxx server=Casa_dchp
add address=192.168.0.94 client-id=xxx comment=\
    "Alexa View Studio" mac-address=xxx server=Casa_dchp
add address=192.168.0.98 comment=Ring mac-address=xxx server=\
    Casa_dchp
add address=192.168.0.101 client-id=xxx comment=\
    "Alexa View Cucina" mac-address=xxx server=Casa_dchp
add address=192.168.0.100 client-id=xxx comment=\
    "PC Surface WLAN" mac-address=xxx server=Casa_dchp
add address=10.255.255.2 comment="AP Mamma" mac-address=xxx \
    server=Mamma_dchp
add address=192.168.0.5 comment="AP Taverna" mac-address=xxx \
    server=Casa_dchp use-src-mac=yes
add address=192.168.0.102 client-id=xxx comment=\
    "Media Shield Taverna" mac-address=xxx server=Casa_dchp
add address=192.168.0.104 client-id=xxx comment=\
    "Media FIreStick Mansarda" mac-address=xxx server=Casa_dchp
add address=10.255.255.6 client-id=xxx comment=\
    "Inverter Mamma" mac-address=xxx server=Mamma_dchp
add address=192.168.0.103 client-id=xxx comment=\
    "Media FIreStick Cucina" mac-address=xxx server=Casa_dchp
/ip dhcp-server network
add address=10.255.255.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.255.255.1 \
    netmask=24
add address=172.16.0.0/20 dns-server=1.1.1.1,1.0.0.1 gateway=172.16.0.1 \
    netmask=20
add address=192.168.0.0/20 dns-server=192.168.0.8,192.168.0.8 gateway=\
    192.168.0.1 netmask=20
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.27 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Printer-Canon.dynamic.example.local ttl=15m
add address=192.168.0.27 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Printer-Canon ttl=15m
add address=192.168.0.31 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=SonyTV-Soggiorno.dynamic.example.local ttl=15m
add address=192.168.0.31 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=SonyTV-Soggiorno ttl=15m
add address=192.168.0.26 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=PC-Workbook.dynamic.example.local ttl=15m
add address=192.168.0.26 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=PC-Workbook ttl=15m
add address=192.168.0.123 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=.dynamic.example.local ttl=15m
add address=192.168.15.191 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=MAMMA-Clima.casa ttl=15m
add address=192.168.15.191 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=MAMMA-Clima ttl=15m
add address=192.168.0.14 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Soggiorno.casa ttl=15m
add address=192.168.0.14 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Soggiorno ttl=15m
add address=192.168.0.15 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Taverna.casa ttl=15m
add address=192.168.0.15 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Taverna ttl=15m
add address=192.168.0.13 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Studio.casa ttl=15m
add address=192.168.0.13 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Harmony-Studio ttl=15m
add address=192.168.0.18 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Terra.casa ttl=15m
add address=192.168.0.18 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Terra ttl=15m
add address=192.168.0.19 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Taverna.casa ttl=15m
add address=192.168.0.19 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Taverna ttl=15m
add address=192.168.0.20 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Primo.casa ttl=15m
add address=192.168.0.20 comment=dhcp-lease-script_DHCP_SRV_Casa_comment \
    name=Shelly-Primo ttl=15m
add address=192.168.0.3 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    "AP Centrale.lan" ttl=15m
add address=192.168.0.3 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    "AP Centrale" ttl=15m
add address=192.168.0.4 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    "AP Esterno.casa" ttl=15m
add address=192.168.0.4 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    "AP Esterno" ttl=15m
add address=192.168.0.30 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=NvidiaTV-Soggiorno.casa ttl=15m
add address=192.168.0.30 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=NvidiaTV-Soggiorno ttl=15m
add address=192.168.0.9 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    Server-Downless.casa ttl=15m
add address=192.168.0.9 comment=dhcp-lease-script_Casa_DHCP_SRV_comment name=\
    Server-Downless ttl=15m
add address=192.168.0.31 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=SonyTV-Soggiorno.casa ttl=15m
add address=192.168.0.17 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=Shelly-Button.casa ttl=15m
add address=192.168.0.17 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=Shelly-Button ttl=15m
add address=192.168.0.22 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=MCZ-Stufa.casa ttl=15m
add address=192.168.0.22 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=MCZ-Stufa ttl=15m
add address=192.168.0.21 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=MCZ-Caminetto.casa ttl=15m
add address=192.168.0.21 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=MCZ-Caminetto ttl=15m
add address=192.168.0.12 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=Inverter-Fronius.casa ttl=15m
add address=192.168.0.12 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=Inverter-Fronius ttl=15m
add address=192.168.0.120 comment=dhcp-lease-script_Casa_DHCP_SRV_comment \
    name=.casa ttl=15m
add address=192.168.0.10 comment=dhcp-lease-script_dchpCasa_comment name=\
    Server-Rosae.casa ttl=15m
add address=192.168.0.10 comment=dhcp-lease-script_dchpCasa_comment name=\
    Server-Rosae ttl=15m
add address=192.168.0.111 comment=dhcp-lease-script_dchpCasa_comment name=\
    .casa ttl=15m
add address=192.168.0.20 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Welcome.home ttl=15m
add address=192.168.0.20 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Welcome ttl=15m
add address=192.168.0.10 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Rosae.home ttl=15m
add address=192.168.0.10 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Rosae ttl=15m
add address=192.168.0.34 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=HDHR.home ttl=15m
add address=192.168.0.34 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=HDHR ttl=15m
add address=192.168.0.22 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Presence.home ttl=15m
add address=192.168.0.22 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Presence ttl=15m
add address=192.168.0.23 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Presence.home ttl=15m
add address=192.168.0.23 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Netatmo-Presence ttl=15m
add address=192.168.0.80 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Meross_Smart_Switch.home ttl=15m
add address=192.168.0.80 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Meross_Smart_Switch ttl=15m
add address=192.168.0.28 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=espressif.home ttl=15m
add address=192.168.0.28 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=espressif ttl=15m
add address=192.168.0.27 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=MCZ-RemoteService.home ttl=15m
add address=192.168.0.27 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=MCZ-RemoteService ttl=15m
add address=192.168.0.85 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Meross Smart Plug.home" ttl=15m
add address=192.168.0.85 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Meross Smart Plug" ttl=15m
add address=192.168.0.26 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Netatmo Relay.home" ttl=15m
add address=192.168.0.26 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Netatmo Relay" ttl=15m
add address=192.168.0.12 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Inverter-Fronius.home ttl=15m
add address=192.168.0.93 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=iRobot.home ttl=15m
add address=192.168.0.93 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=iRobot ttl=15m
add address=192.168.0.36 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=LGwebOSTV.home ttl=15m
add address=192.168.0.36 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=LGwebOSTV ttl=15m
add address=192.168.0.9 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Downless.home ttl=15m
add address=192.168.0.9 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Downless ttl=15m
add address=192.168.0.30 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Google-Home.home ttl=15m
add address=192.168.0.30 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Google-Home ttl=15m
add address=192.168.0.55 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Google-Home-Mini.home ttl=15m
add address=192.168.0.55 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Google-Home-Mini ttl=15m
add address=192.168.0.92 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellybutton1.home ttl=15m
add address=192.168.0.92 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellybutton1 ttl=15m
add address=192.168.0.60 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Redmi-Note-9-Pro.home ttl=15m
add address=192.168.0.60 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=Redmi-Note-9-Pro ttl=15m
add address=192.168.0.19 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=ROG-Phone-5.home ttl=15m
add address=192.168.0.19 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=ROG-Phone-5 ttl=15m
add address=192.168.0.29 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=SM-R890.home ttl=15m
add address=192.168.0.29 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=SM-R890 ttl=15m
add address=192.168.0.49 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=VacuumRobot.home ttl=15m
add address=192.168.0.49 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=VacuumRobot ttl=15m
add address=192.168.0.17 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=WorkBook.home ttl=15m
add address=192.168.0.17 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=WorkBook ttl=15m
add address=192.168.0.44 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyflood.home ttl=15m
add address=192.168.0.44 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyflood ttl=15m
add address=192.168.0.41 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyht.home ttl=15m
add address=192.168.0.41 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyht ttl=15m
add address=192.168.0.42 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyht.home ttl=15m
add address=192.168.0.42 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name=shellyht ttl=15m
add address=192.168.0.6 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Studio AP.home" ttl=15m
add address=192.168.0.6 comment=dhcp-lease-script_Casa_dchp_lease-hostname \
    name="Studio AP" ttl=15m
add address=192.168.0.31 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media GoogleHome Mansarda.dynamic.casa.local" ttl=15m
add address=192.168.0.31 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media GoogleHome Mansarda" ttl=15m
add address=192.168.0.62 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media GoogleNest Cucina.dynamic.casa.local" ttl=15m
add address=192.168.0.62 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media GoogleNest Cucina" ttl=15m
add address=192.168.0.93 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Braava Lavapavimenti..casa" ttl=1h
add address=192.168.0.93 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Braava Lavapavimenti" ttl=1h
add address=192.168.0.19 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Phone ROG5.home.local" ttl=1h
add address=192.168.0.19 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Phone ROG5" ttl=1h
add address=192.168.0.20 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Terra.home.local" ttl=1h
add address=192.168.0.20 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Terra" ttl=1h
add address=192.168.0.81 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross AccessoryStudio.home.local" ttl=1h
add address=192.168.0.81 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross AccessoryStudio" ttl=1h
add address=192.168.0.79 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Flipper.home.local" ttl=1h
add address=192.168.0.97 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Mansarda.home.local" ttl=1h
add address=192.168.0.75 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross ITA.home.local" ttl=1h
add address=192.168.0.79 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Flipper" ttl=1h
add address=192.168.0.97 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Mansarda" ttl=1h
add address=192.168.0.75 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross ITA" ttl=1h
add address=192.168.0.95 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Salotto.home.local" ttl=1h
add address=192.168.0.95 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Salotto" ttl=1h
add address=192.168.0.15 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Harmony Studio.home.local" ttl=1h
add address=192.168.0.96 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Camera Matrimoniale.home.local" ttl=1h
add address=192.168.0.15 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Harmony Studio" ttl=1h
add address=192.168.0.96 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Alexa Camera Matrimoniale" ttl=1h
add address=192.168.0.23 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Retro.home.local" ttl=1h
add address=192.168.0.22 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Garage.home.local" ttl=1h
add address=192.168.0.23 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Retro" ttl=1h
add address=192.168.0.22 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Garage" ttl=1h
add address=192.168.0.21 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Taverna.home.local" ttl=1h
add address=192.168.0.16 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Harmony Taverna.home.local" ttl=1h
add address=192.168.0.21 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Telecamera Netatmo Taverna" ttl=1h
add address=192.168.0.16 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Harmony Taverna" ttl=1h
add address=192.168.0.87 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Station.home.local" ttl=1h
add address=192.168.0.87 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Station" ttl=1h
add address=192.168.0.85 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Asciugatrice.home.local" ttl=1h
add address=192.168.0.85 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Asciugatrice" ttl=1h
add address=192.168.0.86 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Screen.home.local" ttl=1h
add address=192.168.0.86 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Screen" ttl=1h
add address=192.168.0.25 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termostato Netatmo Terra.home.local" ttl=1h
add address=192.168.0.26 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termostato Netatmo Taverna.home.local" ttl=1h
add address=192.168.0.25 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termostato Netatmo Terra" ttl=1h
add address=192.168.0.103 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media FIreStick Cucina.home.local" ttl=1h
add address=192.168.0.26 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termostato Netatmo Taverna" ttl=1h
add address=192.168.0.103 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media FIreStick Cucina" ttl=1h
add address=192.168.0.104 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media FIreStick Mansarda.home.local" ttl=1h
add address=192.168.0.104 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Media FIreStick Mansarda" ttl=1h
add address=192.168.0.47 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Taverna.home.local" ttl=1h
add address=192.168.0.47 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Taverna" ttl=1h
add address=192.168.0.49 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Primo.home.local" ttl=1h
add address=192.168.0.49 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Primo" ttl=1h
add address=192.168.0.70 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Notte.home.local" ttl=1h
add address=192.168.0.70 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Notte" ttl=1h
add address=192.168.0.71 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Mansarda.home.local" ttl=1h
add address=192.168.0.71 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Mansarda" ttl=1h
add address=192.168.0.76 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Merros SteamOS.home.local" ttl=1h
add address=192.168.0.76 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Merros SteamOS" ttl=1h
add address=192.168.0.66 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "PC SteamDeck.home.local" ttl=1h
add address=192.168.0.66 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "PC SteamDeck" ttl=1h
add address=192.168.0.29 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Watch Galaxy4.home.local" ttl=1h
add address=192.168.0.29 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Watch Galaxy4" ttl=1h
add address=192.168.0.98 comment=dhcp-lease-script_Casa_dchp_comment name=\
    Ring.home.local ttl=1h
add address=192.168.0.98 comment=dhcp-lease-script_Casa_dchp_comment name=\
    Ring ttl=1h
add address=192.168.0.72 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Soggiorno.home.local" ttl=1h
add address=192.168.0.72 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Climatizzatore Daikin Soggiorno" ttl=1h
add address=192.168.0.48 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Terrra.home.local" ttl=1h
add address=192.168.0.48 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Robot Neato Terrra" ttl=1h
add address=192.168.0.44 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Allagamento Shelly.home.local" ttl=1h
add address=192.168.0.44 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Allagamento Shelly" ttl=1h
add address=192.168.0.77 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Lavatrice.home.local" ttl=1h
add address=192.168.0.77 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Presa Meross Lavatrice" ttl=1h
add address=192.168.0.42 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Terra.home.local" ttl=1h
add address=192.168.0.42 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Terra" ttl=1h
add address=192.168.0.41 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Sopra.home.local" ttl=1h
add address=192.168.0.41 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Sopra" ttl=1h
add address=192.168.0.43 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Taverna.home.local" ttl=1h
add address=192.168.0.43 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Termometro Shelly Taverna" ttl=1h
add address=192.168.0.50 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Printer Canon.home.local" ttl=1h
add address=192.168.0.50 comment=dhcp-lease-script_Casa_dchp_comment name=\
    "Printer Canon" ttl=1h
/ip firewall address-list
add address=192.168.0.0/20 comment="Casa NET" list=net_casa
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    list=bogons
add address=xxx.mynetname.net list=WAN
add address=10.255.255.0/24 comment="Mamma NET" list=net_mamma
add address=172.16.0.0/20 comment="Guest NET" list=net_guest
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-xxxit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=forward comment="DROP traffico da Guest a -Casa" \
    dst-address-list=net_casa src-address-list=net_guest
add action=drop chain=forward comment="DROP traffico da Mamma a Casa" \
    dst-address-list=net_casa src-address-list=net_mamma
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!net_casa
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-xxxit=30,32 dst-port=\
    25,587 xxxit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
    connection-state=established
add action=accept chain=input comment="Accept to related connections" \
    connection-state=related
add action=accept chain=input comment="Full access to net_casa address list" \
    src-address-list=net_casa
add action=accept chain=input comment="Full access to net_mamma address list" \
    src-address-list=net_mamma
add action=accept chain=input comment="Full access to net_guest address list" \
    src-address-list=net_guest
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
add action=accept chain=ICMP comment=\
    "Echo request - Avoiding Ping Flood, adjust the xxxit as needed" \
    icmp-options=8:0 xxxit=2,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
    3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "Mark connections for hairpin NAT" dst-address-list=WAN dst-xxxit=\
    1,5,dst-address/1m40s xxxit=1,5:packet new-connection-mark="Hairpin NAT" \
    passthrough=yes psd=21,3s,3,1 src-address-list=net_casa
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/20
add action=masquerade chain=srcnat src-address=172.16.0.0/20
add action=masquerade chain=srcnat src-address=10.255.255.0/24
add action=masquerade chain=srcnat comment="HARPIN NAT" connection-mark=\
    "Hairpin NAT"
add action=dst-nat chain=dstnat comment="DNS Redirect to PI-Hole" \
    dst-address=!192.168.0.8 dst-port=53 protocol=udp src-address-list=\
    192.168.0.0/24 to-addresses=192.168.0.8 to-ports=53
add action=dst-nat chain=dstnat comment="DNS Redirect to PI-Hole" \
    dst-address=!192.168.0.8 dst-port=53 protocol=tcp src-address-list=\
    192.168.0.0/24 to-addresses=192.168.0.8 to-ports=53
add action=masquerade chain=srcnat out-interface=dimensione-pppoe
add action=dst-nat chain=dstnat comment="Port forward: HASSIO" disabled=yes \
    dst-address-list=net_casa dst-port=8123 protocol=tcp to-addresses=\
    192.168.0.10 to-ports=8123
add action=dst-nat chain=dstnat comment="Port forward: HASSIO" \
    dst-address-list=WAN dst-port=8123 protocol=tcp to-addresses=192.168.0.10 \
    to-ports=8123
add action=masquerade chain=srcnat comment="Port forward: HASSIO" disabled=\
    yes dst-address=192.168.0.10 dst-port=8123 out-interface=br-VLANs \
    protocol=tcp src-address=192.168.0.0/20
add action=dst-nat chain=dstnat comment="Port Online: PLEX" dst-port=32400 \
    in-interface=dimensione-pppoe protocol=tcp to-addresses=192.168.0.10 \
    to-ports=32400
add action=dst-nat chain=dstnat comment="Port Online: HASSIO" dst-port=8123 \
    in-interface=dimensione-pppoe protocol=tcp to-addresses=192.168.0.10 \
    to-ports=8123
add action=dst-nat chain=dstnat comment="Port Online: INVERTERT MAMMA" \
    dst-port=10000 in-interface=dimensione-pppoe protocol=tcp to-addresses=\
    10.255.255.6 to-ports=10000
/ip firewall service-port
set ftp disabled=yes
set h323 disabled=yes
set pptp disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add disabled=yes interface=ether1 type=internal
add interface=dimensione-pppoe type=external
add interface=VLAN200 type=internal
add interface=br-VLANs type=internal
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-xxxit=1" \
    hop-xxxit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=RB-Router
/system note
set show-at-login=no
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Problem with opening the ports

Wed May 17, 2023 3:29 pm

When you do port scans on MT port forwarded config, the port checker should only show closed NOT open.
If you add source addresses to the dst nat rule, the port should be invisible on scans.

I actually despise anyone that uses the bridge for anything once using vlans. In other words simplify and consistencey,
the bridge does nothing but bridging and take the subnet off the bridge and put it on a vlan --> personal choice.

Same same for someone that spends most of their config energy on blocking stuff vice focussing on allowed traffic.
Its mostly crap bloatware that should be removed, furthermore the copy and paste without any understanding is
highly emphasized by such blunders as
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp

which open up the the router to DNS queries from the wan side

IN any case here to look at port forwarding. :-)
Before I forget you really need to visit wine country and have a real hard chat with rextended vis-a-vis proper router setup, its embarrassing for Italy. ;-)
OR
You can travel here and we can play the slap game you get to use some refined light proscuitto and I get to use heavy Canadian Bacon.

++++++++++++++++++++++++++++++++++++++

(1) No forward chain to speak of so I would say you are not blocking port forwarding traffic or much of everything in the forward chain, how strange when so uselessly anal for anything else!

(2) The main issues seem to be in your destination nat rules, not sure what you have done with mangles and hairpin nat, but the dst nat rules such as dst-address-list=WAN do seem strange.

++++++++++++++++++++++++++++++++++++++

In conclusions, you will have success with a much leaner, efficient, clean config.........
Its too broken for me to see the forest for the trees....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Problem with opening the ports

Wed May 17, 2023 4:00 pm

@Normis......... A perfect case to point out the need for USERS to be able to setup servers, WITHOUT EXPOSING PUBLIC IP, and thus the perceived need to bloat up the config.

For the luv of god already ---> Zero trust cloudflare tunnel options package for all devices.

Who is online

Users browsing this forum: blejzu, Uqbar and 52 guests